Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
Review
. 2002 Apr-Nov;4(2):E12.
doi: 10.2196/jmir.4.2.e12.

Security, privacy, and confidentiality issues on the Internet

Grant KellyBruce McKenzie
Review

Security, privacy, and confidentiality issues on the Internet

Grant Kelly et al. J Med Internet Res. 2002 Apr-Nov.

Abstract

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

PubMed Disclaimer

Conflict of interest statement

None declared.

Figures

Figure 1
Figure 1
Using a public/private key pair to encrypt messages helps ensure protection during transit
Figure 2
Figure 2
Using a public/private key pair to verify a digital signature
See this image and copyright information in PMC

References

    1. British Medical Association (UK), authors Confidentiality and disclosure of health information. 1999. Oct, [2001 Apr 19]. http://web.bma.org.uk/public/ethics.nsf/webguidelinesvw?openview.
    1. Her Majesty's Stationery Office (UK), authors The Data Protection Act (1998) 1998. [2001 Apr 19]. http://www.hmso.gov.uk/acts/acts1998/19980029.htm.
    1. General Medical Council (UK), authors Confidentiality: Protecting and Providing Information. 2000. Sep, [2001 Apr 19]. http://www.gmc-uk.org/standards/secret.htm.
    1. NHS Executive's Security and Data Protection Programme, authors. Ensuring security and confidentiality in NHS organisations (E5501 v1.1) 1999. [2001 Sep 22]. http://194.101.83.13/library/cards/c0000365.htm.
    1. British Standards Institution (UK), authors BS ISO/IEC 17799:2000 (BS 7799­1:2000) Information technology: code of practice for information security management. London: BSI; 2000. http://www.bsi-global.com/

MeSH terms