Trusted interoperability and the patient safety issues of parasitic health care software

Vincent B. McCauley, Patricia A.H. Williams

Research output: Contribution to conferencePaperpeer-review

1 Citation (Scopus)

Abstract

With the proliferation of software systems and products in the healthcare environment, it is increasingly common for such software products to be constructed in a modular design. However, for modular software to be securely interoperable with other software products requires agreed consistent and accountable interfaces. This agreement may take the form of bilateral vendor to vendor arrangements or via a trusted external third-party who coordinates agreed interaction methods, such as a jurisdiction. Standards are a particular form of mutually trusted third party. Unfortunately, this agreed method of interoperability is not always present in vendor software. Where one software product or module interacts with another, in the absence of any agreement, it is referred to as "bolt-on". It is perhaps more descriptive to refer to such software in terms of its potential to cause harm and refer to it using the biological analogy of "parasitic" software and associated "host" software. Analogous to biological systems, parasitic software can operate by data injection into or data extraction from, the associated host database. Both forms of parasitic software exploit access mechanisms or security flaws in the host software independent of the host vendor and in ways not intended or supported by the host vendor. This paper discusses the mechanics of this security vulnerability and more importantly, the potential adverse consequences to patient safety of such susceptibilities. As Australia moves to a national connected e-health system these issues are causes for grave concern. This paper provides a case study of this insecurity to highlight the problem, promote discussion and encourage potential change.

Original languageEnglish
Pages189-195
Number of pages7
Publication statusPublished - 1 Dec 2011
Event9th Australian Information Security Management Conference, AISM - Perth, WA, Australia
Duration: 5 Dec 20117 Dec 2011

Conference

Conference9th Australian Information Security Management Conference, AISM
CountryAustralia
CityPerth, WA
Period5/12/117/12/11

Keywords

  • Bolt-on software
  • Health information security
  • Healthcare software
  • Medical software
  • Third party software

Fingerprint Dive into the research topics of 'Trusted interoperability and the patient safety issues of parasitic health care software'. Together they form a unique fingerprint.

Cite this