Limits...
Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Bolle SR, Hasvold P, Henriksen E - BMC Health Serv Res (2011)

Bottom Line: A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.Twenty security threats of different risk levels were identified and analyzed.Solutions were proposed to reduce the risk level.

View Article: PubMed Central - HTML - PubMed

Affiliation: Norwegian Centre for Integrated Care and Telemedicine, University Hospital of North Norway, N-9038 Tromsø, Norway. stein.roald.bolle@telemed.no

ABSTRACT

Background: Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed.

Methods: Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.

Results: Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level.

Conclusions: Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Show MeSH

Related in: MedlinePlus

Risk matrix presenting the identified threats with identifier and short description. Darker shades of grey indicates higher level of risk: light grey low risk, medium grey moderate risk and darkest grey severe risk. White background is used for threats with unknown risk.
© Copyright Policy - open-access
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3198924&req=5

Figure 2: Risk matrix presenting the identified threats with identifier and short description. Darker shades of grey indicates higher level of risk: light grey low risk, medium grey moderate risk and darkest grey severe risk. White background is used for threats with unknown risk.

Mentions: Twenty distinct threats and unwanted situations were identified and described (Table 2). The likelihood and consequence were estimated for each threat. The risk matrix presents all threats with their id, short description and risk level as a combination of likelihood and consequence (Figure 2). No threats had a severe risk level, but threats with a high level of consequence should be watched closely, as an increase in likelihood can make these threats severe. We were not able to conclude on likelihood or consequence for nine threats, either because it would be dependent on the implementation of the technology, or related to issues that can only be answered through clinical trials. It is possible that these threats could have an unacceptable severe risk.


Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Bolle SR, Hasvold P, Henriksen E - BMC Health Serv Res (2011)

Risk matrix presenting the identified threats with identifier and short description. Darker shades of grey indicates higher level of risk: light grey low risk, medium grey moderate risk and darkest grey severe risk. White background is used for threats with unknown risk.
© Copyright Policy - open-access
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3198924&req=5

Figure 2: Risk matrix presenting the identified threats with identifier and short description. Darker shades of grey indicates higher level of risk: light grey low risk, medium grey moderate risk and darkest grey severe risk. White background is used for threats with unknown risk.
Mentions: Twenty distinct threats and unwanted situations were identified and described (Table 2). The likelihood and consequence were estimated for each threat. The risk matrix presents all threats with their id, short description and risk level as a combination of likelihood and consequence (Figure 2). No threats had a severe risk level, but threats with a high level of consequence should be watched closely, as an increase in likelihood can make these threats severe. We were not able to conclude on likelihood or consequence for nine threats, either because it would be dependent on the implementation of the technology, or related to issues that can only be answered through clinical trials. It is possible that these threats could have an unacceptable severe risk.

Bottom Line: A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.Twenty security threats of different risk levels were identified and analyzed.Solutions were proposed to reduce the risk level.

View Article: PubMed Central - HTML - PubMed

Affiliation: Norwegian Centre for Integrated Care and Telemedicine, University Hospital of North Norway, N-9038 Tromsø, Norway. stein.roald.bolle@telemed.no

ABSTRACT

Background: Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed.

Methods: Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.

Results: Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level.

Conclusions: Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Show MeSH
Related in: MedlinePlus