In FIG. 6, a second preferred embodiment is illustrated. Unlike the first embodiment in which the medical chart A is transmitted in response to the request from the mobile terminal apparatus 13, the medical chart A in FIG. 6 is automatically transmitted in response to entry of the mobile terminal apparatus 13 to the zone area 12 from the outside. See the step S202. The steps S101 and S104-S107 of FIG. 5 are repeated in the steps S201 and S203-S206 in the flow chart of FIG. 6.
In a third preferred embodiment, association table data 63 as association information are stored and used for plural combinations of zone areas and available data. In FIGS. 7A and 7B, the user 11 travels to patient locations 19A, 19B and 19C or destination locations as homes of patients A, B and C. Three zone areas 12A, 12B and 12C are registered, to form available data, such as medical charts A, B and C. The association table data 63 are combinations between information of destinations of the user 11 and the medical charts A, B and C. Also, time data are registered with the association table data 63 for a scheduled visit to each of the destination locations, such as 10:00-11:00 for the patient location 19A with the patient A, 13:00-14:00 for the patient location 19B with the patient B, and 15:00-16:00 for the patient location 19C with the patient C.
The association table data 63 may be registered manually with the server apparatus 16. However, manual operation for registration is laborious in case of a very great amount of the association table data 63. In view of this problem, an information registration device 66 is incorporated in the server apparatus 16, acquires schedule information 64 of a planned travel of the user 11 registered in the mobile terminal apparatus 13, and writes the association table data 63 to the storage device according to the schedule information 64. In case the application program 40 is run, the information registration device 66 is ready to operate in the CPU 35.
The schedule information 64 is input to the mobile terminal apparatus 13 by the user 11. Portions of the schedule information 64 include information of names and telephone numbers of patients as destination information. Also, information of dates of the travel is registered with the schedule information 64. The user 11 uploads the schedule information 64 in the mobile terminal apparatus 13. Upon acquiring the schedule information 64, the information registration device 66 specifies GPS location information from one of the telephone numbers of a patient, and designates the medical chart A according to the patient name. Thus, the association table data 63 are created and written to the storage device 37.
In case the user 11 carries the mobile terminal apparatus 13 and travels to various destinations according to the schedule, the server apparatus 16 tracks the location of the mobile terminal apparatus 13. In case the mobile terminal apparatus 13 enters the zone area 12A containing the patient location 19A with the patient A, the server apparatus 16 transmits data of the medical chart A to the mobile terminal apparatus 13. In case the mobile terminal apparatus 13 is moved out of the zone area 12A, the server apparatus 16 sends a cancellation signal for the medical chart A. Similarly, in case the mobile terminal apparatus 13 enters the zone area 12B, the server apparatus 16 transmits data of the medical chart B to the mobile terminal apparatus 13. In case the mobile terminal apparatus 13 is moved out of the zone area 12B, the server apparatus 16 sends a cancellation signal for the medical chart B. Similar control is performed for the zone area 12C and the medical chart C. Note that the third embodiment can be also combined with the first embodiment. In short, data of a medical chart can be transmitted in response to a request from the mobile terminal apparatus 13.
Also, it is possible for the server apparatus 16 to transmit a cancellation signal to the mobile terminal apparatus 13 after a scheduled time period of the scheduled visit determined in the planned travel even in the presence of the mobile terminal apparatus 13 in the zone area. For example, the mobile terminal apparatus 13 is located in the zone area 12A. The medical chart A is received. In case the scheduled time period of the scheduled visit of the mobile terminal apparatus 13 to the patient location 19A with the patient A has passed, the cancellation signal is transmitted even in the presence of the mobile terminal apparatus 13 in the zone area 12A. Accordingly, the security control or data protection can be carried out strictly by minimizing the duration of keeping the data of the chart in the mobile terminal apparatus 13. Furthermore, it is possible only to use the information of the destination location for the purpose of data management without information of a schedule of travel.
In the above embodiments, the medical data as available data are medical chart data. However, other medical data can be treated, for example, diagnostic data of a result of diagnosis of a patient. Examples of diagnostic data include value data of blood examination and the like, image data of medical imaging, and the like.
In the above embodiments, the available data are a document file of the medical chart. File formats of the available data according to the invention can be a word processing document, text file, spreadsheet file, image file and the like.
In the above embodiments, the information sharing system 10 as data security system is applied for the use outside the hospital facility 18, for example, for the home care. However, the information sharing system 10 can be used inside the hospital facility 18. For example, patient locations in the information sharing system 10 can be numerous locations of patients in a hospital facility. The zone area 12 can be numerous hospital rooms, between which the user 11, doctor or nurse travels for diagnosis or treatment. Available data are data required for the purpose. Although safety in the data in the hospital facility 18 can be satisfied more easily than the outside of the hospital facility 18, improper access to the data may occur incidentally with an unauthorized third party. The feature of the present invention is advantageous in the utilization in the hospital facility 18.
Note that the storage device 37 is incorporated in the server apparatus 16. However, the association table data 53 can be stored in a removable storage medium coupled with the server apparatus 16, for example, flexible disk, CD, memory stick and the like.
In the above embodiments, the zone areas 12 and 12A-12C are geographic areas defined on a map with borderlines. However, the zone areas 12 and 12A-12C can be formed in a shape of circle, quadrilateral or the like defined geometrically with reference to a destination location.
In the above embodiment, the cancellation of the available data is instructed. However, security control of other methods for available data can be used. For example, the available data in the mobile terminal apparatus 13 is processed in protection processing in response to receiving the cancellation signal from the server apparatus 16, so that the protection is not releasable in the mobile terminal apparatus 13. The available data can be set in an unreadable form. In case the mobile terminal apparatus 13 is moved again into the zone area 12, the server apparatus 16 transmits an authorization signal to unprotect the available data, so as to render the available data readable.
Also, the information sharing system 10 as data security system can be used in a field other than the medical field, for example, for a business purpose. The mobile terminal apparatus 13 can be carried by a salesperson of a company, to travel between locations of customers. Available data in the field of the business is customer data, sales data and the like in place of medical data. Those are data of high confidentiality because of privacy of the various customers and trade secret. The information sharing system 10 as data security system can be utilized effectively to prevent information leakage or misappropriation of those data.
Although the present invention has been fully described by way of the preferred embodiments thereof with reference to the accompanying drawings, various changes and modifications will be apparent to those having skill in this field. Therefore, unless otherwise these changes and modifications depart from the scope of the present invention, they should be construed as included therein.
There are three core elements to data security that all organizations should adhere to: Confidentiality, Integrity, and Availability.What are the 5 physical security controls required for information security? ›
Physical security controls include such things as data center perimeter fencing, locks, guards, access control cards, biometric access control systems, surveillance cameras, and intrusion detection sensors.What are the three basic systems for maintaining security? ›
Encryption. Antivirus And Anti-Malware Software. Firewalls. Security Information And Event Management (SIEM)How do you solve data security? ›
- Protect the data itself, not just the perimeter. ...
- Pay attention to insider threats. ...
- Encrypt all devices. ...
- Testing your security. ...
- Delete redundant data. ...
- Spending more money and time on Cyber-security. ...
- Establish strong passwords. ...
- Update your programs regularly.
Protection, Detection, Verification & Reaction.
These are the essential principles for effective security on any site, whether it's a small independent business with a single site, or a large multinational corporation with hundreds of locations.
They are as follows: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain. Each of these domains is viewed as portals for attackers if countermeasures are missing or fail.What are the 6 components of information security? ›
Hence, information systems can be viewed as having six major components: hardware, software, network communications, data, people, and processes. Each has a specific role, and all roles must work together to have a working information system.What are the six basic security concepts? ›
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation.What are the four different types of security controls? ›
There are many different types of security controls in cybersecurity. Some of the more common ones are firewalls, intrusion detection and prevention systems, access control lists, and cryptographic technologies. Each of these controls serves a different purpose.What are examples of data security? ›
An example of data security would be using encryption to prevent hackers from using your data if it's breached. Data protection refers to the creation of backups or duplication of data to protect against accidental erasure or loss.
- Back up your data. ...
- Use strong passwords and multi-factor authentication. ...
- Be aware of your surroundings. ...
- Be wary of suspicious emails. ...
- Install anti-virus and malware protection. ...
- Protect your device when it's unattended.
Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access. It covers everything—hardware, software, storage devices, and user devices; access and administrative controls; and organizations' policies and procedures.What are the key principles of data security? ›
Lawfulness, fairness, and transparency: Any processing of personal data should be lawful and fair. It should be transparent to individuals that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed.What are the two categories of data security? ›
Authentication and authorization
Two processes are used to ensure only appropriate users can access enterprise data: authentication and authorization.
Common methods include ransomware, phishing attacks, and hacking. Internal threats originate within the organization itself and usually are carried out by a current and former employee, a contractor, a business associate, etc.What are the three A's of security and data protection? ›
Collectively known as the 'CIA triad', confidentiality, integrity and availability are the three key elements of information security.What are the three 3 threats to information security? ›
The main types of information security threats are: Malware attack. Social engineering attacks. Software supply chain attacks.What are the 3 core elements of information security? ›
The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.What are the 6 dimensions of is security? ›
The Security Dimensions are: (1) Access Control, (2) Authentication, (3) Non-repudiation, (4) Data Confidentiality, (5) Communication Security, (6) Data Integrity, (7) Availability, and (8) Privacy.What are the 10 domains of cyber security? ›
- Security Management Practices;
- Access Control Systems and Methodology;
- Telecommunications and Networking Security;
- Security Architecture and Models;
- Operations Security;
- Application and Systems Development Security;
- Physical Security;
To support these plans, components such as prevention and detection mechanisms, access management, incident response, privacy and compliance, risk management, audit and monitoring, and business continuity planning are all necessary to a successful security program.What are the 5 main components of an information system? ›
Typical components of information systems
It has five components – hardware, software, data, and telecommunications. 1. Hardware – This is the physical component of the technology.
- Social Security numbers.
- State-issued identification card numbers or driver's license numbers.
- Vehicle identification numbers (VINs)
- Medical and health records.
- Insurance provider information.
- Credit card numbers, pin numbers and expiration dates.
Firewalls are the oldest and most well-established variety of network security device. Other appliances like intrusion detection and prevention devices expand the firewall's capabilities to a wide range of emerging threats.Who is responsible for data security? ›
The owner is responsible for ensuring that appropriate steps are taken to protect data and for the implementation of policies, guidelines and memorandums of understanding that define the appropriate use of the data.
Encryption is viewed as one of the most reliable ways to keep your data confidential at rest, in transit, or when processing real-time analytics. Data encryption uses algorithms to encode data into an unreadable format that needs an authorized key for decryption.
- Deploy physical database security. ...
- Separate database servers. ...
- Set up an HTTPS proxy server. ...
- Avoid using default network ports. ...
- Use real-time database monitoring. ...
- Use database and web application firewalls. ...
- Deploy data encryption protocols.
Does this mean that cellular data can't be hacked? Unfortunately, nothing connected to the internet is safe from attackers. There have been cases where cellular data has been breached, but it happens a lot less often than through WiFi networks.What is the difference between data security and data? ›
Data protection deals with data compliance laws and regulations and focuses more on how to gather, manage, share, and delete data. Data security takes appropriate measures to stop unapproved third parties from accessing the data.What are the 3 A's of information security? ›
Authentication, Authorization, and Accounting (AAA) is a three-process framework used to manage user access, enforce user policies and privileges, and measure the consumption of network resources.
Level 3 information includes individually identifiable information which if disclosed could reasonably be expected to be damaging to reputation or to cause legal liability. Level 3 also includes research information classified as Level 3 by an Institutional Review Board (IRB).What are the names of 3 data protection principles? ›
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Storage limitation.
- Integrity and confidentiality (security)
Data security controls are policies, procedures, and mechanisms organizations use to protect themselves. They limit the of risk of data being lost, stolen, or misused.What are the 3 states of data? ›
Three states of data is a way of categorizing structured and unstructured data. The three states of data are data at rest, data in motion and data in use. Data can change states quickly and frequently, or it may remain in a single state for the entire life cycle of a computer.What are the key principles of security? ›
What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad.What is Level 1 data security? ›
Level 1-(PII) Confidential: Data governed by existing law or statue such as: (PII) Social Security number and name, credit card numbers and cardholder name, driver's license number and name.What is class 4 data? ›
• Restricted (Class 4) - information that is extremely sensitive and is intended. for use only by named individuals within the company. Responsibilities. The security administrator does not 'own' company data.What is considered level 1 data? ›
Level I – Confidential Information: High risk of significant financial loss, legal liability, public distrust or harm if this data is disclosed. correspondence, financial aid, scholarship records, etc.) risk of financial loss, legal liability, public distrust, or harm if this data is disclosed.What are the 7 golden rules of data protection? ›
Necessary, proportionate, relevant, adequate, accurate, timely and secure: Ensure that information you share is necessary for the purpose for which you Page 2 are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (see ...What are the 8 rules of data protection? ›
Lawfulness, fairness, and transparency; ▪ Purpose limitation; ▪ Data minimisation; ▪ Accuracy; ▪ Storage limitation; ▪ Integrity and confidentiality; and ▪ Accountability. These principles are found right at the outset of the GDPR, and inform and permeate all other provisions of that legislation.