-------- Original-Nachricht -------- Betreff: [isworld] CFC: Certification and Security in Health-Related Web Applications Datum: Tue, 31 Mar 2009 07:51:13 -0500 Von: Iraklis Varlamis varlamis@gmail.com Antwort an: Iraklis Varlamis varlamis@gmail.com An: AISWORLD Information Systems World Network isworld@lyris.isworld.org

CALL FOR CHAPTERS Proposals Submission Deadline: 5/1/2009 Full Chapters Due: 7/1/2009 Certification and Security in Health-Related Web Applications: Concepts and Solutions A book edited by Dr. Ioannis Apostolakis, National School of Public Health, Dept. of Health Economics, Greece Mr. Anargyros Chryssanthou, MSc, Data Protection Authority, Auditors Department, Greece Dr. Iraklis Varlamis, Harokopio University of Athens, Dept. of Informatics & Telematics, Greece Introduction The main issue of concern in health-related applications is the protection of medical data. A patient?s profile data is deemed as sensitive data and is protected by data protection laws. Medical data needs to be accessible only by authorized people. It needs to remain confidential, maintain its? integrity, and be available to authorized people upon request. In the classic model of CIA, this perspective publication seeks to integrate two new aspects of security, authorization, and non-repudiation.

In the case of health related web applications, medical information that is transferred across the network should be encrypted, secured, and protected. Additionally, to secure the exchanging endpoints we need to accurately verify the real identity of the exchanging parties, in order to prevent cases of identity theft. Any transfer of medical data also needs to be audited properly, in order for the administrators responsible or the authorities to be able to connect any faulty transaction with the exchanging parties and attribute responsibilities. Processes need to be established to be able to certify each transacting party, each transfer, and the associated level of security. Certification, in terms of security, refers to the compliance to suitable standards and regulations ranging from the ISO 27001:2005 standard to HIPAA and data protection laws. Certification in health-related web applications springs from the need to verify the accurate, impervious, and protected exchange! of medical data.

Objective of the Book This book will aim to provide relevant theoretical frameworks and the latest empirical research findings in the area. It is expected to increase interaction between members of the medical community, IT professionals, and all other interested parties. It is also expected to review the certification and security procedures through collaboration, to identify open threats and emerging needs, and to provide solutions. With this book, we intend to provide a valuable tool for every professional intending to develop, support or participate in a health related application over the internet. The chapters that will be published are expected to cover as many security and certification issues as possible and provide practical solutions and case study applications. This publication aims to become the initial reference book, the gateway, which can lead to potential solutions for issues that lurk in the background.

Target Audience The target audience of this book will be composed of professionals and researchers that employ, study, design, and implement health related web applications. Students of management of healthcare systems and healthcare managers in general will use this book as a companion that helps them avoid design pitfalls and a walkthrough towards building trustful medical communities. Security professionals working in medical institutions will be able to identify compliance requirements and implement the proper measures to achieve an adequate level of security for medical data and certification, either by certification bodies or by data protection authorities.

Recommended topics include, but are not limited to, the following: Confidentiality, Integrity, Availability in health related web applications Risk analysis in health related web applications Medical computer networks and security management Applying ISO standards (ISO 27001:2005, ISO 17999:2005) in healthcare environments Compliance in health related web applications Health related web applications and data protection laws Trust in healthcare communities Certification in medical applications

Submission Procedure Researchers and practitioners are invited to submit on or before May 1, 2009, a 2-3 page chapter proposal clearly explaining the mission and concerns of his or her proposed chapter. Authors of accepted proposals will be notified by June 1, 2009 about the status of their proposals and sent chapter guidelines. Full chapters are expected to be submitted by July 1, 2009. All submitted chapters will be reviewed on a double-blind review basis.

Publisher This book is scheduled to be published by IGI Global (formerly Idea Group Inc.), publisher of the ?Information Science Reference? (formerly Idea Group Reference), ?Medical Information Science Reference,? and ?IGI Publishing? imprints. For additional information regarding the publisher, please visit http://www.igi-global.com. This publication is anticipated to be released in 2010. Additional information regarding this publication can also be found at http://wim.aueb.gr/iraklis/igibook/.

Important Dates May 1, 2009: Proposal Submission Deadline June 1, 2009: Notification of Proposal Acceptance July 1, 2009: Full Chapter Submission October 1, 2009: Notification of Full Chapter Acceptance January 1, 2009: Final Chapter Submission March 15, 2010: Final Deadline

Editorial Advisory Board Members Prof. Arie Hasman, University of Amsterdam, Dept. of Medical Informatics, The Netherlands Prof. Sokratis Katsikas, University of Piraeus, Dept. of Technology Education and Digital Systems, Greece Assistant Prof. Spyros Kokolakis, University of Aegean, Dept. of Information & Communication Systems Engineering, Greece Assistant Prof. Ilias Maglogiannis, University of Central Greece, Dept. of Computer Science and Biomedical Informatics, Greece Assistant Prof. Panagiotis Bamidis, Medical Education Informatics, Medical School, Aristotle University of Thessaloniki Lecturer Athina Lazakidou, University of Peloponnese, Dept. of Nursing, Greece Lecturer Panagiotis Nastou, University of Aegean, Dept. of Mathematics, Greece Dr. Panagiotis Rizomiliotis, University of Aegean, Dept. of Information and Communication Systems Engineering, Greece Dr. Maria Katharaki, Dept. of Economic Science, National & Kapodistrian University of Athens, Greece Dr. Anastasia Kastania, Athens University of Economics and Business, Dept. of Computer Science, Greece

Inquiries and submissions can be forwarded electronically (Word document) or by mail to:

Mr. Iraklis Varlamis Harokopio University of Athens, Department of Informatics and Telematics Tel: +302109549295 Fax: +302109549281 E-mail: varlamis@gmail.com, achryssanthou@gmail.com

The AISWorld LISTSERV is a service of the Association for Information Systems (http://www.aisnet.org). To unsubscribe, redirect, or change subscription options please go to http://lyris.isworld.org/. You are subscribed to AISworld as: neumann@wu-wien.ac.at. Each Sender assumes responsibility that his or her message conforms to the AISWorld LISTSERV policy and conditions of use available at http://lyris.isworld.org/isworldlist.htm.