Table 3 Security services in teledentistry
Main-theme | Sub-theme | Description of security services |
|---|---|---|
Confidentiality | Patient de-identification | - Photography only inside the mouth excluding the face [54] |
- Sending images without any form of identification or clinical information [8] | ||
- verbal disclosure of personal information only during video calls, being solely recorded in physical health records [8] | ||
Patient Data Encryption | - Encryption of the image and text document with series numbers to avoid patient ID [29,30,31] | |
- Encryption of transferred data in teledentistry networks [16] | ||
- keep user passwords in encrypted text in database tables; and decrypt passwords in real time using an RD5 algorithm [16] | ||
- Using Digital certificates includes public key, and other cryptographic information [16] | ||
HIPAA confidentiality requirements | - Considering HIPAA confidentiality requirements [16] | |
Patient confidentiality of software | - Patient confidentiality is critical when selecting video communication software [36] | |
Patient record confidentiality | - Consider computer hosting and clinical facilities as confidential electronic records [16] | |
Authentication | Username and password | - Photo uploading to a password-secure Dropbox folder [29] |
- User identification using multiple identifiers such as demographics, telephone number, and ID cards [19] | ||
- User name and password protection [16] | ||
- Move patients to a password-protected virtual waiting room until the clinician is prepared to admit them to the meeting [17] | ||
- All users must register before use and everyone must have a unique username and password to connect to the system [45] | ||
- Use the user ID and password to login to the system and open a new teleconsultation request [48] | ||
- Access information from a custom-made website through secure login [45] | ||
Digital certificate | - Use certificates for health care providers on the intranet system, including log-in screens with unique identifiers and passwords [16] | |
- The Digital certificates serve to verify that the participants are authentic [16] | ||
- Digital certificates must be changed periodically [16] | ||
Server authentication | - Authentication of the server by means of the Microsoft/Microsoft Transaction Server security system with access available through secure back door ports such as SFTP and direct web script technologies [16] | |
Privacy | HIPAA regulation | - Considering HIPAA privacy regulations for All members of a health care team and the teledentistry network [16] |
- consider an advanced computing facility for housing the databases of electronic dental records and teledentistry [16] | ||
- privacy requirements must also be respected [12] | ||
Data protection and privacy | - Using GDPR approvals in information processing [24] | |
Integrity | Using protocol | - Using a restricted secure file transfer protocol (SFTP) [16] |
Digital certificates | - Using digital certificates in TLS to prevent eavesdroppers from monitoring data transfers [16] | |
- User's digital signature [16] | ||
Data screen | - Screen data for completeness, consistency, and any irregularity by security filters[16] | |
Access control | role-based access control | - Access to the system for healthcare providers based on their role and a unique username and password. Security password tables are not available to public or clinical system administrators [16] |
Availability | Using offline mode | - Saving data in offline mode when the internet is disrupted and uploading data automatically to the server when an internet connection is available [45] |
Backup | - Maintain medical records in the database on the mail server and in the scanned medical records system [50] | |
- Print and file paper copies of the Patient Initial Electronic Report and Consultant Response in the Patient Notes at the Assessment Clinic, if system error occurs [14] | ||
Device and media security controls | Physical security | - Delete photo from the smartphone after uploading it to Dropbox [29] |
firewalls | - Providing security through firewalls for dental records to be stored in an electronic database [16] | |
filtering | - Router filtering [16] | |
Secure internet | - Using the HPSS net, a secure version of the Internet [14] | |
TLS, SSL | - Once on the intranet, create a Transaction Layer Security [TLS] or Secure Socket Layer (SSL) connection between each clinic and the host server in order to prevent external system hacking [16] | |
Secure application | - An Internet-based consulting system requires a secure Internet-based application [50] | |
- Security is paramount when choosing the Video Communications software [36] |