A Proposed Model for Build a Secure Restful API to Connect between Server Side and Mobile Application Using Laravel Framework with Flutter Toolkits

Any business these days need a mobile application connected with central database, like E-commerce, E-Learning, Restaurant applications …etc., and in order to create a professional application -connected with backend, Restful API is needed, therefore, choose the best languages, tools and frameworks to build a mobile application in the client side, and Database, API and Dashboard in the backend is crucial. this paper proposed a model to create a Cross-platform mobile application using Flutter Framework with some packages like http to connect with API, (flutter_secure_storage) to store a token and (GetX) for state management and MVC Architectural style, beside using Laravel framework with MySQL database to build an Restful API and the dashboard in the backend, and for make a system for Rules and permissions, Spatie package has been used  with Laravel, as well as use Sanctum for Authentication and Authorization system to protect the APIs with JWT, the result is build a full stack application (frontend and Backend)  called (My Services), which is a kind of Ecommerce application for services only in less than one month

Design of a backend system to integrate health information systems – case study: ministry of health and social services (MoHSS)-Namibia

Information systems are the key to institution organization and decision making. In the health care field, there is a lot of data flow, from the patient demographic information (through the electronic medical records), the patient's medication dispersal methods called pharmaceutical data, laboratory data to hospital organization information such bed allocation. Healthcare information system is a system that manages, store, transmit and display healthcare data. Most of the healthcare data in Namibia are unstructured, there is a heterogeneous environment in which different health information systems are distributed in different departments [1][2]. A lot of data is generated but never used in decision-making due to the fragmentation. The integration of these systems would create a flood of big data into a centralized database. With information technology and new generation networks becoming a called for innovations in every day's operations, the adaptations of accessing big data through information applications and systems in an integrated way will facilitate the performances of practical work in health care. The aim of this dissertation is to find a way in which these vertical Health Information System can be integrated into a unified system. A prototype of a back-end system is used to illustrate how the present healthcare systems that are in place with the Ministry of Health and Social Service facilities in Namibia, can be integrated to promote a more unified system usage. The system uses other prototypes of subsystems that represent the current systems to illustrate how they operate and, in the end, how the integration can improve service delivery in the ministry. The proposed system is expected to benefit the ministry in its daily operations as it enables instant authorized access to data without passing through middlemen. It will improve and preserve data integrity by eliminating multiple handling of data through a single data admission point. With one entry point to the systems, manual work will be reduced hence also reducing cost. Generally, it will ensure efficiency and then increase the quality of service provided

Plantar Overload Diagnostic Support System

Diabetes Mellitus (DM) is a chronic disease that impacts the quality of life of individuals of various age groups, being listed among the 10 leading causes of death in adults. Associated with this disease are diabetic foot ulcers, which cause a reduction in the patient's mobility, quality of life and even amputation of the affected limb. In order to prevent this situation, the study in question aims to develop a mobile application to monitor the patient's gait. The gait data will be collected from a sensorised insole with pressure, temperature, and humidity sensors, with its subsequent analysis and real-time provision of warnings if situations conducive to the formation of a foot ulcer are found. As this insole has not yet been developed, a second mobile application was created to send data replicating several phases of the human gait. In addition, a web application was developed for healthcare professionals, where they can access the patient's personal data as well as various types of statistics associated with their gait, helping the professional to make decisions regarding the improvements that can be made regarding the way the patient performs the gait. All applications were properly tested and proved to be responsive on different devices, environments, and operating system versions. Throughout the development process, it was possible to observe that they will help the healthcare professional to detect more easily patterns in the patient's gait and will alert the patient to the need to change the way he supports the foot, with the provision of information in real time. In order to continue this study, it is hoped in the future to link this system with a clinical record repository, to create a learning algorithm that can use other parameters besides the reading records to create alerts, and finally, it would be useful to develop the application for the IOS operating system.A Diabetes Mellitus (DM) é uma doença crónica que tem impacto na qualidade de vida de indivíduos de vários grupos etários, estando listada entre as 10 principais causas de morte em adultos. Associadas a esta doença, estão as úlceras do pé diabético, que causam uma redução da mobilidade do paciente, da qualidade de vida e até mesmo a amputação do membro afetado. Com o objetivo de prevenir esta situação, o estudo em questão visa desenvolver uma aplicação móvel para monitorizar a marcha do paciente. Os dados da marcha serão recolhidos a partir de uma palmilha sensorizada com sensores de pressão, temperatura e humidade, com a sua posterior análise, e fornecimento, em tempo real, de alertas no caso de serem encontradas situações propícias para a formação de uma úlcera no pé. Como esta palmilha ainda não foi desenvolvida, foi criada uma segunda aplicação móvel para enviar dados que replicam várias fases da marcha humana. Além disso, foi desenvolvida uma aplicação Web para profissionais de saúde, onde podem ter acesso aos dados pessoais do paciente, bem como vários tipos de estatísticas associadas à sua marcha, ajudando o profissional a tomar decisões relativamente às melhorias que podem ser feitas em relação à forma de como o paciente executa a marcha. Todas as aplicações foram devidamente testadas e mostraram-se responsivas em diferentes dispositivos, ambientes e versões de sistema operativo. Ao longo do processo de desenvolvimento, foi possível observar que estas ajudarão o profissional de saúde a detetar mais facilmente padrões na marcha do paciente, e alertarão o mesmo para a necessidade de mudar a forma como apoia o pé, com o fornecimento de informação em tempo real. De forma a dar continuidade a este estudo, espera-se no futuro interligar este sistema com um repositório de registos clínicos, criar um algoritmo de aprendizagem que possa utilizar outros parâmetros para além dos registos de leituras para criar alertas, e, finalmente, seria útil desenvolver a aplicação para o sistema operativo IOS

EHRaS: Electronic Healthcare Record Management for Ad Hoc Settlements

Providing reliable and accurate healthcare to refugees in an ad hoc setting can be challenging for a variety of reasons, and most settlements currently utilize little to no record keeping for patients. EHRaS, our mobile-first electronic healthcare record management system, can provide an inexpensive electronic healthcare record (EHR) solution that is flexible in last-mile applications where infrastructure and technical support is at a minimum. By utilizing NFC technology, novel caching practices, and an extensible interface, our system not only securely identifies patients and authorizes staff to access sensitive medical data, but generally provides a competitive, low-overhead alternative to other open source EHR systems

Phone based heart and lung functions monitor

Tese de Mestrado Integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 201

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real

Wiki-health: from quantified self to self-understanding

Today, healthcare providers are experiencing explosive growth in data, and medical imaging represents a significant portion of that data. Meanwhile, the pervasive use of mobile phones and the rising adoption of sensing devices, enabling people to collect data independently at any time or place is leading to a torrent of sensor data. The scale and richness of the sensor data currently being collected and analysed is rapidly growing. The key challenges that we will be facing are how to effectively manage and make use of this abundance of easily-generated and diverse health data. This thesis investigates the challenges posed by the explosive growth of available healthcare data and proposes a number of potential solutions to the problem. As a result, a big data service platform, named Wiki-Health, is presented to provide a unified solution for collecting, storing, tagging, retrieving, searching and analysing personal health sensor data. Additionally, it allows users to reuse and remix data, along with analysis results and analysis models, to make health-related knowledge discovery more available to individual users on a massive scale. To tackle the challenge of efficiently managing the high volume and diversity of big data, Wiki-Health introduces a hybrid data storage approach capable of storing structured, semi-structured and unstructured sensor data and sensor metadata separately. A multi-tier cloud storage system—CACSS has been developed and serves as a component for the Wiki-Health platform, allowing it to manage the storage of unstructured data and semi-structured data, such as medical imaging files. CACSS has enabled comprehensive features such as global data de-duplication, performance-awareness and data caching services. The design of such a hybrid approach allows Wiki-Health to potentially handle heterogeneous formats of sensor data. To evaluate the proposed approach, we have developed an ECG-based health monitoring service and a virtual sensing service on top of the Wiki-Health platform. The two services demonstrate the feasibility and potential of using the Wiki-Health framework to enable better utilisation and comprehension of the vast amounts of sensor data available from different sources, and both show significant potential for real-world applications.Open Acces

Development of a Web Platform for Surgical Oncologists in Portugal

In an age of enormous access to clinical data and rapid technological development, ensuring that physicians have computational tools to navigate a sea of information and improve health outcomes is vital. A major advance in medical practice is the incorporation of Clinical Decision Support Systems (CDSSs) to assist and support the healthcare team in clinical decision making, thus improving the quality of decisions and overall patient care, while minimizing costs. Postsurgical complications of cancer surgery are hard to predict, although there are several traditional risk scores available. However, there is an urgent need to improve perioperative risk assessment to reduce the growing postoperative burden in the Portuguese population. Understanding the individual risks of performing surgical procedures is essential to customizing preparatory, intervention, and aftercare protocols to minimize post-surgical complications. This knowledge is essential in oncology, given the nature of the interventions, the fragile profile of patients with comorbidities and drug exposure, and the possible recurrence of cancer. This thesis aims to develop an user-friendly web platform to support the collaboration and manage clinical data among oncologists at the Portuguese Institute of Oncology, Porto. The work integrates both a database to register/store the clinical data of cancer patients in a structured format, visualization tools and computational methods to calculate a specific risk score of postoperative outcomes for the Portuguese population. The platform named IPOscore will not only to manage the clinic data but also offer a predictive healthcare system, as an valuable instrument for the oncologists.Numa época de grande acesso a dados e rápido desenvolvimento tecnológico, garantir que os médicos tenham as ferramentas de apoio à decisão clínica para se deslocar em um mar de informação para encontrar o que é mais relevante para as necessidades dos pacientes é vital para otimizar os resultados de saúde. Um grande avanço na prática médica é a incorporação de Sistemas de Apoio à Decisão Clínica (CDSSs) para auxiliar e apoiar a equipe de saúde na tomada de decisão clínica, melhorando assim a qualidade das decisões e o atendimento geral ao paciente, minimizando custos. As complicações pós-operatórias da cirurgia do cancro ainda são difíceis de prever, embora existam muitos scores de risco destinados a fazer tais previsões. Compreender os riscos individuais de realizar procedimentos cirúrgicos é essencial para personalizar os protocolos preparatórios, de intervenção e pós-atendimento para minimizar as complicações pós-cirúrgicas. Esse conhecimento é fundamental em oncologia, dada a natureza das intervenções, o perfil frágil dos pacientes com comorbidades e exposição a drogas e a possível recorrência do cancro. Este trabalho propõe a construção duma plataformaweb de fácil utilização para apoiar a colaboração e dispor uma gestão de dados clínicos entre oncologistas. O trabalho integra uma base de dados para registrar / armazenar os dados clínicos, fisiológicos e biopatológicos de pacientes com cancro num formato estruturado e métodos computacionais para calcular um grau de risco específico de complicações pós-operatórias para a população portuguesa. A plataforma denominada IPOscore servirá para a gestão de dados clinicos, mas também oferecerá um sistema preditivo e preventivo, como uma ferramenta de apoio à decisão médica no contexto clínico diário

Establishing a Home Sensing Platform in the Field of Technological Healthcare

This thesis explores how home sensor platforms can be leveraged in the context of care for chronic conditions. In order to understand the needs of such a system, a platform has been developed and deployed at the Georgia Tech Aware Home to collect data in a research setting for the Emory and Georgia Tech joint Cognitive Empowerment Program. The goal of this program is to develop a personalized approach to the treatment of Mild Cognitive Impairments. This thesis will explore the design of the supporting home technology platform.Undergraduat

Point of Care Healthcare Quality Control for Patients Using Mobile Devices

The advances made in the domain of mobile telecommunications over the last decade offer great potential for developments in many areas. One such area that can benefit from mobile communications is telemedicine, which is the provision of medical assistance, in one form or another, to patients who are geographically separated from the healthcare provider. When a person is ill, individual attention from medical professionals is of the utmost importance until they have returned to full health. However, people who suffer with long term and chronic illnesses may need life long care and often must manage their condition at home. Many chronically ill patients manage their condition themselves and perform ‘self-testing’ with Point of Care Test (POCT) equipment as part of this condition management. When a specimen sample is analysed at home with a POCT device, a result is available to the patient almost immediately, but the result cannot be proven to be plausible for the patient unless it is validated by the hospital systems. In addition to this the hospital is unaware of the patients condition and progress between hospital visits. This research addresses some of the issues and problems that fact patients who use POCT equipment to ‘self-manage’ their condition at home. Using mobile phone technologies and the Java platform, three alternative methods for providing patients with a service of POCT result validation and storage was designed. The implementation and test of these systems, proves that a mobile phone solution to the issues associated with patient self-testing is possible and can greatly contribute to the quality of patient care