64 research outputs found

    Storing encrypted patient data in a public cloud

    Get PDF
    The Finnish laws on individual’s data security as well as The General Data Protec- tion Regulation (EU) (GDPR) are legislations requiring caution from an organiza- tion handling private data. A healthcare organization is required to exercise extreme caution when handling health data as the GDPR considers individual’s health data ”a special category of personal data”, as it is sensitive by nature. Public cloud providers such as Google Cloud Platform promise to make developing and hosting web applications simpler. However trusting a third party such as Google with individual’s health data increases the requirements for security. The developer may want to implement additional security measures on top of those provided by default by the cloud provider. Modern cryptographic algorithms use keys to encrypt and decrypt data. However, storing the keys in a secure and performant way is no simple task. This thesis includes an implementation of a server application built to mimic a real world application for handling patient data. The application is built with TypeScript and hosted in Google Cloud Platform’s services. The application is used to analyze the added complexity and performance deficit of implementing strong encryption. The complexity and performance differences with the application in encrypted mode are notable. However, a lot of the complexity can be mitigated with good design. No complex cryptographic algorithms have to be understood by the developer to be able to implement strong encryption. Existing tools and libraries handle most of the work

    Comparative study of healthcare messaging standards for interoperability in ehealth systems

    Get PDF
    Advances in the information and communication technology have created the field of "health informatics," which amalgamates healthcare, information technology and business. The use of information systems in healthcare organisations dates back to 1960s, however the use of technology for healthcare records, referred to as Electronic Medical Records (EMR), management has surged since 1990’s (Net-Health, 2017) due to advancements the internet and web technologies. Electronic Medical Records (EMR) and sometimes referred to as Personal Health Record (PHR) contains the patient’s medical history, allergy information, immunisation status, medication, radiology images and other medically related billing information that is relevant. There are a number of benefits for healthcare industry when sharing these data recorded in EMR and PHR systems between medical institutions (AbuKhousa et al., 2012). These benefits include convenience for patients and clinicians, cost-effective healthcare solutions, high quality of care, resolving the resource shortage and collecting a large volume of data for research and educational needs. My Health Record (MyHR) is a major project funded by the Australian government, which aims to have all data relating to health of the Australian population stored in digital format, allowing clinicians to have access to patient data at the point of care. Prior to 2015, MyHR was known as Personally Controlled Electronic Health Record (PCEHR). Though the Australian government took consistent initiatives there is a significant delay (Pearce and Haikerwal, 2010) in implementing eHealth projects and related services. While this delay is caused by many factors, interoperability is identified as the main problem (Benson and Grieve, 2016c) which is resisting this project delivery. To discover the current interoperability challenges in the Australian healthcare industry, this comparative study is conducted on Health Level 7 (HL7) messaging models such as HL7 V2, V3 and FHIR (Fast Healthcare Interoperability Resources). In this study, interoperability, security and privacy are main elements compared. In addition, a case study conducted in the NSW Hospitals to understand the popularity in usage of health messaging standards was utilised to understand the extent of use of messaging standards in healthcare sector. Predominantly, the project used the comparative study method on different HL7 (Health Level Seven) messages and derived the right messaging standard which is suitable to cover the interoperability, security and privacy requirements of electronic health record. The issues related to practical implementations, change over and training requirements for healthcare professionals are also discussed

    European lipodystrophy registry: Background and structure

    Get PDF
    Background: Lipodystrophy syndromes comprise a group of extremely rare and heterogeneous diseases characterized by a selective loss of adipose tissue in the absence of nutritional deprivation or catabolic state. Because of the rarity of each lipodystrophy subform, research in this area is difficult and international co-operation mandatory. Therefore, in 2016, the European Consortium of Lipodystrophies (ECLip) decided to create a registry for patients with lipodystrophy. Results: The registry was build using the information technology Open Source Registry System for Rare Diseases in the EU (OSSE), an open-source software and toolbox. Lipodystrophy specific data forms were developed based on current knowledge of typical signs and symptoms of lipodystrophy. The platform complies with the new General Data Protection Regulation (EU) 2016/679 by ensuring patient pseudonymization, informational separation of powers, secure data storage and security of communication, user authentication, person specific access to data, and recording of access granted to any data. Inclusion criteria are all patients with any form of lipodystrophy (with the exception of HIV-associated lipodystrophy). So far 246 patients from nine centres (Amsterdam, Bologna, Izmir, Leipzig, M\ufcnster, Moscow, Pisa, Santiago de Compostela, Ulm) have been recruited. With the help from the six centres on the brink of recruitment (Cambridge, Lille, Nicosia, Paris, Porto, Rome) this number is expected to double within the next one or 2 years. Conclusions: A European registry for all patients with lipodystrophy will provide a platform for improved research in the area of lipodystrophy. All physicians from Europe and neighbouring countries caring for patients with lipodystrophy are invited to participate in the ECLip Registry. Study registration: ClinicalTrials.gov (NCT03553420). Registered 14 March 2018, retrospectively registered

    Security, privacy, and legislation adherence assessment of a whistleblowing web application

    Get PDF
    In recent years, web applications have become increasingly more complex as they are required to have more features than ever before. The need for more features comes from both the service providers as well as the end-users, since competition on the Software as a Service (SaaS) market can be fierce. The ever-growing complexity and feature richness of web applications have in turn also increased their attack surface, predisposing them to new threats and vulnerabilities. The evolving web applications have also developed new methods of gathering personal data from its users. User information privacy has become a hot topic of discussion in the past decade, which has led to privacy legislation being enacted in different regions of the world. In 2019, the European Parliament enacted Directive (EU) 2019/1937 into the European law, which is also known as the Whistleblower Directive. The Directive's goal is to establish rules and procedures to protect individuals who report information they have acquired in a work-related context on breaches of EU law in key policy areas. The Directive requires qualifying organizations and municipalities to set up reporting channels that whistleblowers can use to anonymously report these breaches. The commissioner of this thesis, BeanBakers Ltd, has developed a web application called Vihjaa that is meant to be used by organizations and municipalities as an internal reporting channel that complies with the requirements set for the application by the Directive. The main objectives of this thesis were to identify the requirements set for Vihjaa by EU law and then to conduct security, privacy, and legislation adherence assessments on Vihjaa to gain a deeper understanding of its current status. Furthermore, the procedures and methodology used during the assessments can be used as a framework for future works, which assess the states of other web applications. Our assessment found that Vihjaa's state of security, privacy, and legislation adherence are mostly in a good standing, but there were multiple issues identified that should be addressed. Most of the identified issues were of low severity, for instance, lacking a privacy policy document, missing a incident response plan, and out-dated dependencies. In this thesis, we present the developed framework that can be used to assess web applications of this nature, the results of our assessments, and a ranking of data items collected by a web application based on how critical they are for the process of identifying a specific user

    Multi-Dimensional-Personalization in mobile contexts

    Get PDF
    During the dot com era the word "personalisation” was a hot buzzword. With the fall of the dot com companies the topic has lost momentum. As the killer application for UMTS or the mobile internet has yet to be identified, the concept of Multi-Dimensional-Personalisation (MDP) could be a candidate. Using this approach, a recommendation of mobile advertisement or marketing (i.e., recommendations or notifications), online content, as well as offline events, can be offered to the user based on their known interests and current location. Instead of having to request or pull this information, the new service concept would proactively provide the information and services – with the consequence that the right information or service could therefore be offered at the right place, at the right time. The growing availability of "Location-based Services“ for mobile phones is a new target for the use of personalisation. "Location-based Services“ are information, for example, about restaurants, hotels or shopping malls with offers which are in close range / short distance to the user. The lack of acceptance for such services in the past is based on the fact that early implementations required the user to pull the information from the service provider. A more promising approach is to actively push information to the user. This information must be from interest to the user and has to reach the user at the right time and at the right place. This raises new requirements on personalisation which will go far beyond present requirements. It will reach out from personalisation based only on the interest of the user. Besides the interest, the enhanced personalisation has to cover the location and movement patterns, the usage and the past, present and future schedule of the user. This new personalisation paradigm has to protect the user’s privacy so that an approach supporting anonymous recommendations through an extended "Chinese Wall“ will be described

    Internet of Things as a Service (iTaaS): challenges and solutions for management of sensor data on the Cloud and the Fog

    Get PDF
    Building upon cloud, IoT and smart sensors technologies we design and de- velop an IoT as a Service (iTaaS) framework, that transforms a user device (e.g. a smart phone) to an IoT gateway that allows for fast and efficient data streams transmission to the cloud. We develop a two-fold solution, based on micro-services for the IoT (users’ smart devices) and the cloud side (back-end services). iTaaS includes configurations for (a) the IoT side to support data collection from IoT devices to a gateway on a real time basis and, (b) the cloud back-end side to support data sharing, storage and processing. iTaaS provides the technology foreground to enable immediate application deployments in the domain of interest. An obvious and promising implementation of this technology is e-Health and remote health monitoring. As a proof of concept we implement a real time remote patient monitoring system that integrates the proposed frame- work and uses BLE pulse oximeter and heart rate monitoring sensing devices. The experimental analysis shows fast data collection, as (for our experimental setup) data is transmitted from the IoT side (i.e. the gateway) to the cloud in less than 130ms. We also stress the back-end system with high user concurrency (for example with 40 users per second) and high data streams (for example 240 data records per second) and we show that the requests are executed at around 1 second, a number that signifies a satisfactory performance by considering the number of requests, the network latency and the relatively small size of the Virtual Machines implementing services on the cloud (2GB RAM, 1 CPU and 20GB hard disk size)
    • …
    corecore