A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique

A standard-driven communication protocol for disconnected clinics in rural areas

The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

Developing a Framework for Creating mHealth Surveys

Various issues in the design of surveys for mobile health (mHealth) research projects yet exist. As mHealth solutions become more popular, new issues are brought into consideration. Researchers need to collect some critical information from participants in these mHealth studies. These mHealth studies require a specialized framework to create surveys, track progress and analyze user data. In these procedures, mHealth’s needs differ from other studies. Therefore, there has to be a new framework that satisfies needs of mHealth research studies. Although there are studies for creating efficient, robust and user-friendly surveys, there is no solution or study, which is specialized in mHealth area and solves specific problems of mHealth research studies. mHealth research studies sometimes require real-time access to user data. Reward systems may play a key role in their study. Most importantly, storing user information securely plays a key role in these studies. There is no such solution or study, which covers all these areas. In this thesis, we present guidelines for developing a framework for creating mHealth surveys. In doing this, we hope that we propose a solution for problems of creating and using of surveys in mHealth studies

Authorization and access control of application data in Workflow systems

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements

Evaluating empowerment and control of HE e-learning in a secure environment

With the increased spread of HE distance learning into a wide variety of contexts it is important for us to understand the factors involved in its successful deployment for students. E-learning has a great potential to support effective and empowering HE distance learning (Wilson, 2007; Adams, 2005; Hughes, 2005). However, within two secure environments, prisons and health service, the factors involved are complex. This paper reviews HE e-learning technology perceptions within these two contrasting contexts from 225 students' and stakeholders' perspectives. Previous research has detailed literature limitations on obtaining students' perspectives of e-learning (Conole et al, 2006). These limitations are compounded when other stakeholder perceptions are not integrated (Sun et al, 2007; Adams et al, 2005; Millen at al, 2002). This paper developed and applied an e-learning framework for student and stakeholder perceptions. This social psychological framework, is based on previous practice based e-learning studies and is used here to synthesise two large-scale case studies. The framework focuses on three concepts learner Access (e.g. learning design, technology design, physical access), Awareness (e.g. of resources, their usage and support for e-learning tasks) and Acceptability (e.g. trust, privacy, aesthetics, engagement). Students' and stakeholders' perceptions identified high levels of students' empowerment through e-learning whilst still requiring a further pedagogical tailoring and an awareness of support. However, serious problems within these contexts have identified blocks to e-learning through stakeholders perceptions and fears of acceptability (i.e. issues of risk and trust). Ultimately, through understanding competing perceptions and needs within these complex environments we can support the effective technological development, pedagogical design and deployment of e-learning systems