NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

DESIGN AND EXPLORATION OF NEW MODELS FOR SECURITY AND PRIVACY-SENSITIVE COLLABORATION SYSTEMS

Collaboration has been an area of interest in many domains including education, research, healthcare supply chain, Internet of things, and music etc. It enhances problem solving through expertise sharing, ideas sharing, learning and resource sharing, and improved decision making. To address the limitations in the existing literature, this dissertation presents a design science artifact and a conceptual model for collaborative environment. The first artifact is a blockchain based collaborative information exchange system that utilizes blockchain technology and semi-automated ontology mappings to enable secure and interoperable health information exchange among different health care institutions. The conceptual model proposed in this dissertation explores the factors that influences professionals continued use of video- conferencing applications. The conceptual model investigates the role the perceived risks and benefits play in influencing professionals’ attitude towards VC apps and consequently its active and automatic use

An access control model for a South African National Electronic Health Record System

Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review

Transactions of the First International Conference on Health Information Technology Advancement vol. 1, no. 1

Full proceedings of The First International Conference on Health Information Technology Advancement held at Western Michigan University in Kalamazoo, Michigan on October 28, 2011. Conference Co-Chairs: Dr. Bernard Han, Director of the Center for HIT Advancement (CHITA) at Western Michigan University Dr. Sharie Falan, Associate Director of the Center for HIT Advancement (CHITA) at Western Michigan University Transactions Editor: Dr. Huei Lee, Professor in the Department of Computer Information Systems at Eastern Michigan Universit

Digital Transformation and Public Services

Through a series of studies, the overarching aim of this book is to investigate if and how the digitalization/digital transformation process affects various welfare services provided by the public sector, and the ensuing implications thereof. Ultimately, this book seeks to understand if it is conceivable for digital advancement to result in the creation of private/non-governmental alternatives to welfare services, possibly in a manner that transcends national boundaries. This study also investigates the possible ramifications of technological development for the public sector and the Western welfare society at large. This book takes its point of departure from the 2016 Organization for Economic Co-operation and Development (OECD) report that targets specific public service areas in which government needs to adopt new strategies not to fall behind. Specifically, this report emphasizes the focus on digitalization of health care/social care, education, and protection services, including the use of assistive technologies referred to as "digital welfare." Hence, this book explores the factors potentially leading to whether state actors could be overrun by other non-governmental actors, disrupting the current status quo of welfare services. The book seeks to provide an innovative, enriching, and controversial take on society at large and how various aspects of the public sector can be, and are, affected by the ongoing digitalization process in a way that is not covered by extant literature on the market. This book takes its point of departure in Sweden given the fact that Sweden is one of the most digitalized countries in Europe, according to the Digital Economy and Society Index (DESI), making it a pertinent research case. However, as digitalization transcends national borders, large parts of the subject matter take on an international angle. This includes cases from several other countries around Europe as well as the United States

Usability analysis of contending electronic health record systems

In this paper, we report measured usability of two leading EHR systems during procurement. A total of 18 users participated in paired-usability testing of three scenarios: ordering and managing medications by an outpatient physician, medicine administration by an inpatient nurse and scheduling of appointments by nursing staff. Data for audio, screen capture, satisfaction rating, task success and errors made was collected during testing. We found a clear difference between the systems for percentage of successfully completed tasks, two different satisfaction measures and perceived learnability when looking at the results over all scenarios. We conclude that usability should be evaluated during procurement and the difference in usability between systems could be revealed even with fewer measures than were used in our study. © 2019 American Psychological Association Inc. All rights reserved.Peer reviewe

Incorporating standardised drift-tube ion mobility to enhance non-targeted assessment of the wine metabolome (LC×IM-MS)

Liquid chromatography with drift-tube ion mobility spectrometry-mass spectrometry (LCxIM-MS) is emerging as a powerful addition to existing LC-MS workflows for addressing a diverse range of metabolomics-related questions [1,2]. Importantly, excellent precision under repeatability and reproducibility conditions of drift-tube IM separations [3] supports the development of non-targeted approaches for complex metabolome assessment such as wine characterisation [4]. In this work, fundamentals of this new analytical metabolomics approach are introduced and application to the analysis of 90 authentic red and white wine samples originating from Macedonia is presented. Following measurements, intersample alignment of metabolites using non-targeted extraction and three-dimensional alignment of molecular features (retention time, collision cross section, and high-resolution mass spectra) provides confidence for metabolite identity confirmation. Applying a fingerprinting metabolomics workflow allows statistical assessment of the influence of geographic region, variety, and age. This approach is a state-of-the-art tool to assess wine chemodiversity and is particularly beneficial for the discovery of wine biomarkers and establishing product authenticity based on development of fingerprint libraries

Computational Methods for Medical and Cyber Security

Over the past decade, computational methods, including machine learning (ML) and deep learning (DL), have been exponentially growing in their development of solutions in various domains, especially medicine, cybersecurity, finance, and education. While these applications of machine learning algorithms have been proven beneficial in various fields, many shortcomings have also been highlighted, such as the lack of benchmark datasets, the inability to learn from small datasets, the cost of architecture, adversarial attacks, and imbalanced datasets. On the other hand, new and emerging algorithms, such as deep learning, one-shot learning, continuous learning, and generative adversarial networks, have successfully solved various tasks in these fields. Therefore, applying these new methods to life-critical missions is crucial, as is measuring these less-traditional algorithms' success when used in these fields

An Empirical Analysis of Security and Privacy in Health and Medical Systems

Healthcare reform, regulation, and adoption of technology such as wearables are substantially changing both the quality of care and how we receive it. For example, health and fitness devices contain sensors that collect data, wireless interfaces to transmit data, and cloud infrastructures to aggregate, analyze, and share data. FDA-defined class III devices such as pacemakers will soon share these capabilities. While technological growth in health care is clearly beneficial, it also brings new security and privacy challenges for systems, users, and regulators. We group these concepts under health and medical systems to connect and emphasize their importance to healthcare. Challenges include how to keep user health data private, how to limit and protect access to data, and how to securely store and transmit data while maintaining interoperability with other systems. The most critical challenge unique to healthcare is how to balance security and privacy with safety and utility concerns. Specifically, a life-critical medical device must fail-open (i.e., work regardless) in the event of an active threat or attack. This dissertation examines some of these challenges and introduces new systems that not only improve security and privacy but also enhance workflow and usability. Usability is important in this context because a secure system that inhibits workflow is often improperly used or circumvented. We present this concern and our solution in its respective chapter. Each chapter of this dissertation presents a unique challenge, or unanswered question, and solution based on empirical analysis. We present a survey of related work in embedded health and medical systems. The academic and regulatory communities greatly scrutinize the security and privacy of these devices because of their primary function of providing critical care. What we find is that securing embedded health and medical systems is hard, done incorrectly, and is analogous to non-embedded health and medical systems such as hospital servers, terminals, and personally owned mobile devices. A policy called bring your own device (BYOD) allows the use and integration of mobile devices in the workplace. We perform an analysis of Apple iMessage which both implicates BYOD in healthcare and secure messaging protocols used by health and medical systems. We analyze direct memory access engines, a special-purpose piece of hardware to transfer data into and out of main memory, and show that we can chain together memory transfers to perform arbitrary computation. This result potentially affects all computing systems used for healthcare. We also examine HTML5 web workers as they provide stealthy computation and covert communication. This finding is relevant to web applications such as personal and electronic health record portals. We design and implement two novel and secure health and medical systems. One is a wearable device that addresses the problem of authenticating a user (e.g., physician) to a terminal in a usable way. The other is a light-weight and low-cost wireless device we call Beacon+. This device extends the design of Apple's iBeacon specification with unspoofable, temporal, and authenticated advertisements; of which, enables secure location sensing applications that could improve numerous healthcare processes