A secure personal health record repository

Due to strict regulatory, ethic and legal issues, Electronic Health Record (EHR) systems have been mainly deployed in federated health care scenarios. This situation has been hindering the wide adoption of EHRs, contributing to delaying the establishment of a competitive market where contributions from different providers could take full advantage of information exchange and regular practitioners’ collaboration. Moreover, with the increasing awareness of medical subjects, patients are demanding more control over their own personal data - Personal Health Record (PHR). This paper presents a secure PHR repository which access is controlled through the joint use of a Virtual Health Card Service (VHCS) and an access Broker. This solution can be deployed in any public or private storage service since it behaves as a sandbox system which access policy is defined externally. To assure a friendly query-retrieve interaction the whole repository is indexed, and separated clinical events are kept independently to increase the efficiency of cipher and encipher algorithms

Privacy provision in eHealth using external services

Privacy provision is a key issue for successful secure access to patients’ health information. Current approaches do not always provide patients with the ability to define suitable rules to access to their information in a secure way. This paper presents an approach to give patients control over their information by means of external services. In this way, health information management and access control are kept independent and more secure.Postprint (published version

Integration of Patient Health Portals into the German Healthcare Telematics Infrastructure

In this paper we describe a generic model of a patient health portal, which is suitable to implement patient access to the evolving German healthcare telematics infrastructure. The portal uses the telematics as a communication infrastructure to ensure the concise and secure exchange of medical data between professional medical personnel and patients. We aim at providing patients an application platform model for using and enhancing their data by processing or extending them with medical services offered via the internet or with local medical appliances. We show that a) specific functionalities (such as data import/export from/to the telematics) for patient health portals can be derived from the legal foundation in the German law b) the portal is conceptually suited to provide a link between the public health information infrastructure and other (maybe commercial) applications in the e-health environment via Personal Health Records (PHR) and c) patients’ rights can be mapped with a common data model

Towards an EHR architecture for mobile citizens

Electronic Health Records are typically created and stored in different places, by different healthcare providers, using different formats and technology. This poses an obstacle to patient mobility and contributes to scatter personal health related information. Patients constantly move between healthcare providers, searching for a better service, lower prices or specialists. It is important that healthcare professionals, regardless of technology and location, have access to the complete patient health record. The access to this personal health record can be granted through a network (web-based, for example) or can be carried by the patient, in a usb drive, for example. Either approach has to enforce the patient consent to access his information, cope with different types of EHR systems and formats. This paper is an ongoing research, part of a PhD on Electronic Health Records for Mobile Citizens.Universidade de Aveiro - DETI / IEET

Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

On the use of OpenEHR in a portable PHR

Quality medical acts rely on patient medical information. With paper records, the responsibility of gathering the disparate information and making it available to the caregivers, falls exclusively upon the patient. This still is, to great extent, the case with electronic health documents. The consensus is that the advantages of patient involvement in his own health are numerous. With the advent of recent technologies and their deployment in healthcare, new ways of involving the patient and making him an active part of his own health are possible. Electronic Health Records (EHR) and specially Personal Health Records (PHR) are important tools for patient empowerment but data population and management through non-intuitive structured forms is time consuming, takes a great amount of effort, and can be deterring specially for people that are not very computer-oriented. PHRs can be simple and scalable applications that the patient uses to get started and afterwards evolve towards complexity. In any case, compliance with standards must be accomplished. In this paper we present a PHR simple to use, implemented on a USB Flash pen for mobility, and compliant with the openEHR specification. Our model builds on openEHR and adds security and privacy features, allows patient data management and can work as an information repository

Modelling a portable personal health record

Active and responsible involvement of patients in their own health is accepted as an important contribution towards an increased quality of health services in general. Management of Personal Health Information by the patient can play an important role in the improvement in quality of the information available to health care professionals and as a means of patient involvement. Electronic Health Records are a means of storing this kind of information but their management usually falls under the responsibility of an institution and not on the patient himself. A Personal Health Record under the direct control and management of the patient is the natural solution for the problem. When implemented in a storage hardware portable device, a PHR, allows for total mobility. Personal Health Information is very sensitive in nature so any implementation has to address security and privacy issues. With this in mind we propose a structure for a secure Patient Health Record stored in a USB pen device under the patient’s direct management and responsibility

The Fast Health Interoperability Resources (FHIR) standard and homecare, a scoping review

The scoping review reported by this article aimed to analyze the state of the art of the use of Fast Health Interoperability Resources (FHIR) in the development of homecare applications and was informed by the following research questions: (i) what type of homecare applications benefit from the use of FHIR?; (ii) what FHIR resources are being implemented?; (iii) what publicly available development tools are being used?; and (iv) how privacy and security issues are being addressed? An electronic search was conducted, and 27 studies were included in the scoping review after the selection process. The results show a current interest in using FHIR to implement: i) applications to provide interoperable measurement devices for home monitoring; (ii) applications to remotely collected Patient Reported Outcome Measures (PROM); (iii) Personal Health Records (PHR); and (iv) specific applications for self-management. According to the results, the FHIR resources being implemented are quite diverse and contribute for the challenge of handling the variability caused by diverse healthcare processes. However, the use of publicly available development tools (e.g., SMART on FHIR or HAPI) is not yet generalized. Moreover, just a small number of studies reported the validation of the implemented resources using publicly available FHIR validators. Finally, in terms of privacy and security issues, different approaches were identified: authentication and authorizations mechanisms, end-to-end encrypted messaging mechanisms, and decentralized management and audit trail based on blockchain technologies.publishe

Safeguarding health data with enhanced accountability and patient awareness

Several factors are driving the transition from paper-based health records to electronic health record systems. In the United States, the adoption rate of electronic health record systems significantly increased after "Meaningful Use" incentive program was started in 2009. While increased use of electronic health record systems could improve the efficiency and quality of healthcare services, it can also lead to a number of security and privacy issues, such as identity theft and healthcare fraud. Such incidents could have negative impact on trustworthiness of electronic health record technology itself and thereby could limit its benefits. In this dissertation, we tackle three challenges that we believe are important to improve the security and privacy in electronic health record systems. Our approach is based on an analysis of real-world incidents, namely theft and misuse of patient identity, unauthorized usage and update of electronic health records, and threats from insiders in healthcare organizations. Our contributions include design and development of a user-centric monitoring agent system that works on behalf of a patient (i.e., an end user) and securely monitors usage of the patient's identity credentials as well as access to her electronic health records. Such a monitoring agent can enhance patient's awareness and control and improve accountability for health records even in a distributed, multi-domain environment, which is typical in an e-healthcare setting. This will reduce the risk and loss caused by misuse of stolen data. In addition to the solution from a patient's perspective, we also propose a secure system architecture that can be used in healthcare organizations to enable robust auditing and management over client devices. This helps us further enhance patients' confidence in secure use of their health data.PhDCommittee Chair: Mustaque Ahamad; Committee Member: Douglas M. Blough; Committee Member: Ling Liu; Committee Member: Mark Braunstein; Committee Member: Wenke Le