Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

Privacy-preserving collaboration in an integrated social environment

Privacy and security of data have been a critical concern at the state, organization and individual levels since times immemorial. New and innovative methods for data storage, retrieval and analysis have given rise to greater challenges on these fronts. Online social networks (OSNs) are at the forefront of individual privacy concerns due to their ubiquity, popularity and possession of a large collection of users' personal data. These OSNs use recommender systems along with their integration partners (IPs) for offering an enriching user experience and growth. However, the recommender systems provided by these OSNs inadvertently leak private user information. In this work, we develop solutions targeted at addressing existing, real-world privacy issues for recommender systems that are deployed across multiple OSNs. Specifically, we identify the various ways through which privacy leaks can occur in a friend recommendation system (FRS), and propose a comprehensive solution that integrates both Differential Privacy and Secure Multi-Party Computation (MPC) to provide a holistic privacy guarantee. We model a privacy-preserving similarity computation framework and library named Lucene-P2. It includes the efficient privacy-preserving Latent Semantic Indexing (LSI) extension. OSNs can use the Lucene-P2 framework to evaluate similarity scores for their private inputs without sharing them. Security proofs are provided under semi-honest and malicious adversary models. We analyze the computation and communication complexities of the protocols proposed and empirically test them on real-world datasets. These solutions provide functional efficiency and data utility for practical applications to an extent.Includes bibliographical references

Integration of Patient Health Portals into the German Healthcare Telematics Infrastructure

In this paper we describe a generic model of a patient health portal, which is suitable to implement patient access to the evolving German healthcare telematics infrastructure. The portal uses the telematics as a communication infrastructure to ensure the concise and secure exchange of medical data between professional medical personnel and patients. We aim at providing patients an application platform model for using and enhancing their data by processing or extending them with medical services offered via the internet or with local medical appliances. We show that a) specific functionalities (such as data import/export from/to the telematics) for patient health portals can be derived from the legal foundation in the German law b) the portal is conceptually suited to provide a link between the public health information infrastructure and other (maybe commercial) applications in the e-health environment via Personal Health Records (PHR) and c) patients’ rights can be mapped with a common data model

Digital watermarking in medical images

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 05/12/2005.This thesis addresses authenticity and integrity of medical images using watermarking. Hospital Information Systems (HIS), Radiology Information Systems (RIS) and Picture Archiving and Communication Systems (P ACS) now form the information infrastructure for today's healthcare as these provide new ways to store, access and distribute medical data that also involve some security risk. Watermarking can be seen as an additional tool for security measures. As the medical tradition is very strict with the quality of biomedical images, the watermarking method must be reversible or if not, region of Interest (ROI) needs to be defined and left intact. Watermarking should also serve as an integrity control and should be able to authenticate the medical image. Three watermarking techniques were proposed. First, Strict Authentication Watermarking (SAW) embeds the digital signature of the image in the ROI and the image can be reverted back to its original value bit by bit if required. Second, Strict Authentication Watermarking with JPEG Compression (SAW-JPEG) uses the same principal as SAW, but is able to survive some degree of JPEG compression. Third, Authentication Watermarking with Tamper Detection and Recovery (AW-TDR) is able to localise tampering, whilst simultaneously reconstructing the original image

Advanced access control in support and distributed collaborative working and de-perimeterization

This thesis addresses the problem of achieving fine-grained and sustained control of access to electronic information, shared in distributed collaborative environments. It presents an enhanced approach to distributed information security architecture, driven by the risks, guidelines and legislation emerging due to the growth of collaborative working, and the often associated increase in storage of information outside of a secured information system perimeter. Traditional approaches to access control are based on applying controls at or within the network perimeter of an information system. One issue with this approach when applying it to shared information is that, outside of the perimeterized zone, the owner loses control of their information. This loss of control could dissuade collaborating parties from sharing their information resources. Information resources can be thought of as a collection of related content stored in a container. Another issue with current approaches to access control, particularly to unstructured resources such as text documents, is the coarse granularity of control they provide. That is, controls can only apply to a resource in its entirety. In reality, the content within a resource could have varying levels of security requirements with different levels of control. For example, some of the content may be completely free from any access restriction, while other parts may be too sensitive to share outside of an internal organisation. The consequence being that the entire resource is restricted with the controls relevant to the highest level content. Subsequently, a substantial amount of information that could feasibly be shared in collaborative environments is prevented from being shared, due to being part of a highly restricted resource. The primary focus of this thesis is to address these two issues by investigating the appropriateness and capability of perimeter security, and entire-resource protection, to provide access control for information shared in collaborative distributed environments. To overcome these problems, the thesis develops an access control framework, based on which, several formulae are defined to clarify the problems, and to allow them to be contextualised. The formulae have then been developed and improved, with the problem in mind, to create a potential solution, which has been implemented and tested to demonstrate that it is possible to enhance access control technology to implement the capability to drill down into the content of an information resource and apply more fine-grained controls, based on the security requirements of the content within. Furthermore, it is established that it is possible to shift part of the controls that protect information resources within a secure network perimeter, to the body of the resources themselves so that they become, to some extent, self protecting. This enables the same controls to be enforced outside of the secure perimeter. The implementation is based on the structuring of information and embedding of metadata within the body of an information resource. The metadata effectively wraps sections of content within a resource into containers that define fine-grained levels of access control requirement, to protect its confidentiality and integrity. Examples of the granularity afforded by this approach could be page, paragraph, line or even word level in a text document. Once metadata has been embedded, it is bound to a centrally controlled access control policy for the lifetime of the resource. Information can then be shared, copied, distributed and accessed in support of collaborative working, but a link between the metadata and the centrally controlled policy is sustained, meaning that previously assigned access privileges to different sections of content can be modified or revoked at any time in the future. The result of this research is to allow information sharing to reach a greater level of acceptance and usage due to: i. the enhanced level of access control made possible through finer-grained controls, allowing the content of a single resource to be classified and restricted at different levels, and ii. the ability to retain sustained control over information through modifiable controls, that can be enforced both while the information is stored on local information systems, and after the information has been shared outside the local environment