Comparative study of healthcare messaging standards for interoperability in ehealth systems

Advances in the information and communication technology have created the field of "health informatics," which amalgamates healthcare, information technology and business. The use of information systems in healthcare organisations dates back to 1960s, however the use of technology for healthcare records, referred to as Electronic Medical Records (EMR), management has surged since 1990’s (Net-Health, 2017) due to advancements the internet and web technologies. Electronic Medical Records (EMR) and sometimes referred to as Personal Health Record (PHR) contains the patient’s medical history, allergy information, immunisation status, medication, radiology images and other medically related billing information that is relevant. There are a number of benefits for healthcare industry when sharing these data recorded in EMR and PHR systems between medical institutions (AbuKhousa et al., 2012). These benefits include convenience for patients and clinicians, cost-effective healthcare solutions, high quality of care, resolving the resource shortage and collecting a large volume of data for research and educational needs. My Health Record (MyHR) is a major project funded by the Australian government, which aims to have all data relating to health of the Australian population stored in digital format, allowing clinicians to have access to patient data at the point of care. Prior to 2015, MyHR was known as Personally Controlled Electronic Health Record (PCEHR). Though the Australian government took consistent initiatives there is a significant delay (Pearce and Haikerwal, 2010) in implementing eHealth projects and related services. While this delay is caused by many factors, interoperability is identified as the main problem (Benson and Grieve, 2016c) which is resisting this project delivery. To discover the current interoperability challenges in the Australian healthcare industry, this comparative study is conducted on Health Level 7 (HL7) messaging models such as HL7 V2, V3 and FHIR (Fast Healthcare Interoperability Resources). In this study, interoperability, security and privacy are main elements compared. In addition, a case study conducted in the NSW Hospitals to understand the popularity in usage of health messaging standards was utilised to understand the extent of use of messaging standards in healthcare sector. Predominantly, the project used the comparative study method on different HL7 (Health Level Seven) messages and derived the right messaging standard which is suitable to cover the interoperability, security and privacy requirements of electronic health record. The issues related to practical implementations, change over and training requirements for healthcare professionals are also discussed

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real

A Safe, Efficient and Integrated Indoor Robotic Fleet for Logistic Applications in Healthcare and Commercial Spaces: The ENDORSE Concept

International audienceHospitals are rightfully considered a field of indoor logistic robotics of high commercial potential. However, today, only a handful of mobile robotic solutions for hospital logistics exist that have failed to trigger widespread acceptance by the market. This is because existing systems require costly infrastructure installation, they do not easily integrate to corporate IT solutions, are not adequately shielded from cybersecurity threats, and as a result, they do not fully automate procedures and traceability of the items they carry. Moreover, existing systems are limited on scope, focusing only on delivery services, and hence do not provide any other type of support to the medical and nursing staff. ENDORSE system will address the aforementioned technical challenges and functional limitations by pursuing four innovation pillars: (i) infrastructure-less multi-robot indoor navigation; (ii) advanced Human-Robot Interaction (HRI) for resolving deadlocks and achieving efficient sharing of space resources in crowded environments; (iii) deployment of the ENDORSE software as a cloud-based service facilitating its integration with corporate software solutions, complying with GDPR data security requirements; (iv) reconfigurable and modular hardware architectures so that diverse modules can be easily swapped. ENDORSE functionality will be demonstrated via the integration of an e-diagnostic support module for vital signs monitoring on a fleet of mobile robots, facilitating connectivity to cloud-based Electronic Health Records (EHR), and validated in an operational hospital environment for realistic assessment

Connectivity for Healthcare and Well-Being Management: Examples from Six European Projects

Technological advances and societal changes in recent years have contributed to a shift in traditional care models and in the relationship between patients and their doctors/carers, with (in general) an increase in the patient-carer physical distance and corresponding changes in the modes of access to relevant care information by all groups. The objective of this paper is to showcase the research efforts of six projects (that the authors are currently, or have recently been, involved in), CAALYX, eCAALYX, COGKNOW, EasyLine+, I2HOME, and SHARE-it, all funded by the European Commission towards a future where citizens can take an active role into managing their own healthcare. Most importantly, sensitive groups of citizens, such as the elderly, chronically ill and those suffering from various physical and cognitive disabilities, will be able to maintain vital and feature-rich connections with their families, friends and healthcare providers, who can then respond to, and prevent, the development of adverse health conditions in those they care for in a timely manner, wherever the carers and the people cared for happen to be

A Framework for Handling Heterogeneous M2M Traffic

Sensors, actuators and devices that compose the Internet of Things (IoT) world are becoming more diverse every day in terms of capabilities and amount of generated traffic. Current Machine-to-Machine (M2 M) communication standardization efforts try to formalize the interfaces between M2 M nodes based on the perspective of exchanging uniform small data size with low sampling rate only. However, many devices will require support for more heterogeneous traffic patterns, with different network capacity. This paper introduces a communication concept for supporting gracefully a heterogeneous set of devices. This paper analyses the effect of traffic size in M2 M transactions and propose a concept to adapt gracefully to support heterogeneous traffic patterns in M2 M systems. To prove its feasibility, the concept is exemplified on top of oneM2 M architecture and implemented as part of the Fraunhofer FOKUS OpenMTC toolkit. Additionally, the concept was applied to a deployment in an E-Health pilot and practical measurements during functional evaluation are reported

CDC global digital health strategy

Lack of timely, accurate data has long hampered global efforts to combat and prevent disease. The global response to COVID-19 has brought greater attention to these challenges, underscoring the global community\u2019s vulnerability to infectious disease.To better prepare for response to future threats, CDC has launched the Data Modernization Initiative (DMI), to improve the quality, availability, and use of pandemic and response-related data. While DMI\u2019s main focus is domestic, DMI\u2019s principles, products, and impacts will apply globally. The best way to stop diseases from spreading globally is to detect and contain them early, in the countries in which they originate. One way to support this effort is to have accurate and timely data generated by country health systems, as part of routine individual and public health service delivery. Many countries are pursuing this goal under the title of \u201cdigital transformation\u201d or \u201cdigital health\u201d and these efforts are being actively supported by global organizations and other donors.While the application of digital tools to health service delivery has been undertaken for several years in lower- and middle-income countries, large-scale success and uses have been limited. Health systems are complex and constantly adapting. They are composed of chains of many linked services and digitally \u201cfixing\u201d one broken link in a chain of multiple broken links is not going to yield success. In recognition of this complexity, many countries are now taking an \u201centerprise approach\u201d to health systems, looking at the health system more holistically, addressing key issues including digital literacy and data governance, and organizing and allocating resources more effectively across the entire system. This enterprise approach is also being supported by global stakeholders as part of the digital transformation paradigm.The essence of this document then, is a collective roadmap shared by CDC and other global partners, to better align efforts and support countries in deploying enterprise approaches to realize the digital transformation or digital enablement of health services. This will not only benefit incountry health service delivery, reducing morbidity and mortality, but also provide disease experts globally with additional data sources to more effectively combat and control future outbreaks.GDHS_Strategy2022_REV_508.pd

Implementación of a health system for the management of ambulatory medical care, in the Medical Department of the Polytechnic School of Chimborazo, Riobamba – Ecuador

This paper describes the development and integration of a new health  system for the Polytechnic School of Chimborazo (ESPOCH), this system presents a client server architecture with theintegration of JSON services. In the development of  the system, several  tools were used, such as: the Angular 6 framework, SQL server 2016 and Type script. The developed system integrates methods that allow the management of electronic medical records,  reservation of medical appointments, patient visits,among others; in the same way the profiles that were defined in the system are: administrator, nurse, pharmacy, secretary and doctor. As a result, a medical system was obtained according to the current needs of the medical department  and patients  of the ESPOCH, in order to measure the effectiveness and degree of satisfaction of the system with the users of the same a null and alternative hypothesis was raised, by means of the statistical method of chi-square, the   data obtained as a result of the evaluation of the system were analyzed using    a degree of freedom equal to 6 and a margin of error of 1%, thus  obtaining a critical value (Vc) equal to 12.59 and from thechi-square distribution matrix of (x^2) a value equal to  1.33 was obtained. With these values obtained, the null hypothesis raised in the study is accepted