Managing Government Regulatory Requirements for Security and Privacy Using Existing Standard Models

This paper posits the use of a well-established standard approach to Federal compliance, which can be easily adapted to satisfy all legal and regulatory requirements for protection of patient personally identifiable information (PII) in health organizations. This approach is embodied in the three standards that dictate how to comply with the Federal Information Security Management Act (FISMA). These standards also provide an excellent foundation for organizing a secure operation anywhere. The discussion revolves around the application of the FIPS 199 and FIPS 200/NIST 800-53(4) standard approach to the satisfaction of the present and upcoming legal and regulatory requirements for health care PII. The outcome would provide a proven, systematically secure and cost efficient solution to those protection needs. The general approach will be explained and justified

ICT in telemedicine: conquering privacy and security issues in health care services

Advancement in telecommunication combined with improved information technology infrastructures has opened up new dimensions in e-health environment. Such technologies make readily available to access, store, manipulate and replicate medical information and images. These technologies help reduced the time and effort in diagnoses and treatment at lower cost. However, protection and authentication of such medical information and images are now becoming increasingly important in telemedicine environment, where images are readily distributed over electronic networks. Intruders/hackers may gain access to confidential information and possible alter or even delete such vital records. The ultimate success of telemedicine demands an effective technology as well as privacy and security of records should be main concern. This paper explores recent identified privacy and security issues that affect telemedicine. Featuring threats on security and authentication of medical records, and proposing digital watermarking as a technology to curb authentication issues in telemedicine is highlighted

ICT in medicine and health care: assessing social, ethical and legal issues.

Continuous developments in information and communication technologies (ICT) have resulted in an increasing use of these technologies in the practice of medicine and in the provision of medical care. This paper presents a series of perspectives from different areas of expertise on some of the ways in which ICT has changed the social picture in respect of the practice of medicine. The aim of the paper is to provide a context for further debate, in the form of a Panel Session, where the issue of Human Choice and Computing can be discussed with reference to a set of specific scenarios. The authors of this paper represent a wide variety of disciplines including law, ethics, medicine, philosophy and computer science, thus bringing a broad perspective to begin the discussions. The aim of the session is to provoke further discussion, encouraging input from other disciplines respresented by the participants, with a view to identifying the level of human choice in a social arena which has at its heart a vulnerable community. In this environment, and in this era, the ‘social’ in social informatics has never been more important

A wireless method for monitoring medication compliance

There are many devices on the market to help remind patients to take their pills, but most require observation by a caregiver to assure medication compliance. This project demonstrates three modes to detect pill removal from a pillbox: a switch under the pills, a reflective type photointerrupter and a transmissive electric eye photosensor. Each mode exhibited blind spots or other failures to detect pill presence, but by combining modes with complementary characteristics, the accuracy of pill detection is greatly increased. Two methods of caregiver notification are demonstrated: text messages transmitted via an attached cellular phone, or the status is collected by a PC which provides an audit trail and daily notification if no pills were taken

The Internet as a business environment in Romania

In an ever-developing society, a strong, viable economy is vital for any country that seeks to survive on the global market and to provide upwardly decent living standards for its citizens. Recognizing the above mentioned points as mandatory, but also prompted in its actions by the European community of which it recently became a member, Romania is taking steps to develop its electronic commerce to meet 21st century global standards. Some of the more important legal measures that have aided the development of e-commerce in Romania include the liberalization of telecommunications, the validation of electronic documents, the creation of customer protection services and regulations and the facilitation of electronic fund transfer through debit/credit cards. The obstacles encountered in the implementation of e-commercial transactions are manifold. The small number of users that can access the Internet from home and the people’s mistrust and lack of familiarity with e commercial transactions are only a few of the hindrances setting back their development in Romania. Emanating from the present study are numerous solutions for the improvement and popularization of Romanian e-commerce which would raise awareness about the advantages of electronic commerce on the Romanian business scene.e-commerce, e-banking, usage, factors

Performance assessment of security mechanisms for cooperative mobile health applications

Mobile health (m-Health) applications aim to deliver healthcare services through mobile applications regardless of time and place. An mHealth application makes use of wireless communications to sustain its health services and often providing a patient-doctor interaction. Therefore, m-Health applications present several challenging issues and constraints, such as, mobile devices battery and storage capacity, broadcast constraints, interferences, disconnections, noises, limited bandwidths, network delays, and of most importance, privacy and security concerns. In a typical m-Health system, information transmitted through wireless channels may contain sensitive information such as patient’s clinic history, patient’s personal diseases information (e.g. infectious disease as HIV - human immunodeficiency virus). Carrying such type of information presents many issues related to its privacy and protection. In this work, a cryptographic solution for m-Health applications under a cooperative environment is proposed in order to approach two common drawbacks in mobile health systems: the data privacy and protection. Two different approaches were proposed: i) DE4MHA that aims to guarantee the best confidentiality, integrity, and authenticity of mhealth systems users data and ii) eC4MHA that also focuses on assuring and guarantying the m-Health application data confidentiality, integrity, and authenticity, although with a different paradigm. While DE4MHA considers a peer-to-peer node message forward, with encryption/decryption tasks on each node, eC4MHA focuses on simply encrypting data at the requester node and decrypting it when it reaches the Web service. It relays information through cooperative mobile nodes, giving them the only strictly required information, in order to be able to forward a request, until it reaches the Web service responsible to manage the request, and possibly answer to that same request. In this sense, the referred solutions aim any mobile health application with cooperation mechanism embedded. For test purposes a specific mobile health application, namely SapoFit, was used. Cryptographic mechanisms were created and integrated in SapoFit application with built in cooperation mechanisms. A performance evaluation of both approaches in a real scenario with different mobile devices is performed and presented in this work. A comparison with the performance evaluations of both solutions is also presented.Fundação para a Ciência e a Tecnologia (FCT)European Community Fund FEDER through COMPETE – Programa Operacional Factores de Competitividad

A Privacy-Preserving Framework Using Hyperledger Fabric for EHR Sharing Applications

Electronic Health Records, or EHRs, include private and sensitive information of a patient. The privacy of personal healthcare data can be protected through Hyperledger Fabric, a permissioned blockchain framework. A few Hyperledger Fabric- integrated EHR solutions have emerged in recent years. However, none of them implements the privacy-preserving techniques of Hyperledger Fabric to make transactions anonymous or preserve the transaction data privacy during the consensus. Our proposed architecture is built on Hyperledger Fabric and its privacy-preserving mechanisms, such as Identity Mixer, Private Data Collections, Channels and Transient Fields to securely store and transfer patient-sensitive data while providing anonymity and unlinkability of transactions

Enhancing GDPR compliance through data sensitivity and data hiding tools

Since the emergence of GDPR, several industries and sectors are setting informatics solutions for fulfilling these rules. The Health sector is considered a critical sector within the Industry 4.0 because it manages sensitive data, and National Health Services are responsible for managing patients’ data. European NHS are converging to a connected system allowing the exchange of sensitive information cross different countries. This paper defines and implements a set of tools for extending the reference architectural model industry 4.0 for the healthcare sector, which are used for enhancing GDPR compliance. These tools are dealing with data sensitivity and data hiding tools A case study illustrates the use of these tools and how they are integrated with the reference architectural model

Privacy and Accountability in Black-Box Medicine

Black-box medicine—the use of big data and sophisticated machine learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, but this means giving outsiders access to this health information. This article examines the tension between the twin goals of privacy and accountability and develops a framework for balancing that tension. It proposes three pillars for an effective system of privacy-preserving accountability: substantive limitations on the collection, use, and disclosure of patient information; independent gatekeepers regulating information sharing between those developing and verifying black-box algorithms; and information-security requirements to prevent unintentional disclosures of patient information. The article examines and draws on a similar debate in the field of clinical trials, where disclosing information from past trials can lead to new treatments but also threatens patient privacy