Medical image encryption techniques: a technical survey and potential challenges

Among the most sensitive and important data in telemedicine systems are medical images. It is necessary to use a robust encryption method that is resistant to cryptographic assaults while transferring medical images over the internet. Confidentiality is the most crucial of the three security goals for protecting information systems, along with availability, integrity, and compliance. Encryption and watermarking of medical images address problems with confidentiality and integrity in telemedicine applications. The need to prioritize security issues in telemedicine applications makes the choice of a trustworthy and efficient strategy or framework all the more crucial. The paper examines various security issues and cutting-edge methods to secure medical images for use with telemedicine systems

Ensuring the security and privacy of information in mobile health-care communication systems

The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient’s privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient’s electronic medical information in order to ensure the integrity and confidentiality of the information

Information security requirements in patient-centred healthcare supporting systems

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare

Secure Integration of Information Systems in Radiology

Medical Imaging is an industry where distinctive imaging protocols such as Digital Communications in Medicine (DICOM) and Health Level 7 (HL7) are used to transmit patient data across multiple information systems relaying possible life-saving data their providers. These information systems, unique to radiology departments require proper integration and workflow to achieve the CIA triad of confidentiality, integrity, and availability. This paper discusses the challenges of integrating disparate healthcare radiology information system with particular emphasis on protocol security

Smart Card Based Recognition System "Smart Health Care"

Person's medical record information is one factor that determines the quality ofservice provided by central health care services to patients and, therefore, thismedical record information should always be there when needed. Confidentiality ofmedical record information is essential arena this information to explain the specialrelationship between patient and physician, who must be protected from leakage inaccordance with the code of medical ethics and the applicable legislation.This research aims to design a medical record system in accordance with theprovisions of Indonesia's medical records, ensure data security, portability by theowner, maximize health services for the emergency condition, and accelerate andimprove health service outpatient at a hospital or reference between hospitals. Toachieve these objectives, the authors will study the government regulations regardingmedical records, medical records system to know some using existing smartcardcountryof other countries to obtain medical smartcard system is the safest amongthese systems

Study on high Performance and Effective Watermarking Scheme using Hybrid Transform (DCT-DWT)

Nowadays healthcare infrastructure depends on Hospital Information Systems (HIS), Radiology Information Systems (RIS),Picture archiving and Communication Systems (PACS) as these provide new ways to store, access and distribute medical data . It eliminates the security risk. Conversely, these developments have introduced new risks for unsuitable deployment of medical information flowing in open networks, provided the effortlessness with which digital content can be manipulated. It is renowned that the integrity and confidentiality of medical data is a serious topic for ethical and legal reasons. Medical images need to be kept intact in any condition and prior to any operation as well need to be checked for integrity and verification. Watermarking is a budding technology that is capable of assisting this aim. In recent times, frequency domain watermarking algorithms have gained immense importance due to their widespread use. Subsequently, the watermark embedding and extraction are performed in frequency domain using the presented scheme. The proposed watermarking scheme, the watermark extraction compared with the original image for calculating SSIM.The effectiveness of the proposed watermarking scheme is demonstrated with the aid of experimental results

Towards Authentication and Authorization – Electronic Medical Records

The Technological intervention in field of Computer Science and Information Technology has made it possible to access medical records of Individuals electronically. Electronic Health Records systems which are distributed and need to be interoperable too. Important Business drivers for such kind of high level of interoperability introduce unique citizen ID. Though citizen have access to data from central repository and they can directly communicate with health care providers, but when it comes to security and confidentiality, technology fails to meet the requirements. In this paper we suggest a framework for authentication and authorization of Electronic medical Records System in consideration .It will help to build An Secure-Privacy Protected Electronic medical Record System

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

Security for networked smart healthcare systems: A systematic review

Background and Objectives Smart healthcare systems use technologies such as wearable devices, Internet of Medical Things and mobile internet technologies to dynamically access health information, connect patients to health professionals and health institutions, and to actively manage and respond intelligently to the medical ecosystem's needs. However, smart healthcare systems are affected by many challenges in their implementation and maintenance. Key among these are ensuring the security and privacy of patient health information. To address this challenge, several mitigation measures have been proposed and some have been implemented. Techniques that have been used include data encryption and biometric access. In addition, blockchain is an emerging security technology that is expected to address the security issues due to its distributed and decentralized architecture which is similar to that of smart healthcare systems. This study reviewed articles that identified security requirements and risks, proposed potential solutions, and explained the effectiveness of these solutions in addressing security problems in smart healthcare systems. Methods This review adhered to the Preferred Reporting Items for Systematic Reviews and Meta-analysis (PRISMA) guidelines and was framed using the Problem, Intervention, Comparator, and Outcome (PICO) approach to investigate and analyse the concepts of interest. However, the comparator is not applicable because this review focuses on the security measures available and in this case no comparable solutions were considered since the concept of smart healthcare systems is an emerging one and there are therefore, no existing security solutions that have been used before. The search strategy involved the identification of studies from several databases including the Cumulative Index of Nursing and Allied Health Literature (CINAL), Scopus, PubMed, Web of Science, Medline, Excerpta Medical database (EMBASE), Ebscohost and the Cochrane Library for articles that focused on the security for smart healthcare systems. The selection process involved removing duplicate studies, and excluding studies after reading the titles, abstracts, and full texts. Studies whose records could not be retrieved using a predefined selection criterion for inclusion and exclusion were excluded. The remaining articles were then screened for eligibility. A data extraction form was used to capture details of the screened studies after reading the full text. Of the searched databases, only three yielded results when the search strategy was applied, i.e., Scopus, Web of science and Medline, giving a total of 1742 articles. 436 duplicate studies were removed. Of the remaining articles, 801 were excluded after reading the title, after which 342 after were excluded after reading the abstract, leaving 163, of which 4 studies could not be retrieved. 159 articles were therefore screened for eligibility after reading the full text. Of these, 14 studies were included for detailed review using the formulated research questions and the PICO framework. Each of the 14 included articles presented a description of a smart healthcare system and identified the security requirements, risks and solutions to mitigate the risks. Each article also summarized the effectiveness of the proposed security solution. Results The key security requirements reported were data confidentiality, integrity and availability of data within the system, with authorisation and authentication used to support these key security requirements. The identified security risks include loss of data confidentiality due to eavesdropping in wireless communication mediums, authentication vulnerabilities in user devices and storage servers, data fabrication and message modification attacks during transmission as well as while the data is at rest in databases and other storage devices. The proposed mitigation measures included the use of biometric accessing devices; data encryption for protecting the confidentiality and integrity of data; blockchain technology to address confidentiality, integrity, and availability of data; network slicing techniques to provide isolation of patient health data in 5G mobile systems; and multi-factor authentication when accessing IoT devices, servers, and other components of the smart healthcare systems. The effectiveness of the proposed solutions was demonstrated through their ability to provide a high level of data security in smart healthcare systems. For example, proposed encryption algorithms demonstrated better energy efficiency, and improved operational speed; reduced computational overhead, better scalability, efficiency in data processing, and better ease of deployment. Conclusion This systematic review has shown that the use of blockchain technology, biometrics (fingerprints), data encryption techniques, multifactor authentication and network slicing in the case of 5G smart healthcare systems has the potential to alleviate possible security risks in smart healthcare systems. The benefits of these solutions include a high level of security and privacy for Electronic Health Records (EHRs) systems; improved speed of data transaction without the need for a decentralized third party, enabled by the use of blockchain. However, the proposed solutions do not address data protection in cases where an intruder has already accessed the system. This may be potential avenues for further research and inquiry