Description and Experience of the Clinical Testbeds

This deliverable describes the up-to-date technical environment at three clinical testbed demonstrator sites of the 6WINIT Project, including the adapted clinical applications, project components and network transition technologies in use at these sites after 18 months of the Project. It also provides an interim description of early experiences with deployment and usage of these applications, components and technologies, and their clinical service impact

A framework for development of android mobile electronic prescription transfer applications in compliance with security requirements mandated by the Australian healthcare industry

This thesis investigates mobile electronic transfer of prescription (ETP) in compliance with the security requirements mandated by the Australian healthcare industry and proposes a framework for the development of an Android mobile electronic prescription transfer application. Furthermore, and based upon the findings and knowledge from constructing this framework, another framework is also derived for assessing Android mobile ETP applications for their security compliance. The centralised exchange model-based ETP solution currently used in the Australian healthcare industry is an expensive solution for on-going use. With challenges such as an aging population and the rising burden of chronic disease, the cost of the current ETP solution’s operational infrastructure is certain to rise in the future. In an environment where it is increasingly beneficial for patients to engage in and manage their own information and subsequent care, this current solution fails to offer the patient direct access to their electronic prescription information. The current system also fails to incorporate certain features that would dramatically improve the quality of the patient’s care and safety, i.e. alerts for the patient’s drug allergies, harmful dosage and script expiration. Over a decade old, the current ETP solution was essentially designed and built to meet legislation and regulatory requirements, with change-averting its highest priority. With little, if any, provision for future growth and innovation, it was not designed to cater to the needs of the ETP process. This research identifies the gap within the current ETP implementation (i.e. dependency on infrastructure, significant on-going cost and limited availability of the patient’s medication history) and proposes a framework for building a secure mobile ETP solution on the Android mobile operating system platform which will address the identified gap. The literature review part of this thesis examined the significance of ETP for the nation’s larger initiative to provide an improved and better maintainable healthcare system. The literature review also revealed the stance of each jurisdiction, from legislative and regulatory perspectives, in transitioning to the use of a fully electronic ETP solution. It identified the regulatory mandates of each jurisdiction for ETP as well as the security standards by which the current ETP implementation is iii governed so as to conform to those regulatory mandates. The literature review part of the thesis essentially identified and established how the Australian healthcare industry’s various prescription-related legislations and regulations are constructed, and the complexity of this construction for eTP. The jurisdictional regulatory mandates identified in the literature review translate into a set of security requirements. These requirements establish the basis of the guiding framework for the development of a security-compliant Android mobile ETP application. A number of experimentations were conducted focusing on the native security features of the Android operating system, as well as wireless communication technologies such as NFC and Bluetooth, in order to propose an alternative mobile ETP solution with security assurance comparable to the current ETP implementation. The employment of a proof-of-concept prototype such as this alongside / coupled with a series of iterative experimentations strengthens the validity and practicality of the proposed framework. The first experiment successfully proved that the Android operating system has sufficient encryption capabilities, in compliance with the security mandates, to secure the electronic prescription information from the data at rest perspective. The second experiment indicated that the use of NFC technology to implement the alternative transfer mechanism for exchanging electronic prescription information between ETP participating devices is not practical. The next iteration of the experimentation using Bluetooth technology proved that it can be utilised as an alternative electronic prescription transfer mechanism to the current approach using the Internet. These experiment outcomes concluded the partial but sufficient proofof- concept prototype for this research. Extensive document analysis and iterative experimentations showed that the framework constructed by this research can guide the development of an alternative mobile ETP solution with both comparable security assurance to and better access to the patient’s medication history than the current solution. This alternative solution would present no operational dependence upon infrastructure and its associated, ongoing cost to the nation’s healthcare expenditure. In addition, use of this mobile ETP alternative has the potential to change the public’s perception (i.e. acceptance from regulatory and security perspectives) of mobile healthcare solutions, thereby paving the way for further innovation and future enhancements in eHealth

A FRAMEWORK FOR A CLOUD-BASED ELECTRONIC HEALTH RECORDS SYSTEM FOR NIGERIA

  In most countries of the developed world, one of the integral components of Health Information System (HIS) is Electronic Health Records (EHR). With advances in Information and Communications Technology (ICT) and the rise in the adoption of cloud computing approaches in the health sector of these countries by a substantial number of health institutions, cloud servers are now remote repository of EHRs. However, in Nigeria and many other developing countries, health information of patients is still predominantly paper-based medical records. This manual method is not scalable in terms of storage, prone to error, insecure, susceptible to damage and degradation over time, highly unavailable, time consuming in accessing and with no visible audit trail and version history to mention but a few. In this paper, a framework for a cloud-based electronic health records system that is capable of storage, retrieval and updating of patients’ medical records for Nigeria is proposed. The framework provides for various medical stakeholders in a health institution and patients to access the EHR system via a web portal by using a variety of devices in the contextual scenario whereby the health institution is migrating from paper-based patient record documentation to an EHR system

Blockchain for Healthcare: Securing Patient Data and Enabling Trusted Artificial Intelligence

Advances in information technology are digitizing the healthcare domain with the aim of improved medical services, diagnostics, continuous monitoring using wearables, etc., at reduced costs. This digitization improves the ease of computation, storage and access of medical records which enables better treatment experiences for patients. However, it comes with a risk of cyber attacks and security and privacy concerns on this digital data. In this work, we propose a Blockchain based solution for healthcare records to address the security and privacy concerns which are currently not present in existing e-Health systems. This work also explores the potential of building trusted Artificial Intelligence models over Blockchain in e-Health, where a transparent platform for consent-based data sharing is designed. Provenance of the consent of individuals and traceability of data sources used for building and training the AI model is captured in an immutable distributed data store. The audit trail of the data access captured using Blockchain provides the data owner to understand the exposure of the data. It also helps the user to understand the revenue models that could be built on top of this framework for commercial data sharing to build trusted AI models

FLBP: A Federated Learning-enabled and Blockchain-supported Privacy-Preserving of Electronic Patient Records for the Internet of Medical Things

The evolution of the computing paradigms and the Internet of Medical Things (IoMT) have transfigured the healthcare sector with an alarming rise of privacy issues in healthcare records. The rapid growth of medical data leads to privacy and security concerns to protect the confidentiality and integrity of the data in the feature-loaded infrastructure and applications. Moreover, the sharing of medical records of a patient among hospitals rises security and interoperability issues. This article, therefore, proposes a Federated Learning-and-Blockchain-enabled framework to protect electronic medical records from unauthorized access using a deep learning technique called Artificial Neural Network (ANN) for a collaborative IoMT-Fog-Cloud environment. ANN is used to identify insiders and intruders. An Elliptical Curve Digital Signature (ECDS) algorithm is adopted to devise a secured Blockchain-based validation method. To process the anti-malicious propagation method, a Blockchain-based Health Record Sharing (BHRS) is implemented. In addition, an FL approach is integrated into Blockchain for scalable applications to form a global model without the need of sharing and storing the raw data in the Cloud. The proposed model is evident from the simulations that it improves the operational cost and communication (latency) overhead with a percentage of 85.2% and 62.76%, respectively. The results showcase the utility and efficacy of the proposed model

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

A Risk Management Process for Consumers

Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, the only remedy is to develop a risk management process for consumers, similar to the process executed by enterprises. Consumers need to consider the risks in a structured way, and take action, not once, but iteratively. Such a process is feasible: enterprises already execute such processes, and time-saving tools can support the consumer in her own process. In fact, given our society's emphasis on individual responsibilities, skills and devices, a risk management process for consumers is the logical next step in improving information security

Knowing Your Population: Privacy-Sensitive Mining of Massive Data

Location and mobility patterns of individuals are important to environmental planning, societal resilience, public health, and a host of commercial applications. Mining telecommunication traffic and transactions data for such purposes is controversial, in particular raising issues of privacy. However, our hypothesis is that privacy-sensitive uses are possible and often beneficial enough to warrant considerable research and development efforts. Our work contends that peoples behavior can yield patterns of both significant commercial, and research, value. For such purposes, methods and algorithms for mining telecommunication data to extract commonly used routes and locations, articulated through time-geographical constructs, are described in a case study within the area of transportation planning and analysis. From the outset, these were designed to balance the privacy of subscribers and the added value of mobility patterns derived from their mobile communication traffic and transactions data. Our work directly contrasts the current, commonly held notion that value can only be added to services by directly monitoring the behavior of individuals, such as in current attempts at location-based services. We position our work within relevant legal frameworks for privacy and data protection, and show that our methods comply with such requirements and also follow best-practice

A Study of Access Control for Electronic Health Records

The expansion between Information Technology and Healthcare has created many new options for both disciplines, as well as challenges. One of these topics is the Electronic Health Record (EHR) and the push for a universal record. A challenge for this topic is access control: how to keep patient’s personal health information secure, but at the same time accessible to all fields of healthcare and accomplish this within the federal privacy laws made by our government. This study focuses on the idea of a single EHR containing all the different medical information for all the areas of healthcare for a patient. This single EHR would be stored in a database and its use secured though the use of access control using a hierarchy of user groups, which would be divided into different roles to assign access privileges. This access control method would be implemented by possibly using mechanisms such as Bell-LaPadulla Model, The Strawman Design, Public/Private Key algorithms, or other methods. The first goal would be to create this structure for a single entity (e.g., One Hospital, Clinic, or Doctor’s office) and then progress to a distributed model where multiple entities can store and share information