Contributions to interoperability, scalability and formalization of personal health systems

The ageing of the world's population combined with unhealthy lifestyles are contributing to a major prevalence of chronic diseases. This scenario poses the challenge of providing good healthcare services to that people affected by chronic illnesses, but without increasing its costs. A prominent way to face this challenge is through pervasive healthcare. Research in pervasive healthcare tries to shift the current centralized healthcare delivery model focused on the doctors, to a more distributed model focused on the patients. In this context Personal Health Systems (PHSs) consists on approaching sampling technologies into the hands of the patients, without disturbing its activities of the daily life, to monitor patient's physiological parameters and providing feedback on their state. The use of PHSs involves the patients in the management of their illness and in their own well being too. The development of PHSs has to face technological issues in order to be accepted by our society. Within them it is important to ensure interoperability between different systems in order to make them work together. Scalability it is also a concern, as their performance must not decrease when increasing the number of users. Another issue is how to formalize the medical knowledge for each patient, as different patients may have different target goals. Security and privacy are a must feature because of the sensitive nature of medical data. Other issues involve the the integration with legacy systems, and the usability of graphical user interfaces in order to encourage old people with the use these technologies. The aim of this PhD thesis is to contribute into the state-of-the-art of PHSs by tackling together different of the above-mentioned challenges. First, to achieve interoperability we use the CDA standard as a format to encode and exchange health data and alerts related with the status of the patient. We show how these documents can be generated automatically through the use of XML templates. Second, we address the scalability by distributing the computations needed to monitor the patients over their devices, rather than performing them in a centralized server. In this context we develop the MAGPIE agent platform, which runs on Android devices, as a framework able to provide intelligence to PHSs, and generate alerts that can be of interest for the patients and the medical doctors. Third, we focus on the formalization of PHSs by providing a tool for the practitioners where they can define, in a graphical way, monitoring rules related with chronic diseases that are integrated with the MAGPIE agent platform. The thesis also explores different ways to share the data collected with PHSs in order to improve the outcomes obtained with the use of this technology. Data is shared between individuals following a Distributed Event-Based System (DEBS) approach, where different people can subscribe to the alerts produced by the patient. Data is also shared between institutions with a network protocol called MOSAIC, and we focus on the security aspects of this protocol. The research in this PhD focuses in the use case of Diabetes Mellitus; and it has been developed in the context of the projects MONDAINE, MAGPIE, COMMODITY12 and TAMESIS.L'envelliment de la població mundial combinat amb uns estils de vida no saludables contribueixen a una major prevalença d'enfermetats cròniques. Aquest escenari presenta el repte de proporcionar uns bons serveis sanitaris a les persones afectades per aquestes enfermetats, sense incrementar-ne els costos. Una solució prometedora a aquest repte és mitjançant l'aplicació del que en anglès s'anomena "pervasive healthcare". L'investigació en aquesta camp tracta de canviar l'actual model centralitzat de serveis sanitaris enfocat en el personal sanitari, per un model de serveis distribuït enfocat en els pacients. En aquest context, els Personal Health Systems (PHSs) consisteixen en posar a l'abast dels pacients les tecnologies de monitorització, i proporcionar-los informació sobre el seu estat. L'ús de PHSs involucra els pacients en la gestió de la seva enfermetat i del seu propi benestar. L'acceptació dels PHSs per part de la societat implica certs reptes tecnològics en el seu desenvolupament. És important garantir la seva interoperabilitat per tal de que puguin treballar conjuntament. La seva escalabilitat també s'ha de tenir en compte, ja que el seu rendiment no s'ha de veure afectat al incrementar-ne el número d'usuaris. Un altre aspecte a considerar és com formalitzar el coneixement mèdic per cada pacient, ja que cada un d'ells pot tenir objectius diferents. La seguretat i privacitat són característiques desitjades degut a la naturalesa sensible de les dades mèdiques. Altres problemàtiques impliquen la integració amb sistemes heretats, i la usabilitat de les interfícies gràfiques per fomentar-ne el seu ús entre les persones grans. L'objectiu d'aquesta tesi és contribuir a l'estat de l'art dels PHSs tractant de manera conjunta varis dels reptes mencionats. Per abordar l'interoperabilitat s'utilitza l'estàndard CDA com a format per codificar les dades mèdiques i alertes relacionades amb el pacient. A més es mostra com aquests documents poden generar-se de forma automàtica mitjançant l' ús de plantilles XML. Per tractar l'escalabilitat es distribueixen les computacions per monitoritzar els pacients entre els seus terminals mòbils, en comptes de realitzar-les en un servidor central. En aquest context es desenvolupa la plataforma d'agents MAGPIE com a framework per proporcionar intelligència als PHSs i generar alertes d'interès per al metge i el pacient. La formalització s'aborda mitjançant una eina que permet als metges definir de manera gràfica regles de monitorització relacionades amb enfermetats cròniques, que a més estan integrades amb la plataforma d'agents MAGPIE. La tesi també explora diferents maneres de compartir les dades recol·lectades amb un PHS, amb l'objectiu de millorar els resultats obtinguts amb aquesta tecnologia. Les dades es comparteixen entre individus seguint un enfoc de sistemes distribuïts basats en events (DEBS), on diferents usuaris poden subscriure's a les alertes produïdes per el pacient. Les dades també es comparteixen entre institucions mitjançant un protocol de xarxa anomenat MOSAIC. A la tesi es desenvolupen els aspectes de seguretat d'aquest protocol. La test es centra en la Diabetis Mellitus com a cas d'ús, i s'ha realitzat en el context dels projectes MONDAINE, MAGPIE, COMMODITY12 i TAMESIS.El envejecimiento de la población mundial combinado con unos estilos de vida no saludables contribuyen a una mayor prevalencia de enfermedades crónicas. Este escenario presenta el reto de proporcionar unos buenos servicios sanitarios a las personas afectadas por estas enfermedades, sin incrementar sus costes. Una solución prometedora a este reto es mediante la aplicación de lo que en inglés se denomina "pervasive healthcare". La investigación en este campo trata de cambiar el actual modelo centralizado de servicios sanitarios enfocado hacia el personal sanitario, por un modelo distribuido enfocado hacia los pacientes. En este contexto, los Personal Health Systems (PHSs) consisten en poner al alcance de los pacientes las tecnologías de monitorización, y proporcionarles información sobre su estado. El uso de PHSs involucra a los pacientes en la gestión de su enfermedad y en su propio bienestar. La aceptación de los PHSs por parte de la sociedad implica ciertos retos tecnológicos en su desarrollo. Es importante garantizar su interoperabilidad para que puedan trabajar conjuntamente. Su escalabilidad también se debe tener en cuenta, ya que su rendimiento no tiene que verse afectado al incrementar su número de usuarios. Otro aspecto a considerar es cómo formalizar el conocimiento médico para cada paciente, ya que cada uno puede tener objetivos distintos. La seguridad y privacidad son características deseadas debido a la naturaleza sensible de los datos médicos. Otras problemáticas implican la integración con sistemas heredados, y la usabilidad de las interfaces gráficas para fomentar su uso entre las personas mayores. El objetivo de esta tesis es contribuir al estado del arte de los PHSs tratando de manera conjunta varios de los retos mencionados. Para abordar la interoperabilidad se usa el estándar CDA como formato para codificar los datos médicos y alertas relacionados con el paciente. Además se muestra como estros documentos pueden generarse de forma automática mediante el uso de plantillas XML. Para tratar la escalabilidad se distribuye la computación para monitorizar a los pacientes en sus terminales móbiles, en lugar de realizarla en un servidor central. En este contexto se desarrolla la plataforma de agentes MAGPIE como framework para proporcionar inteligencia a los PHSs y generar alertas de interés para el médico y el paciente. La formalización se aborda mediante una herramienta que permite a los médicos definir de manera gráfica reglas de monitorización relacionadas con enfermedades crónicas, que ademas están integradas con la plataforma de agentes MAGPIE. La tesis también explora distintas formas de compartir los datos recolectados con un PHS, con el fin de mejorar los resultados obtenidos mediante esta tecnología. Los datos se comparten entre individuos siguiendo un enfoque de sistemas distribuidos basados en eventos (DEBS), donde distintos usuarios pueden suscribirse a las alertas producidas por el paciente. Los datos también se comparten entre instituciones mediante un protocolo dered llamado MOSAIC. En la tesis se desarrollan los aspectos de seguridad de este protocolo. La tesis se centra en la Diabetes Mellitus como caso de uso, y se ha realizado en el contexto de los proyectos MONDAINE, MAGPIE, COMMODITY12 y TAMESIS.Postprint (published version

Privacy and Security in Mobile Health – a Research Agenda

Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges

Security on Medical Wireless Sensor Networks

Wireless technology is fast becoming a very important tool for all aspects of communication. An area that lacks a strong implementation for wireless communication is the medical field. Wireless systems could be used by clinicians to be better able to diagnose and monitor patients. The reason behind the lack of adoption in healthcare is due to the need to meet the legislated and perceived requirements of security and privacy when dealing with clinical information. The current methods of wireless authentication are investigated and an existing issue in mobile networks is described and solved with two novel solutions; one solution within GSM and the other within UMTS. Strong authentication protocols are developed based on the existing wireless protocols, while using minimal messages and symmetric operations to limit resource utilization to meet the needs of the healthcare environment. To ensure the quality of the protocol a BAN (Burrows-Abadi-Needham logic) analysis is performed which verifies that the desired goals of the protocols are appropriately met within the results analysis. The developed security protocol is shown to be secure, uses minimal messages to maintain efficiency and meets the legal requirements to be used in medical wireless sensor networks

Privacy in the Smart City - Applications, Technologies, Challenges and Solutions

Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities

Health Information System Role-Based Access Control Current Security Trends and Challenges

Objective. This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.Sao Paulo Federal University (Unifesp) sponsorshipUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilWeb of Scienc

Development of a Drone-Mounted Wireless Attack Platform

The commercial drone market has grown rapidly due to the increasing utility and capabilities of drones. This new found popularity has made it possible for inexpensive drones capable of impressive carry capacities and flight times to reach the consumer market. These new features also offer an invaluable resource to wireless hackers. Capitalizing on their mobility, a wireless hacker can equip a drone with hacking tools to surpass physical security (e.g. fences) with relative ease and reach wireless networks. This research seeks to experimentally evaluate the ability of a drone-mounted wireless attack platform equipped with a directional antenna to conduct wireless attacks effectively at distances greater than 800 meters. To test this hypothesis, the “skypie v2” prototype conducts computer network attacks against a target network and captured data is used to evaluate the effectiveness of the platform. Results showed that capture of a WPA2 handshake was possible at a RSSI of -72 dBm or 2400 meters from a network located in a open field. Additionally, nmap scans were conducted with a RSSI value of -74 dBm or nearly 3000 meters from the target network

Towards 6G: Key technological directions

Sixth-generation mobile networks (6G) are expected to reach extreme communication capabilities to realize emerging applications demanded by the future society. This paper focuses on six technological directions towards 6G, namely, intent-based networking, THz communication, artificial intelligence, distributed ledger technology/blockchain, smart devices and gadget-free communication, and quantum communication. These technologies will enable 6G to be more capable of catering to the demands of future network services and applications. Each of these technologies is discussed highlighting recent developments, applicability in 6G, and deployment challenges. It is envisaged that this work will facilitate 6G related research and developments, especially along the six technological directions discussed in the paper

Big data in epilepsy: Clinical and research considerations. Report from the Epilepsy Big Data Task Force of the International League Against Epilepsy

Epilepsy is a heterogeneous condition with disparate etiologies and phenotypic and genotypic characteristics. Clinical and research aspects are accordingly varied, ranging from epidemiological to molecular, spanning clinical trials and outcomes, gene and drug discovery, imaging, electroencephalography, pathology, epilepsy surgery, digital technologies, and numerous others. Epilepsy data are collected in the terabytes and petabytes, pushing the limits of current capabilities. Modern computing firepower and advances in machine and deep learning, pioneered in other diseases, open up exciting possibilities for epilepsy too. However, without carefully designed approaches to acquiring, standardizing, curating, and making available such data, there is a risk of failure. Thus, careful construction of relevant ontologies, with intimate stakeholder inputs, provides the requisite scaffolding for more ambitious big data undertakings, such as an epilepsy data commons. In this review, we assess the clinical and research epilepsy landscapes in the big data arena, current challenges, and future directions, and make the case for a systematic approach to epilepsy big data