Health Information System Role-Based Access Control Current Security Trends and Challenges

Objective. This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.Sao Paulo Federal University (Unifesp) sponsorshipUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilWeb of Scienc

State-of-the-art Survey of Data Hiding in ECG Signal

With the development of new communication technologies, the number of biomedical data that is transmitted is constantly increasing. This is sensitive data and therefore it is very important to preserve privacy when transmitting it. For this purpose, techniques for data hiding in biomedical signals are used. This is a comprehensive survey of research papers that covers the latest techniques for data hiding in ECG signal and old techniques that are not covered by the latest surveys. We show an overview of the methodology, robustness, and imperceptibility of the techniques

Patients Using an Online Forum for Reporting Progress When Engaging With a Six-Week Exercise Program for Knee Conditioning: Feasibility Study

Background: The use of electronic health (eHealth) and Web-based resources for patients with knee pain is expanding. Padlet is an online noticeboard that can facilitate patient interaction by posting virtual “sticky notes.” Objective: The primary aim of this study was to determine feasibility of patients in a 6-week knee exercise program using Padlet as an online forum for self-reporting on outcome progression. Methods: Undergraduate manual therapy students were recruited as part of a 6-week study into knee conditioning. Participants were encouraged to post maximum effort readings from quadriceps and gluteal home exercises captured from standard bathroom scales on a bespoke Padlet. Experience and progression reporting were encouraged. Posted data were analyzed for association between engagement, entry frequency, and participant characteristics. Individual data facilitated single-subject, multiple-baseline analysis using statistical process control. Experiential narrative was analyzed thematically. Results: Nineteen participants were recruited (47%, 9/19 female); ages ranged from 19 to 53 years. Twelve individuals (63%) opted to engage with the forum (range 4-40 entries), with five (42%) reporting across all 6 weeks. Gender did not influence reporting (odds ratio [OR] 0.76, 95% CI 0.06-6.93). No significant difference manifested between body mass index and engagement P=.46); age and entry frequency did not correlate (R2=.054, 95% CI –0.42 to 0.51, P=.83). Statistically significant conditioning profiles arose in single participants. Themes of pain, mitigation, and response were inducted from the experiences posted. Conclusions: Patients will engage with an online forum for reporting progress when undertaking exercise programs. In contrast to related literature, no significant association was found with reporting and gender, age, or body mass index. Individual posted data allowed multiple-baseline analysis and experiential induction from participants. Conditioning responses were evident on visual inspection. The importance of individualized visual data to patients and the role of forums in monitoring patients’ progress in symptomatic knee pain populations need further consideration

Robust data protection and high efficiency for IoTs streams in the cloud

Remotely generated streaming of the Internet of Things (IoTs) data has become a vital category upon which many applications rely. Smart meters collect readings for household activities such as power and gas consumption every second - the readings are transmitted wirelessly through various channels and public hops to the operation centres. Due to the unusually large streams sizes, the operation centres are using cloud servers where various entities process the data on a real-time basis for billing and power management. It is possible that smart pipe projects (where oil pipes are continuously monitored using sensors) and collected streams are sent to the public cloud for real-time flawed detection. There are many other similar applications that can render the world a convenient place which result in climate change mitigation and transportation improvement to name a few. Despite the obvious advantages of these applications, some unique challenges arise posing some questions regarding a suitable balance between guaranteeing the streams security, such as privacy, authenticity and integrity, while not hindering the direct operations on those streams, while also handling data management issues, such as the volume of protected streams during transmission and storage. These challenges become more complicated when the streams reside on third-party cloud servers. In this thesis, a few novel techniques are introduced to address these problems. We begin by protecting the privacy and authenticity of transmitted readings without disrupting the direct operations. We propose two steganography techniques that rely on different mathematical security models. The results look promising - security: only the approved party who has the required security tokens can retrieve the hidden secret, and distortion effect with the difference between the original and protected readings that are almost at zero. This means the streams can be used in their protected form at intermediate hops or third party servers. We then improved the integrity of the transmitted protected streams which are prone to intentional or unintentional noise - we proposed a secure error detection and correction based stenographic technique. This allows legitimate recipients to (1) detect and recover any noise loss from the hidden sensitive information without privacy disclosure, and (2) remedy the received protected readings by using the corrected version of the secret hidden data. It is evident from the experiments that our technique has robust recovery capabilities (i.e. Root Mean Square (RMS) <0.01%, Bit Error Rate (BER) = 0 and PRD < 1%). To solve the issue of huge transmitted protected streams, two compression algorithms for lossless IoTs readings are introduced to ensure the volume of protected readings at intermediate hops is reduced without revealing the hidden secrets. The first uses Gaussian approximation function to represent IoTs streams in a few parameters regardless of the roughness in the signal. The second reduces the randomness of the IoTs streams into a smaller finite field by splitting to enhance repetition and avoiding the floating operations round errors issues. Under the same conditions, our both techniques were superior to existing models mathematically (i.e. the entropy was halved) and empirically (i.e. achieved ratio was 3.8:1 to 4.5:1). We were driven by the question ‘Can the size of multi-incoming compressed protected streams be re-reduced on the cloud without decompression?’ to overcome the issue of vast quantities of compressed and protected IoTs streams on the cloud. A novel lossless size reduction algorithm was introduced to prove the possibility of reducing the size of already compressed IoTs protected readings. This is successfully achieved by employing similarity measurements to classify the compressed streams into subsets in order to reduce the effect of uncorrelated compressed streams. The values of every subset was treated independently for further reduction. Both mathematical and empirical experiments proved the possibility of enhancing the entropy (i.e. almost reduced by 50%) and the resultant size reduction (i.e. up to 2:1)

Embedded document security using sticky policies and identity based encryption

Data sharing domains have expanded over several, both trusted and insecure environments. At the same time, the data security boundaries have shrunk from internal network perimeters down to a single identity and a piece of information. Since new EU GDPR regulations, the personally identifiable information sharing requires data governance in favour of a data subject. Existing enterprise grade IRM solutions fail to follow open standards and lack of data sharing frameworks that could efficiently integrate with existing identity management and authentication infrastructures. IRM services that stood against cloud demands often offer a very limited access control functionality allowing an individual to store a document online giving a read or read-write permission to other individual identified by email address. Unfortunately, such limited information sharing controls are often introduced as the only safeguards in large enterprises, healthcare institutions and other organizations that should provide the highest possible personal data protection standards. The IRM suffers from a systems architecture vulnerability where IRM application installed on a semi-trusted client truly only guarantees none or full access enforcement. Since no single authority is contacted to verify each committed change the adversary having an advantage of possessing data-encrypting and key-encrypting keys could change and re-encrypt the amended content despite that read only access has been granted. Finally, the two evaluated IRM products, have either the algorithm security lifecycle (ASL) relatively short to protect the shared data, or the solution construct highly restrained secure key-encrypting key distribution and exposes a symmetric data-encrypting key over the network. Presented here sticky policy with identity-based encryption (SPIBE) solution was designed for secure cloud data sharing. SPIBE challenges are to deliver simple standardized construct that would easily integrate with popular OOXML-like document formats and provide simple access rights enforcement over protected content. It leverages a sticky policy construct using XACML access policy language to express access conditions across different cloud data sharing boundaries. XACML is a cloud-ready standard designed for a global multi-jurisdictional use. Unlike other raw ABAC implementations, the XACML offers a standardised schema and authorisation protocols hence it simplifies interoperability. The IBE is a cryptographic scheme protecting the shared document using an identified policy as an asymmetric key-encrypting a symmetric data-encrypting key. Unlike ciphertext-policy attribute-based access control (CP-ABE), the SPIBE policy contains not only access preferences but global document identifier and unique version identifier what makes each policy uniquely identifiable in relation to the protected document. In IBE scheme the public key-encrypting key is known and could be shared between the parties although the data-encrypting key is never sent over the network. Finally, the SPIBE as a framework should have a potential to protect data in case of new threats where ASL of a used cryptographic primitive is too short, when algorithm should be replaced with a new updated cryptographic primitive. The IBE like a cryptographic protocol could be implemented with different cryptographic primitives. The identity-based encryption over isogenous pairing groups (IBE-IPG) is a post-quantum ready construct that leverages the initial IBE Boneh-Franklin (IBE-BF) approach. Existing IBE implementations could be updated to IBE-IPG without major system amendments. Finally, by applying the one document versioning blockchain-like construct could verify changes authenticity and approve only legitimate document updates, where other IRM solutions fail to operate delivering the one single authority for non-repudiation and authenticity assurance

Exploring Innovative Rehabilitation for the Knee using Ehealth, Biofeedback and Online Communities

Knee pain is regarded as an inevitable outcome in an ageing population and subsequent management, treatment and rehabilitation may exacerbate demand on stretched health services globally. Knee pain can be influenced by a number of factors; gender, body mass, activity profile, arthrokinematics, patient biopsychosociology and predisposing injury or trauma. Treatment options are typically viewed as pharmacological and non-pharmacological. Exercise and physical therapy are key elements within the latter option, alongside surgical procedures. Knee pain sufferers may vindicate their condition through clinical diagnosis and shift of locus of control; compliance to exercise interventions can depend on the scope of this shift. Such values should be acknowledged when monitoring individualised progression in the management of knee pain. Technology may have a role to play in capturing and influencing compliance within the scope of knee rehabilitation. The main aim of this thesis was to explore the use of innovative rehabilitation interventions for the knee that integrated eHealth, biofeedback and online communities. As this constitutes a complex scenario, this thesis has been reported using elements of the Medical Research Council (MRC) framework for the development and evaluation of complex interventions to improve health (Blackwood et al., 2010; Craig et al., 2008); notably the Preclinical (theory) stage, the Phase I (modelling) stage, and Phase II (exploratory trial). The findings further inform the options for rehabilitation around knee pain, encompassing latest generation techniques for addressing progressive joint disease and eHealth initiatives. These also included options for self-management and reporting that could be generalised to knee pain sufferers; an approach informed by the exploration of the reported experiences of individuals engaging with an online health community for knee pain. The eHealth component of the thesis looked to explore the use of simple Web 2.0 solutions and readily available domiciliary equipment for efficacy and accessibility