Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients\u27 intention to use PHSs on P2P networks by making them safe to use

Blockchain technology and internet of things: review, challenge and security concern

Blockchain (BC) has received high attention from many researchers recently because it has decentralization, trusted auditability, and transparency as its main properties. BC has contributed fundamentally to the development of applications like cryptocurrencies, health care, the internet of things (IoT), and so on. The IoT is envisioned to include billions of pervasive and mission-critical sensors and actuators connected to the internet. This network of smart devices is expected to generate and have access to vast amounts of information, creating unique opportunities for new applications, but significant security and privacy issues emerge concurrently because it does not contain robust security systems. BC provides many services like privacy, security, and provenance to the systems that depends on. This research includes analyzing and a comprehensive review of BC technologies. Moreover, the proposed solutions in academia with the methodologies that used to integrate blockchain with IoT are presented. Also, the types of attacks on blockchain are collected and classified. Furthermore, the main contributions and challenges that are included in the literature are explored, then the relevant recommendations for solving the explored challenges are proposed. In conclusion, the integration of BC with IoT could produce promising results in enhancing the security and privacy of IoT environment

Federated Reinforcement Learning-Supported IDS for IoT-steered Healthcare Systems

Wireless Networks lack clear boundaries which leads to security concerns and vulnerabilities to numerous kinds of intrusions. With the growth of cyber intruders, the risks on crucial applications monitored by networked systems have also grown. Effective and vigorous Intrusion Detection Systems (IDSs) for protecting shared information continues to be an essential task to keep private data safe especially in the healthcare sphere. Constructing an IDS that detects and returns information efficiently and with the highest accuracy is a challenging task. Machine Learning (ML) techniques have been effectively adopted in IDSs to detect network intruders. Reinforcement learning is considered as one of the main developments in ML. IDS mainly performs a higher accuracy rate, detection rate as well as a higher performance of a classification (ROC curve). According to these and to tackle the security issues, a Federated Reinforcement Learning-based Intrusion Detection System (FRL-IDS) in the Internet of Things (IoT) networks for healthcare infrastructures has been proposed. The proposed model has been evaluated and compared to a similar model (i.e. SVM system). The proposed model shows superiority over the SVM-steered IDS with accuracy and detection rates of ≈ 0.985 and ≈ 96.5%, respectively. This proposed infrastructure will not only aid in intrusion detection of large health care systems but also other wireless decentralized networks found across multiple real-world applications

Smart Health Infrastructure: Integrating Internet of Things (IoT) with Edge Computing for Enhanced Disease Surveillance and Response

Smart health infrastructure that incorporates the Internet of Things (IoT) and edge computing offers an innovative approach to improving disease response and surveillance Public health emergencies and chronic disease surveillance are two areas where this program is particularly important because of the significant impact that early intervention can have on patient outcomes. Hurdles for the integration of healthcare IoT and edge computing are data privacy and security concerns, performance issues on IoT devices as well as robust network infrastructure needs. To reduce its reliance on computers, Cloud has come up with a plan of introducing Edge Computing-based Context Health Monitoring System (EC-CHMS) which enables faster data analysis and response times by eliminating its use. The healthcare information is locally managed between the networks throughout the system network through edge computing in EC-CHMS that incorporates cloud to manage healthcare information locally between networks within the entire network. This technology can recognize a patient’s life threatening condition by fusing IoT sensors with machine learning algorithms and has numerous possibilities for healthcare applications such as early disease detection, real-time outbreak management, remote patient care among others. Continuous and context-aware health monitoring is possible using this system that supports proactive healthcare interventions towards enhancing overall health delivery efficiency. These results demonstrate that EC-CHMS outperforms traditional cloud-based systems in terms of handling data efficiently and time taken to run the code. To ensure accuracy and reliability of these vital signs, simulation shows how multiple health issues can be handled by it

Do Individuals in Developing Countries Care about Personal Health Information Privacy? An Empirical Investigation

As developing countries migrate to electronic healthcare (e-health) systems, emerging case studies suggest concerns are being raised about the privacy and security of personal health information (PHI) (e.g., Bedeley & Palvia, 2014; Willyard, 2010). However, there is lack of consideration of PHI privacy in the development of e-health systems in these countries as developers and policy makers assume that individuals are in greater need of healthcare and may not care about issues such as privacy (Policy Engagement Network [PEN], 2010). To better understand these assumptions and concerns individuals may have about the digitization of their PHI, this study examined individuals’ privacy concerns regarding the use of electronic health record (EHR) systems by hospitals for storing and managing PHI. A survey was conducted on a sample of 276 individuals in Ghana, a Sub-Saharan African country. We analysed the dataset using t-test and analysis of variance (ANOVA). Contradicting the assumption underlying e-health systems development, the results demonstrated that whilst individuals are less concerned about the collection of their PHI by hospitals, they are highly concerned about unauthorised secondary use, errors, and unauthorize access regarding their PHI stored in EHR systems. These concerns are especially greater for individuals with high computer experience and those who are extremely concerned about their health. Furthermore, compared with women and older individuals (35 years or older), men and younger individuals (aged 18-24) are more concerned about the collection of their PHI by hospitals. Implications for research and practice are discussed

The NPFIT strategy for information security of care record service

The National Programme for IT in England doesn’t have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents

Information Accountability Framework for a Trusted Health Care System

Trusted health care outcomes are patient centric. Requirements to ensure both the quality and sharing of patients’ health records are a key for better clinical decision making. In the context of maintaining quality health, the sharing of data and information between professionals and patients is paramount. This information sharing is a challenge and costly if patients’ trust and institutional accountability are not established. Establishment of an Information Accountability Framework (IAF) is one of the approaches in this paper. The concept behind the IAF requirements are: transparent responsibilities, relevance of the information being used, and the establishment and evidence of accountability that all lead to the desired outcome of a Trusted Health Care System. Upon completion of this IAF framework the trust component between the public and professionals will be constructed. Preservation of the confidentiality and integrity of patients’ information will lead to trusted health care outcomes

The Promise of Health Information Technology: Ensuring that Florida's Children Benefit

Substantial policy interest in supporting the adoption of Health Information Technology (HIT) by the public and private sectors over the last 5 -- 7 years, was spurred in particular by the release of multiple Institute of Medicine reports documenting the widespread occurrence of medical errors and poor quality of care (Institute of Medicine, 1999 & 2001). However, efforts to focus on issues unique to children's health have been left out of many of initiatives. The purpose of this report is to identify strategies that can be taken by public and private entities to promote the use of HIT among providers who serve children in Florida