Designing the Health-related Internet of Things: Ethical Principles and Guidelines

The conjunction of wireless computing, ubiquitous Internet access, and the miniaturisation of sensors have opened the door for technological applications that can monitor health and well-being outside of formal healthcare systems. The health-related Internet of Things (H-IoT) increasingly plays a key role in health management by providing real-time tele-monitoring of patients, testing of treatments, actuation of medical devices, and fitness and well-being monitoring. Given its numerous applications and proposed benefits, adoption by medical and social care institutions and consumers may be rapid. However, a host of ethical concerns are also raised that must be addressed. The inherent sensitivity of health-related data being generated and latent risks of Internet-enabled devices pose serious challenges. Users, already in a vulnerable position as patients, face a seemingly impossible task to retain control over their data due to the scale, scope and complexity of systems that create, aggregate, and analyse personal health data. In response, the H-IoT must be designed to be technologically robust and scientifically reliable, while also remaining ethically responsible, trustworthy, and respectful of user rights and interests. To assist developers of the H-IoT, this paper describes nine principles and nine guidelines for ethical design of H-IoT devices and data protocols

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

Advancing the Right to Health: The Vital Role of Law

Effective laws and an enabling legal environment are essential to a healthy society. Most public health challenges – from infectious and non-communicable diseases to injuries, from mental illness to universal health coverage – have a legal component. At global, national and local levels, law is a powerful tool for advancing the right to health. This tool is, however, often underutilized. This report aims to raise awareness about the role that public health laws can play in advancing the right to health and in creating the conditions for all people to live healthy lives. The report provides guidance about issues and requirements to be addressed during the process of developing or reforming public health laws, with case studies drawn from countries around the world to illustrate effective practices and critical features of effective public health legislation. Advancing the right to health: the vital role of law is the result of a collaboration between the World Health Organisation, the International Development Law Organisation (IDLO), the O’Neill Institute for National and Global Health Law, Washington D.C., USA, and Sydney Law School, University of Sydney. The Project Directors were: Professor Lawrence O. Gostin, Linda D. and Timothy J. O’Neill Professor of Global Health Law and University Professor, Georgetown University; Faculty Director, O’Neill Institute for National and Global Health Law, Georgetown University; Mr David Patterson, Senior Legal Expert – Health; Department of Research & Learning, International Development Law Organization; Professor Roger Magnusson, Professor of Health Law & Governance, Sydney Law School, University of Sydney; Mr Oscar Cabrera, Executive Director, O’Neill Institute for National and Global Health Law, Georgetown University Law Center; Ms Helena Nygren-Krug (2011–2013), Senior Advisor, Human Rights & Law, UNAIDS. The content and structure of the report reflect the consensus reached at the second of two international consultations in public health law that preceded the preparation of the report, hosted by WHO and IDLO in Cairo, Egypt, 26-28 April 2010. Part 1 introduces the human right to health and its role in guiding and evaluating law reform efforts, including efforts to achieve the goal of universal health coverage. Part 2 discusses the process of public health law reform. The law reform process refers to the practical steps involved in advancing the political goal of law reform, and the kinds of issues and obstacles that may be encountered along the way. Part 2 identifies some of the actors who may initiate or lead the public health law reform process, discusses principles of good governance during that process, and ways of building a consensus around the need for public health law reform. Part 3 turns from the process of reforming public health laws to the substance or content of those laws. It identifies a number of core areas of public health practice where regulation is essential in order to ensure that governments (at different levels) discharge their basic public health functions. Traditionally, these core areas of public health practice have included: the provision of clean water and sanitation, monitoring and surveillance of public health threats, the management of communicable diseases, and emergency powers. Building on these core public health functions, Part 3 goes on to consider a range of other public health priorities where law has a critical role to play. These priorities include tobacco control, access to essential medicines, the migration of health care workers, nutrition, maternal, reproductive and child health, and the role of law in advancing universal access to quality health services for all members of the population. The report includes many examples that illustrate the ways in which different countries have used law to protect the health of their populations in ways that are consistent with their human rights obligations. Countries vary widely in terms of their constitutional structure, size, history and political culture. For these reasons, the examples given are not intended to be prescriptive, but to provide useful comparisons for countries involved in the process of legislative review

Security and confidentiality approach for the Clinical E-Science Framework (CLEF)

Objectives: CLEF is an MRC sponsored project in the E-Science programme that aims to establish methodologies and a technical infrastructure for the next generation of integrated clinical and bioscience research. Methods: The heart of the CLEF approach to this challenge is to design and develop a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies have been developed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research. Results: This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows, pseudonymisation measures and additional monitoring policies that are currently being developed. Conclusion: Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research

Plan Now for Managing Electronic Data and Avoid Tomorrow’s Legal Risks

[Excerpt] In a world where the use of electronic data is rapidly increasing, companies must find ways to manage data now so that they effectively control compliance risks. The proliferation of electronic data is both astonishing and overwhelming. Given the storage power of average computers today, even the most modest mom-and-pop business may have electronic storage capacity equivalent to 2,000 four-drawer file cabinets. The task of managing electronic data is further compounded by the fact that the data is no longer just tangible pieces of paper, but rather are bytes of information that are constantly being edited, changed, and updated from different people and sources. Proper archiving, retention, monitoring, filtering, and encryption of electronic data are no longer optional: they are imperative

M-health review: joining up healthcare in a wireless world

In recent years, there has been a huge increase in the use of information and communication technologies (ICT) to deliver health and social care. This trend is bound to continue as providers (whether public or private) strive to deliver better care to more people under conditions of severe budgetary constraint

Security and confidentiality approach for the Clinical E-Science Framework (CLEF)

CLEF is an MRC sponsored project in the E-Science programme that aims to establish policies and infrastructure for the next generation of integrated clinical and bioscience research. One of the major goals of the project is to provide a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies are needed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research. This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows and pseudonymisation mechanisms that are currently being developed. Intended constraints and monitoring policies that will apply to research interrogation of the repository are also outlined. Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research

A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique