A Privacy-Preserving Framework for Personally Controlled Electronic Health Record (PCEHR) System

The electronic health record (eHR) system has recently been considered one of the biggest advancements in healthcare services. A personally controlled electronic health record (PCEHR) system is proposed by the Australian government to make the health system more agile, secure, and sustainable. Although the PCEHR system claims the electronic health records can be controlled by the patients, healthcare professionals and database/system operators may assist in disclosing the patients’ eHRs for retaliation or other ill purposes. As the conventional methods for preserving the privacy of eHRs solely trust the system operators, these data are vulnerable to be exploited by the authorised personnel in an immoral/unethical way. Furthermore, issues such as the sheer number of eHRs, their sensitive nature, flexible access, and efficient user revocation have remained the most important challenges towards fine-grained, cryptographically enforced data access control. In this paper we propose a patient centric cloud-based PCEHR framework, which employs a homomorphic encryption technique in storing the eHRs. The proposed system ensures the control of both access and privacy of eHRs stored in the cloud database

A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique

A new framework architecture for next generation e-Health services

The challenge for fast and low-cost deployment of ubiquitous personalized e-Health services has prompted us to propose a new framework architecture for such services. We have studied the operational features and the environment of e-Health services and we led to a framework structure that extends the ETSI/Parlay architecture, which is used for the deployment of standardized services over the next generation IP networks. We expanded the ETSI/Parlay architecture with new service capability features as well as sensor, profiling and security mechanisms. The proposed framework assists the seamless integration, within the e-Health service structure, of diverse facilities provided by both the underlying communication and computing infrastructure as well as the patient's bio and context sensor networks. Finally, we demonstrate the deployment of a tele-monitoring service in smart home environment based on the proposed framework architecture

A Study of Access Control for Electronic Health Records

The expansion between Information Technology and Healthcare has created many new options for both disciplines, as well as challenges. One of these topics is the Electronic Health Record (EHR) and the push for a universal record. A challenge for this topic is access control: how to keep patient’s personal health information secure, but at the same time accessible to all fields of healthcare and accomplish this within the federal privacy laws made by our government. This study focuses on the idea of a single EHR containing all the different medical information for all the areas of healthcare for a patient. This single EHR would be stored in a database and its use secured though the use of access control using a hierarchy of user groups, which would be divided into different roles to assign access privileges. This access control method would be implemented by possibly using mechanisms such as Bell-LaPadulla Model, The Strawman Design, Public/Private Key algorithms, or other methods. The first goal would be to create this structure for a single entity (e.g., One Hospital, Clinic, or Doctor’s office) and then progress to a distributed model where multiple entities can store and share information

Application of the HL7 standard as a universal tool for the exchange of clinical information in the domain of public health. Case study: vector-borne diseases - Dengue

En Colombia la salud requiere soluciones tecnológicas estandarizadas que permitan inter operar entre ellas. Un área de la salud que se puede tomar como ejemplo es el de la salud pública, para la cual se formuló e institucionalizó el Sistema de Vigilancia en Salud Pública. El SIVIGILA se encarga de trazar las directrices que permiten la recolección de los eventos que son de interés para la salud pública; una vez recolectada y procesada esta información, es posible monitorear la propagación de eventos y a su vez, sirve como herramienta en la planificación de la salud y en la definición de medidas para la de prevención y control de enfermedades. En este trabajo de investigación se hace una propuesta de arquitectura de software que aplica el estándar HL7 al SIVIGILA y toma como caso de estudio las enfermedades de transmisión por vectores la cual permite a otros sistemas de información que cumplan con el estándar consumir los servicios que se publican para la gestión de la salud públicaINTRODUCCIÓN 15 1. MARCO TEORICO 20 1.1 ESTADO DEL ARTE 20 1.2 MODELO DE INFORMACIÓN 33 1.2.1 Sub-Área: Escenarios (Act) 34 1.2.2 Sub-Área: Entidades (Entity) 37 1.2.3 Sub-Área: Roles (Role) 38 1.3 VOCABULARIO 39 1.3.1 Conceptos de Dominio HL7 40 1.3.2 Sistema de Codificación HL7 41 1.4 TIPOS DE DATOS 43 1.5 TIPOS DE ELEMENTOS COMUNES DE MENSAJES (CMET) 47 1.6 ESPECIFICACIÓN DE LA IMPLEMENTACIÓN DE TECNOLOGÍA 48 1.7 COMPONENTES DE MENSAJES HL7 50 1.7.1 Especificación de navegación entre mensajes 50 1.7.2 Storyboard 51 1.7.3 Modelo de Información de Mensajes del Dominio (D-MIM) 51 1.8 DOMINIO DE SALUD PÚBLICA 58 1.8.1 Salud Pública 58 1.8.2 Diccionario de Términos 61 1.8.3 Sistema de Vigilancia en Salud Pública 63 1.9 DEFINICIÓN DEL DOMINIO DE SALUD PÚBLICA – HL7 65 1.9.1 R-MIM COCT RM840000_E PublicHealthEntity universal 66 1.9.2 R-MIM COCT RM840000UV A_PublicHealthStatement universal 77 2. MÉTODO DE INVESTIGACIÓN 87 2.1 RELACIÓN DE SUS CARACTERÍSTICAS CON LAS NECESIDADES DEL PROYECTO 87 2.2 CIRCUNSTANCIAS QUE RODEAN LA APLICACIÓN DEL MÉTODO. 87 2.3 SECUENCIA DESCRIPTIVA DE PASOS QUE IRÁN DÁNDOSE PARA APLICAR EL MÉTODO 88 2.4 DISEÑO DE INSTRUMENTOS QUE INTEGRAN LA METODOLOGÍA 90 2.5 TÉCNICA PARA LA RECOLECCIÓN DE DATOS 90 2.6 ANTICIPACIÓN DE CÓMO SE EFECTUARÁ EL ANÁLISIS DE FORMA CONGRUENTE CON EL MÉTODO SELECCIONADO 90 2.7 WORK BREAKDOWN STRUCTURE 91 3. RESULTADOS DE LA INVESTIGACIÓN 92 3.1 DESCRIPCIÓN DEL DOCUEMNTO DE ARQUITECTURA 92 3.1.1 Propósito 92 3.2 GENERALIDADES DEL PROYECTO DE SOFTWARE 92 3.2.1 Descripción del Problema 92 3.2.2 Descripción del Sistema 93 3.2.3 Stakeholders 93 3.3 MOTIVADORES DE NEGOCIO 97 3.3.1 Motivadores 97 3.3.2 Restricciones 98 3.4 CONTEXTO DEL NEGOCIO 100 3.4.1 Procesos de Negocio 100 3.4.2 Modelo de Casos de Uso 103 3.4.3 Arquitectura de Referencia 103 3.5 REQUERIMIENTOS DE CALIDAD 105 3.5.1 Atributos de calidad 105 3.5.2 Escenarios de Calidad 106 3.5.2.3 Performance 108 3.5.3 Tácticas de Arquitectura 111 3.6 PUNTOS DE VISTA DE ARQUITECTURA 114 3.6.1 Punto de Vista Funcional 114 3.6.2 Punto de Vista de Despliegue 118 3.6.3 Punto de Vista de Información 120 3.6.4 Punto de Vista de Desarrollo 124 3.7 EVALUACIÓN Y EXPERIMENTACIÓN 126 3.7.1 Evaluación 126 3.7.2 Experimentación 127 4. CONCLUSIONES 129 5. RECOMENDACIONES Y TRABAJOS FUTUROS 131 BIBLIOGRAFÍA 132MaestríaIn Colombia, health requires standardized technological solutions that allow interaction between them. One area of ​​health that can be taken as an example is that of public health, for which the Public Health Surveillance System was formulated and institutionalized. SIVIGILA is in charge of drawing up the guidelines that allow the collection of events that are of interest to public health; Once this information has been collected and processed, it is possible to monitor the spread of events and in turn, it serves as a tool in health planning and in defining measures for disease prevention and control. In this research work, a software architecture proposal is made that applies the HL7 standard to SIVIGILA and takes vector-borne diseases as a case study, which allows other information systems that comply with the standard to consume the services that are published for public health managemen

Patient-centric authorization framework for sharing electronic health records

In modern healthcare environments, a fundamental requirement for achieving continuity of care is the seamless access to distributed patient health records in an integrated and unified manner, directly at the point of care. However, Electronic Health Records (EHRs) contain a significant amount of sensitive information, and allowing data to be accessible at many different sources increases concerns related to patient privacy and data theft. Access control solutions must guarantee that only authorized users have access to such critical records for legitimate purposes, and access control policies from distributed EHR sources must be accurately reflected and enforced accordingly in the integrated EHRs. In this paper, we propose a unified access control scheme that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and various privacy protection requirements. We also articulate and handle the policy anomalies that might occur in the composition of discrete access control policies from multiple data sources. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection

Ensuring Application Specific Security, Privacy and Performance Goals in RFID Systems

Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide relatively low performance for different types of RFID applications. We identified that each RFID application has unique research challenges and different performance bottlenecks based on the characteristics of the system. One strategy is to devise security protocols such that application specific goals are met and system specific performance requirements are maximized. This dissertation aims to address the problem of devising application specific security protocols for current and next generation RFID systems so that in each application area maximum performance can be achieved and system specific goals are met. In this dissertation, we propose four different authentication techniques for RFID technologies, providing solutions to the following research issues: 1) detecting counterfeit as well as ensuring low response time in large scale RFID systems, 2) preserving privacy and maintaining scalability in RFID based healthcare systems, 3) ensuring security and survivability of Computational RFID (CRFID) networks, and 4) detecting missing WISP tags efficiently to ensure reliability of CRFID based system\u27s decision. The techniques presented in this dissertation achieve good levels of privacy, provide security, scale to large systems, and can be implemented on resource-constrained RFID devices

Pseudonymization and its Application to Cloud-based eHealth Systems

Responding to the security and privacy issues of information systems, we propose a novel pseudonym solution. This pseudonym solution has provable security to protect the identities of users by employing user-generated pseudonyms. It also provides an encryption scheme to protect the security of the users’ data stored in the public network. Moreover, the pseudonym solution also provides the authentication of pseudonyms without disclosing the users’ identity information. Thus the dependences on powerful trusted third parties and on the trustworthiness of system administrators may be appreciably alleviated. Electronic healthcare systems (eHealth systems), as one kind of everyday information system, with the ability to store and share patients’ health data efficiently, have to manage in-formation of an extremely personal nature. As a consequence of known cases of abuse and attacks, the security of the health data and the privacy of patients are a great concern for many people and thus becoming obstacles to the acceptance and spread of eHealth systems. In this thesis, we survey current eHealth systems in both research and practice, analyzing potential threats to the security and privacy. Cloud-based eHealth systems, in particular, enable applications with many new features in data storing and sharing. We analyze the new issues on security and privacy when cloud technology is introduced into eHealth systems. We demonstrate that our proposed pseudonym solution can be successfully applied to cloud-based eHealth systems. Firstly, we utilize the pseudonym scheme and encryption scheme for storing and retrieving the electronic health records (EHR) in the cloud. The identities of patients and the confidentiality of EHR contents are provably guaranteed by advanced cryptographic algorithms. Secondly, we utilize the pseudonym solution to protect the privacy of patients from the health insurance companies. Only necessary information about patients is disclosed to the health insurance companies, without interrupting the cur-rent normal business processes of health insurance. At last, based on the pseudonym solution, we propose a new procedure for the secondary use of the health data. The new procedure protects the privacy of patients properly and enables patients’ full control and clear consent over their health data to be secondarily used. A prototypical application of a cloud-based eHealth system implementing our proposed solution is presented in order to exhibit the practicability of the solution and to provide intuitive experiences. Some performance estimations of the proposed solution based on the implementation are also provided.Um gewisse Sicherheits- und Datenschutzdefizite heutiger Informationssysteme zu beheben, stellen wir eine neuartige Pseudonymisierungslösung vor, die benutzergenerierte Pseudonyme verwendet und die Identitäten der Pseudonyminhaber nachweisbar wirksam schützt. Sie beinhaltet neben der Pseudonymisierung auch ein Verschlüsselungsverfahren für den Schutz der Vertraulichkeit der Benutzerdaten, wenn diese öffentlich gespeichert werden. Weiterhin bietet sie ein Verfahren zur Authentisierung von Pseudonymen, das ohne die Offenbarung von Benutzeridentitäten auskommt. Dadurch können Abhängigkeiten von vertrauenswürdigen dritten Stellen (trusted third parties) oder von vertrauenswürdigen Systemadministratoren deutlich verringert werden. Elektronische Gesundheitssysteme (eHealth-Systeme) sind darauf ausgelegt, Patientendaten effizient zu speichern und bereitzustellen. Solche Daten haben ein extrem hohes Schutzbedürfnis, und bekannte Fälle von Angriffen auf die Vertraulichkeit der Daten durch Privilegienmissbrauch und externe Attacken haben dazu geführt, dass die Sorge um den Schutz von Gesundheitsdaten und Patientenidentitäten zu einem großen Hindernis für die Verbreitung und Akzeptanz von eHealth-Systemen geworden ist. In dieser Dissertation betrachten wir gegenwärtige eHealth-Systeme in Forschung und Praxis hinsichtlich möglicher Bedrohungen für Sicherheit und Vertraulichkeit der gespeicherten Daten. Besondere Beachtung finden cloudbasierte eHealth-Systeme, die Anwendungen mit neuartigen Konzepten zur Datenspeicherung und -bereitstellung ermöglichen. Wir analysieren Sicherheits- und Vertraulichkeitsproblematiken, die sich beim Einsatz von Cloud-Technologie in eHealth-Systemen ergeben. Wir zeigen, dass unsere Pseudonymisierungslösung erfolgreich auf cloudbasierte eHealth-Systeme angewendet werden kann. Dabei werden zunächst das Pseudonymisierungs- und das Verschlüsselungsverfahren bei der Speicherung und beim Abruf von elektronischen Gesundheitsdatensätzen (electronic health records, EHR) in der Cloud eingesetzt. Die Vertraulichkeit von Patientenidentitäten und EHR-Inhalten werden dabei durch den Einsatz moderner kryptografischer Algorithmen nachweisbar garantiert. Weiterhin setzen wir die Pseudonymisierungslösung zum Schutz der Privatsphäre der Patienten gegenüber Krankenversicherungsunternehmen ein. Letzteren werden lediglich genau diejenigen Patienteninformationen offenbart, die für den störungsfreien Ablauf ihrer Geschäftsprozesse nötig sind. Schließen schlagen wir eine neuartige Vorgehensweise für die Zweitverwertung der im eHealth-System gespeicherten Daten vor, die die Pseudonymisierungslösung verwendet. Diese Vorgehensweise bietet den Patienten angemessenen Schutz für ihre Privatsphäre und volle Kontrolle darüber, welche Daten für eine Zweitverwertung (z.B. für Forschungszwecke) freigegeben werden. Es wird ein prototypisches, cloudbasiertes eHealth-System vorgestellt, das die Pseudonymisierungslösung implementiert, um deren Praktikabilität zu demonstrieren und intuitive Erfahrungen zu vermitteln. Weiterhin werden, basierend auf der Implementierung, einige Abschätzungen der Performanz der Pseudonymisierungslösung angegeben