A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique

Security Specification Language for Distribute Health Information System(DiHLS)

The introduction of policy based management whict to manage distributed,complex and numerous system is widely accepted and used in various sectors. The policy creators policies that suit best for their operations and management. Since there are numerous of policies,this research focuses on the security policies only which are appointed to the distributed system of health information system. In order to implement the security policies ,we need a language that can represent the security policies for distributed health information system completely

Securely sharing dynamic medical information in e-health

This thesis has introduced an infrastructure to share dynamic medical data between mixed health care providers in a secure way, which could benefit the health care system as a whole. The study results of the universally data sharing into a varied patient information system prototypes

Assured information sharing for ad-hoc collaboration

Collaborative information sharing tends to be highly dynamic and often ad hoc among organizations. The dynamic natures and sharing patterns in ad-hoc collaboration impose a need for a comprehensive and flexible approach to reflecting and coping with the unique access control requirements associated with the environment. This dissertation outlines a Role-based Access Management for Ad-hoc Resource Shar- ing framework (RAMARS) to enable secure and selective information sharing in the het- erogeneous ad-hoc collaborative environment. Our framework incorporates a role-based approach to addressing originator control, delegation and dissemination control. A special trust-aware feature is incorporated to deal with dynamic user and trust management, and a novel resource modeling scheme is proposed to support fine-grained selective sharing of composite data. As a policy-driven approach, we formally specify the necessary pol- icy components in our framework and develop access control policies using standardized eXtensible Access Control Markup Language (XACML). The feasibility of our approach is evaluated in two emerging collaborative information sharing infrastructures: peer-to- peer networking (P2P) and Grid computing. As a potential application domain, RAMARS framework is further extended and adopted in secure healthcare services, with a unified patient-centric access control scheme being proposed to enable selective and authorized sharing of Electronic Health Records (EHRs), accommodating various privacy protection requirements at different levels of granularity

Security Specification Language for Distribute Health Information System(DiHLS)

The introduction of policy based management whict to manage distributed,complex and numerous system is widely accepted and used in various sectors. The policy creators policies that suit best for their operations and management. Since there are numerous of policies,this research focuses on the security policies only which are appointed to the distributed system of health information system. In order to implement the security policies ,we need a language that can represent the security policies for distributed health information system completely

An Integrative Review of the Literature on Technology Transformation in Healthcare

Healthcare transformation through technology is a core objective of health reform. It is important for decision makers to understand the likelihood that reform policies will in fact transform. This study evaluates evidence of technology transformation in healthcare through an integrative review of the healthcare and business literature, guided by the theory of punctuated equilibrium (TPE). TPE describes the process of transformation within organizations, markets, and groups. The theory explains transformation as a pattern of long periods of incremental change (equilibrium) punctuated by short periods of dramatic change (revolution). An underlying deep structure defines the environment of the organization, market, or group. Radical change in the deep structure of the environment is necessary for transformational change. This integrative review covered the period January 2004 through April 2012. The inclusion criteria required that the article or study address both the implementation of health information technology in the United States and describe one of the three components of TPE. Five hundred twenty articles focusing on transformational change were identified through structured database searches of MedLine/PubMed, Business Source Complete, Social Science Research Network, and others. The articles were reviewed, and coded using the three elements of TPE. A directed content analysis of the coded data produced 10 themes describing the three TPE elements: variations in the environment, market complexity, regulation, flawed risk and reward, theories of technology acceptance, barriers, ethical considerations, competition and sustainability, environmental elements of revolution, and internal elements of revolution. The results describe a healthcare market exhibiting strong equilibrium and substantial resistance to change from HIT. Minimal descriptions of the revolutionary element of TPE were evident. The deep structure of healthcare indicates that the historical provider and hospital-centered market prevails. Conditions that might encourage alteration of this deep structure were: empowering and engaging patients; updating care delivery models; and reducing market uncertainty. The revolutionary changes seen in other complex markets from banking to travel to manufacturing relied heavily on the power of the consumer to alter deep structure. Although the concept of patient centeredness was present in the literature there was little clarity regarding the patient as an agent of structural change. To our knowledge this is the first application of TPE to investigate technology transformation in healthcare. Others have demonstrated TPE as a viable model for explaining transformational change in other markets. The study is limited by the study timeframe and the absence of newer literature reflecting the impact of recent policy changes. Despite this limitation the findings suggest that TPE presents a potentially valuable framework to guide evaluation of the progress of policies that encourage transformation from technology. Some propose that altering the complex deep structure of healthcare may require a complete destruction of existing processes before new processes, innovations, and technologies can emerge. The Affordable Care Act (2010) and the meaningful use provisions of the HITECH Act (2009) are moving healthcare toward new patient centered models of care. Uncertainty around the future of reform policies from possible repeal or amendment likely contributes to resistance to transformational change. This may perpetuate the historical rational and incremental pattern of HIT advancement. Patients as consumers have the potential to influence change given the appropriate tools. The importance of consumers to the transformation process suggests that policies fostering technologies that integrate patients into new care delivery models are likely paramount to realizing technological transformation

Ensuring Application Specific Security, Privacy and Performance Goals in RFID Systems

Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide relatively low performance for different types of RFID applications. We identified that each RFID application has unique research challenges and different performance bottlenecks based on the characteristics of the system. One strategy is to devise security protocols such that application specific goals are met and system specific performance requirements are maximized. This dissertation aims to address the problem of devising application specific security protocols for current and next generation RFID systems so that in each application area maximum performance can be achieved and system specific goals are met. In this dissertation, we propose four different authentication techniques for RFID technologies, providing solutions to the following research issues: 1) detecting counterfeit as well as ensuring low response time in large scale RFID systems, 2) preserving privacy and maintaining scalability in RFID based healthcare systems, 3) ensuring security and survivability of Computational RFID (CRFID) networks, and 4) detecting missing WISP tags efficiently to ensure reliability of CRFID based system\u27s decision. The techniques presented in this dissertation achieve good levels of privacy, provide security, scale to large systems, and can be implemented on resource-constrained RFID devices

An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers

HIPAA security compliance in academic medical centers is a central concern of researchers, academicians, and practitioners. Increased numbers of data security breaches and information technology implementations have caused concern over the confidentiality, integrity, and availability of electronic personal health information. The federal government has implemented stringent HIPAA security compliance reviews and significantly extended the scope and enforcement of the HIPAA Security Rule. However, academic medical centers have shown limited compliance with the HIPAA Security Rule. Therefore, the goal of this study was to investigate the factors that may affect HIPAA security compliance in academic medical centers. Based on a review of the literature of technology acceptance and security effectiveness, this study proposed a theoretical model that uses management support, security awareness, security culture, and computer self-efficacy to predict security behavior and security effectiveness and thus HIPAA security compliance in academic medical centers. To empirically assess the effect of the above-noted variables on HIPAA security compliance in academic medical centers, a Web-based survey was developed. The survey instrument was designed as a multi-line measure that used Likert-type scales. Previous validated scales were adapted and used in the survey. The sample for this investigation was health care information technology professionals who are members of the Group on Information Resources within the Association of American Medical Colleges. Two statistical methods were used to derive and validate predictive models: multiple linear regression and correlation analysis. The results of the investigation demonstrated that security awareness, management support, and security culture were significant predictors of both security effectiveness and security behavior. Security awareness was the most significant predictor of security effectiveness and security behavior. Due to the presence of collinearity, Pearson correlation analysis was used to develop a composite factor, consisting of management support and security culture, for the final multiple linear regression model. By enhancing the understanding of HIPAA security compliance in academic medical centers, the outcomes of this study will contribute to the body of knowledge of security compliance. The empirical results of this research also will provide guidance for individuals and organizations involved with HIPAA security compliance initiatives in health care

Attribute Based Cryptographic Enforcements for Security and Privacy in E-health Environments

publishedVersio

Policy-based security management for federated healthcare databases (or RHIOs)

The role of security management in the RHIOs has recently gained increasing attention due to strict privacy and disclosure rules, and federal regulations such as HIPAA. The envisioned use of electronic health care records in such systems involves pervasive and ubiquitous access to healthcare information from anywhere outside of traditional hospital boundaries which puts increasing demands on the underlying security mechanisms. In this paper, we have designed a context-aware policy-based system to provide security management for health informatics. The policies are based on a set of use cases developed for the HL7 Clinical Document Architecture (CDA) standard. Our system is designed to adapt well to ubiquitous healthcare services in a non-traditional, pervasive environment using the same infrastructure that enables federated healthcare management for traditional organizational boundaries. We also present an enforcement architecture and a demonstration prototype for the policy-based system proposed in this paper