Protecting Interoperable Clinical Environment With Authentication

The Integrated Clinical Environment (ICE) is a standard dedicated to promote open coordination of heterogeneous medical devices in a plug-and-play manner. This carries the potential to radically improve medical care through coordinating, cooperating devices, but also to undermine the patient safety by giving rise to security vulnerabilities in the cyber world. In this paper, we propose an authentication framework as the first step to build an ICE security architecture. This framework is designed in a three-layered structure, allowing it to fit in the variety of authentication requirements from different ICE entities and of networking middleware from ICE instantiations. We implement the authentication framework on OpenICE, an open source ICE instantiation. Our experiments shows that the framework can help OpenICE mitigate the vulnerabilities caused by forged identity with negligible performance overload

Secure transmission of shared electronic health records

Paper-based health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient\u27s consent, to electronically share pertinent health information with a specialist, providing timely information transfer and reducing the need for replicated testing. Australia is in the process of adopting a national approach to an integrated health records solution. The Australian National Ehealth Transition Authority (NEHTA) has released their lnteroperability Framework together with specifications and standards for secure messaging in E-health. This is expected to promote an environment in which vendors competing for market share will develop medical applications that are interoperable. With an aging population and the baby boomers preparing for retirement, it is anticipated that these initiatives may Indirectly help to reduce the anticipated strain on the health care budget. Anticipated secondary benefits include the collection of de-identified information for public health research and the development of health management strategies. This paper discusses NEHTA\u27s secure transmission initiatives and the resultant security issues related to the transfer of shared EHRs

FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data

Secure and scalable data sharing is essential for collaborative clinical decision making. Conventional clinical data efforts are often siloed, however, which creates barriers to efficient information exchange and impedes effective treatment decision made for patients. This paper provides four contributions to the study of applying blockchain technology to clinical data sharing in the context of technical requirements defined in the "Shared Nationwide Interoperability Roadmap" from the Office of the National Coordinator for Health Information Technology (ONC). First, we analyze the ONC requirements and their implications for blockchain-based systems. Second, we present FHIRChain, which is a blockchain-based architecture designed to meet ONC requirements by encapsulating the HL7 Fast Healthcare Interoperability Resources (FHIR) standard for shared clinical data. Third, we demonstrate a FHIRChain-based decentralized app using digital health identities to authenticate participants in a case study of collaborative decision making for remote cancer care. Fourth, we highlight key lessons learned from our case study

Secure transmission of shared electronic health records: A review

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, providing timely information transfer and reducing the need for replicated testing. Australia is in the process of adopting a national approach to an integrated health records solution. The Australian National Ehealth Transition Authority (NEHTA) has released their Interoperability Framework together with specifications and standards for secure messaging in Ehealth. This is expected to promote an environment in which vendors competing for market share will develop medical applications that are interoperable. With an aging population and the baby boomers preparing for retirement, it is anticipated that these initiatives may indirectly help to reduce the anticipated strain on the health care budget. Anticipated secondary benefits include the collection of deidentified information for public health research and the development of health management strategies. This paper discusses NEHTA’s secure transmission initiatives and the resultant security issues related to the transfer of shared EHRs

Rights management technologies: A good choice for securing electronic healthrecords?

Advances in healthcare IT bring new concerns with respect to privacy and security. Security critical patient data no longer resides on mainframes physically isolated within an organization, where physical security measures can be taken to defend the data and the system. Modern solutions are heading towards open, interconnected environments where storage outsourcing and operations on untrusted servers happen frequently. In order to allow secure sharing of health records between different healthcare providers, Rights Management Techniques facilitating a datacentric protection model can be employed: data is cryptographically protected and allowed to be outsourced or even freely float on the network. Rather than relying on different networks to provide confidentiality, integrity and authenticity, data is protected at the end points of the communication. In this paper we compare Enterprise/Digital Rights Management with traditional security techniques and discuss how Rights Management can be applied to secure Electronic Health Records

IT Governance for e-Health Applications

The increasing use of e-Health applications in clinical practices is pushing the limits of Health Information Technology. e-Health applications are often considered as integrated healthcare applications that are purposely developed to not onlysupport electronic health information exchange but also to improve the quality and safety of healthcare delivery. However,even as these applications continue to evolve and remain widespread in use in many clinicians’ offices, the applicability ofproper Information Technology (IT) governance structure for their utilization remains a big challenge in the healthcareindustry. In this paper, a literature review is used to explore the applicability of IT governance in e-Health applications. Thepractical and research implications for establishing IT governance structure in e-Health applications are also discussed

A FRAMEWORK FOR A CLOUD-BASED ELECTRONIC HEALTH RECORDS SYSTEM FOR NIGERIA

  In most countries of the developed world, one of the integral components of Health Information System (HIS) is Electronic Health Records (EHR). With advances in Information and Communications Technology (ICT) and the rise in the adoption of cloud computing approaches in the health sector of these countries by a substantial number of health institutions, cloud servers are now remote repository of EHRs. However, in Nigeria and many other developing countries, health information of patients is still predominantly paper-based medical records. This manual method is not scalable in terms of storage, prone to error, insecure, susceptible to damage and degradation over time, highly unavailable, time consuming in accessing and with no visible audit trail and version history to mention but a few. In this paper, a framework for a cloud-based electronic health records system that is capable of storage, retrieval and updating of patients’ medical records for Nigeria is proposed. The framework provides for various medical stakeholders in a health institution and patients to access the EHR system via a web portal by using a variety of devices in the contextual scenario whereby the health institution is migrating from paper-based patient record documentation to an EHR system

Chipped Pharmaceuticals from Production to in VIVO (in body) Drug Delivery Becoming Reality

AbstractAdvances in medical technology rely heavily on the collection and analysis of measured data to facilitate patient diagnosis and business decisions. The healthcare industry, particularly pharmaceuticals and diagnostic processes, has an ongoing need to improve item tracking and data collection to improve the quality of care while reducing cost. The remote, non-invasive characteristics of RFID can facilitate the information needs of healthcare without imposing additional burden onto the patient or staff. Properly deployed RFID enabled devices can provide convenient and accurate data for disease diagnosis, evaluation of prescription non-compliance and identification of medication dosage errors. This paper describes an all-encompassing RFID tracking system that begins with compliance documentation from the drug manufacturer through confirmation of patient compliance by capsule extraction from the bottle, into a pill case and ultimately ingested or inserted into the body. This RFID system can provide data for decision-making and facilitate compliance with FDA proposed e-pedigree requirements. This transcript provides an introduction to healthcare trends in order to motivate the need for a biocompatible RFID system. An approach to research as well as an in vitro tabletop test method is presented in light of pending research. The overall goal of the pending research is to develop biocompatible RFID tag components for use with systems beginning with the manufacturer and continuing through distribution to the point of interest within the patients body. Keywords RFID; e-pedigree; pharmaceuticals; trackin