A standard-driven communication protocol for disconnected clinics in rural areas

The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it

Security framework for cloud based electronic health record (EHR) system

Health records are an integral aspect of any Hospital Management System. With newer innovations in technology, there has been a shift in the way of recording health information. Medical records which used to be managed using various paper charts have now become easier to organize and maintain, thereby increasing the efficiency of medical staff. The Electronic Health Records (EHR) System is becoming a high-tech medical management technology developed for the economic or emerging economic countries like India. In a national health system, the EHR integrates the Electronic Medical Records (EMR) in all collaborating hospitals through different networks. EHR gives healthcare professionals a way to share and manage patient data quickly and effectively. Due to the mass storage of confidential patient data, healthcare organizations are considered as one of the most targeted sectors by intruders. This paper proposes a security framework for EHR system, which takes into consideration the integrity, availability, and confidentiality of health records. The threats posed to the EHR system are modeled by STRIDE modeling tool, and the amount of risk is calculated using DREAD. The paper also suggests the security mechanism and countermeasures based on security standards, which can be utilized in an EHR environment. The paper shows that the utilization of the proposed methods effectively addresses security concerns such as breach of sensitive medical information

FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data

Secure and scalable data sharing is essential for collaborative clinical decision making. Conventional clinical data efforts are often siloed, however, which creates barriers to efficient information exchange and impedes effective treatment decision made for patients. This paper provides four contributions to the study of applying blockchain technology to clinical data sharing in the context of technical requirements defined in the "Shared Nationwide Interoperability Roadmap" from the Office of the National Coordinator for Health Information Technology (ONC). First, we analyze the ONC requirements and their implications for blockchain-based systems. Second, we present FHIRChain, which is a blockchain-based architecture designed to meet ONC requirements by encapsulating the HL7 Fast Healthcare Interoperability Resources (FHIR) standard for shared clinical data. Third, we demonstrate a FHIRChain-based decentralized app using digital health identities to authenticate participants in a case study of collaborative decision making for remote cancer care. Fourth, we highlight key lessons learned from our case study

A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation

Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real

NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

The Promise of Health Information Technology: Ensuring that Florida's Children Benefit

Substantial policy interest in supporting the adoption of Health Information Technology (HIT) by the public and private sectors over the last 5 -- 7 years, was spurred in particular by the release of multiple Institute of Medicine reports documenting the widespread occurrence of medical errors and poor quality of care (Institute of Medicine, 1999 & 2001). However, efforts to focus on issues unique to children's health have been left out of many of initiatives. The purpose of this report is to identify strategies that can be taken by public and private entities to promote the use of HIT among providers who serve children in Florida

Security for networked smart healthcare systems: A systematic review

Background and Objectives Smart healthcare systems use technologies such as wearable devices, Internet of Medical Things and mobile internet technologies to dynamically access health information, connect patients to health professionals and health institutions, and to actively manage and respond intelligently to the medical ecosystem's needs. However, smart healthcare systems are affected by many challenges in their implementation and maintenance. Key among these are ensuring the security and privacy of patient health information. To address this challenge, several mitigation measures have been proposed and some have been implemented. Techniques that have been used include data encryption and biometric access. In addition, blockchain is an emerging security technology that is expected to address the security issues due to its distributed and decentralized architecture which is similar to that of smart healthcare systems. This study reviewed articles that identified security requirements and risks, proposed potential solutions, and explained the effectiveness of these solutions in addressing security problems in smart healthcare systems. Methods This review adhered to the Preferred Reporting Items for Systematic Reviews and Meta-analysis (PRISMA) guidelines and was framed using the Problem, Intervention, Comparator, and Outcome (PICO) approach to investigate and analyse the concepts of interest. However, the comparator is not applicable because this review focuses on the security measures available and in this case no comparable solutions were considered since the concept of smart healthcare systems is an emerging one and there are therefore, no existing security solutions that have been used before. The search strategy involved the identification of studies from several databases including the Cumulative Index of Nursing and Allied Health Literature (CINAL), Scopus, PubMed, Web of Science, Medline, Excerpta Medical database (EMBASE), Ebscohost and the Cochrane Library for articles that focused on the security for smart healthcare systems. The selection process involved removing duplicate studies, and excluding studies after reading the titles, abstracts, and full texts. Studies whose records could not be retrieved using a predefined selection criterion for inclusion and exclusion were excluded. The remaining articles were then screened for eligibility. A data extraction form was used to capture details of the screened studies after reading the full text. Of the searched databases, only three yielded results when the search strategy was applied, i.e., Scopus, Web of science and Medline, giving a total of 1742 articles. 436 duplicate studies were removed. Of the remaining articles, 801 were excluded after reading the title, after which 342 after were excluded after reading the abstract, leaving 163, of which 4 studies could not be retrieved. 159 articles were therefore screened for eligibility after reading the full text. Of these, 14 studies were included for detailed review using the formulated research questions and the PICO framework. Each of the 14 included articles presented a description of a smart healthcare system and identified the security requirements, risks and solutions to mitigate the risks. Each article also summarized the effectiveness of the proposed security solution. Results The key security requirements reported were data confidentiality, integrity and availability of data within the system, with authorisation and authentication used to support these key security requirements. The identified security risks include loss of data confidentiality due to eavesdropping in wireless communication mediums, authentication vulnerabilities in user devices and storage servers, data fabrication and message modification attacks during transmission as well as while the data is at rest in databases and other storage devices. The proposed mitigation measures included the use of biometric accessing devices; data encryption for protecting the confidentiality and integrity of data; blockchain technology to address confidentiality, integrity, and availability of data; network slicing techniques to provide isolation of patient health data in 5G mobile systems; and multi-factor authentication when accessing IoT devices, servers, and other components of the smart healthcare systems. The effectiveness of the proposed solutions was demonstrated through their ability to provide a high level of data security in smart healthcare systems. For example, proposed encryption algorithms demonstrated better energy efficiency, and improved operational speed; reduced computational overhead, better scalability, efficiency in data processing, and better ease of deployment. Conclusion This systematic review has shown that the use of blockchain technology, biometrics (fingerprints), data encryption techniques, multifactor authentication and network slicing in the case of 5G smart healthcare systems has the potential to alleviate possible security risks in smart healthcare systems. The benefits of these solutions include a high level of security and privacy for Electronic Health Records (EHRs) systems; improved speed of data transaction without the need for a decentralized third party, enabled by the use of blockchain. However, the proposed solutions do not address data protection in cases where an intruder has already accessed the system. This may be potential avenues for further research and inquiry