Uma arquitectura segura e colaborativa para registos de saúde electrónicos com suporte a mobilidade

Doutoramento em InformáticaDurante as ultimas décadas, os registos de saúde eletrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró ativo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam duvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos atores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os atores envolvidos nos cuidados de saúde. Baseia-se numa arquitetura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer proteção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso _e estabelecido por políticas definidas pelo paciente. Cartões de identificação eletrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitetura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitetura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, atualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.Since their early adoption Electronic Health Records (EHR) have been evolving to cope with increasing requirements from institutions, professionals and, more recently, from patients. Citizens became more involved demanding successively more control over their records and an active role on their content. Mobility brought also new requirements, data become scattered over heterogeneous systems and formats, with increasing di culties on data sharing between distinct providers. To cope with these challenges several solutions appeared, mostly based on service level agreements between entities, regions and countries. They usually required de ning complex federated scenarios and left the patient outside the process. More recent approaches, such as personal health records (PHR), enable patient control although raises clinical integrity doubts to other actors, such as physicians. Also, information security risk increase as data travels outside controlled networks and systems. To overcome this, new solutions are needed to facilitate trustable collaboration between the diverse actors and systems. In this thesis we present a solution that enables a secure and open collaboration between all healthcare actors. It is based on a service-oriented architecture that deals with the clinical data using a closed envelope concept. The architecture was modeled with minimal functionality and privileges bearing in mind strong protection of data during transmission, processing and storing. The access control is made through patient policies and authentication uses electronic identi cation cards or similar certi cates, enabling auto-enrollment. All the components require mutual authentication and uses cyphering mechanisms to assure privacy. We also present a threat model to verify, through our solution, if possible threats were mitigated or if further re nement is needed. The proposed solution solves the problem of patient mobility and data dispersion, and empowers citizens to manage and collaborate in their personal healthcare information. It also permits open and secure collaboration, enabling the patient to have richer and up to date records that can foster new ways to generate and use clinical or complementary information

Uma arquitectura segura e colaborativa para registos de saúde eletrónicos com suporte a mobilidade

Since their early adoption Electronic Health Records (EHR) have been evolving to cope with increasing requirements from institutions, professionals and, more recently, from patients. Citizens became more involved demanding successively more control over their records and an active role on their content. Mobility brought also new requirements, data become scattered over heterogeneous systems and formats, with increasing di culties on data sharing between distinct providers. To cope with these challenges several solutions appeared, mostly based on service level agreements between entities, regions and countries. They usually required de ning complex federated scenarios and left the patient outside the process. More recent approaches, such as personal health records (PHR), enable patient control although raises clinical integrity doubts to other actors, such as physicians. Also, information security risk increase as data travels outside controlled networks and systems. To overcome this, new solutions are needed to facilitate trustable collaboration between the diverse actors and systems. In this thesis we present a solution that enables a secure and open collaboration between all healthcare actors. It is based on a service-oriented architecture that deals with the clinical data using a closed envelope concept. The architecture was modeled with minimal functionality and privileges bearing in mind strong protection of data during transmission, processing and storing. The access control is made through patient policies and authentication uses electronic identi cation cards or similar certi cates, enabling auto-enrollment. All the components require mutual authentication and uses cyphering mechanisms to assure privacy. We also present a threat model to verify, through our solution, if possible threats were mitigated or if further re nement is needed. The proposed solution solves the problem of patient mobility and data dispersion, and empowers citizens to manage and collaborate in their personal healthcare information. It also permits open and secure collaboration, enabling the patient to have richer and up to date records that can foster new ways to generate and use clinical or complementary information.Durante as últimas décadas, os registos de saúde electrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró activo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam dúvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos actores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os actores envolvidos nos cuidados de saúde. Baseia-se numa arquitectura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer protecção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso é estabelecido por políticas definidas pelo paciente. Cartões de identificação electrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitectura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitectura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, actualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.Programa PROTEC, bolsa SFRH/BD/49765/200

Human Integration Design Processes (HIDP)

The purpose of the Human Integration Design Processes (HIDP) document is to provide human-systems integration design processes, including methodologies and best practices that NASA has used to meet human systems and human rating requirements for developing crewed spacecraft. HIDP content is framed around human-centered design methodologies and processes in support of human-system integration requirements and human rating. NASA-STD-3001, Space Flight Human-System Standard, is a two-volume set of National Aeronautics and Space Administration (NASA) Agency-level standards established by the Office of the Chief Health and Medical Officer, directed at minimizing health and performance risks for flight crews in human space flight programs. Volume 1 of NASA-STD-3001, Crew Health, sets standards for fitness for duty, space flight permissible exposure limits, permissible outcome limits, levels of medical care, medical diagnosis, intervention, treatment and care, and countermeasures. Volume 2 of NASASTD- 3001, Human Factors, Habitability, and Environmental Health, focuses on human physical and cognitive capabilities and limitations and defines standards for spacecraft (including orbiters, habitats, and suits), internal environments, facilities, payloads, and related equipment, hardware, and software with which the crew interfaces during space operations. The NASA Procedural Requirements (NPR) 8705.2B, Human-Rating Requirements for Space Systems, specifies the Agency's human-rating processes, procedures, and requirements. The HIDP was written to share NASA's knowledge of processes directed toward achieving human certification of a spacecraft through implementation of human-systems integration requirements. Although the HIDP speaks directly to implementation of NASA-STD-3001 and NPR 8705.2B requirements, the human-centered design, evaluation, and design processes described in this document can be applied to any set of human-systems requirements and are independent of reference missions. The HIDP is a reference document that is intended to be used during the development of crewed space systems and operations to guide human-systems development process activities

Resilience and Food Security in a Food Systems Context

This open access book compiles a series of chapters written by internationally recognized experts known for their in-depth but critical views on questions of resilience and food security. The book assesses rigorously and critically the contribution of the concept of resilience in advancing our understanding and ability to design and implement development interventions in relation to food security and humanitarian crises. For this, the book departs from the narrow beaten tracks of agriculture and trade, which have influenced the mainstream debate on food security for nearly 60 years, and adopts instead a wider, more holistic perspective, framed around food systems. The foundation for this new approach is the recognition that in the current post-globalization era, the food and nutritional security of the world’s population no longer depends just on the performance of agriculture and policies on trade, but rather on the capacity of the entire (food) system to produce, process, transport and distribute safe, affordable and nutritious food for all, in ways that remain environmentally sustainable. In that context, adopting a food system perspective provides a more appropriate frame as it incites to broaden the conventional thinking and to acknowledge the systemic nature of the different processes and actors involved. This book is written for a large audience, from academics to policymakers, students to practitioners

Resilience and food security in a food systems context

This open access book compiles a series of chapters written by internationally recognized experts known for their in-depth but critical views on questions of resilience and food security. The book assesses rigorously and critically the contribution of the concept of resilience in advancing our understanding and ability to design and implement development interventions in relation to food security and humanitarian crises. For this, the book departs from the narrow beaten tracks of agriculture and trade, which have influenced the mainstream debate on food security for nearly 60 years, and adopts instead a wider, more holistic perspective, framed around food systems. The foundation for this new approach is the recognition that in the current post-globalization era, the food and nutritional security of the world’s population no longer depends just on the performance of agriculture and policies on trade, but rather on the capacity of the entire (food) system to produce, process, transport and distribute safe, affordable and nutritious food for all, in ways that remain environmentally sustainable. In that context, adopting a food system perspective provides a more appropriate frame as it incites to broaden the conventional thinking and to acknowledge the systemic nature of the different processes and actors involved. This book is written for a large audience, from academics to policymakers, students to practitioners

Occupational Health and Safety in the Healthcare Sector

Healthcare workers are exposed to several different occupational risk factors, and they pay an important tribute in terms of occupational diseases and work-related injuries. Currently, the COVID-19 pandemic has focused the attention on the problem of the infectious risk, which is certainly among the risks typically expected and specifically recognized for the health personnel, but also other occupational risks should not be overlooked, as, e.g., the risks associated with work-organization factors and with the exposure to chemical and physical agents. The health consequences associated with the exposure to all these factors have relevant impacts in terms of induced diseases, DALYs, sickness absence from work and costs for the health systems. According to these premises, this reprint has collected manuscripts addressing topics related to the prevention of the occupational risks in the healthcare sector, including original articles and reviews on the prevention of work-related illnesses and injuries of the health personnel, as well as on the evaluation of the risks in the healthcare workplaces, and on the topics of risk perception and of the knowledge and attitudes of the workers towards the preventive procedures and the use of protections. The themes of the prevention of occupational infectious risk, biomechanical overload of the musculoskeletal system and work-related psychosocial factors are specifically discussed in the papers collected