A framework for development of android mobile electronic prescription transfer applications in compliance with security requirements mandated by the Australian healthcare industry

This thesis investigates mobile electronic transfer of prescription (ETP) in compliance with the security requirements mandated by the Australian healthcare industry and proposes a framework for the development of an Android mobile electronic prescription transfer application. Furthermore, and based upon the findings and knowledge from constructing this framework, another framework is also derived for assessing Android mobile ETP applications for their security compliance. The centralised exchange model-based ETP solution currently used in the Australian healthcare industry is an expensive solution for on-going use. With challenges such as an aging population and the rising burden of chronic disease, the cost of the current ETP solution’s operational infrastructure is certain to rise in the future. In an environment where it is increasingly beneficial for patients to engage in and manage their own information and subsequent care, this current solution fails to offer the patient direct access to their electronic prescription information. The current system also fails to incorporate certain features that would dramatically improve the quality of the patient’s care and safety, i.e. alerts for the patient’s drug allergies, harmful dosage and script expiration. Over a decade old, the current ETP solution was essentially designed and built to meet legislation and regulatory requirements, with change-averting its highest priority. With little, if any, provision for future growth and innovation, it was not designed to cater to the needs of the ETP process. This research identifies the gap within the current ETP implementation (i.e. dependency on infrastructure, significant on-going cost and limited availability of the patient’s medication history) and proposes a framework for building a secure mobile ETP solution on the Android mobile operating system platform which will address the identified gap. The literature review part of this thesis examined the significance of ETP for the nation’s larger initiative to provide an improved and better maintainable healthcare system. The literature review also revealed the stance of each jurisdiction, from legislative and regulatory perspectives, in transitioning to the use of a fully electronic ETP solution. It identified the regulatory mandates of each jurisdiction for ETP as well as the security standards by which the current ETP implementation is iii governed so as to conform to those regulatory mandates. The literature review part of the thesis essentially identified and established how the Australian healthcare industry’s various prescription-related legislations and regulations are constructed, and the complexity of this construction for eTP. The jurisdictional regulatory mandates identified in the literature review translate into a set of security requirements. These requirements establish the basis of the guiding framework for the development of a security-compliant Android mobile ETP application. A number of experimentations were conducted focusing on the native security features of the Android operating system, as well as wireless communication technologies such as NFC and Bluetooth, in order to propose an alternative mobile ETP solution with security assurance comparable to the current ETP implementation. The employment of a proof-of-concept prototype such as this alongside / coupled with a series of iterative experimentations strengthens the validity and practicality of the proposed framework. The first experiment successfully proved that the Android operating system has sufficient encryption capabilities, in compliance with the security mandates, to secure the electronic prescription information from the data at rest perspective. The second experiment indicated that the use of NFC technology to implement the alternative transfer mechanism for exchanging electronic prescription information between ETP participating devices is not practical. The next iteration of the experimentation using Bluetooth technology proved that it can be utilised as an alternative electronic prescription transfer mechanism to the current approach using the Internet. These experiment outcomes concluded the partial but sufficient proofof- concept prototype for this research. Extensive document analysis and iterative experimentations showed that the framework constructed by this research can guide the development of an alternative mobile ETP solution with both comparable security assurance to and better access to the patient’s medication history than the current solution. This alternative solution would present no operational dependence upon infrastructure and its associated, ongoing cost to the nation’s healthcare expenditure. In addition, use of this mobile ETP alternative has the potential to change the public’s perception (i.e. acceptance from regulatory and security perspectives) of mobile healthcare solutions, thereby paving the way for further innovation and future enhancements in eHealth

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access

Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

Performance assessment of security mechanisms for cooperative mobile health applications

Mobile health (m-Health) applications aim to deliver healthcare services through mobile applications regardless of time and place. An mHealth application makes use of wireless communications to sustain its health services and often providing a patient-doctor interaction. Therefore, m-Health applications present several challenging issues and constraints, such as, mobile devices battery and storage capacity, broadcast constraints, interferences, disconnections, noises, limited bandwidths, network delays, and of most importance, privacy and security concerns. In a typical m-Health system, information transmitted through wireless channels may contain sensitive information such as patient’s clinic history, patient’s personal diseases information (e.g. infectious disease as HIV - human immunodeficiency virus). Carrying such type of information presents many issues related to its privacy and protection. In this work, a cryptographic solution for m-Health applications under a cooperative environment is proposed in order to approach two common drawbacks in mobile health systems: the data privacy and protection. Two different approaches were proposed: i) DE4MHA that aims to guarantee the best confidentiality, integrity, and authenticity of mhealth systems users data and ii) eC4MHA that also focuses on assuring and guarantying the m-Health application data confidentiality, integrity, and authenticity, although with a different paradigm. While DE4MHA considers a peer-to-peer node message forward, with encryption/decryption tasks on each node, eC4MHA focuses on simply encrypting data at the requester node and decrypting it when it reaches the Web service. It relays information through cooperative mobile nodes, giving them the only strictly required information, in order to be able to forward a request, until it reaches the Web service responsible to manage the request, and possibly answer to that same request. In this sense, the referred solutions aim any mobile health application with cooperation mechanism embedded. For test purposes a specific mobile health application, namely SapoFit, was used. Cryptographic mechanisms were created and integrated in SapoFit application with built in cooperation mechanisms. A performance evaluation of both approaches in a real scenario with different mobile devices is performed and presented in this work. A comparison with the performance evaluations of both solutions is also presented.Fundação para a Ciência e a Tecnologia (FCT)European Community Fund FEDER through COMPETE – Programa Operacional Factores de Competitividad

Contributions to interoperability, scalability and formalization of personal health systems

The ageing of the world's population combined with unhealthy lifestyles are contributing to a major prevalence of chronic diseases. This scenario poses the challenge of providing good healthcare services to that people affected by chronic illnesses, but without increasing its costs. A prominent way to face this challenge is through pervasive healthcare. Research in pervasive healthcare tries to shift the current centralized healthcare delivery model focused on the doctors, to a more distributed model focused on the patients. In this context Personal Health Systems (PHSs) consists on approaching sampling technologies into the hands of the patients, without disturbing its activities of the daily life, to monitor patient's physiological parameters and providing feedback on their state. The use of PHSs involves the patients in the management of their illness and in their own well being too. The development of PHSs has to face technological issues in order to be accepted by our society. Within them it is important to ensure interoperability between different systems in order to make them work together. Scalability it is also a concern, as their performance must not decrease when increasing the number of users. Another issue is how to formalize the medical knowledge for each patient, as different patients may have different target goals. Security and privacy are a must feature because of the sensitive nature of medical data. Other issues involve the the integration with legacy systems, and the usability of graphical user interfaces in order to encourage old people with the use these technologies. The aim of this PhD thesis is to contribute into the state-of-the-art of PHSs by tackling together different of the above-mentioned challenges. First, to achieve interoperability we use the CDA standard as a format to encode and exchange health data and alerts related with the status of the patient. We show how these documents can be generated automatically through the use of XML templates. Second, we address the scalability by distributing the computations needed to monitor the patients over their devices, rather than performing them in a centralized server. In this context we develop the MAGPIE agent platform, which runs on Android devices, as a framework able to provide intelligence to PHSs, and generate alerts that can be of interest for the patients and the medical doctors. Third, we focus on the formalization of PHSs by providing a tool for the practitioners where they can define, in a graphical way, monitoring rules related with chronic diseases that are integrated with the MAGPIE agent platform. The thesis also explores different ways to share the data collected with PHSs in order to improve the outcomes obtained with the use of this technology. Data is shared between individuals following a Distributed Event-Based System (DEBS) approach, where different people can subscribe to the alerts produced by the patient. Data is also shared between institutions with a network protocol called MOSAIC, and we focus on the security aspects of this protocol. The research in this PhD focuses in the use case of Diabetes Mellitus; and it has been developed in the context of the projects MONDAINE, MAGPIE, COMMODITY12 and TAMESIS.L'envelliment de la població mundial combinat amb uns estils de vida no saludables contribueixen a una major prevalença d'enfermetats cròniques. Aquest escenari presenta el repte de proporcionar uns bons serveis sanitaris a les persones afectades per aquestes enfermetats, sense incrementar-ne els costos. Una solució prometedora a aquest repte és mitjançant l'aplicació del que en anglès s'anomena "pervasive healthcare". L'investigació en aquesta camp tracta de canviar l'actual model centralitzat de serveis sanitaris enfocat en el personal sanitari, per un model de serveis distribuït enfocat en els pacients. En aquest context, els Personal Health Systems (PHSs) consisteixen en posar a l'abast dels pacients les tecnologies de monitorització, i proporcionar-los informació sobre el seu estat. L'ús de PHSs involucra els pacients en la gestió de la seva enfermetat i del seu propi benestar. L'acceptació dels PHSs per part de la societat implica certs reptes tecnològics en el seu desenvolupament. És important garantir la seva interoperabilitat per tal de que puguin treballar conjuntament. La seva escalabilitat també s'ha de tenir en compte, ja que el seu rendiment no s'ha de veure afectat al incrementar-ne el número d'usuaris. Un altre aspecte a considerar és com formalitzar el coneixement mèdic per cada pacient, ja que cada un d'ells pot tenir objectius diferents. La seguretat i privacitat són característiques desitjades degut a la naturalesa sensible de les dades mèdiques. Altres problemàtiques impliquen la integració amb sistemes heretats, i la usabilitat de les interfícies gràfiques per fomentar-ne el seu ús entre les persones grans. L'objectiu d'aquesta tesi és contribuir a l'estat de l'art dels PHSs tractant de manera conjunta varis dels reptes mencionats. Per abordar l'interoperabilitat s'utilitza l'estàndard CDA com a format per codificar les dades mèdiques i alertes relacionades amb el pacient. A més es mostra com aquests documents poden generar-se de forma automàtica mitjançant l' ús de plantilles XML. Per tractar l'escalabilitat es distribueixen les computacions per monitoritzar els pacients entre els seus terminals mòbils, en comptes de realitzar-les en un servidor central. En aquest context es desenvolupa la plataforma d'agents MAGPIE com a framework per proporcionar intelligència als PHSs i generar alertes d'interès per al metge i el pacient. La formalització s'aborda mitjançant una eina que permet als metges definir de manera gràfica regles de monitorització relacionades amb enfermetats cròniques, que a més estan integrades amb la plataforma d'agents MAGPIE. La tesi també explora diferents maneres de compartir les dades recol·lectades amb un PHS, amb l'objectiu de millorar els resultats obtinguts amb aquesta tecnologia. Les dades es comparteixen entre individus seguint un enfoc de sistemes distribuïts basats en events (DEBS), on diferents usuaris poden subscriure's a les alertes produïdes per el pacient. Les dades també es comparteixen entre institucions mitjançant un protocol de xarxa anomenat MOSAIC. A la tesi es desenvolupen els aspectes de seguretat d'aquest protocol. La test es centra en la Diabetis Mellitus com a cas d'ús, i s'ha realitzat en el context dels projectes MONDAINE, MAGPIE, COMMODITY12 i TAMESIS.El envejecimiento de la población mundial combinado con unos estilos de vida no saludables contribuyen a una mayor prevalencia de enfermedades crónicas. Este escenario presenta el reto de proporcionar unos buenos servicios sanitarios a las personas afectadas por estas enfermedades, sin incrementar sus costes. Una solución prometedora a este reto es mediante la aplicación de lo que en inglés se denomina "pervasive healthcare". La investigación en este campo trata de cambiar el actual modelo centralizado de servicios sanitarios enfocado hacia el personal sanitario, por un modelo distribuido enfocado hacia los pacientes. En este contexto, los Personal Health Systems (PHSs) consisten en poner al alcance de los pacientes las tecnologías de monitorización, y proporcionarles información sobre su estado. El uso de PHSs involucra a los pacientes en la gestión de su enfermedad y en su propio bienestar. La aceptación de los PHSs por parte de la sociedad implica ciertos retos tecnológicos en su desarrollo. Es importante garantizar su interoperabilidad para que puedan trabajar conjuntamente. Su escalabilidad también se debe tener en cuenta, ya que su rendimiento no tiene que verse afectado al incrementar su número de usuarios. Otro aspecto a considerar es cómo formalizar el conocimiento médico para cada paciente, ya que cada uno puede tener objetivos distintos. La seguridad y privacidad son características deseadas debido a la naturaleza sensible de los datos médicos. Otras problemáticas implican la integración con sistemas heredados, y la usabilidad de las interfaces gráficas para fomentar su uso entre las personas mayores. El objetivo de esta tesis es contribuir al estado del arte de los PHSs tratando de manera conjunta varios de los retos mencionados. Para abordar la interoperabilidad se usa el estándar CDA como formato para codificar los datos médicos y alertas relacionados con el paciente. Además se muestra como estros documentos pueden generarse de forma automática mediante el uso de plantillas XML. Para tratar la escalabilidad se distribuye la computación para monitorizar a los pacientes en sus terminales móbiles, en lugar de realizarla en un servidor central. En este contexto se desarrolla la plataforma de agentes MAGPIE como framework para proporcionar inteligencia a los PHSs y generar alertas de interés para el médico y el paciente. La formalización se aborda mediante una herramienta que permite a los médicos definir de manera gráfica reglas de monitorización relacionadas con enfermedades crónicas, que ademas están integradas con la plataforma de agentes MAGPIE. La tesis también explora distintas formas de compartir los datos recolectados con un PHS, con el fin de mejorar los resultados obtenidos mediante esta tecnología. Los datos se comparten entre individuos siguiendo un enfoque de sistemas distribuidos basados en eventos (DEBS), donde distintos usuarios pueden suscribirse a las alertas producidas por el paciente. Los datos también se comparten entre instituciones mediante un protocolo dered llamado MOSAIC. En la tesis se desarrollan los aspectos de seguridad de este protocolo. La tesis se centra en la Diabetes Mellitus como caso de uso, y se ha realizado en el contexto de los proyectos MONDAINE, MAGPIE, COMMODITY12 y TAMESIS.Postprint (published version

A Framework for The Design of Speech-Enabled Self-Care EHealth Systems

The Internet provides a wide range of health information and services which consumers access for self-care and to participate in a more informed way in their healthcare when they see their physician. This information and services are however, delivered in text form and therefore, does not cater for the needs of the non-computer literate, the visually impaired and the blind. This paper presents a framework for the design of speech-enabled self-care e-Health systems. Reasoning-induced disease diagnosis which existing speech-based disease screening systems lack has been incorporated into the framework to enable systems based on the framework diagnose more than one type of disease. Based on the framework, speechbased self-care e-Health system (SSeS) prototype application was developed. The originality of this framework is that it is speech-based. This takes care of the health needs of the category of people earlier identified and the underserved people, majority of those who are domiciled in Africa