mHealth Support System for Researchers and Participants

With the proliferation of mobile technologies, there is a significant increase of research using mobile devices in the medical and public health area. Mobile technology has improved the efficiency of healthcare delivery effectively. Mobile Health or mHealth is an interdisciplinary research area which has been active for more than a decade. Much research has been conducted and many software research tools (mHealth Support System) have been developed. Despite the time length, there is a significant gap in the mHealth research area regarding software research tools. Individual research groups are developing their own software research tool though there is a significant similarity among them. Most of the research tools are study or disease specific. Some of the tools are device specific (desktop/laptop, mobile phone, and tablet) and some are platform specific (web, android, iOS, and windows). This costs each research study their precious time, money, and workforce to develop similar service or software research tools. Based on the mHealth research characteristics, it is possible to design and implement a customizable generic software research tool. In this thesis, we have proposed, designed, and implemented a customizable generic mHealth software research tool. It has most of the common software research modules that are needed for an mHealth research study. These include real-time data collection, research participant management, research staff management, role based access control, research data anonymization, customizable surveys, report generation, study forum, and activity tracking. This software research tool is responsive and HIPAA compliant which makes it device independent, privacy-aware, and security-aware

Privacy Preserving HIPAA-Compliant Access Control Model for Web Services

Software applications are developed to help companies and organizations process and manage data that support their daily operations. However, this data might contain sensitive clients’ information that should be protected to ensure the clients’ privacy. Besides losing the clients’ trust, neglecting to ensure the clients’ data privacy may also be unlawful and inflict serious legal and financial consequences. Lately, different laws and regulations related to data privacy have been enacted specially in vital sectors such as health care, finance, and accounting. Those regulations dictate how clients’ data should be disclosed and transmitted within the organization as well as with external partners. The privacy rules in these laws and regulations presented a challenge for software engineers who design and implement the software applications used in processing the clients’ private data. The difficulty is linked to the complexity and length of the letter of the law and how to guarantee that the software application is maintaining the clients’ data privacy in compliance with the law. Some healthcare organization are trying to perform their own interpretation of the law privacy rules by creating custom systems. However, the problems with such approach is that the margin of error while interpreting the letter of the law is high specially with separate efforts carried out by individual companies. According to a survey carried out to check the Healthcare Insurance Portability and Accountability Act (HIPAA) requirements interpretation created for medical and healthcare related applications, none of the frameworks were well developed to capture the relationships specified in the law. To solve this problem, a standard framework is required that will analyze the regulatory text and provide a method to extract the relevant component that can be used during software roles engineering and development. The extracted components will include all the possible arrangements of roles, purposes, permissions, temporal factors, and any carried out obligations. In this work we propose a framework to analyze, extract, model, and enforce the privacy requirements from HIPAA regulatory text. The framework goal is to translate the law privacy rules text into more manageable components in the form of entities, roles, purposes, and obligations. Those components together can be used as building blocks to create formal privacy policies. The process concentrates on two main components; entities and their roles, and data access context. To accomplish the first part, the framework will parse the privacy sections of the regulatory text to mine all the subjects, and then categorize those subjects into roles based on their characterization in the law. To acquire the access context, the process will extract all the purposes, temporal clauses and any carried out obligations and classify them based on their permissibility

The Potential for Machine Learning Analysis over Encrypted Data in Cloud-based Clinical Decision Support - Background and Review

This paper appeared at the 8th Australasian Workshop on Health Informatics and Knowledge Management (HIKM 2015), Sydney, Australia, January 2015. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 164, Anthony Maeder and Jim Warren, Ed. Reproduction for academic, not-for profit purposes permitted provided this text is includedIn an effort to reduce the risk of sensitive data exposure in untrusted networks such as the public cloud, increasing attention has recently been given to encryption schemes that allow specific computations to occur on encrypted data, without the need for decryption. This relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data in a meaningful way while still in encrypted form. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. This review paper examines the history and current status of homomoprhic encryption and its potential for preserving the privacy of patient data underpinning cloud-based CDS applications

Watching You: Systematic Federal Surveillance of Ordinary Americans

To combat terrorism, Attorney General John Ashcroft has asked Congress to "enhance" the government's ability to conduct domestic surveillance of citizens. The Justice Department's legislative proposals would give federal law enforcement agents new access to personal information contained in business and school records. Before acting on those legislative proposals, lawmakers should pause to consider the extent to which the lives of ordinary Americans already are monitored by the federal government. Over the years, the federal government has instituted a variety of data collection programs that compel the production, retention, and dissemination of personal information about every American citizen. Linked through an individual's Social Security number, these labor, medical, education and financial databases now empower the federal government to obtain a detailed portrait of any person: the checks he writes, the types of causes he supports, and what he says "privately" to his doctor. Despite widespread public concern about preserving privacy, these data collection systems have been enacted in the name of "reducing fraud" and "promoting efficiency" in various government programs. Having exposed most areas of American life to ongoing government scrutiny and recording, Congress is now poised to expand and universalize federal tracking of citizen life. The inevitable consequence of such constant surveillance, however, is metastasizing government control over society. If that happens, our government will have perverted its most fundamental mission and destroyed the privacy and liberty that it was supposed to protect

The Quest for National Digital Agility: Digital Responses to Covid-19 in Five Countries

Countries worldwide have employed different digital solutions to contain and cope with the Covid-19 pandemic. In this explorative case research, we examine national-level digital responses to the pandemic in four specific areas—tracking and tracing, health data reporting, teleconsultation, and vaccination mobilization—across five countries: China, Denmark, Germany, South Korea, and the U.S. Drawing on the notion of agility and digital infrastructures, our cross-case analysis unveils how the countries’ digital responses to the pandemic have been shaped by their national health system characteristics. In addition, we highlight how existing digital health infrastructures, regulatory adaptations, and industry collaborations fostered the alacrity with which nations responded to the pandemic. We define national-level digital agility as the ability of a nation to leverage digital infrastructure capabilities to address urgent societal challenges in a contextually appropriate way. Our key contribution is a model of this complex, but urgently needed concept containing five building blocks, each of which is a critical prerequisite to building such agility. Despite focusing on addressing the existing challenges of the ongoing Covid-19 pandemic, we believe that researchers and policymakers can also take pointers away from our framework to tackle other socio-environmental challenges

A Blockchain based system for Healthcare Digital Twin

Digital Twin (DT) is an emerging technology that replicates any physical phenomenon from a physical space to a digital space in congruence with the physical state. However, devising a Healthcare DT model for patient care is seen as a challenging task as the lack of adequate data collection structure. There are also security and privacy concerns as healthcare data is very sensitive and can be used in malicious ways. Because of these current research gaps, the proper way of acquiring the structured data and managing them in a secure way is very important. In this article, we present a mathematical data model to accumulate the patient relevant data in a structured and predefined way with proper delineation. Additionally, the provided data model is described in harmony with real life contexts. Then, we have used the patient centric mathematical data model to formally define the semantic and scope of our proposed Healthcare Digital Twin ( HDT ) system based on Blockchain. Accordingly, the proposed system is described with all the key components as well as with detailed protocol flows and an analysis of its different aspects. Finally, the feasibility of the proposed model with a critical comparison with other relevant research works have been provided

Toward Effective Access Control Using Attributes and Pseudoroles

Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages. This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats

ONTOLOGICAL META-ANALYSIS AND SYNTHESIS OF HIPAA

We present ontological meta-analysis and synthesis of HIPAA (Health Insurance Portability and Accountability Act) as a method for reviewing, mapping, and visualizing the research literature in the domain cumulatively, logically, systematically, and systemically. The method will highlight the domain\u27s bright spots which are heavily emphasized, the light spots which are lightly emphasized, the blind spots which have been overlooked, and the blank spots which may never be emphasized. It will highlight the biases and asymmetries in the domain\u27s research; the research can then be realigned to make it stronger and more effective. We present an ontology for HIPAA, map the literature onto the ontology, and highlight its bright, light, and blank/blind spots in an ontological map. We conclude with a discussion of how such a map can be used to realign HIPAA research and practice