Information security requirements in patient-centred healthcare supporting systems

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare

Towards information sharing in virtual organisations: The development of an icon-based information control model

Today, innovation in information communication technology has encouraged contribution among different fields to tackle large-scale scientific problems or introduce novel inventories that, in both cases, demand extensive sharing of information among collaborating organisations in order to achieve the overall goal. Sharing information across different physical organisations, working as a single virtual organisation, raises a number of information security issues that limit the effectiveness, dynamism, and potential of collaborative working. Although extensive research has been conducted to provide secure information-sharing solutions within a single organisation, little research has investigated multi- organizational information-sharing environments where information requires to be protected but there are variations in information security needs and, in some cases, conflicts in applied information security controls. A key obstacle, the majority of research conducted in this area has overlooked, is not only the ability to govern remote access of users from one organisation to sensitive information stored in another organisation, but also having persistent control over owned information even after access has been granted and the information is either disseminated electronically, transformed into paper format, or even shared verbally. In addition, research was tailored to meet only specific research needs and address particular issues. Therefore, there is a lack of comprehensive, systematic approaches for controls on information usage shared electronically, regardless of specific circumstances. This paper aims to present a novel information control model that could keep information self-protected in dynamic collaborative environments by communicating information security needs along with the exchanged information using an Information Labelling Scheme. Based on SPIDER solution and Protective Commons, this scheme uses nine labelling icons (reflecting the protection type and level) associated with different information security controls (representing the information security mechanisms used to provide the protection). The model is demonstrated in the Microsoft Word 2007 application and a prototype has been developed as a plug-in software named Information Labelling Palette. It displays the nine self-explanatory icons in order for an information owner/user to label any information range within a single document using any icon. This consequently enforces the information security controls associated with the selected icon only into that particular range of electronic information, and secondly, communicates the information security needs to the recipient in a human-readable format, which would help keep recipients informed about how this information should be managed if printed out or shared verbally. Finally, the wide range of information security controls used in this proposed solution makes it widely applicable to meet the considerable diversity of organisations’ information security needs. Furthermore, it is believed to lay a solid foundation for future work in the area of information access control and control policy enforcement in collaborative environments

Achieving a secure collaborative environment in patient-centred healthcare with legacy information systems

Modern healthcare has been shifting from a traditional fragmented disease-centred delivery approach towards a more integrated Patient-Centred (PC) one to support comorbidities, when the patient suffers from more than one condition or disease. In PC delivery the patient is at the heart of its services which are tailored to meet an individual’s needs holistically. Enabling PC care requires the flow of medical information with the patient between different healthcare providers supporting the patient’s treatment plan, and sharing of information across healthcare organisations so that the Care Team (CT) can seamlessly access relevant medical information held in different information systems. In many countries this PC movement is taking an evolutionary approach that involves Legacy Information Systems (LIS) as they are the backbone of the healthcare organisation’s information. However, this collaboration reveals weaknesses in LIS in this role, as they may block a CT from accessing information, as they cannot comply with the information security policies for shared information that is needed in this collaborative environment to support PC. This is mainly because each of these LIS was designed as an autonomous discrete information system that enforces an organisation-driven information security policy protecting only local information resources through an Access Control (AC) model. This creates a single local point-of-control, limited by the system’s physical perimeter, to meet local information sharing and security contexts. This means PC adoption may require incorporation of multiple autonomous discrete information systems which presents four challenges – inconsistent policies, perimeter-bounded AC models, multiple points-of-controls, and heterogeneous LIS. First, such collaborative environments lack collaboration-driven information security policies that best meet the protection needs in the collaboration sharing and security contexts. Second, they deploy incompatible AC models that are not perimeter-transparent, and thus, unable to stretch across the discrete information systems to cover the whole collaborative environment. Third, these environments do not deploy a single obvious point-of-control with authority for policy enforcement. Finally, they need to access heterogeneous LIS that are not compatible with each other, and thus, it is essential that solutions can be integrated and coupled with these LIS to facilitate the utilisation of information stored in these systems. Current solutions addressing this situation fall short of meeting these challenges in establishing secure collaborative environments with LIS because they lack a comprehensive information security approach to meet the information sharing and security contexts driven by the collaboration. This research introduces a roadmap towards achieving a Secure Collaborative Environment (SCE) in collaborative environments using LIS from diverse organisations that addresses the above challenges, and meets the collaboration information sharing and security contexts without interrupting the local contexts of these LIS. An empirical study is used to determine how to create an SCE in modern healthcare which addresses the problems raised by incorporating LIS. This meets the collaborative information sharing context by creating an information layer that manages the information flow between healthcare providers based on treatment points. It also meets the information security context in the treatment pathways by controlling access to information in each treatment point using a Patient-Centred Access Control (PCAC) model. This model creates a PC-driven information security policy at the collaboration level that meets the overall care goal, enforces this balance in a neutral security domain with a single authority point-of-control that stretches across organisations anywhere within the collaboration environment, while retaining the local medical information security of shared information among the CT. Using domain analysis, observations, and interviews, the PC-driven balance of information security in cancer care, threats in LIS currently used in cancer care to attain that balance, and eight information security controls are identified. These controls manage information through an information layer and control access to the information through the novel PCAC model needed by these systems to attain that balance and address the problem. Using Workflow Technology (WfT), a prototype system implementing these controls to achieve a Secure Healthcare collaborative Environment (SHarE) has been fully studied, developed, and assessed. SHarE constructs an independent information layer that is based on treatment and lies on top of the interface of the currently used LISs to formalise and manage a unique treatment journey, while the PCAC model enforces access rules as the patient progresses along their treatment journey. This layer is designed as a loosely coupled wrapper based system with LIS to embrace the local organisation-centred access controls without interruption and sustain the balance of information security. Finally, using interviews, SHarE was assessed based on three criteria: usefulness and acceptance, setup and integration, and information governance. Results show that all interviewees agree that currently information does not always flow with the patient as they go along their treatment journey and nine different causes for this were suggested. All interviewees with no exception agreed that SHarE addresses this problem and helps the information flow with the patient between healthcare providers, and that it would be possible for SHarE to be adopted by a CT in cancer care. Over half the interviewees agreed that it is an easy to use system, useful, and helps locate information. The results also show there is an opportunity for SHarE to be integrated with CaNISC as some interviewees thought it is a much simpler system. However, multiple patient identifiers for a patient, as each system can have its own identifier, is predicted to be the biggest integration challenge. Results also show that SHarE and its controls attain the right balance of information security defined by the Caldicott Guardian and comply with the six Principles of the Caldicott Guardian. Although the assessment of SHarE highlighted a number of challenges and limitations that may hinder its adoption and integration if not carefully considered in the future, this proposal allowed the achievement of creating an SCE required to adopt PC care and attain the security balance necessary to support PC care systems

Towards persistent control over shared information in a collaborative environment

In a complex collaborative environment, such as healthcare, where Multi-Disciplinary care Team (MDT) members and information come from independent organisational domains, there is a need for information-sharing across the organizations’ information systems in order to achieve the overall goal of collaboration. Inability to provide a secure communication method, giving local/global protection is affecting inter-professional communications and hindering sharing among MDT members. This research aims to facilitate a secure collaborative environment enabling persistent control over shared information across boundaries of the organisations that own the data. This paper is based on the early stages of the research and its results will feed into following stages. It looks at the structure of a healthcare system to understand the types of inter-professional communication and information exchange that occur in practice. Additionally it presents an initial assessment identifying the Information Security (IS) needs and challenges faced in providing persistent control in a shared collaborative environment by using conceptual modelling of a selected medical scenario (breast cancer in Wales). The results show that a considerable number of professionals are involved in a patient’s treatment. Each plays a well-defined role, but often uses different Healthcare Information Systems (HIS) to store sensitive and confidential patient medical information. These HIS cannot provide secure multi-organisational information-sharing to support collaboration among the MDT members. This causes inter-professional communication issues among team members that inhibit decision-making using the information. The findings from this study show how to improve information support from HIS stored information for MDT members. Also the resulting IS functions will be described which facilitate establishing secure collaborative environments guaranteeing persistent control over shared information

eHomeCaregiving: A Diabetes Patient-Centered Blockchain Ecosystem for COVID-19 Caregiving

The pandemic has triggered an unprecedented global demand for home caregiving to manage asymptomatic and mild COVID-19 cases. Older people and others with pre-existing medical conditions (including diabetes) appear to be more vulnerable to severe illness caused by the severe acute respiratory syndrome coronavirus 2. Approximately 25% of Saudis suffer from diabetes; these 4 million patients require 5.5 million consultations and follow-up visits each year to manage their disease. Furthermore, with the increasing number of patients with diabetes and their need for professional care, it is difficult and time consuming to share patient-care information among caregivers in a traditional way; this increases the financial and psychological burden of home caregivers. Although the pandemic has also triggered a global demand for digital health technology adoption worldwide to achieve higher standards of health, recent developments in advanced technologies and mobile health (mHealth) applications have failed to equip the caregivers with the right ecosystem for patient-centered information sharing to allow for informed care decisions. Therefore, there is a gap in the literature as the current solutions fall short of facilitating an effective communication channel among caregivers and between them and their patients, supporting diverse caregiving groups with multiple languages, distributing tasks between caregivers to alleviate the burden on one caregiver, providing a treatment plan by a specialized care team to be viewed and followed by caregivers and patients, and alerting everyone in case of an emergency. Based on the need for empowering home caregivers to cope with the pressure, we propose eHomeCaregiving, an mHealth solution that can build a transparent blockchain-based patient-centered family caregiving ecosystem. eHomeCaregiving facilitates care continuity in patients with type 2 diabetes in Saudi Arabia by integrating care, saving time and efforts of all caregivers, and improving the patient’s quality of life and outcomes, particularly in terms of facing emerging challenges amid the pandemic

Sharing patient medical information among healthcare team members while sustaining information security

1. Introduction The delivery of healthcare for many diseases has been shifting towards a patient-centric approach where care provision is tailored to meet individual patient’s needs. This leads to diseases being treated by multidisciplinary teams of healthcare professionals who work in a collaborative environment and are formed and evolved based on the patient’s changing medical condition. This environment demands the availability of the right information to the right person at the right point in the treatment, which means patient medical information needs to be shared across the organization-secured boundaries. In other words, at the point of treatment, healthcare professionals need to be able to remotely access different relevant patient medical information generated by other professionals and kept in their independent Healthcare Information Systems (HIS). Legacy HIS are ill equipped to meet the new emerging requirements of the patient-centric treatment approach. Although they keep in-house patient medical information protected and controlled, they do not support the ability to sustain the locally applied protection whilst sharing it outside the secured boundary, and thus lose control over the information as soon as it leaves the HIS. This research, in general, aims to facilitate information sharing among healthcare team members and, at the same time, sustain the security of the information as defined by the information owner. 2. Methods This poster demonstrates the initial stages of the research, which looks at patient treatment in the healthcare domain, in order to understand: how healthcare professional team members communicate; how HIS are used by the care team in patient treatment; how patient medical information is generated and stored; and how it can be used to support the treatment. This was achieved using conceptual modelling of a selected medical scenario (Breast Cancer in Wales, UK). This investigation of a real-life scenario has identified the anticipated treatment steps and, at each step, the flow of patient medical information, healthcare team members involved, and the HIS which stores the information. 3. Results The results have shown that there is a large number of professionals (about 13) involved in the treatment of patients with Breast Cancer in Wales. Each professional plays a defined role and collectively the team offers co-ordinated care. Additionally, these professionals use at least seven different HIS in order to access the patient information and each stores sensitive patient information in medical records. Although each HIS follows national guidelines, they adapt the guidelines and policies to meet local needs and circumstances. However, there are inter-professional communication issues among the team members that inhibit decision-making using the information, as well as communication problems between the team and the patient, which prevents the required effective treatment. In addition, the HIS are ill-equipped to support the team. 4.Conclusions We will use this information to identify how to improve HIS support for members of a multidisciplinary team in the future. In addition, the emerging security requirements of the new systems will be outlined in order to facilitate and support collaboration among team members and guarantee persistent control over shared patient medical information

Argumentation Schemes for Clinical Interventions. Towards an Evidence-Aggregation System for Medical Recommendations

Sanchez Graillet O, Cimiano P. Argumentation Schemes for Clinical Interventions. Towards an Evidence-Aggregation System for Medical Recommendations. In: Gersbeck-Schierholz B, Alsalamah S, eds. HEALTHINFO 2019. The Fourth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing. Wilmington: IARIA; 2019

TrustyFeer: A Subjective Logic Trust Model for Smart City Peer-to-Peer Federated Clouds

Cloud computing plays a major role in smart cities development by facilitating the delivery of various services in an efficient and effective manner. In a Peer-to-Peer (P2P) federated clouds ecosystem, multiple Cloud Service Providers (CSPs) collaborate and share services among them when experiencing a shortage in certain resources. Hence, incoming service requests to this specific resource can be delegated to other members. Nevertheless, the lack of preexisting trust relationship among CSPs in this distributed environment can affect the quality of service (QoS). Therefore, a trust management system is required to assist trustworthy peers in seeking reliable communication partners. We address this challenge by proposing TrustyFeer, a trust management system that allows peers to evaluate the trustworthiness of other peers based on subjective logic opinions, formulated using peers’ reputations and Service Level Agreements (SLAs). To demonstrate the utility of TrustyFeer, we evaluate the performance of our method against two long-standing trust management systems. The simulation results show that TrustyFeer is more robust in decreasing the percentage of services that do not conform to SLAs and increasing the success rate of exchanged services by good CSPs conforming to SLAs. This should provide a trustworthy federated clouds ecosystem for a better, more sustainable future