A Security Oriented Design (SOD) Framework for eHealth Systems
Sangeen Khan
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
With the advancement in technology and availability of internet access and smart mobile systems, there has been an increasing interest in eHealth related research activities due to the attractive and important benefits that eHealth systems can offer to many. However, the security of the eHealth systems has been a great concern. In this paper, we discuss the pilot design experience and results of a security oriented design framework (SOD). The SOD framework is intended for providing a system development environment template to strengthen development tasks of eHealth related systems. We have selected two major eHealth commonly required features for the pilot experiments. The first feature is to provide capabilities for storing and accessing digitized patient health records. The second feature is to provide scheduling and management in terms of appointments, doctor prescriptions, tests, etc. The paper also discusses the current major concerns in security and privacy and provides some effective security solutions.
Related papers
Security Framework for eHealth Services: A Study
2013
E-health services are subjected to same security threats as other online services. This paper emphasizes the requirement of a strong framework in e-health domain for reliable delivery of medical data over the internet. The paper recognizes current and future technological solutions in this regard. The solutions includes the authorization & authentication techniques and cryptography for the data transmission . Recent initiatives in Indian scenarios have also been analyzed. It further suggests the application of SOAP for building a secured framework. Keywords—authorization and authentication, cryptography,SOAP.
Security specification and implementation for mobile e-health services
e-Technology, e-Commerce …, 2004
Security and Privacy Issues in Ehealthcare Systems: Towards Trusted Services
International Journal of Advanced Computer Science and Applications, 2016
Recent years have witnessed a widespread availability of electronic healthcare data record (EHR) systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics, or other institutions. To improve the quality of healthcare service, EHRs could be potentially shared by a variety of users. This results in significant privacy issues that should be addressed to make the use of EHR practical. In fact, despite the recent research in designing standards and regulations directives concerning security and privacy in EHR systems, it is still, however, not completely settled out the privacy challenges. In this paper, a systematic literature review was conducted concerning the privacy issues in electronic healthcare systems. More than 50 original articles were selected to study the existing security approaches and figure out the used security models. Also, a novel Context-aware Access Control Security Model (CARE) is proposed to capture the scenario of data interoperability and support the security fundamentals of healthcare systems along with the capability of providing fine-grained access control.
A Secure Healthcare System: From Design to Implementation
Procedia Computer Science, 2015
We introduce the design and development of a comprehensive electronic health record system (EHR) that incorporates AES encryption to assure security. Our work adopts a didactic approach to introduce the formal design steps of an EHR with its underlying database from a software engineering perspective. For this, we adopt two formal development methodologies as software engineering perspective and database development approach and combine the two to present a guideline to design and develop similar projects in other domains. For informative purposes, the steps of the development process are formalized based on database ER-model, and the final design is normalized into 3NF. We provide insight on rationale for employing specific methodologies, and using particular material and tools.
Security and Privacy in eHealth: Is it possible?
2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013), 2013
Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients' health data, and a widely held belief that these cannot be adequately addressed.
Design of a Secure Framework for the Implementation of Telemedicine, eHealth, and Wellness Services
2007
In both developing and developed countries, the costs of delivering health care are increasingly tak- ing a large proportion of the national gross domestic product (GDP). GDP, is one of several measures of the size of a regions’ economy. While developed countries have a good doctor to patient ratio, in developing countries the ratios are alarming (e.g., in Uganda
Comprehensive eHealth system design for privacy protection
2013
In this report, we describe the design of a comprehensive eHealth system that offers a range of services allowing patients or elderly people to receive necessary care in the home setting. The system architecture allows home assistance to be offered by commercial entities, thus propelling its deployment. Since home assistance systems often have to handle sensitive medical information, protection of privacy is of utmost importance. The services offered by the home assistance system range from monitoring patient’s health status and responding to requests for help or emergency situations in a timely manner to scheduling requested tasks to the caregivers of the patient and following up their execution. The design of the system is flexible and allows seamless integration of new services and service providers. Most importantly, the deployment of these services does not require maintaining personal medical data or identifying information about patients and caregivers in the home assistance ...
Security in E-Health Applications
Advances in Enterprise Information Technology Security, 2007
This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.
Model-Driven Development of a Secure eHealth Application
Lecture Notes in Computer Science, 2014
We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently combined. Second, it supports model-based quality assurance checks, where the properties proven about the models transfer to the generated applications. Finally, for data-management applications, the ActionGUI tool automatically generates complete, ready-to-deploy, security-aware, web applications. We explain these features in the context of the eHealth application.
eHealth: A Survey of Architectures, Developments in mHealth, Security Concerns and Solutions
International Journal of Environmental Research and Public Health
The ramifications of the COVID-19 pandemic have contributed in part to a recent upsurge in the study and development of eHealth systems. Although it is almost impossible to cover all aspects of eHealth in a single discussion, three critical areas have gained traction. These include the need for acceptable eHealth architectures, the development of mobile health (mHealth) technologies, and the need to address eHealth system security concerns. Existing survey articles lack a synthesis of the most recent advancements in the development of architectures, mHealth solutions, and innovative security measures, which are essential components of effective eHealth systems. Consequently, the present article aims at providing an encompassing survey of these three aspects towards the development of successful and efficient eHealth systems. Firstly, we discuss the most recent innovations in eHealth architectures, such as blockchain-, Internet of Things (IoT)-, and cloud-based architectures, focusin...
Design and Validation of a Secure Communication Platform for Mobile Health
2011
This paper focuses on the design and validation experience of an eHealth system that provides end users with web and mobile access to their personal health records (PHR). The system has been tested with different mobile devices to ensure full compliance with privacy and confidentiality requirements. As a result, both patients and medical doctors can share sensible medical data in a secure and efficient way. The pilot site has been evaluated under the cooperation of 375 volunteers from a global mobile operator, a regional medical company, a SME applications developer and a state university with deep background on eHealth. Users’ feedback has been quite satisfactory and promising.
A Security Architecture for e-Health Services
2008
⎯ This paper presents an alternative way to secure communications in e-health. During the communication processes, users exchange different types of information with different levels of sensitivities. For example, communications between a doctor and a patient contain data of higher levels of sensitivities than communications between a social worker and a nurse. The different levels of the sensitivities of the information are secured by using different types of security processes. In this paper, these different communication types and different levels of data sensitivities in e-health are explained, the requirements for each type for communications are described and the use of the cryptography to secure the communication is discussed.
Authentication Architecture for eHealth Professionals
2007
This paper describes the design and implementation of a PKI-based eHealth authentication architecture. This architecture was developed to authenticate eHealth Professionals accessing RTS (Rede Telemática da Saúde), a regional platform for sharing clinical data among a set of affiliated health institutions. The architecture had to accommodate specific RTS requirements, namely the security of Professionals’ credentials, the mobility of Professionals, and the scalability to accommodate new health institutions. The adopted solution uses short lived certificates and cross-certification agreements between RTS and eHealth institutions for authenticating Professionals accessing the RTS. These certificates carry as well the Professional’s role at their home institution for role-based authorization. Trust agreements between health institutions and RTS are necessary in order to make the certificates recognized by the RTS. The implementation was based in Windows technology and as a general policy we avoided the development of specific code; instead, we used and configured available technology and services.
N. M. Shrestha , Abeer Alsadoon , P.W.C. Prasad , L. Hourany , A. Elchouemi, " Enhanced e-Health Framework for Security and Privacy in Healthcare System," Digital Information Processing and Communications (ICDIPC), p. 75-79, Lebanon, 2016
—Patient health record (PHR) is a rising patient centric model which is frequently outsourced to store at third party. This addresses the issue in privacy such as hiding the sensitive health data of a patient which can be assessed by unauthorized users. In this paper, a new secured e-health framework has proposed. In this framework, patient centric personal data and access control scheme with enhanced encryption method has been considered. Security and privacy of personal health information have been identified by digital signature and patient pseudo identity as well as. This paper address the enhanced security model for more authentication and authorization functionality and expects to discover the new technique that can be utilized to build the efficiency in e-health care system based on security, privacy and user satisfaction. The survey has been conducted to test the proposed e-health framework. The data has been analyzed using SPSS tool. Keywords—Patient health record (PHR), e-health framework, authentication and authorization
A lightweight security model for ensuring patient privacy and confidentiality in telehealth applications
However, the secure transmission of patient records over the Internet and Cloud services remains a paramount concern. This study endeavors to design an enhanced security model that guarantees the privacy and confidentiality of patient electronic health records in telehealth applications. The proposed model employs a lightweight encryption algorithm to generate an access token that strictly regulates data access exclusively to the patient's department. Leveraging the patient's unique ID for encryption and decryption processes, the model ensures the secure handling of sensitive information. Robust data privacy measures are implemented through a random key generator utilizing the patient's ECG signal for secure key generation. Test results underscore the efficacy of the proposed security model in limiting access to patient-related data within the designated department. Furthermore, the model employs an efficient encryption algorithm, resulting in a 0.2% increase in generation rate compared to previous models, while reducing CPU usage by 23.16%. These enhancements significantly bolster the reliability and efficiency of the security model, providing robust safeguards for patient electronic health records' privacy and confidentiality during transmission across diverse telehealth applications. This study makes a substantial contribution to healthcare by addressing critical concerns surrounding patient privacy and confidentiality. The designed security model stands poised for seamless integration into various telehealth applications, offering a steadfast solution for data privacy and confidentiality concerns.
Security issues for data sharing and service interoperability in eHealth systems: The Nu.Sa. test bed
2014 International Carnahan Conference on Security Technology (ICCST), 2014
The aim of the Nu.Sa. project is the definition of national level data standards to collect data coming from General Practitioners' Electronic Health Records and to allow secure data sharing between them. This paper introduces the Nu.Sa. framework and is mainly focused on security issues. A solution for secure data sharing and service interoperability is presented and implemented in the actual system used around Italy. The solution is strongly focused on privacy and correct data sharing with a complete set of tools devoted to authorization, encryption and decryption in a data sharing environment and a distributed architecture. The implemented system with more than one year of experiences in thousands of test cases shows a good feasibility of the approach and a future scalability in a cloud based architecture.
Evaluating eHealth Scenarios for Adaptive Security in eHealth
2014
We present a scenario and storyline that are part of a framework to evaluate adaptive security in the Internet of Things, also denoted as the IoT. The successful deployment of the IoT depends on ensuring security and privacy, which need to adapt to the processing capabilities and resource use of the IoT. We develop a scenario for the assessment and validation of context-aware adaptive security solutions for the IoT in eHealth. We first present the properties to be fulfilled by a scenario to assess the adaptive security solutions for eHealth. We then develop a home scenario for patients with chronic diseases using biomedical sensors. This scenario is then used to create a storyline for a chronic patient living at home. [tbd.: update] Keywords—Internet of Things; assessment scenarios; eHealth systems; adaptive security.
Enabling secure mobile access for electronic health care applications
2006
Abstract Medical applications have already been integrated into mobile devices (eg Tablet PCs, PDAs and smart phones) and are being used by medical personnel in treatment centers, for retrieving and examining patient's Electronic Health Records (EHR). In such mobile healthcare applications, specific attention is drawn towards the security requirements since the transmission of sensitive medical data through a public network renders the problem of communication privacy.
New framework for authentication and authorization for e-health service systems
2006
The development of information technology has eased the medical services and provided the electronic health service in a way that a doctor can keep the records of patients in an information system and be informed of changes of status of patients, and make decisions promptly. However, there are increasing challenges over the privacy of patients due to the exposition of clinic information patients to ubiquitous networks. This paper introduces a framework for authentication and authorization in e-health services. It aims to build the architecture for authentication and authorisation within an e-health service system. The architecture will help to build a secure and privacyprotection e-health service system. The authors hope that understanding the underlying framework will not only inform researchers of a better design for e-health service, but also assist e-health systems developers in the understanding of intricate constructions within authentication and authorisation. Further, our paper highlights the importance of protecting the privacy of medical records of patients in terms of information privacy.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.