KONFIDO: An OpenNCP-based Secure eHealth Data Exchange System

2003

The high growth of Multi-Agent Systems (MAS) in Open Networks with initiatives such as Agentcities 1 requires development in many different areas such as scalable and secure agent platforms, location services, directory services, and systems management. In our case we have focused our effort on security for agent systems. The driving force of this paper is provide a practical vision of how security mechanisms could be introduced for multi-agent applications. Our case study for this experiment is Carrel [9]: an Agent-based application in the Organ and Tissue transplant domain. The selection of this application is due to its characteristics as a real scenario and use of high-risk data for example, a study of the 21 most visited health-related web sites on the Internet 2 discovered that personal information provided at many of the sites was being inadvertently leaked for unauthorized persons. These factors indicate to us that Carrel would be a suitable environment in order to test existing security safeguards. Furthermore, we believe that the experience gathered will be useful for other MAS. In order to achieve our purpose we describe the design, architecture and implementation of security elements on MAS for the Carrel System.

IEEE Intelligent Systems, 2000

H ealthcare is information driven and knowledge driven. Good healthcare depends on making decisions at the right time and place, using the right patient data and applicable knowledge. Communication is of utmost relevance in today's healthcare settings, in that delivery of care, research, and management all depend on sharing information.

Springer eBooks, 1997

The healthcare systems in all developed countries are changing to labour-shared structures as Shared Care. Such structures require an extended communication and co-operation. Medical information systems integrated into the care processes must be able to support that communication and co-operation adequately, representing an active and distributed Electronic Health Record (EHR) system. Distributed health record systems must meet high demands for data protection and data security, which concern integrity, availability, confidentiality including access management, and accountability. Communication and cooperation in information systems can be provided by middleware architectures. For the different middleware architectures used in healthcare as EDI (HL7, EDIFACT), CORBA or DHE, the architectural principles and security solutions are shortly described in the paper. Supporting open information systems, these security solutions are independent of applications and transparent to the user. For trusted communication and cooperation, application-related and user-related security mechanisms are required. Such mechanisms have to fulfil the security policy of the application domain. They are using the basic security mechanisms of the underlying communication-and cooperation-supporting systems. The discussed policy, threats, and countermeasures are referred to the first German regional distributed medical record, which is developed and step by step refined in the Clinical Cancer Registry Magdeburg/Saxony-Anhalt.

2008

⎯ This paper presents an alternative way to secure communications in e-health. During the communication processes, users exchange different types of information with different levels of sensitivities. For example, communications between a doctor and a patient contain data of higher levels of sensitivities than communications between a social worker and a nurse. The different levels of the sensitivities of the information are secured by using different types of security processes. In this paper, these different communication types and different levels of data sensitivities in e-health are explained, the requirements for each type for communications are described and the use of the cryptography to secure the communication is discussed.

Many different applications in health care have some common characteristics. We used these characteristics to develop a framework with which it is possible to rapidly develop and deploy secure mobile applications in the Austrian eHealth context. We implemented mechanisms to be able to securely connect and process medical data according to current legal regulations via a secured communication server acting as a relay between mobile devices and the protected data storage. Additionally, the development of new applications is reduced to the writing of a single configuration file.

With the advancement in technology and availability of internet access and smart mobile systems, there has been an increasing interest in eHealth related research activities due to the attractive and important benefits that eHealth systems can offer to many. However, the security of the eHealth systems has been a great concern. In this paper, we discuss the pilot design experience and results of a security oriented design framework (SOD). The SOD framework is intended for providing a system development environment template to strengthen development tasks of eHealth related systems. We have selected two major eHealth commonly required features for the pilot experiments. The first feature is to provide capabilities for storing and accessing digitized patient health records. The second feature is to provide scheduling and management in terms of appointments, doctor prescriptions, tests, etc. The paper also discusses the current major concerns in security and privacy and provides some effective security solutions.

2009

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector's privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products . Keywords: architecture of health information systems, privacy protection, security for health systems, access control, network security in e-health, application security for health applications. .

2013

E-health services are subjected to same security threats as other online services. This paper emphasizes the requirement of a strong framework in e-health domain for reliable delivery of medical data over the internet. The paper recognizes current and future technological solutions in this regard. The solutions includes the authorization & authentication techniques and cryptography for the data transmission . Recent initiatives in Indian scenarios have also been analyzed. It further suggests the application of SOAP for building a secured framework. Keywords—authorization and authentication, cryptography,SOAP.

International Journal of Medical Informatics, 2001

Health information systems supporting shared care are going to be distributed and interoperable. Dealing with sensitive personal medical information, such information systems have to provide appropriate security services, allowing only authorised users restricted access rights to the patients' data according to the 'need to know' principle. Especially in healthcare, chip card based information systems occur in the shape of patient data cards providing informational self determination and mobility of the users as well as quality, integrity, accountability, and availability of the data stored on the card, thus improving the shared care of patients. The DIABCARD 1 project aims at the implementation and evaluation of a chip card based medical information system (CCMIS) for facilitating communication and co-operation between health professionals in different organisations or departments caring the same patient with diabetes as an example. In co-operation with the EC-funded TrustHealth 2 project, communication and application security services needed are provided like strong authentication as well as the derived services such as authorisation, access control, accountability, confidentiality, etc. The solution is based on Health Professional Cards and Trusted Third Party services. In addition to the secure handling of the patient's chip card and data in DIABCARD workstations, the secure communication between these workstations and related departmental systems has been implemented. Based on the results of this feasibility study, an enhanced security services specification for the DIABCARD example of a CCMIS is provided which will be implemented in the framework of a health network being established in the German federal state Bavaria. Beside the preferred solution of a combination of Patient Identification Card and Patient Data Card, lower level alternatives using card-verifiable certificates are explained in some details. Finally, a few legal issues, future trends like the XML standard set and their implications for the solution presented as well as for distributed health information systems in general are shortly discussed.

International journal of computers in clinical practice, 2019

ThewidespreaduseofelectronicPersonalHealthRecordsisconsideredofgreatimportance,however, untiltoday,thereisnowidelyadoptedapplicationparadigmforthefunctionalspecificationsofa modernePHRduetoabsenceoftrust,inadequatedatacompletenessandoverallusecomplexityand "unfriendliness".CO.R.E.(COnsolidation&RoutingEngine)isaninnovativeapproachtowardsthe developmentofahealthdataconsolidationandcloudaccessprovisioninfrastructure,takingunder considerationboththeneedsforwideadoptionandtheapplicationofmissioncriticaltechnologies inrealproductionenvironments.TheCO.R.E.infrastructureprovidesanenvironmentfordeploying medical record applications with central storage and individually controlled distributed access, ensuring:a)theabsenceofreadableidentifiersinanynetworkcommunicationamongtheinvolved systemsandb)theinability(asmuchasmoderncryptographicmethodsoffer)ofanyone-eventhe engineersworkingonthesystem-tocorrelatethestoredmedicaldatawiththeirowner/physicalperson.