Security and Privacy of E-health Data

2021 ◽  
pp. 199-214
Author(s):  
Gazi Imtiyaz Ahmad ◽  
Jimmy Singla ◽  
Kaiser J. Giri
Keyword(s):  
Health Data ◽  
Security And Privacy

scholarly journals British Columbia’s Health Data Platform: Unleashing the Power of a Data Environment Commons for Health and Health System Improvement

2020 ◽  
Vol 5 (5) ◽  
Author(s):  
Shirley Wong ◽  
Victoria Schuckel ◽  
Simon Thompson ◽  
David Ford ◽  
Ronan Lyons ◽  
...  
Keyword(s):  
Health Sector ◽  
Data Access ◽  
Health Data ◽  
Decision Makers ◽  
Security And Privacy ◽  
Privacy And Security ◽  
Data Accessibility ◽  
Data Platform ◽  
Access To Data ◽  
Data Consumer

IntroductionThere is no power for change greater than a community discovering what it cares about.1 The Health Data Platform (HDP) will democratize British Columbia’s (population of approximately 4.6 million) health sector data by creating common enabling infrastructure that supports cross-organization analytics and research used by both decision makers and cademics. HDP will provide streamlined, proportionate processes that provide timelier access to data with increased transparency for the data consumer and provide shared data related services that elevate best practices by enabling consistency across data contributors, while maintaining continued stewardship of their data. HDP will be built in collaboration with Swansea University following an agile pragmatic approach starting with a minimum viable product. Objectives and ApproachBuild a data sharing environment that harnesses the data and the understanding and expertise about health data across academe, decision makers, and clinicians in the province by: Enabling a common harmonized approach across the sector on: Data stewardship Data access Data security and privacy Data management Data standards To: Enhance data consumer data access experience Increase process consistency and transparency Reduce burden of liberating data from a data source Build trust in the data and what it is telling us and therefore the decisions made Increase data accessibility safely and responsibly Working within the jurisdiction’s existing legislation, the Five Safes Privacy and Security Framework will be implemented, tailored to address the requirements of data contributors. ResultsThe minimum viable product will provide the necessary enabling infrastructure including governance to enable timelier access, safely to administrative data to a limited set of data consumers. The MVP will be expanded with another release planned for early 2021. Conclusion / ImplicationsCollaboration with Swansea University has enabled BC to accelerate its journey to increasing timelier access to data, safely and increasing the maturity of analytics by creating the enabling infrastructure that promotes collaboration and sharing of data and data approaches. 1 Margaret Wheatley

Privacy and Security in e-Health Applications

2012 ◽  
pp. 1141-1166
Author(s):  
Milan Petkovic ◽  
Luan Ibraimi
Keyword(s):  
Digital Technologies ◽  
Health Data ◽  
Security Requirements ◽  
Security And Privacy ◽  
Sensitive Information ◽  
Privacy And Security ◽  
Security Technologies ◽  
Technological Means ◽  
The Individual ◽  
Health Applications

The introduction of e-Health and extramural applications in the personal healthcare domain has raised serious concerns about security and privacy of health data. Novel digital technologies require other security approaches in addition to the traditional “purely physical” approach. Furthermore, privacy is becoming an increasing concern in domains that deal with sensitive information such as healthcare, which cannot absorb the costs of security abuses in the system. Once sensitive information about an individual’s health is uncovered and social damage is done, there is no way to revoke the information or to restitute the individual. Therefore, in addition to legal means, it is very important to provide and enforce privacy and security in healthcare by technological means. In this chapter, the authors analyze privacy and security requirements in healthcare, explain their importance and review both classical and novel security technologies that could fulfill these requirements.

Healthcare SaaS Based on a Data Model With Built-In Security and Privacy

2019 ◽  
pp. 744-759 ◽  
Author(s):  
Ruchika Asija ◽  
Rajarathnam Nallusamy
Keyword(s):  
Cloud Computing ◽  
Performance Evaluation ◽  
Data Model ◽  
Health Data ◽  
Software As A Service ◽  
Security And Privacy ◽  
Healthcare Industry ◽  
Access Controls ◽  
Software And Hardware ◽  
Security Levels

Cloud computing is a major technology enabler for providing efficient services at affordable costs by reducing the costs of traditional software and hardware licensing models. As it continues to evolve, it is widely being adopted by healthcare organisations. But hosting healthcare solutions on cloud is challenging in terms of security and privacy of health data. To address these challenges and to provide security and privacy to health data on the cloud, the authors present a Software-as-a-Service (SaaS) application with a data model with built-in security and privacy. This data model enhances security and privacy of the data by attaching security levels in the data itself expressed in the form of XML instead of relying entirely on application level access controls. They also present the performance evaluation of their application using this data model with different scaling indicators. To further investigate the adoption of IT and cloud computing in Indian healthcare industry they have done a survey of some major hospitals in India.

Security, Privacy, and Ownership Issues With the Use of Wearable Health Technologies

2018 ◽  
pp. 1068-1083
Author(s):  
Don Kerr ◽  
Kerryn Butler-Henderson ◽  
Tony Sahama
Keyword(s):  
Data Privacy ◽  
Wearable Technology ◽  
Health Data ◽  
Security And Privacy ◽  
Primary Concern ◽  
Health Technologies ◽  
State Security ◽  
Data Ownership ◽  
The Future ◽  
Data Theft

When considering the use of mobile or wearable health technologies to collect health data, a majority of users state security and privacy of their data is a primary concern. With users being connected 24/7, there is a higher risk today of data theft or the misappropriate use of health data. Furthermore, data ownership is often a misunderstood topic in wearable technology, with many users unaware who owns the data collected by a device, what that data can be used for and who can receive that data. Many countries are reviewing privacy governance in an attempt to clarify data privacy and ownership. But is it too late? This chapter explores the concepts of security and privacy of data from mobile and wearable technology, with specific examples, and the implications for the future.

scholarly journals The Quantified Woman: Exploring Perceptions on Health App Use among Austrian Females of Reproductive Age

2020 ◽  
Vol 1 (2) ◽  
pp. 132-141
Author(s):  
Daniela Haluza ◽  
Isabella Böhm
Keyword(s):  
Interpersonal Communication ◽  
Health Data ◽  
Reproductive Age ◽  
Third Party ◽  
Security And Privacy ◽  
Quantified Self ◽  
Perceived Benefits ◽  
Public Health Perspective ◽  
Cross Sectional ◽  
Health Apps

Smartphones have become the most important commodity for today’s digitalized society. Besides direct interpersonal communication, their most used features are third-party applications (apps). Apps for monitoring health parameters (health apps) are extremely popular, and their users are part of the Quantified Self movement. Little knowledge is available on how health apps are perceived by a female target audience, the Quantified Woman. We conducted a study among Austrian females of reproductive age (n = 150) to analyze prevalence, perceived benefits, and readiness for health app use. In the cross-sectional online German survey, nearly all participants used these apps (98.0%), predominantly for monitoring physical activity and female health (both 31.3%). For the latter, participants used a large variety of different apps for monitoring contraception and menstruation. Perceived benefits and readiness of health app use were only of medium range. Our study assessed aspects of health app use in an understudied segment of the general population. From a Public Health perspective, the Quantified Woman could be empowered by health data collection by enabling her to take active control over how her health graphs develop. We suggest assuring data security and privacy for sensitive female health data collected by health apps.

scholarly journals Accelerating Health Data Sharing: A Solution Based on the Internet of Things and Distributed Ledger Technologies (Preprint)

2019 ◽  
Author(s):  
Xiaochen Zheng ◽  
Shengjing Sun ◽  
Raghava Rao Mukkamala ◽  
Ravi Vatrapu ◽  
Joaquín Ordieres-Meré
Keyword(s):  
Health Care ◽  
Internet Of Things ◽  
Data Sharing ◽  
Data Access ◽  
Health Data ◽  
Security And Privacy ◽  
Access Management ◽  
Related Data ◽  
Distributed Ledger ◽  
Health Related

BACKGROUND Huge amounts of health-related data are generated every moment with the rapid development of Internet of Things (IoT) and wearable technologies. These big health data contain great value and can bring benefit to all stakeholders in the health care ecosystem. Currently, most of these data are siloed and fragmented in different health care systems or public and private databases. It prevents the fulfillment of intelligent health care inspired by these big data. Security and privacy concerns and the lack of ensured authenticity trails of data bring even more obstacles to health data sharing. With a decentralized and consensus-driven nature, distributed ledger technologies (DLTs) provide reliable solutions such as blockchain, Ethereum, and IOTA Tangle to facilitate the health care data sharing. OBJECTIVE This study aimed to develop a health-related data sharing system by integrating IoT and DLT to enable secure, fee-less, tamper-resistant, highly-scalable, and granularly-controllable health data exchange, as well as build a prototype and conduct experiments to verify the feasibility of the proposed solution. METHODS The health-related data are generated by 2 types of IoT devices: wearable devices and stationary air quality sensors. The data sharing mechanism is enabled by IOTA’s distributed ledger, the Tangle, which is a directed acyclic graph. Masked Authenticated Messaging (MAM) is adopted to facilitate data communications among different parties. Merkle Hash Tree is used for data encryption and verification. RESULTS A prototype system was built according to the proposed solution. It uses a smartwatch and multiple air sensors as the sensing layer; a smartphone and a single-board computer (Raspberry Pi) as the gateway; and a local server for data publishing. The prototype was applied to the remote diagnosis of tremor disease. The results proved that the solution could enable costless data integrity and flexible access management during data sharing. CONCLUSIONS DLT integrated with IoT technologies could greatly improve the health-related data sharing. The proposed solution based on IOTA Tangle and MAM could overcome many challenges faced by other traditional blockchain-based solutions in terms of cost, efficiency, scalability, and flexibility in data access management. This study also showed the possibility of fully decentralized health data sharing by replacing the local server with edge computing devices.

scholarly journals CESCR: CP-ABE for efficient and secure sharing of data in collaborative ehealth with revocation and no dummy attribute

PLoS ONE ◽  
2021 ◽  
Vol 16 (5) ◽  
pp. e0250992
Author(s):  
Kennedy Edemacu ◽  
Beakcheol Jang ◽  
Jong Wook Kim
Keyword(s):  
Information And Communication Technologies ◽  
Data Security ◽  
Model Simulation ◽  
Security Analysis ◽  
Health Data ◽  
Security And Privacy ◽  
Access Structure ◽  
Security Parameter ◽  
User Revocation ◽  
Ciphertext Policy

With the rapid advancement of information and communication technologies, there is a growing transformation of healthcare systems. A patient’s health data can now be centrally stored in the cloud and be shared with multiple healthcare stakeholders, enabling the patient to be collaboratively treated by more than one healthcare institution. However, several issues, including data security and privacy concerns still remain unresolved. Ciphertext-policy attribute-based encryption (CP-ABE) has shown promising potential in providing data security and privacy in cloud-based systems. Nevertheless, the conventional CP-ABE scheme is inadequate for direct adoption in a collaborative ehealth system. For one, its expressiveness is limited as it is based on a monotonic access structure. Second, it lacks an attribute/user revocation mechanism. Third, the computational burden on both the data owner and data users is linear with the number of attributes in the ciphertext. To address these inadequacies, we propose CESCR, a CP-ABE for efficient and secure sharing of health data in collaborative ehealth systems with immediate and efficient attribute/user revocation. The CESCR scheme is unbounded, i.e., it does not bind the size of the attribute universe to the security parameter, it is based on the expressive and non-restrictive ordered binary decision diagram (OBDD) access structure, and it securely outsources the computationally demanding attribute operations of both encryption and decryption processes without requiring a dummy attribute. Security analysis shows that the CESCR scheme is secure in the selective model. Simulation and performance comparisons with related schemes also demonstrate that the CESCR scheme is expressive and efficient.

scholarly journals Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Pedro Moura ◽  
Paulo Fazendeiro ◽  
Pedro R. M. Inácio ◽  
Pedro Vieira-Marques ◽  
Ana Ferreira
Keyword(s):  
Risk Factors ◽  
Risk Assessment ◽  
Access Control ◽  
Delphi Study ◽  
Mobile Apps ◽  
Real Life ◽  
Health Data ◽  
Security And Privacy ◽  
Risk Level ◽  
Healthcare Data

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

Sign in / Sign up

Export Citation Format

Share Document