Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Background Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHSs on P2P networks by making them safe to use.

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review (Preprint)

BACKGROUND Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. OBJECTIVE This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. METHODS A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. RESULTS Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. CONCLUSIONS Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHSs on P2P networks by making them safe to use.

COPYRIGHT INFRINGEMENT IN SOCIAL MEDIA

Social media is a group of Internet-based applications built on the ideology and technology of Web 2.0 and makes communication activities easier and faster. Social media channels would not function without the Internet. However, these facilities cause a massive infringement of copyright on social media platforms. Copyright infringement on social media is primarily about file-sharing activities. These activities that use user-to-friend (P2P) technology have triggered a phenomenon in the Internet world. This P2P network technology enables users to exchange digital files anywhere they like. Indirectly, this technology has brought conflicts on the Internet between copyright owners and users. It is important to note that technology is evolving and does not always conform to the law. Therefore, the disparity between copyright law and technology needs to be bridged. An important issue is whether there are appropriate provisions for copyright infringement on social media. This is because, by law, we need to ensure that we have appropriate provisions regarding copyright infringement issues on social media. This article discusses the provisions of the current Copyright Act 1987 relating to copyright infringement and whether they are appropriate for use on the Internet as on social media sites. This article uses the method of legal research through library research. This article concludes that existing laws are conclusively designed and that the provisions of these provisions cover various types of copyright infringement, including those that occur on social media.

Regulating peer-to-peer technology in China: inspiration from the United Kingdom

During the past decade, China has learnt from the experience of the United States and developed a series of legal instruments to address the digital challenges of massive copyright infringement. These efforts have established a joint tort liability system under which network service providers (NSPs) share joint liability with direct infringing users under certain conditions. Under this system, NSPs bear aiding or abetting liabilities which correspond to the United States’ contributory and inducement liabilities. However, when facing peer-to-peer (P2P) technology, the fault-centred approach manifested in knowledge is not only difficult to prove but also overlooks objective factors. Moreover, general tort law principles are sometimes set aside in adjudicating cases concerning indirect copyright liabilities. This article examines authorization liability in the United Kingdom, finding that this approach is underpinned by traditional tort law theory and more integrated in adjudicating P2P cases. It requires a spectrum of consideration consisting of two-step analysis: conceptual analysis and multi-factor analysis. This research proposes that while maintaining the current dichotomy framework of copyright liabilities, the UK authorization liability approach provides a valuable lesson, especially in regulating P2P technologies in China.

Introduction of the distributed registry technology into the company’s management system

The technology of the distributed registry creates new opportunities for changing the management system, which are discussed in the article. The use of the blockchain allows building a decentralized autonomous commercial organization on a network basis. With the help of p2p technology, it is possible to radically reorganize the structure of organization and management, and reduce the management and transaction costs inherent in the traditional hierarchical structure of the firm. The analysis of the steps by means of which real enterprises can be transferred to the blockchain is provided, and the role of smart contracts is analyzed.