Tian-shu ZHOU,Xing-hua ZHU,Jing-song LI

DOI: https://doi.org/10.3969/j.issn.1673-7571.2015.06.025

2015-01-01

Abstract:To meet the demand of big data sharing and communication in regional medical systems in a secure manner, we designed and developed a security system within HIE-oriented EMR, including identity authentication, privilege management, access log, and data encryption modules. The establish and deployment of the system could prevent access from the illegal users, keep EMR system accessibility while controllability, record the modification traces and make it undeniability, protect the medical data from intercepted by intruders, keep the data confidentiality from none stakeholders, and finally construct a complete security system in EMR.

C Ilioudis,G Pangalos

DOI: https://doi.org/10.2196/jmir.3.2.e14

Abstract:Background: The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective: To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods: We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results: We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions: The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

Stefanos Gritzalis,Costas Lambrinoudakis,Dimitrios Lekkas,Spyros Deftereos

DOI: https://doi.org/10.1109/titb.2005.847498

Abstract:Raising awareness and providing guidance to on-line data protection is undoubtedly a crucial issue worldwide. Equally important is the issue of applying privacy-related legislation in a coherent and coordinated way. Both these topics gain extra attention when referring to medical environments and, thus, to the protection of patients' privacy and medical data. Electronic medical transactions require the transmission of personal and medical information over insecure communication channels like the Internet. It is, therefore, a rather straightforward task to capture the electronic medical behavior of a patient, thus constructing "patient profiles," or reveal sensitive information related to a patient's medical history. The consequence is clearly a potential violation of the patient's privacy. We performed a risk analysis study for a Greek shared care environment for the treatment of patients suffering from beta-thalassemia, an empirically embedded scenario that is representative of many other electronic medical environments; we capitalized on its results to provide an assessment of the associated risks, focusing on the description of countermeasures, in the form of technical guidelines that can be employed in such medical environments for protecting the privacy of personal and medical information.

Hsuan-Yu Chen,Zhen-Yu Wu,Tzer-Long Chen,Yao-Min Huang,Chia-Hui Liu

DOI: https://doi.org/10.3390/s21030713

IF: 3.9

2021-01-21

Sensors

Abstract:With the development of the internet, applications have become complicated, and the relevant technology has diversified. Compared with medical applications, the significance of information technology has been expanding to include clinical auxiliary functions of medical information. This includes electronic medical records, electronic prescriptions, medical information systems, etc. Although research on the data processing structure and format of various related systems is becoming mature, the integration is insufficient. An integrated medical information system with security policy and privacy protection, which combines e-patient records, e-prescriptions, modified smart cards, and fingerprint identification systems, and applies proxy signature and group signature, is proposed in this study. This system effectively applies and saves medical resources—satisfying the mobility of medical records, presenting the function, and security of medicine collection, and avoiding medical conflicts and profiteering to further acquire the maximum effectiveness with the least resources. In this way, this medical information system may be developed into a comprehensive function that eliminates the transmission of manual documents and maintains the safety of patient medical information. It can improve the quality of medical care and indispensable infrastructure for medical management.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

R. Pandey,Saurabh Pandey

Abstract:— Big data is one the most promising, essential and modern computing era around the world. Big data is most commonly described as huge amount of un-structured data or we can say semi-structured data. The processing, storage, and analysis of such huge sets of data with the help of classical processing or database approaches or tools are insufficient, it requires advanced processing tools with real-time analysis. Healthcare (medical) is one of the important sector that produces big data because today, healthcare switches paper-based medical records into electronic platform to store, manage, analysis and process in the form of Electronic Medical Record (EMR) or Electronic Healthcare Record (EHR) with the help of internet..Due to vast digitization of medical big data(records) or we can say the use of technologies to transform healthcare industry into electronically available data to consumers, there are various security and privacy risks associated with the use of such technologies must be addressed in order to provide better and safe access of records online and make the system acceptable worldwide with the contribution of healthy economic growth. In this paper, we explore various security and privacy concerns surrounding medical (healthcare) big data.

Medicine,Computer Science

David Odera

DOI: https://doi.org/10.30574/gjeta.2023.14.2.0035

2023-02-28

Global Journal of Engineering and Technology Advances

Abstract:A huge percentage of people especially in developed countries spend a good chunk of their wealth in managing their health conditions. In order to adequately administer healthcare, governments and various organizations have embraced advanced technology for automating the health industry. In recent past, electronic health records have largely been managed by Enterprise Resource Planning and legacy systems. Big data framework steadily emerge as the underlying technology in healthcare, which offers solutions that limits capacity of others systems in terms of storage and reporting. Automation through cloud services supported by storage of structured and unstructured health data in heterogeneous environment has improved service delivery, efficiency, medication, diagnosis, reporting and storage in healthcare. The argument support the idea that big data healthcare still face information security concern, for instance patient image sharing, authentication of patient, botnet, correlation attacks, man-in-the-middle, Distributed Denial of Service (DDoS), blockchain payment gateway, time complexities of algorithms, despite numerous studies conducted by scholars in security management for big data in smart healthcare. Some security technique include digital image encryption, steganography, biometrics, rule-based policy, prescriptive analysis, blockchain contact tracing, cloud security, MapReduce, machine-learning algorithms, anonymizations among others. However, most of these security solutions and analysis performed on structured and semi-structured data as opposed to unstructured data. This may affect the output of medical reporting of patients’ condition particularly on wearable devices and other examinations such as computerized tomography (CT) Scans among others. A major concern is how to identify inherent security vulnerabilities in big healthcare, which generate images for transmission and storage. Therefore, this paper conducted a comparative survey of solutions that specifically safeguards structured and unstructured data using systems that run on big data frameworks. The literature highlights several security advancements in cryptography, machine learning, anonymization and protocols. Most of these security frameworks lacks implementation evidence. A number of studies did not provide comprehensive performance metrics (accuracy, error, recall, precision) of the models besides using a single algorithm without validated justification. Therefore, a critique on the contribution, performance and areas of improvements discussed and summarized in the paper.

Vinaytosh Mishra,Kishu Gupta,Deepika Saxena,Ashutosh Kumar Singh

DOI: https://doi.org/10.1109/TCE.2024.3373912

2024-10-05

Abstract:Electronic Health Records (EHR) are crucial for the success of digital healthcare, with a focus on putting consumers at the center of this transformation. However, the digitalization of healthcare records brings along security and privacy risks for personal data. The major concern is that different countries have varying standards for the security and privacy of medical data. This paper proposed a novel and comprehensive framework to standardize these rules globally, bringing them together on a common platform. To support this proposal, the study reviews existing literature to understand the research interest in this issue. It also examines six key laws and standards related to security and privacy, identifying twenty concepts. The proposed framework utilized K-means clustering to categorize these concepts and identify five key factors. Finally, an Ordinal Priority Approach is applied to determine the preferred implementation of these factors in the context of EHRs. The proposed study provides a descriptive then prescriptive framework for the implementation of privacy and security in the context of electronic health records. Therefore, the findings of the proposed framework are useful for professionals and policymakers in improving the security and privacy associated with EHRs.

Machine Learning

P.K. Paul,P. S. Aithal

DOI: https://doi.org/10.47992/ijmts.2581.6012.0070

2019-10-18

Abstract:Information is the core and most vital asset these days. The subject which deals with Information is called Information Science. Information Science is responsible for different information related affairs from collection, selection, organization, processing, management and dissemination of information and contents. And for this information related purpose Information Technology plays a leading role. Information Technology has different components viz. Database Technology, Web Technology, Networking Technology, Multimedia Technology and traditional Software Technology. All these technologies are responsible for creating and advancing society. Database Technology is concerned with the Database. It is worthy to note that, Database is concerned with the repository of related data in a container or base. The data, in Database normally stored in different forms and Database Technology play a lead role for dealing with the affairs related to database. The Database is very important in the recent past due to wider applications in different organizations and institutions; not only profit making but also non-profit making. Today most organizations and sectors which deal with sensitive and important data keep them into the database and thus its security becomes an important concern. Large scale database and its security truly depend on different defensive methods. This paper talks about the basics of database including its meaning, characteristics, role etc. with special focus on different security challenges in the database. Moreover, this paper highlights the basics of security management, tools in this regard. Hence different areas of database security have mentioned in this paper in a simple sense.

Aeshah Alhammad,Maryati Mohd. Yusof,Dian Indrayani Jambari

DOI: https://doi.org/10.1111/jep.14140

2024-09-21

Journal of Evaluation in Clinical Practice

Abstract:Rationale, Aims, and Objectives Medical device‐integrated electronic medical records (MDI‐EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI‐EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI‐EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives. Method We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI‐EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists. Results The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI‐EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively. Conclusion Collaboration among the key stakeholders is crucial for implementing security controls for MDI‐EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.

medicine, general & internal,health care sciences & services,medical informatics

AKM Iqridar Newaz,Amit Kumar Sikder,Mohammad Ashiqur Rahman,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.2005.07359

2020-05-15

Cryptography and Security

Abstract:The recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of the patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices (IMDs), body area networks (BANs), and Internet of Things (IoT) technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems as any security or privacy violation can lead to severe effects on patients' treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this paper, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the paper with future research directions toward securing healthcare systems against common vulnerabilities.

Kishu Gupta,Vinaytosh Mishra,Aaisha Makkar

DOI: https://doi.org/10.1109/JBHI.2024.3467179

2024-10-06

Abstract:Healthcare has witnessed an increased digitalization in the post-COVID world. Technologies such as the medical internet of things and wearable devices are generating a plethora of data available on the cloud anytime from anywhere. This data can be analyzed using advanced artificial intelligence techniques for diagnosis, prognosis, or even treatment of disease. This advancement comes with a major risk to protecting and securing protected health information (PHI). The prevailing regulations for preserving PHI are neither comprehensive nor easy to implement. The study first identifies twenty activities crucial for privacy and security, then categorizes them into five homogeneous categories namely: $\complement_1$ (Policy and Compliance Management), $\complement_2$ (Employee Training and Awareness), $\complement_3$ (Data Protection and Privacy Control), $\complement_4$ (Monitoring and Response), and $\complement_5$ (Technology and Infrastructure Security) and prioritizes these categories to provide a framework for the implementation of privacy and security in a wise manner. The framework utilized the Delphi Method to identify activities, criteria for categorization, and prioritization. Categorization is based on the Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and prioritization is performed using a Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS). The outcomes conclude that $\complement_3$ activities should be given first preference in implementation and followed by $\complement_1$ and $\complement_2$ activities. Finally, $\complement_4$ and $\complement_5$ should be implemented. The prioritized view of identified clustered healthcare activities related to security and privacy, are useful for healthcare policymakers and healthcare informatics professionals.

Cryptography and Security,Machine Learning

Asim F Choudhri,Arindam R Chatterjee,Ramin Javan,Martin G Radvany,George Shih

DOI: https://doi.org/10.1148/rg.2015140039

Radiographics

Abstract:The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Diana Berbecaru,Antonio Lioy,Marius Marian,Diana Marano

DOI: https://doi.org/10.48550/arXiv.1910.09027

2019-10-17

Abstract:The efficiency and service quality in a medical environment can be improved by using electronic documents (or e-docs) and digital signatures to speed up both doctors' activity and to provide in the same time easy retrieval and use of needed data without loosing convenience. Our proposed solution satisfies these needs by making use of the AIDA system and many cutting-edge techniques to build a digitalized management system. To be more specific, we present firstly the AIDA document exchange framework for the management (creation, search, storage) of e-docs expressed in XML format. The framework provides security services, like privacy, authorization, authentication and non-repudiation. We describe next the use of AIDA in a real world medical service, namely the creation of electronic medical records (e- MRs). Doctors can use mobile devices that embed a secure trustworthy environment defined also in AIDA for digitally signing the e-MRs. Technically speaking a handheld PC equipped with a smart-card reader and integrating What You See Is What You Sign (WYSIWYS) features will be used for viewing and signing the e-MRs. Furthermore the proposed system is easily integrated with the infrastructure (e.g., database system) already in use at hospital's administration site and allows easy handling and updating of data processed on the mobile devices. The use of web interface for the operations to be executed on the mobile device or for those executed on the remote part of the system makes the whole application homogeneous and easy to use.

Cryptography and Security

A Bourka,N Polemi,D Koutsouris

Abstract:The scope of this paper is to present the current needs and trends in the field of healthcare systems security. The approach applied within the described review was based on three major steps. The first step was to define the point and ways of penetration and integration of security services in current healthcare related applications addressing technical, organisational and legal/regulatory issues. The second step was to specify and evaluate common security technologies applied in healthcare information systems pointing out gaps and efficient solutions, whereas the third was to draw conclusions for the present conditions and identify the future trends of healthcare information security. A number of EU RTD Projects were selected, categorised, analysed and comparatively evaluated in terms of security. The technical focus was on key security technologies, like Public Key Infrastructures (PKIs) based on Trusted Third Parties (TTPs) in conjunction with other state-of-the-art security components (programming tools, data representation formats, security standards and protocols, security policies and risk assessment techniques). The experience gained within this review will provide valuable input for future security applications in the healthcare sector, solving existing problems and addressing real user needs.

Chandra Thapa,Seyit Camtepe

DOI: https://doi.org/10.1016/j.compbiomed.2020.104130

IF: 7.7

2021-02-01

Computers in Biology and Medicine

Abstract:<p>Precision health leverages information from various sources, including omics, lifestyle, environment, social media, medical records, and medical insurance claims to enable personalized care, prevent and predict illness, and precise treatments. It extensively uses sensing technologies (e.g., electronic health monitoring devices), computations (e.g., machine learning), and communication (e.g., interaction between the health data centers). As health data contain sensitive private information, including the identity of patient and carer and medical conditions of the patient, proper care is required at all times. Leakage of these private information affects the personal life, including bullying, high insurance premium, and loss of job due to the medical history. Thus, the security, privacy of and trust on the information are of utmost importance. Moreover, government legislation and ethics committees demand the security and privacy of healthcare data. Besides, the public, who is the data source, always expects the security, privacy, and trust of their data. Otherwise, they can avoid contributing their data to the precision health system. Consequently, as the public is the targeted beneficiary of the system, the effectiveness of precision health diminishes. Herein, in the light of precision health data security, privacy, ethical and regulatory requirements, finding the best methods and techniques for the utilization of the health data, and thus precision health is essential. In this regard, firstly, this paper explores the regulations, ethical guidelines around the world, and domain-specific needs. Then it presents the requirements and investigates the associated challenges. Secondly, this paper investigates secure and privacy-preserving machine learning methods suitable for the computation of precision health data along with their usage in relevant health projects. Finally, it illustrates the best available techniques for precision health data security and privacy with a conceptual system model that enables compliance, ethics clearance, consent management, medical innovations, and developments in the health domain.</p>

engineering, biomedical,computer science, interdisciplinary applications,mathematical & computational biology,biology

Abraham Isiaho,Kelvin Kabeti Omieno,Hillan Rono

DOI: https://doi.org/10.30574/wjaets.2022.7.2.0136

2022-12-30

World Journal of Advanced Engineering Technology and Sciences

Abstract:The advancement in information communication technologies has seen the rise in the deployment of various information exchange devices in the healthcare sector. Among these technologies is the Tele-care Medical Information Systems (TMIS) in which remote users can establish a connection with the hospital medical server and share the necessary information between them. This can potentially offer doctors and patients more reasonable treatment plan, as well as helping address the huge medical expenses and excessive medical treatment duration. There is therefore need to store patient data in the end devices, as well as transmit this data over public channels to facilitate decision making. This paper sought to review the security schemes that have been developed over the recent past to protect the patient data stored or transmitted in TMIS.

Mariam Al Zaabi,Saadat M Alhashmi

DOI: https://doi.org/10.1177/02666669241247781

2024-04-25

Information Development

Abstract:Information Development, Ahead of Print. Big data security involves protecting healthcare data from unauthorised use and access and making any changes, while privacy entails ensuring the confidentiality of individual patient information within the datasets. The two are crucial in ensuring that big data is effectively applied for research and personalised care, compromising the sensitivity of healthcare data and medical information. Consequently, as the amount of data in the healthcare sector grows exponentially, securing sensitive data becomes increasingly crucial while effectively utilising big data analytics. The systematic review explores the issues and challenges associated with big data security and privacy in healthcare. Through reference to resource-based view theory, this paper seeks to examine the present state of research in this area, identify gaps in the existing literature, and propose strategies for future research. The search strategy looked at the data between 2013 and 2022 and yielded 93 studies from four databases: Scopus, PubMed, ScienceDirect and IEEE Xplore. From these studies, 18 papers are reviewed. The findings reveal that while significant progress has been made in securing healthcare data, numerous challenges still need to be considered.Overall, this review highlights the importance of continued research to ascertain that sensitive healthcare data is kept secure while allowing for the enhanced application of big data analytics. It contributes to the security and privacy problems associated with using big data in healthcare, measures for addressing these challenges, the healthcare value of big data, and foci for future research.

information science & library science

Yuan-ping DAI,Jun-fang ZHENG

DOI: https://doi.org/10.3969/j.issn.1674-1633.2016.04.023

2016-01-01

Abstract:Objective To improve the efficiency, security, and confidentiality level in the management of medical experiment documents and original data, especially the management of large ifles.Methods By following the standardized database design method in the Structured Query Language (SQL) Server 2008 database platform, a medical laboratory document management system was developed with Java programming language, which was object-oriented and could utilize the cross platform.Results The use of the database management system could realize functions such as data uploading and downloading, authority management, automatic backup, andetc.Conclusion The method adopted in this research was to save the original data and document in the experimental process to the database in binary, which effectively ensured the efifciency and conifdentiality in the management of medical experiment data and document.

Bala Gayathri D,D Sangeetha

DOI: https://doi.org/10.3233/THC-240921

2024-08-08

Abstract:Background: In the modern medical industry, sensors and other medical electronic equipment such as ECG, thermometers, etc. that measure vitals like blood pressure, body temperature, heartbeat, and blood cells are used to record patient data. The information gathered helps to create a patient profile, which in turn helps doctors treat patients appropriately and helps users gain insights into their health. But, the information collected is regionally specific and not worldwide. Thus, this may create problems in transparency, integrity, and much more. The medical details of patients collected are stored in a simple database which appears to be a centralized application that is prone to be modified or hacked by intruders and also suffers from fault tolerance. Objective: This paper aims to solve this problem using Blockchain and Data Possession methodologies. Methods: Blockchain helps to store multiple copies of data in a decentralized fashion. Thus, a secured model could be implemented using blockchain in which the patient's data can be securely sent to any medical professional, thus promoting transparency, security, and integrity. Results: Provable Data Possession helps the users to verify that their information is intact and has not been tampered. It can be achieved using cryptography which encrypts the information of the patients stored. Conclusion: This paper will be beneficial for the medical department and the public such that it will be beneficial in terms of transparency, scalability, and security.