Published: 2015-06-26
ISBN: 978-91-7685-985-8
ISSN: 1650-3686 (print), 1650-3740 (online)
The security and privacy of personal, health-related data in emerging telehealth and telecare systems is crucial, in particular under consideration of additional requirements. On the one hand optimal usability of the devices and applications provided for the monitoring of the health condition is desirable for the supervised patient. On the other side the different health and care organizations require co-operative access to the common infrastructure for storage, transmission and provision of the data from the patients. In this paper we analyse the different types of security related issues and requirements of the telehealth trial system developed for a Norwegian implementation of the EU funded United4Health project, and describe a solution concept for functionalities and policies addressing those requirements. Identified design limitations of the security concept and initial results from the trial operation are discussed. The paper concludes with the general relevance of the proposed security concept also for telehealth systems for remote monitoring of other patient groups by potentially other types of services, and an outlook on expected infrastructure evolutions and corresponding security considerations.
Security; privacy; telehealth; telecare; EHR; NHN; cloud; health information technology
[1] Hsiao C-J, Hing E. Use and Characteristics of Electronic Health Record Systems Among Office-based Physician Practices, United States, 2001-2013: US Department of Health and Human Services, Centers for Disease Control and Prevention, National Center for Health Statistics; 2014.
[2] Christensen K, Doblhammer G, Rau R, Vaupel JW. Ageing populations: the challenges ahead. The Lancet. 2009;374(9696):1196-208.
[3] Barnes PJ. Chronic Obstructive Pulmonary Disease: A Growing but Neglected Global Epidemic. Plos Med. 2007;4(5):e112.
[4] Mathers CD, Loncar D. Projections of Global Mortality and Burden of Disease from 2002 to 2030. Plos Med. 2006;3(11):e442.
[5] Lopez AD, Shibuya K, Rao C, Mathers CD, Hansell AL, Held LS, et al. Chronic obstructive pulmonary disease: current burden and future projections. European Respiratory Journal. 2006 February 1, 2006;27(2):397-412.
[6] Rialle V, Duchene F, Noury N, Bajolle L, Demongeot J. Health "Smart" Home: Information Technology for Patients at Home. Telemed J E-Health. 2002;8(4):395-409.
[7] Bumgardner W. Where are Wearable Fitness Trackers Going for 2015? 2014 [22.04.2015]. Available from: http://walking.about.com/od/measure/fl/Wearables-2015.htm.
[8] Norwegian Health Network (NHN). Available from: https://www.nhn.no/english/Pages/default.aspx.
[9] United4Health. FP7 EU project United4Health 2013. Available from: Umbrella project: http://www.united4health.eu/; Norwegian project: http://www.united4health.no/.
[10] Guttman B, Roback E. An introduction to computer security: the NIST handbook: DIANE Publishing; 1995.
[11] ehelse.no. Code of conduct for information security (The healthcare and care services sector), 5 June 2014. Available from: https://ehelse.no/Documents/Normen/Norm%20for%20informasjonssikkerhet%205%20%20utgave.pdf (norwegian), https://ehelse.no/Documents/Normen/Code%20of%20Conduct%20v4.pdf (english).
[12] Mahony H. Trust remains key barrier to eHealth: euobserver; 2011 [22.04.2015]. Available from: https://euobserver.com/digital/31958.
[13] Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform. 2013 6//;46(3):541-62.
[14] Kaletsch A, Sunyaev A. Privacy engineering: personal health records in cloud computing environments. 2011.
[15] Zhang R, Liu L, editors. Security models and requirements for healthcare application clouds. Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on; 2010: IEEE.
[16] Goldman J, Hudson Z. Virtually exposed: privacy and e-health. Health Affairs. 2000;19(6):140-8.
[17] Terry NP, Francis LP. Ensuring the privacy and confidentiality of electronic health records. U Ill L Rev. 2007:681.
[18] Kluge E-HW. Secure e-Health: Managing risks to patient health data. Int J Med Inform. 2007 5//;76(5–6):402-6.
[19] Trinugroho YBD. Information Integration Platform for Patient-Centric Healthcare Services: Design, Prototype and Dependability Aspects. Future Internet. 2014;6(1):126-54.
[20] IETF. HTTPS = HTTP Over TLS (RFC2818, http://tools.ietf.org/pdf/rfc2818.pdf).
[21] ANSI. Role Based Access Control. American National Standard for Information Technology: Information Technology Industry Council; 2004. p. 56.
[22] Smaradottir B, Gerdes M, Fensli R, Martinez S. User Interface Development of a Tablet Application for Remote Monitoring of COPD-symptoms - A User-centred Design Process. International Conference on Advances in Computer-Human Interaction (ACHI); Lisbon , Portugal2015. p. 57-62.
[23] Bouet M, Pujolle G. RFID in eHealth systems: applications, challenges, and perspectives. Ann Telecommun. 2010 Oct;65(9-10):497-503. PubMed PMID: WOS:000282178600004. English.
[24] Morak J, Kumpusch H, Hayn D, Modre-Osprian R, Schreier G. Design and Evaluation of a Telemonitoring Concept Based on NFC-Enabled Mobile Phones and Sensor Devices. Information Technology in Biomedicine, IEEE Transactions on. 2012;16(1):17-23.
