The healthcare sector is constantly improving
patient health record systems. However, these systems face a
significant challenge when confronted with patient health record
(PHR) data due to its sensitivity. In addition, patient’s data is
stored and spread generally across various healthcare facilities
and among providers. This arrangement of distributed data
becomes problematic whenever patients want to access their
health records and then share them with their care provider,
which yields a lack of interoperability among various healthcare
systems. Moreover, most patient health record systems adopt a
centralized management structure and deploy PHRs to the cloud,
which raises privacy concerns when sharing patient information
over a network. Therefore, it is vital to design a framework
that considers patient privacy and data security when sharing
sensitive information with healthcare facilities and providers.
This paper proposes a blockchain framework for secured patient
health records sharing that allows patients to have full access and
control over their health records. With this novel approach, our
framework applies the Ethereum blockchain smart contracts,
the Inter-Planetary File System (IPFS) as an off-chain storage
system, and the NuCypher protocol, which functions as key
management and blockchain-based proxy re-encryption to create
a secured on-demand patient health records sharing system
effectively. Results show that the proposed framework is more
secure than other schemes, and the PHRs will not be accessible
to unauthorized providers or users. In addition, all encrypted
data will only be accessible to and readable by verified entities
set by the patient.
more »
« less
Internet of Healthcare Things (IoHT): Towards a Digital Chain of Custody
Smart Internet of Healthcare Things (IoHT) have the potential to transform patient care dramatically at reduced cost. The reality, however, is that there are serious security and privacy concerns that prevent this goal from being accomplished. The vast amounts of data being generated need to be kept secure to prevent harm to patients' health and privacy. For example, a cyberattack on heart rates data could cause patients to be over- or under-prescribed, causing severe consequences, including death. In this new environment, not ensuring a proper digital chain of custody leads to digital forensics challenges that could impact a criminal or malpractice investigation. This project explores enhancements needed to ensure security and privacy when IoHT are to be used in healthcare. A model is proposed to ensure a secure digital chain of custody for IoHT using database auditing techniques. The current status of the proposed concept and future directions are also discussed.
more »
« less
- Award ID(s):
- 1922169
- NSF-PAR ID:
- 10401396
- Date Published:
- Journal Name:
- 2022 IEEE 10th International Conference on Healthcare Informatics (ICHI)
- Page Range / eLocation ID:
- 524 to 526
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
In modern healthcare, smart medical devices are used to ensure better and informed patient care. Such devices have the capability to connect to and communicate with the hospital's network or a mobile application over wi-fi or Bluetooth, allowing doctors to remotely configure them, exchange data, or update the firmware. For example, Cardiovascular Implantable Electronic Devices (CIED), more commonly known as Pacemakers, are increasingly becoming smarter, connected to the cloud or healthcare information systems, and capable of being programmed remotely. Healthcare providers can upload new configurations to such devices to change the treatment. Such configurations are often exchanged, reused, and/or modified to match the patient's specific health scenario. Such capabilities, unfortunately, come at a price. Malicious entities can provide a faulty configuration to such devices, leading to the patient's death. Any update to the state or configuration of such devices must be thoroughly vetted before applying them to the device. In case of any adverse events, we must also be able to trace the lineage and propagation of the faulty configuration to determine the cause and liability issues. In a highly distributed environment such as today's hospitals, ensuring the integrity of configurations and security policies is difficult and often requires a complex setup. As configurations propagate, traditional access control and authentication of the healthcare provider applying the configuration is not enough to prevent installation of malicious configurations. In this paper, we argue that a provenance-based approach can provide an effective solution towards hardening the security of such medical devices. In this approach, devices would maintain a verifiable provenance chain that would allow assessing not just the current state, but also the past history of the configuration of the device. Also, any configuration update would be accompanied by its own secure provenance chain, allowing verification of the origin and lineage of the configuration. The ability to protect and verify the provenance of devices and configurations would lead to better patient care, prevent malfunction of the device due to malicious configurations, and allow after-the-fact investigation of device configuration issues. In this paper, we advocate the benefits of such an approach and sketch the requirements, implementation challenges, and deployment strategies for such a provenance-based system.more » « less
-
Patient health records(PHRs) are crucial and sensitive as they contain essential information and are frequently shared among healthcare entities. This information must remain correct, up to date, private and accessible only to the authorized entities. Moreover, access must also be assured during health emergency crises such as the recent outbreak, which represents the greatest test of the flexibility and the efficiency of PHR sharing among healthcare providers, which ended up an immense interruption to the healthcare industry. Moreover, the right to privacy is the most fundamental right for a patient. Hence, the patient health records in the healthcare sector have faced issues with privacy breaches, insider outside attacks, and unauthorized access to crucial patients’ records. As a result, it pushes more patients to demand more control, security, and a smoother experience when they want to access their health records. Furthermore, the lack of interoperability among the healthcare system and providers and the added weight of cyber-attacks on an already overwhelmed system have called for an immediate solution. In this work, we developed a secured blockchain framework that safeguards patients’ full control over their health data which can be stored in their private IPFS and later shared with an authorized provider. Furthermore, the system ensures privacy and security while handling patient data, which can only be shared with the patients. The proposed Security and privacy analysis show promising results in providing time savings, enhanced confidentiality, and less disruption in patient-provider interactions.more » « less
-
The healthcare industry has experienced a re-markable digital transformation through the adoption of IoT technologies, resulting in a significant increase in the volume and variety of medical data generated. Challenges in processing, analyzing, and sharing healthcare data persist. Traditional cloud computing approaches, while useful for processing healthcare data, have drawbacks, including delays in data transfer, data privacy concerns, and the risk of data unavailability. In this paper, we propose a software-defined 5G and AI-enabled distributed edge-cloud collaboration platform to classify healthcare data at the edge devices, facilitate realtime service delivery, and create AI/ML-based models for identifying patients' potential medical conditions. In our architecture, we have incorporated a federated learning scheme based on homomorphic encryption to provide privacy in data sharing and processing. The proposed framework ensures secure and efficient data communication and processing, ultimately fostering effective collaboration among healthcare institutions. The models will be validated by performing a comparative time analysis, and the interplay between edge and cloud computing will be investigated to support realtime healthcare applications.more » « less
-
Covid-19 outbreak represents an exceptional test of the flexibility and the efficiency of patient medical records transfer among healthcare providers which ended up in boundless interruption to the healthcare industry. This public crisis has pushed for an urgent innovation of the patient medical records transference (PMRT) system to meet the needs and provide appropriate patient care. Moreover, the drawback effects of Covid-19 changed the healthcare system forever, more patients are requesting more control, secure, and smoother experience when they want access to their health records. However, the problems stem from the lack of interoperability among the healthcare system and providers and the added burden of cyber-attacks on an already stressed system call for an immediate solution. In this work, we present a secured blockchain framework that ensures patients full ownership over their medical data which can be stored in their private IPFS and later can be shared with an authorized provider. The analysis of the proposed security and privacy aspects shows promising results in providing time savings and resulted in enhanced confidentiality and less disruption in patient-provider interactions.more » « less