| Title | Sensor-Based mHealth Authentication for Real-Time Remote Healthcare Monitoring System: A Multilayer Systematic Review. |
| Authors | Shuwandy, ML; Zaidan, BB; Zaidan, AA; Albahri, AS |
| Journal | Journal of medical systems |
| Publication Date | 6 Jan 2019 |
| Date Added to PubMed | 7 Jan 2019 |
| Abstract | The new and groundbreaking real-time remote healthcare monitoring system on sensor-based mobile health (mHealth) authentication in telemedicine has considerably bounded and dispersed communication components. mHealth, an attractive part in telemedicine architecture, plays an imperative role in patient security and privacy and adapts different sensing technologies through many built-in sensors. This study aims to improve sensor-based defence and attack mechanisms to ensure patient privacy in client side when using mHealth. Thus, a multilayer taxonomy was conducted to attain the goal of this study. Within the first layer, real-time remote monitoring studies based on sensor technology for telemedicine application were reviewed and analysed to examine these technologies and provide researchers with a clear vision of security- and privacy-based sensors in the telemedicine area. An extensive search was conducted to find articles about security and privacy issues, review related applications comprehensively and establish the coherent taxonomy of these articles. ScienceDirect, IEEE Xplore and Web of Science databases were investigated for articles on mHealth in telemedicine-based sensor. A total of 3064 papers were collected from 2007 to 2017. The retrieved articles were filtered according to the security and privacy of sensor-based telemedicine applications. A total of 19 articles were selected and classified into two categories. The first category, 57.89% (n = 11/19), included survey on telemedicine articles and their applications. The second category, 42.1% (n = 8/19), included articles contributed to the three-tiered architecture of telemedicine. The collected studies improved the essential need to add another taxonomy layer and review the sensor-based smartphone authentication studies. This map matching for both taxonomies was developed for this study to investigate sensor field comprehensively and gain access to novel risks and benefits of the mHealth security in telemedicine application. The literature on sensor-based smartphones in the second layer of our taxonomy was analysed and reviewed. A total of 599 papers were collected from 2007 to 2017. In this layer, we obtained a final set of 81 articles classified into three categories. The first category of the articles [86.41% (n = 70/81)], where sensor-based smartphones were examined by utilising orientation sensors for user authentication, was used. The second category [7.40% (n = 6/81)] included attack articles, which were not intensively included in our literature analysis. The third category [8.64% (n = 7/81)] included 'other' articles. Factors were considered to understand fully the various contextual aspects of the field in published studies. The characteristics included the motivation and challenges related to sensor-based authentication of smartphones encountered by researchers and the recommendations to strengthen this critical area of research. Finally, many studies on the sensor-based smartphone in the second layer have focused on enhancing accurate authentication because sensor-based smartphones require sensors that could authentically secure mHealth. |
| Link | http://doi.org/10.1007/s10916-018-1149-5 |
| Title | Risk management-based security evaluation model for telemedicine systems. |
| Authors | Kim, DW; Choi, JY; Han, KH |
| Journal | BMC medical informatics and decision making |
| Publication Date | 10 Jun 2020 |
| Date Added to PubMed | 12 Jun 2020 |
| Abstract | Infectious diseases that can cause epidemics, such as COVID-19, SARS-CoV, and MERS-CoV, constitute a major social issue, with healthcare providers fearing secondary, tertiary, and even quaternary infections. To alleviate this problem, telemedicine is increasingly being viewed as an effective means through which patients can be diagnosed and medications prescribed by doctors via untact Thus, concomitant with developments in information and communication technology (ICT), medical institutions have actively analyzed and applied ICT to medical systems to provide optimal medical services. However, with the convergence of these diverse technologies, various risks and security threats have emerged. To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures. The security threats likely to be encountered in each of seven telemedicine service areas were analyzed, and related data were collected directly through on-site surveys by a medical institution. Subsequently, an attack tree, the most popular reliability and risk modeling approach for systematically characterizing the potential risks of telemedicine systems, was examined and utilized with the attack occurrence probability and attack success probability as variables to provide a comprehensive risk assessment method. In this study, the most popular modelling method, an attack tree, was applied to the telemedicine environment, and the security concerns for telemedicine systems were found to be very large. Risk management and evaluation methods suitable for the telemedicine environment were identified, and their benefits and potential limitations were assessed. This research should be beneficial to security experts who wish to investigate the impacts of cybersecurity threats on remote healthcare and researchers who wish to identify new modeling opportunities to apply security risk modeling techniques. |
| Link | http://doi.org/10.1186/s12911-020-01145-7 |
| Title | Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan. |
| Authors | Sahi, A; Lai, D; Li, Y |
| Journal | Computers in biology and medicine |
| Publication Date | 1 Nov 2016 |
| Date Added to PubMed | 25 Oct 2016 |
| Abstract | Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. |
| Link | http://doi.org/10.1016/j.compbiomed.2016.09.003 |
| Title | REVISITING HEALTH INFORMATION TECHNOLOGY ETHICAL, LEGAL, and SOCIAL ISSUES and EVALUATION: TELEHEALTH/TELEMEDICINE and COVID-19. |
| Authors | Kaplan, B |
| Journal | International journal of medical informatics |
| Publication Date | 1 Nov 2020 |
| Date Added to PubMed | 6 Nov 2020 |
| Abstract | Information technologies have been vital during the COVID-19 pandemic. Telehealth and telemedicine services, especially, fulfilled their promise by allowing patients to receive advice and care at a distance, making it safer for all concerned. Over the preceding years, professional societies, governments, and scholars examined ethical, legal, and social issues (ELSI) related to telemedicine and telehealth. Primary concerns evident from reviewing this literature have been quality of care, access, consent, and privacy. To identify and summarize ethical, legal, and social issues related to information technology in healthcare, as exemplified by telehealth and telemedicine. To expand on prior analyses and address gaps illuminated by the COVID-19 experience. To propose future research directions. Literature was identified through searches, forward and backward citation chaining, and the author's knowledge of scholars and works in the area. EU and professional organizations' guidelines, and nineteen scholarly papers were examined and categories created to identify ethical, legal, and social issues they addressed. A synthesis matrix was developed to categorize issues addressed by each source. A synthesis matrix was developed and issues categorized as: quality of care, consent and autonomy, access to care and technology, legal and regulatory, clinician responsibilities, patient responsibilities, changed relationships, commercialization, policy, information needs, and evaluation, with subcategories that fleshed out each category. The literature primarily addressed quality of care, access, consent, and privacy. Other identified considerations were little discussed. These and newer concerns include: usability, tailoring services to each patient, curriculum and training, implementation, commercialization, and licensing and liability. The need for interoperability, data availability, cybersecurity, and informatics infrastructure also is more apparent. These issues are applicable to other information technologies in healthcare. Clinicians and organizations need updated guidelines for ethical use of telemedicine and telehealth care, and decision- and policy-makers need evidence to inform decisions. The variety of newly implemented telemedicine services is an on-going natural experiment presenting an unparalleled opportunity to develop an evidence-based way forward. The paper recommends evaluation using an applied ethics, context-sensitive approach that explores interactions among multiple factors and considerations. It suggests evaluation questions to investigate ethical, social, and legal issues through multi-method, sociotechnical, interpretive and ethnographic, and interactionist evaluation approaches. Such evaluation can help telehealth, and other information technologies, be integrated into healthcare ethically and effectively. |
| Link | http://doi.org/10.1016/j.ijmedinf.2020.104239 |
| Title | Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study. |
| Authors | Atienza, AA; Zarcadoolas, C; Vaughon, W; Hughes, P; Patel, V; Chou, WY; Pritts, J |
| Journal | Journal of health communication |
| Publication Date | 1 Dec 2015 |
| Date Added to PubMed | 15 Apr 2015 |
| Abstract | This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology. |
| Link | http://doi.org/10.1080/10810730.2015.1018560 |
| Title | eHealth Cloud Security Challenges: A Survey. |
| Authors | Al-Issa, Y; Ottom, MA; Tamrawi, A |
| Journal | Journal of healthcare engineering |
| Publication Date | 1 Dec 2019 |
| Date Added to PubMed | 1 Oct 2019 |
| Abstract | Cloud computing is a promising technology that is expected to transform the healthcare industry. Cloud computing has many benefits like flexibility, cost and energy savings, resource sharing, and fast deployment. In this paper, we study the use of cloud computing in the healthcare industry and different cloud security and privacy challenges. The centralization of data on the cloud raises many security and privacy concerns for individuals and healthcare providers. This centralization of data (1) provides attackers with one-stop honey-pot to steal data and intercept data in-motion and (2) moves data ownership to the cloud service providers; therefore, the individuals and healthcare providers lose control over sensitive data. As a result, security, privacy, efficiency, and scalability concerns are hindering the wide adoption of the cloud technology. In this work, we found that the state-of-the art solutions address only a subset of those concerns. Thus, there is an immediate need for a holistic solution that balances all the contradicting requirements. |
| Link | http://doi.org/10.1155/2019/7516035 |
| Title | Practical and secure telemedicine systems for user mobility. |
| Authors | Rezaeibagha, F; Mu, Y |
| Journal | Journal of biomedical informatics |
| Publication Date | 1 Feb 2018 |
| Date Added to PubMed | 31 Dec 2017 |
| Abstract | The application of wireless devices has led to a significant improvement in the quality delivery of care in telemedicine systems. Patients who live in a remote area are able to communicate with the healthcare provider and benefit from the doctor consultations. However, it has been a challenge to provide a secure telemedicine system, which captures users (patients and doctors) mobility and patient privacy. In this work, we present several secure protocols for telemedicine systems, which ensure the secure communication between patients and doctors who are located in different geographical locations. Our protocols are the first of this kind featured with confidentiality of patient information, mutual authentication, patient anonymity, data integrity, freshness of communication, and mobility. Our protocols are based on symmetric-key schemes and capture all desirable security requirements in order to better serve our objectives of research for secure telemedicine services; therefore, they are very efficient in implementation. A comparison with related works shows that our work contributes first comprehensive solution to capture user mobility and patient privacy for telemedicine systems. |
| Link | http://doi.org/10.1016/j.jbi.2017.12.011 |
| Title | An Evolutionary Game-Theoretic Approach for Assessing Privacy Protection in mHealth Systems. |
| Authors | Zhu, G; Liu, H; Feng, M |
| Journal | International journal of environmental research and public health |
| Publication Date | 8 Oct 2018 |
| Date Added to PubMed | 10 Oct 2018 |
| Abstract | With the rapid deployment of mobile technologies and their applications in the healthcare domain, privacy concerns have emerged as one of the most critical issues. Traditional technical and organizational approaches used to address privacy issues ignore economic factors, which are increasingly important in the investment strategy of those responsible for ensuring privacy protection. Taking the mHealth system as the context, this article builds an evolutionary game to model three types of entities (including system providers, hospitals and governments) under the conditions of incomplete information and bounded rationality. Given that the various participating entities are often unable to accurately estimate their own profits or costs, we propose a quantified approach to analyzing the optimal strategy of privacy investment and regulation. Numerical examples are provided for illustration and simulation purpose. Based upon these examples, several countermeasures and suggestions for privacy protection are proposed. Our analytical results show that governmental regulation and auditing has a significant impact on the strategic choice of the other two entities involved. In addition, the strategic choices of system providers and hospitals are not only correlated with profits and investment costs, but they are also significantly affected by free riding. If the profit growth coefficients increase to a critical level, mHealth system providers and hospitals will invest in privacy protection even without the imposition of regulations. However, the critical level is dependent on the values of the parameters (variables) in each case of investment and profits. |
| Link | http://doi.org/10.3390/ijerph15102196 |