Requirements elicitation for secure and interoperable cross-border health data exchange: the KONFIDO study (original) (raw)
Related papers
Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit.
Emerging and Established Trends to Support Secure Health Information Exchange
2021
This work aims to provide information, guidelines, established practices and standards, and an extensive evaluation on new and promising technologies for the implementation of a secure information sharing platform for health-related data. We focus strictly on the technical aspects and specifically on the sharing of health information, studying innovative techniques for secure information sharing within the health-care domain, and we describe our solution and evaluate the use of blockchain methodologically for integrating within our implementation. To do so, we analyze health information sharing within the concept of the PANACEA project that facilitates the design, implementation, and deployment of a relevant platform. The research presented in this paper provides evidence and argumentation toward advanced and novel implementation strategies for a state-of-the-art information sharing environment; a description of high-level requirements for the transfer of data between different heal...
Proceedings of the 21st International Conference on Advanced Information Systems (CAiSE 2009), 2009
In CAiSE 2006, we had presented a framework to support development of secure information systems. The framework was based on the integration of two security-aware approaches, the Secure Tropos methodology, which provides an approach for security requirements elicitation, and the UMLsec approach, which allows one to include the security requirements into design models and offers tools for security analysis. In this paper we reflect on the usage of this framework and we report our experiences of applying it to two different industrial case studies from the health care domain. However, due to lack of space we only describe in this paper one of the case studies. Our findings demonstrate that the support of the framework for the consideration of security issues from the early stages and throughout the development process can result in a substantial improvement in the security of the analysed systems.
Secure Cross-Border Exchange of Health Related Data: The KONFIDO Approach
2019
This paper sets up the scene of the KONFIDO project in a clear way. In particular, it: (i) defines KONFIDO objectives and draws KONFIDO boundaries; (ii) identifies KONFIDO users and beneficiaries; (iii) describes the environment where KONFIDO is embedded; (iv) provides a bird’s eye view of the KONFIDO technologies and how they will be deployed in the pilot studies of the project; and (v) presents the approach that the KONFIDO consortium will take to prove that the proposed solutions work. KONFIDO addresses one of the top three priorities of the European Commission regarding the digital transformation of health and care in the Digital Single Market, i.e. citizens’ secure access to their health data, also across borders. To make sure that KONFIDO has a high-impact, its results are exposed to the wide public by developing three substantial pilots in three distinct European countries (namely Denmark, Italy, and Spain).
The emerging cloud computing technology enables new scenarios in healthcare. However, there are still many security and privacy concerns. Although there are numerous publications in the context of cloud computing in healthcare, we found no typical security and privacy requirements framework so far. With this background we survey security and privacy requirements for the use of cloud computing in healthcare. Preparing the ground for a future design science approach to creating secure and privacy-friendly cloud architectures for healthcare, we conduct a systematic literature review, collect and elicit security and privacy requirements to be further evaluated by different experts from the healthcare industry in semi-structured interviews. Further, we apply an established security requirements elicitation methodology to an information exchange scenario based on cloud computing.
Blockchain in Healthcare Today, 2023
Blockchain applications in healthcare have grown rapidly. They include record-keeping, clinical trials, medical supply chains, patient monitoring, etc., where blockchain characteristics are needed to improve safety, privacy, and security. Blockchain technology is one of the most significant disruptive technologies today. However, Porru et al. 1 reported that it lacks processes, tools, and techniques. Therefore, this paper provides a systematic framework for a secure and sustainable software engineering framework for healthcare blockchain applications (S 3 EF-HBCA). S 3 EF-HBCA is a significant contribution that includes requirements engineering for healthcare, business process modeling for healthcare, domain modeling for healthcare, a reference architecture for healthcare, and validation by a case study on electronic healthcare record management system (EHR), and simulation with business process modeling notation (BPMN) tools. The simulation shows it has taken 10.45 min to process 100 instances of real-time data and service requests. The overall result shows encouragement regarding process, tools, standards, and testing.
Security and Communication Networks
A peer-to-peer (P2P) decentralized information-sharing network is used to share data and maintain security, privacy, and integrity standards called blockchain. In this case, information sharing and updating require regular simplification. The presented systematic review mainly focuses on the interoperability of electronic health records (EHRs) using blockchain. Correspondingly, 18 blockchain-based solutions were selected to address the interoperability challenges of EHRs. The limitation of solutions includes reliability, privacy, integrity, sharing, and standards. This systematic review contains six phase’s research question, research phase, article selection, abstract-based keyword, data extraction, and progress tracking. Various Web resources such as Google Scholar, Web of Science, and IEEE are used to extract the relevant manuscripts. Primarily, 18 articles were selected to present the interoperable requirements of EHRs using blockchain, standards of blockchain-based EHRs, and so...
Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems
Journal of Medical Internet Research, 2013
The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered.
A Secure Healthcare System: From Design to Implementation
Procedia Computer Science, 2015
We introduce the design and development of a comprehensive electronic health record system (EHR) that incorporates AES encryption to assure security. Our work adopts a didactic approach to introduce the formal design steps of an EHR with its underlying database from a software engineering perspective. For this, we adopt two formal development methodologies as software engineering perspective and database development approach and combine the two to present a guideline to design and develop similar projects in other domains. For informative purposes, the steps of the development process are formalized based on database ER-model, and the final design is normalized into 3NF. We provide insight on rationale for employing specific methodologies, and using particular material and tools.