Exploring Security Issues in Telehealth Systems (original) (raw)
Related papers
Security in Telehealth Systems from a Software Engineering Viewpoint: A Systematic Mapping Study
IEEE Access
Telehealth systems deliver remote care of elderly and physically less able patients as well as remote surgeries, treatments, and diagnoses. In this regard, several systemic properties must be satisfied (such as security) in order to ensure the functionality of Telehealth systems. Although existing studies discuss different security episodes that involve Telehealth systems, it is difficult to have a clear standpoint about which are the most reported security issues and which solutions have been proposed. Furthermore, since Telehealth systems are composed of several software systems, it is not clear which critical areas of Software Engineering are relevant to develop secure Telehealth systems. This article reports a systematic mapping study (SMS) whose purpose is to detect, organize, and characterize security issues in Telehealth systems. Based on the SMS results, we examine how Software Engineering may help to develop secure Telehealth systems. From over a thousand studies, we distinguished and classified 41 primary studies. Results show that (i) four security classifications (attacks, vulnerabilities, weaknesses, and threats) concentrate the most reported security issues ; (ii) three security strategies (detect attacks, stop or mitigate attacks and react to attacks) characterize security issues, and (iii) the most relevant research themes are related to insecure data transmission and privacy. The SMS's findings suggest that software design, requirements, and models are key areas to develop secure Telehealth systems.
The advancement in information communication technologies has seen the rise in the deployment of various information exchange devices in the healthcare sector. Among these technologies is the Tele-care Medical Information Systems (TMIS) in which remote users can establish a connection with the hospital medical server and share the necessary information between them. This can potentially offer doctors and patients more reasonable treatment plan, as well as helping address the huge medical expenses and excessive medical treatment duration. There is therefore need to store patient data in the end devices, as well as transmit this data over public channels to facilitate decision making. This paper sought to review the security schemes that have been developed over the recent past to protect the patient data stored or transmitted in TMIS.
The Proceedings of the Second ICST International Conference on Pervasive Computing Technologies for Healthcare, 2008
Security of Telemedicine applications is not often given adequate importance by the developers and healthcare administrators primarily to reduce cost. Though some security safeguards are employed by these applications to comply with existing medical data security and privacy regulations, these are not adequate in today's context. Moreover, in a web-based application environment not only the data but also the application itself is vulnerable to attackers. Keeping these concerns in mind, we present the design of a web-based, four-tier Telemedicine System named iMedik which is accessible over desktops as well as handheld devices. We have illustrated how the proposed system differs from existing three-tier web applications. The compliance status of the application with HIPAA Security Guidelines has also been noted. The security measures described in our approach look into the four-tier architecture from an attacker's viewpoint and present a simple road map for developing secure e-health application with anywhere, anytime availability.
Securing Telehealth Applications in a Web-Based e-Health Portal
2008 Third International Conference on Availability, Reliability and Security, 2008
Telehealth applications can deliver medical services to patients at remote locations using telecommunications technologies, such as the Internet. At the same time, such applications also pose unique security challenges. First, the trust issue becomes more severe due to the lack of visual proofs in telehealth applications. The public key infrastructure (PKI) is insufficient for providing the same kind of trust a patient may attain during a face-to-face service. Second, telehealth services, such as tele-monitoring or tele-consultant, naturally demand a systematic organization of users, roles, resources, and flows of information. Existing access control mechanisms in an e-health system are usually incapable of dealing with such workflow-based services. This paper provides cost-efficient solutions to those issues in the context of a Web-based e-health portal system. First, we propose a PKI-like infrastructure for establishing trust between users using biometrics-based authentication and hierarchies of trust. Second, we develop an access control method for workflow-based telehealth services using a rule-based module already available in the portal system.
Analysis of security requirements in telemedicine networks
Telemedicine networks' privacy and security are the most important issues for patient´s medical information maintenance, access and transmission. Possible threatens or attacks to the systems such as not authorized logged in, data changes or destruction can be avoided considering the worth of these two aspects. Any weakness in any part of the system can affect the entire system. In fact, it is necessary to establish the security requirements and mechanisms that keep the data integrity by analyzing the standards that control the system. The intention of this paper is to examine the kind of services delivered by a telemedicine network and to propose a cluster of minimum security requirements that must be taken into account in aspects such as access, data transmission, human resources, network devices and medical diagnostic equipment based on the international standards HIPAA, COBIT, CALDICOTT, ITU-T and ISO.
Evaluating Security Issues in Mobile Internet Healthcare Systems
2006
The substantive purpose of this paper is to present and acknowledge the security issues concerning mobile healthcare systems. The paper also describes investigations into the vulnerabilities of a secure network, compromising the transfer of confidential data. The focus of the work is centered on the evaluation of the security of a healthcare mobile network, in real-time, and to propose a framework for the secure patient monitoring system.
Security and Privacy Issues in Ehealthcare Systems: Towards Trusted Services
International Journal of Advanced Computer Science and Applications, 2016
Recent years have witnessed a widespread availability of electronic healthcare data record (EHR) systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics, or other institutions. To improve the quality of healthcare service, EHRs could be potentially shared by a variety of users. This results in significant privacy issues that should be addressed to make the use of EHR practical. In fact, despite the recent research in designing standards and regulations directives concerning security and privacy in EHR systems, it is still, however, not completely settled out the privacy challenges. In this paper, a systematic literature review was conducted concerning the privacy issues in electronic healthcare systems. More than 50 original articles were selected to study the existing security approaches and figure out the used security models. Also, a novel Context-aware Access Control Security Model (CARE) is proposed to capture the scenario of data interoperability and support the security fundamentals of healthcare systems along with the capability of providing fine-grained access control.
Security in E-Health Applications
Advances in Enterprise Information Technology Security, 2007
This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.