· · · Repository hosted by TU Delft Library

Cloud computing is an emerging technology that is expected to support Internet scale critical applications which could be essential to the healthcare sector. Its scalability, resilience, adaptability, connectivity, cost reduction, and high performance features have high potential to lift the efficiency and quality of healthcare. However,it is also important to understand specific risks related to security and privacy that this technology brings. This paper focuses on a home healthcare system based on cloud computing. It introduces several use cases and draws an architecture based on the cloud. A comprehensive methodology is used to integrate security and privacy engineering process into the software development lifecycle. In particular,security and privacy challenges are identified in the proposed cloud-based home healthcare system. Moreover, a functional infrastructureplan is provided to demonstrate the integration between the proposed application architecture with the cloud infrastructure. Finally, the paper discusses several mitigation techniques putting the focus on patient-centric control and policy enforcement via cryptographic technologies, and consequently on digital rights management and attribute based encryption technologies.

Connected and interoperable healthcare system promises to reduce thecost of the healthcare delivery, increase its efficiency and enableconsumers to better engage with clinicians and manage their care. However at the same time it introduces new risks towards security andprivacy of personal health information, which are considered to beprominent impediments towards the realization of full benefits of connected health. In the connected healthcare system of future, different security technologies will be used to address security risks indifferent trust domains. For the domain of personal health and healthy lifestyle services, which is less trusted, additional security mechanisms (e.g. digital rights management) are required next to access control which is traditionally used in the professional medical domain. To realize the vision of connected health, all these mechanisms should be interoperable with each other. In this paper we providean interoperability framework which allows digital rights managementand access control systems to seamlessly work together through theuse of ontology.

Personal telehealth is in rapid development with innovative emerging applications like disease management. With personal telehealth people participate in their own care supported by an open distributed system with health services. This poses new end-to-end security and privacy challenges. In this paper we introduce new end-to-end security requirements and present a design for consent management in the context of the Continua Health Alliance architecture. Thus, we empower patients to control how their health information is shared and used in a personal telehealth eco-system. Conclusions: Novel use cases in personal telehealth cannot be addressed with point-to-point or transport security alone anymore and a more end-to-end approach to security and privacy is required. The user-centered and open architecture of personal telehealth systems introduce challenging end-to-end security needs in the areas of identity management, integrity, data origin authentication and consent management. This paper presents a design to extend personal telehealth with digital consent. This design is applied to and presented in context of the Continua Health Alliance interoperability architecture. It demonstrates how the application and combination of novel standards from the healthcare domain realizes consent management and thereby empowers users.