SO
Silvia Delgado Olabarriaga
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
14 records found
1
Perceptions of a Secure Cloud-Based Solution for Data Sharing during Acute Stroke Care
Qualitative Interview Study
Journal article
(2022)
-
Marcela Tuler de Oliveira, Lúcio Henrik Amorim, Henk Marquering, Aeilko H. Zwinderman, Sílvia Delgado Olabarriaga
Background: Acute stroke care demands fast procedures performed through the collaboration of multiple professionals across multiple organizations. Cloud computing and the wide adoption of electronic medical records (EMRs) enable health care systems to improve data availability and facilitate sharing among professionals. However, designing a secure and privacy-preserving EMR cloud-based application is challenging because it must dynamically control the access to the patient’s EMR according to the needs for data during treatment. Objective: We developed a prototype of a secure EMR cloud-based application. The application explores the security features offered by the eHealth cloud-based framework created by the Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Health Care Horizon 2020 project. This study aimed to collect impressions, challenges, and improvements for the prototype when applied to the use case of secure data sharing among acute care teams during emergency treatment in the Netherlands. Methods: We conducted 14 semistructured interviews with medical professionals with 4 prominent roles in acute care: emergency call centers, ambulance services, emergency hospitals, and general practitioner clinics. We used in-depth interviews to capture their perspectives about the application’s design and functions and its use in a simulated acute care event. We used thematic analysis of interview transcripts. Participants were recruited until the collected data reached thematic saturation. Results: The participants’ perceptions and feedback are presented as 5 themes identified from the interviews: current challenges (theme 1), quality of the shared EMR data (theme 2), integrity and auditability of the EMR data (theme 3), usefulness and functionality of the application (theme 4), and trust and acceptance of the technology (theme 5). The results reinforced the current challenges in patient data sharing during acute stroke care. Moreover, from the user point of view, we expressed the challenges of adopting the Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Health Care Acute Stroke Care application in a real scenario and provided suggestions for improving the proposed technology’s acceptability. Conclusions: This study has endorsed a system that supports data sharing among acute care professionals with efficiency, but without compromising the security and privacy of the patient. This explorative study identified several significant barriers to and improvement opportunities for the future acceptance and adoption of the proposed system. Moreover, the study results highlight that the desired digital transformation should consider integrating the already existing systems instead of requesting migration to a new centralized system.
...
Background: Acute stroke care demands fast procedures performed through the collaboration of multiple professionals across multiple organizations. Cloud computing and the wide adoption of electronic medical records (EMRs) enable health care systems to improve data availability and facilitate sharing among professionals. However, designing a secure and privacy-preserving EMR cloud-based application is challenging because it must dynamically control the access to the patient’s EMR according to the needs for data during treatment. Objective: We developed a prototype of a secure EMR cloud-based application. The application explores the security features offered by the eHealth cloud-based framework created by the Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Health Care Horizon 2020 project. This study aimed to collect impressions, challenges, and improvements for the prototype when applied to the use case of secure data sharing among acute care teams during emergency treatment in the Netherlands. Methods: We conducted 14 semistructured interviews with medical professionals with 4 prominent roles in acute care: emergency call centers, ambulance services, emergency hospitals, and general practitioner clinics. We used in-depth interviews to capture their perspectives about the application’s design and functions and its use in a simulated acute care event. We used thematic analysis of interview transcripts. Participants were recruited until the collected data reached thematic saturation. Results: The participants’ perceptions and feedback are presented as 5 themes identified from the interviews: current challenges (theme 1), quality of the shared EMR data (theme 2), integrity and auditability of the EMR data (theme 3), usefulness and functionality of the application (theme 4), and trust and acceptance of the technology (theme 5). The results reinforced the current challenges in patient data sharing during acute stroke care. Moreover, from the user point of view, we expressed the challenges of adopting the Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Health Care Acute Stroke Care application in a real scenario and provided suggestions for improving the proposed technology’s acceptability. Conclusions: This study has endorsed a system that supports data sharing among acute care professionals with efficiency, but without compromising the security and privacy of the patient. This explorative study identified several significant barriers to and improvement opportunities for the future acceptance and adoption of the proposed system. Moreover, the study results highlight that the desired digital transformation should consider integrating the already existing systems instead of requesting migration to a new centralized system.
Conference paper
(2022)
-
Lucio H. A. Reis, Marcela T. de Oliveira, Silvia D. Olabarriaga
Research data sharing requires provision of adequate security. The requirements for data privacy are extremely demanding for medical data that is reused for research purposes. To address these requirements, the research institutions must implement adequate security measurements, and this demands large effort and costs to do it properly. The usage of adequate access controls and data encryption are key approaches to effectively protect research data confidentiality; however, the management of the encryption keys is challenging. There are novel mechanisms that can be explored for managing access to the encryption keys and encrypted files. These mechanisms guarantee that data are accessed by authorised users and that auditing is possible. In this paper we explore these mechanisms to implement a secure research medical data sharing system. In the proposed system, the research data are stored on a secure cloud system. The data are partitioned into subsets, each one encrypted with a unique key. After the authorisation process, researchers are given rights to use one or more of the keys and to selectively access and decrypt parts of the dataset. Our proposed solution offers automated fine-grain access control to research data, saving time and work usually made manually. Moreover, it maximises and fortifies users' trust in data sharing through secure clouds solutions. We present an initial evaluation and conclude with a discussion about the limitations, open research questions and future work around this challenging topic.
...
Research data sharing requires provision of adequate security. The requirements for data privacy are extremely demanding for medical data that is reused for research purposes. To address these requirements, the research institutions must implement adequate security measurements, and this demands large effort and costs to do it properly. The usage of adequate access controls and data encryption are key approaches to effectively protect research data confidentiality; however, the management of the encryption keys is challenging. There are novel mechanisms that can be explored for managing access to the encryption keys and encrypted files. These mechanisms guarantee that data are accessed by authorised users and that auditing is possible. In this paper we explore these mechanisms to implement a secure research medical data sharing system. In the proposed system, the research data are stored on a secure cloud system. The data are partitioned into subsets, each one encrypted with a unique key. After the authorisation process, researchers are given rights to use one or more of the keys and to selectively access and decrypt parts of the dataset. Our proposed solution offers automated fine-grain access control to research data, saving time and work usually made manually. Moreover, it maximises and fortifies users' trust in data sharing through secure clouds solutions. We present an initial evaluation and conclude with a discussion about the limitations, open research questions and future work around this challenging topic.
Book chapter
(2022)
-
Kassaye Yitbarek Yigzaw, Sílvia Delgado Olabarriaga, Johan Gustav Bellika, Taridzo Chomutare, Antonis Michalas, Luis Marco-Ruiz, Christiaan Hillen, Yiannis Verginadis, Marcela Tuler de Oliveira, Dagmar Krefting, Thomas Penzel, James Bowden
This chapter reviews the common health data security and privacy challenges to provide an overview of the context—the concerns and the types of cybersecurity threats that healthcare institutions face. Also highlighted are the latest scientific work related to two primary solutions for protecting health data used for individual care, namely, access control and cryptography and two additional solutions for protecting data used for secondary purposes, namely, data de-identification and privacy-preserving distributed data mining (PPDDM). We exemplify implementation of these solutions using three real-life use cases in healthcare and pivot our discussion on how healthcare institutions can develop cybersecurity policy and prepare themselves for complying with relevant security and privacy regulations like Europe’s General Data Protection Regulation (GDPR) and the Healthcare Insurance Portability and the Accountability Act (HIPAA) in the United States.
...
This chapter reviews the common health data security and privacy challenges to provide an overview of the context—the concerns and the types of cybersecurity threats that healthcare institutions face. Also highlighted are the latest scientific work related to two primary solutions for protecting health data used for individual care, namely, access control and cryptography and two additional solutions for protecting data used for secondary purposes, namely, data de-identification and privacy-preserving distributed data mining (PPDDM). We exemplify implementation of these solutions using three real-life use cases in healthcare and pivot our discussion on how healthcare institutions can develop cybersecurity policy and prepare themselves for complying with relevant security and privacy regulations like Europe’s General Data Protection Regulation (GDPR) and the Healthcare Insurance Portability and the Accountability Act (HIPAA) in the United States.
Journal article
(2022)
-
Marcela Tuler De Oliveira, Lucio Henrik Amorim Reis, Yiannis Verginadis, Diogo Menezes Ferrazani Mattos, Silvia Delgado Olabarriaga
Cross-organisation data sharing is challenging because all the involved organisations must agree on ‘how’ and ‘why’ the data is processed. Due to a lack of transparency, the organisations need to trust that others comply with the agreements and regulations. We propose to exploit blockchain and smart contracts technologies to define an Attribute-Based Access Control System for cross-organisation medical records sharing, coined SmartAccess. SmartAccess offers joint agreement over access policies and dynamic access control besides blockchain transparency and auditability. We leverage the Attribute-Based Access Control model to implement smart contracts. We deploy and test them on a private and permissioned blockchain, transforming the access control process into a distributed smart contract execution. This paper proposes the SmartAccess system and its application in two healthcare use cases. We introduce the threat model and perform a security analysis of the system. To demonstrate the feasibility of our proposal, we implement a proof-of-concept of the smart contracts, written in Solidity language, with a size-efficient policy representation, and analyse the complexity and scalability of the contracts’ functions. Furthermore, we present performance results, measuring the latency and throughput of the transactions to execute the access control functions with different blockchain network consensus setups. We also compare the performance of the SmartAccess system against two open-source Solidity implementations of smart contract-based access control, Role-based Access Control and Access Control List. Finally, we discuss the strengths and drawbacks of our proposal. SmartAccess requires the overhead of a decentralised system, but the trade-off is transparency, regulation compliance and auditability for complex cross-organisation data sharing.
...
Cross-organisation data sharing is challenging because all the involved organisations must agree on ‘how’ and ‘why’ the data is processed. Due to a lack of transparency, the organisations need to trust that others comply with the agreements and regulations. We propose to exploit blockchain and smart contracts technologies to define an Attribute-Based Access Control System for cross-organisation medical records sharing, coined SmartAccess. SmartAccess offers joint agreement over access policies and dynamic access control besides blockchain transparency and auditability. We leverage the Attribute-Based Access Control model to implement smart contracts. We deploy and test them on a private and permissioned blockchain, transforming the access control process into a distributed smart contract execution. This paper proposes the SmartAccess system and its application in two healthcare use cases. We introduce the threat model and perform a security analysis of the system. To demonstrate the feasibility of our proposal, we implement a proof-of-concept of the smart contracts, written in Solidity language, with a size-efficient policy representation, and analyse the complexity and scalability of the contracts’ functions. Furthermore, we present performance results, measuring the latency and throughput of the transactions to execute the access control functions with different blockchain network consensus setups. We also compare the performance of the SmartAccess system against two open-source Solidity implementations of smart contract-based access control, Role-based Access Control and Access Control List. Finally, we discuss the strengths and drawbacks of our proposal. SmartAccess requires the overhead of a decentralised system, but the trade-off is transparency, regulation compliance and auditability for complex cross-organisation data sharing.
Conference paper
(2021)
-
Taridzo Chomutare, Kassaye Yitbarek Yigzaw, Silvia Delgado Olabarriaga, Alexandra Makhlysheva, Marcela Tuler de Oliveira, Line Silsand, Dagmar Krefting, Thomas Penzel, Christiaan Hillen, Johan Gustav Bellika
Cloud computing has many benefits relevant to the healthcare industry. Although the adoption of cloud services for healthcare systems is increasing, employment of cloud services raises many security and privacy concerns for patients and healthcare providers. We still lack a clear set of requirements consented by the different stakeholders; here in particular IT and healthcare professionals. In this study, we examine whether user perspectives on requirements for e-health on the cloud are consistent with best practice guidelines and regulatory requirements. This work contributes to the requirements engineering phase for a secure e-health cloud framework developed in a European project (ASCLEPIOS, https://www.asclepios-project.eu/). We used qualitative analysis, based on in-depth interviews, to describe and characterize clinicians' perspectives on the requirements of cloud services for healthcare data security and privacy. We examined whether these user perspectives were in harmony with the regulatory framework of the General Data Protection Regulation (GDPR), and best practice guidelines of a relevant standard, ISO 18308:2011. Ten clinicians were identified and interviewed at six healthcare organizations in Norway, the Netherlands and Germany. While user perspectives were largely consistent with both GDPR and ISO, some concerning differences in access control were noted between large and small healthcare institutions.
...
Cloud computing has many benefits relevant to the healthcare industry. Although the adoption of cloud services for healthcare systems is increasing, employment of cloud services raises many security and privacy concerns for patients and healthcare providers. We still lack a clear set of requirements consented by the different stakeholders; here in particular IT and healthcare professionals. In this study, we examine whether user perspectives on requirements for e-health on the cloud are consistent with best practice guidelines and regulatory requirements. This work contributes to the requirements engineering phase for a secure e-health cloud framework developed in a European project (ASCLEPIOS, https://www.asclepios-project.eu/). We used qualitative analysis, based on in-depth interviews, to describe and characterize clinicians' perspectives on the requirements of cloud services for healthcare data security and privacy. We examined whether these user perspectives were in harmony with the regulatory framework of the General Data Protection Regulation (GDPR), and best practice guidelines of a relevant standard, ISO 18308:2011. Ten clinicians were identified and interviewed at six healthcare organizations in Norway, the Netherlands and Germany. While user perspectives were largely consistent with both GDPR and ISO, some concerning differences in access control were noted between large and small healthcare institutions.
Cryptography on Untrustworthy Cloud Storage for Healthcare Applications
A Performance Analysis
Conference paper
(2021)
-
Lucio H.A. Reis, Marcela T. De Oliveira, James Bowden, Dagmar Krefting, Silvia D. Olabarriaga, Diogo M.F. Mattos
For cross-sectoral sharing of health data, cloud services provide benefits regarding the availability of relevant information in critical situations. Nevertheless, storing electronic health records in the cloud may impact patient's privacy, since the cloud service provider might lack trustworthiness. Client-side cryptography mitigates the privacy risk by encrypting data in the user's computational environment before transmitting them to the cloud. However, client-side cryptography raises performance concerns. This paper investigates Web Assembly and JavaScript solutions that enable client-side cryptography in web applications and compares their performance against server-side cryptography. We contextualize the study within two healthcare web applications: a prototype for patient record sharing during acute stroke care and an application for sharing data in sleep medicine treatment. Our results show that JavaScript and Web Assembly libraries add more time to encryption and decryption than server-side cryptography. However, due to the concurrency introduced by simultaneous users, the performance of server-side cryptography is worse than client-side, taking longer times to attend to the demand and requiring a larger infrastructure to be effective. Moreover, the JavaScript library asmCrypto and Web Assembly approaches perform better than other libraries and are feasible candidates for application development.
...
For cross-sectoral sharing of health data, cloud services provide benefits regarding the availability of relevant information in critical situations. Nevertheless, storing electronic health records in the cloud may impact patient's privacy, since the cloud service provider might lack trustworthiness. Client-side cryptography mitigates the privacy risk by encrypting data in the user's computational environment before transmitting them to the cloud. However, client-side cryptography raises performance concerns. This paper investigates Web Assembly and JavaScript solutions that enable client-side cryptography in web applications and compares their performance against server-side cryptography. We contextualize the study within two healthcare web applications: a prototype for patient record sharing during acute stroke care and an application for sharing data in sleep medicine treatment. Our results show that JavaScript and Web Assembly libraries add more time to encryption and decryption than server-side cryptography. However, due to the concurrency introduced by simultaneous users, the performance of server-side cryptography is worse than client-side, taking longer times to attend to the demand and requiring a larger infrastructure to be effective. Moreover, the JavaScript library asmCrypto and Web Assembly approaches perform better than other libraries and are feasible candidates for application development.
Conference paper
(2021)
-
Lucio H.A. Reis, Marcela T. De Oliveira, Diogo M.F. Mattos, Silvia D. Olabarriaga
Acute stroke care demands fast procedures and collaboration of different healthcare organisations and professionals. The development of cloud computing and the wide adoption of electronic health records (EHR) foster healthcare systems to improve data availability and potentially enhance acute-stroke care quality. However, the design of a secure and privacy-preserving EHR cloud-based application is challenging. This paper presents the leading security and privacy requirements for healthcare applications and contextualises each requirement in the acute stroke care use case. Moreover, we deploy the ASCLEPIOS eHealth Cloud-based framework to address each requirement in designing an EHR cloud-based application for data sharing during acute stroke care. Our initial prototype combines the ASCLEPIOS framework with a public cloud service infrastructure and a private signature scheme. The prototype meets the security and privacy requirements since it protects the EHR data against unauthorised access, data breaches, and data exposure on public cloud providers. Moreover, we present preliminary results and discussions about the usability and overhead of the ASCLEPIOS framework.
...
Acute stroke care demands fast procedures and collaboration of different healthcare organisations and professionals. The development of cloud computing and the wide adoption of electronic health records (EHR) foster healthcare systems to improve data availability and potentially enhance acute-stroke care quality. However, the design of a secure and privacy-preserving EHR cloud-based application is challenging. This paper presents the leading security and privacy requirements for healthcare applications and contextualises each requirement in the acute stroke care use case. Moreover, we deploy the ASCLEPIOS eHealth Cloud-based framework to address each requirement in designing an EHR cloud-based application for data sharing during acute stroke care. Our initial prototype combines the ASCLEPIOS framework with a public cloud service infrastructure and a private signature scheme. The prototype meets the security and privacy requirements since it protects the EHR data against unauthorised access, data breaches, and data exposure on public cloud providers. Moreover, we present preliminary results and discussions about the usability and overhead of the ASCLEPIOS framework.
Journal article
(2020)
-
Tom Tervoort, Marcela Tuler De Oliveira, Wolter Pieters, Pieter Van Gelder, Silvia Delgado Olabarriaga, Henk Marquering
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.
...
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.
Test, Trace, and Put on the Blockchain?
A Viewpoint Evaluating the Use of Decentralized Systems for Algorithmic Contact Tracing to Combat a Global Pandemic
Journal article
(2020)
-
Moritz Platt, Anton Hasselgren, Juan Manuel Román-Belmonte, Marcela Tuler de Oliveira, Hortensia De la Corte-Rodríguez, Sílvia Delgado Olabarriaga, Emérito Carlos Rodríguez-Merchán, Tim Ken Mackey
The enormous pressure of the increasing case numbers experienced during the COVID-19 pandemic has given rise to a variety of novel digital systems designed to provide solutions to unprecedented challenges in public health. The field of algorithmic contact tracing, in particular, an area of research that had previously received limited attention, has moved into the spotlight as a crucial factor in containing the pandemic. The use of digital tools to enable more robust and expedited contact tracing and notification, while maintaining privacy and trust in the data generated, is viewed as key to identifying chains of transmission and close contacts, and, consequently, to enabling effective case investigations. Scaling these tools has never been more critical, as global case numbers have exceeded 100 million, as many asymptomatic patients remain undetected, and as COVID-19 variants begin to emerge around the world. In this context, there is increasing attention on blockchain technology as a part of systems for enhanced digital algorithmic contact tracing and reporting. By analyzing the literature that has emerged from this trend, the common characteristics of the designs proposed become apparent. An archetypal system architecture can be derived, taking these characteristics into consideration. However, assessing the utility of this architecture using a recognized evaluation framework shows that the added benefits and features of blockchain technology do not provide significant advantages over conventional centralized systems for algorithmic contact tracing and reporting. From our study, it, therefore, seems that blockchain technology may provide a more significant benefit in other areas of public health beyond contact tracing.
...
The enormous pressure of the increasing case numbers experienced during the COVID-19 pandemic has given rise to a variety of novel digital systems designed to provide solutions to unprecedented challenges in public health. The field of algorithmic contact tracing, in particular, an area of research that had previously received limited attention, has moved into the spotlight as a crucial factor in containing the pandemic. The use of digital tools to enable more robust and expedited contact tracing and notification, while maintaining privacy and trust in the data generated, is viewed as key to identifying chains of transmission and close contacts, and, consequently, to enabling effective case investigations. Scaling these tools has never been more critical, as global case numbers have exceeded 100 million, as many asymptomatic patients remain undetected, and as COVID-19 variants begin to emerge around the world. In this context, there is increasing attention on blockchain technology as a part of systems for enhanced digital algorithmic contact tracing and reporting. By analyzing the literature that has emerged from this trend, the common characteristics of the designs proposed become apparent. An archetypal system architecture can be derived, taking these characteristics into consideration. However, assessing the utility of this architecture using a recognized evaluation framework shows that the added benefits and features of blockchain technology do not provide significant advantages over conventional centralized systems for algorithmic contact tracing and reporting. From our study, it, therefore, seems that blockchain technology may provide a more significant benefit in other areas of public health beyond contact tracing.
Journal article
(2020)
-
Marcela T. de Oliveira, Alexandros Bakas, Eugene Frimpong, Adrien E.D. Groot, Henk A. Marquering, Antonis Michalas, Silvia D. Olabarriaga
In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.
...
In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.
Conference paper
(2019)
-
Marcela Tuler de Oliveira, Antonis Michalas, Adrien E. D. Groot, Henk A. Marquering, Silvia Delgado Olabarriaga
Availability of medical records during an emergency situation is of paramount importance since it allows healthcare professionals to access patient's data on time and properly plan the next steps that need to be taken. Cloud storage has the potential to provide a solution to the problem of data unavailability during an emergency situation. However, sharing medical records raises several concerns about security and privacy. In this paper, we study the problem of how to share encrypted patients' data during an emergency situation. To this end, we propose a protocol through which a team of healthcare professionals can securely decrypt the medical records of a patient who is under an emergency situation (e.g. acute stroke). Furthermore, our protocol ensures that a team of healthcare professionals will only have access to the patient's data for the time needed to complete a specific process related to the patient's situation (e.g. transfer patient to the hospital). In our study, the dynamically granting and revoking data access during an emergency treatment is the main novelty.
...
Availability of medical records during an emergency situation is of paramount importance since it allows healthcare professionals to access patient's data on time and properly plan the next steps that need to be taken. Cloud storage has the potential to provide a solution to the problem of data unavailability during an emergency situation. However, sharing medical records raises several concerns about security and privacy. In this paper, we study the problem of how to share encrypted patients' data during an emergency situation. To this end, we propose a protocol through which a team of healthcare professionals can securely decrypt the medical records of a patient who is under an emergency situation (e.g. acute stroke). Furthermore, our protocol ensures that a team of healthcare professionals will only have access to the patient's data for the time needed to complete a specific process related to the patient's situation (e.g. transfer patient to the hospital). In our study, the dynamically granting and revoking data access during an emergency treatment is the main novelty.
Conference paper
(2019)
-
Marcela T. De Oliveira, Lucio H.A. Reis, Ricardo C. Carrano, Flavio L. Seixas, Debora C.M. Saade, Celio V. Albuquerque, Natalia C. Fernandes, Silvia D. Olabarriaga, DIanne S.V. Medeiros, DIogo M.F. Mattos
Electronic medical records (EMRs) are highly sensitive information shared among peers to keep up-to-date patient history. Providing security, privacy, and availability to these sensitive data is a challenge because, typically, after data publication the patient loses control over them. In this paper, we propose a blockchain-based approach to secure EMR for healthcare applications, where access control is patient-centric. Our proposal keeps encrypted EMRs in the blockchain, and the patient shares the decryption key only with healthcare professionals in which he/she trusts. Blockchain allows untrusted node, in a distributed peer-to-peer network to correctly and verifiably interact with each other, without any reliable intermediary. We investigate the scalability of our approach through simulations. Results show that it scales well since increasing the number of nodes in the network implies a linear increase in the size of the stored chain. Results also reveal that the time for inserting a new EMR in the blockchain remains low even when the number of nodes in the network increases.
...
Electronic medical records (EMRs) are highly sensitive information shared among peers to keep up-to-date patient history. Providing security, privacy, and availability to these sensitive data is a challenge because, typically, after data publication the patient loses control over them. In this paper, we propose a blockchain-based approach to secure EMR for healthcare applications, where access control is patient-centric. Our proposal keeps encrypted EMRs in the blockchain, and the patient shares the decryption key only with healthcare professionals in which he/she trusts. Blockchain allows untrusted node, in a distributed peer-to-peer network to correctly and verifiably interact with each other, without any reliable intermediary. We investigate the scalability of our approach through simulations. Results show that it scales well since increasing the number of nodes in the network implies a linear increase in the size of the stored chain. Results also reveal that the time for inserting a new EMR in the blockchain remains low even when the number of nodes in the network increases.