The availability of wearable devices such as smartwatches and fitness trackers are a recent development. Among other things, these devices can measure the activity and vital signs of their wearers. As the types of data these devices are able to gather increases the potential for them to be used as a source of data grows. This calls for a secure method of controlling the digital exchange of medical data between wearables and healthcare providers, and healthcare providers in general. By enforcing the exchange of data to go through a central authority, a patient can be given more control over who is able to access his medical data. This central authority is then given the task of monitoring access and ensuring that all access requirements are met. Though effective, this solution relies on a highly trusted central authority. In this work, we propose a scheme using Polymorphic Encryption and Pseudonomysation and Secret Sharing to provide anonymous data storage and data exchange. Our propos al removes the need for a central authority, and instead uses a group of authorities, of which a quorum is needed to facilitate the exchange of data.

In recent years we have seen a rise in the amount of fitness tracking and self monitoring devices. These devices which often work in conjunction with a smartphone are becoming more accurate and are becoming widely adopted. This trend goes hand in hand with Electronic Health Care (e-health): the shift of health care to the digital domain. E-health would allow patients to measure their medical condition at home, allowing a diagnosis to be made based on measurements taken over a longer period of time, while reducing the work performed by a doctor. Measurements are  tored in the cloud, simplifying the way in which they can be shared with healthcare providers and possibly research  nstitutions. Modernizing healthcare this way should give the patient more insight and control over his/her healthcare and  medical data. Furthermore the amount of visits required to the hospital can be reduced, an endeavor which can be demanding for many less fit for elderly individuals.

However, handling medical data this way causes concern for privacy. Often the data handled by these devices is very  sensitive and could easily be used to identify the user and monitor many of their behaviours. In order to achieve privacy there are several approaches. One way is to enforce involved parties through legislation to use the data for specific purposes only. However, this relies on the party being semi-trusted and does not guarantee safety in case of a data-breach. 

In this work the way in which the integration of wearables into the medical domain is currently taking place and how privacy and security is handled will be explored. Furthermore we will show the current state of research regarding improving this security.