Improving e-health security through trust negotiation

  • Mahmoud Elkhodr

Western Sydney University thesis: Master's thesis

Abstract

In Australia, home and community aged care has been a growing sector for the past two decades. To achieve higher levels of efficiency and improve the quality of care, remote monitoring systems for elderly offer interesting solutions. The data collected by the monitoring system are transmitted to the healthcare provider and stored on the healthcare provider's server in the form of patients' Electronic Health Records (EHR). With such a system, healthcare professionals can remotely access each patient's EHR on their mobile devices, for instance when they are at the patients' homes. They may need to access patients' EHR for obtaining the history of the patient's medical records or modifying the patient's EHR. It is important to secure the transmission of the patient's EHR between the healthcare provider server and the mobile device being used by the healthcare professional, as communication is via unsecure networks, such as the Internet. It is also important to ensure that a patient's EHR is only disclosed to the authorized entities. Therefore, obviously, security services, such as privacy protection during transmission of data and remote authorized access to patients' EHR are of paramount importance. Other security requirements that need to be addressed relate to the nature of mobile devices and their vulnerabilities to loss and theft. The approaches proposed in this study ensure that patients' EHR are only disclosed to the authorized healthcare professional, on the registered device, at the appropriate locations. They ensure the confidentiality of information by securing its transmission, using Transport Layer Security (TLS) as the underlying protocol. Building on the strengths of this protocol, a trust negotiation approach is developed. This approach authenticates the person receiving the care, the person administering it, the mobile device used in accessing the health information, as well as the location where the healthcare is administered. This combination results in significant improvements in overcoming security related concerns compared to the traditional identity-based only access control techniques. The improvements in the security of the remote monitoring systems are achieved by providing extra protective features to the access control and authorization process before the release of any data over unsecured networks. For verification purposes, a mobile application is developed. This application gives healthcare professionals secure remote access to the EHR of the monitored elderly patients. These experimental works confirm that by applying the proposed trust negotiation approach, the expected analysis results can be achieved. The developed application is also practical and easy to adopt, as users are not required to have any additional knowledge or expertise in the use of the underlying technologies. This is also important, as in general, most healthcare professionals cannot be considered as experts in network security areas.
Date of Award2011
Original languageEnglish

Keywords

  • medical records
  • access control
  • mobile communication systems
  • data protection
  • trust negotiation
  • computer networks
  • computer security
  • community health services for older people
  • e-health
  • medical informatics
  • Australia

Cite this

'