Information Security and Privacy of Patient-Centered Health IT Services: What needs to be done? Tobias Dehling University of Cologne
[email protected]
Abstract Patients increasingly want to access health information and services via tailored patient-centered health IT services (PHS). PHS produce value by managing, assessing, and working on users’ sensitive personal health information and leverage benefits of supporting technologies like cloud computing or mobile information and communication technology. Thus, information security and privacy is highly relevant for the development, deployment, and assessment of PHS. To ease PHS requirements engineering and contribute to the mastering of arising information security and privacy challenges, we derive PHS information security and privacy requirements. With our research we contribute to the scientific knowledge base by illustrating PHS information security and privacy requirements and providing a foundation for PHS requirements development, which represents a fundamental part of software engineering. For practice-oriented audiences, this research can serve as introduction to PHS and offers a foundation and guide for secure and privacy-ensuring development and deployment of PHS.
1. Introduction Health care systems and health care delivery processes are moving away from a model of paternalism towards increased patient involvement [2,35,48]. Instead of blindly following doctors’ orders, patients inform themselves about their illnesses, manage their health actively, and participate in medical decision processes [19,28]. The Internet plays an important role in this development because it facilitates the broad dissemination of medical knowledge and services. Computer-savvy patients want to access health information and services as conveniently as they are used to when doing their banking or vacation planning [17]. This paradigm shift in worldwide health care systems leads to various repercussions for society in the fields of economics, engineering, medicine,
Ali Sunyaev University of Cologne
[email protected]
computer science, and information systems, which are further kindled by the ubiquitous access to health care services on mobile devices [26]. In this paper, we focus on patient-centered health IT services (PHS) that have the potential to satisfy such newly arising demands. To clarify the PHS concept, we propose the following definition: PHS are scalable information systems that leverage information technology to support patients in managing and becoming knowledgeable on their own health; PHS are designed to fulfill patients’ needs, do not have to incorporate requirements of care providers, and can be provided by anyone who can finance the required resources. The concept of PHS is similar to patient-facing health IT services [1], which also include clinical and inpatient health IT services incorporating requirements of medical professionals or institutions. In contrast to patient-facing health IT services, PHS solely target needs/requirements of patients – the users of PHS. Thus, patients always have data sovereignty and further parties like care providers or researchers are only involved if desired by patients. Basically, PHS can provide any functionality patients find useful; for example, manage health-related information in a personal health record [8], support self-management of chronic diseases [46], or provide information on pharmaceuticals a patient is taking [13]. PHS benefit from supporting technologies like cloud computing or mobile information and communication technology. Cloud computing presents itself as promising deployment type for PHS [16,54]. Characteristics of cloud computing like broad network access, ondemand resource access, and rapid elasticity [32] facilitate the provision of PHS, which need to be easily accessible and available whenever necessary [12]. Besides the standardized access over TCP/IP, further standardized Internet technologies allow for interoperability so that synergies of complementary
© 2014 IEEE. Published in Proceedings of the 47th Hawaii International Conference on System Sciences, doi:10.1109/HICSS.2014.371. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
services can be leveraged [15,46]. Obtaining, substituting, and combining services in the style of mobile phone platforms [31] or the Unix tools philosophy [43] lets users freely choose preferred services, reduces software engineering effort, and the narrow focus of individual services eases handling and control of security aspects. Moreover, cloud computing suits PHS even literally since the term ‘patientcentered health IT service’ unites the patient focus of patient-centered health IT [51] with the cloud computing paradigm of offering “ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources” [32:2] as a service. With their rising market penetration smartphones are establishing themselves as valuable choice for PHS. They offer access to the Internet in more and more regions of the world, can leverage various information collected by their sensors, and a vast variety of smartphone applications enable users to access a multitude of functionality [21]. The rich set of embedded sensors [27] enables smartphones to recognize user activities of interest with high accuracy [50]. Smartphones and other mobile devices are rapidly becoming the primary computing and communication device in people’s lives. Mobile access to PHS has the potential to alleviate global health burdens due to the rising dissemination of smartphones, standardized and easy access to cloud or Internet services, and the possibility of cheap global deployment of applications [3,21,34]. On the downside, allowing for substitutable services and letting the choice of services in the sole authority of patients often makes regulatory safeguards [e.g. 11,33] superfluous: Regulatory safeguards might no longer apply because PHS can principally be provided by anyone from anywhere in the world. Accordingly, detection and identification of attackers might also be more complicated [20]. Use of cloud computing and mobile devices in PHS poses further security challenges. Smartphones are easily lost and along with them the information stored on the device. If information is additionally stored without encryption or the device is not locked, the information will also be easily accessible for anyone who finds the device. When it comes to smartphone functionality style concerns seem to outweigh privacy and security concerns. Yet, smartphones have access to all kinds of sensitive information that need to be managed. Furthermore, smartphone apps can principally be implemented and distributed by anyone who has rudimentary programming skills so that smartphone apps are not only developed by professional software
companies, but also by amateurs in small-scale or oneperson development teams. With respect to information security and privacy, the differences in software development expertise and available resources lead to varying quality of mHealth apps and implemented measures to ensure information security and privacy [22,52]. In addition, app stores do not require clear quality checks prior to making an app available for dissemination. While simple and cheap deployment of PHS fosters diversity and improves the potential for patient support and empowerment, it also introduces more risk to information security and privacy due to potential lacking expertise of developers. Characteristics of cloud computing like multitenancy (i.e. deployment of service instances of different organizations on the same physical host) introduce further security challenges to the security-sensitive field of health IT which need to be addressed [18,38,39,40,42,44,47,53]. Hence, establishment of a foundation for PHS information security and privacy requirements engineering is an important step towards secure provision of PHS. Moreover, overcoming the information security and privacy challenges, which impede patients’ willingness to share personal health information [7], could serve as enabler for new services and business models that improve the quality of health care with round-the-clock access to personalized health IT offerings. Requirements engineering represents an early, important step in the software engineering process [36]. As a contribution to mastering the information security and privacy challenges, we present a list of information security and privacy requirements for PHS and related health IT services in this paper. With this research we contribute to the scientific knowledge base by illustrating information security and privacy aspects of the development and deployment of PHS, and by providing a foundation for PHS information security and privacy requirement development. For practiceoriented audiences, this research can serve as introduction to PHS and offers a foundation and guide for the secure and privacy-ensuring provision of PHS via public networks. The remainder of this paper is structured as follows: We present related research in section 2 and our research approach in section 3. Derived information security and privacy requirements are presented in section 4. Finally, the paper concludes with a discussion of results in section 5 and the conclusion in section 6.
2. Related Research Research on information security and privacy in the domain of health IT can be categorized in four primary areas: health care providers, inter-organizational, public policy, and health care consumers [4]. The domain names alone insinuate that health IT research focuses to a large degree on needs of medical professionals, administrations, and health care organizations. Patient-centered health IT, which focuses on the needs of patients, facilitates patient participation, and contributes to patient empowerment [51], receives less attention. Although research in information privacy yields research and practical implications, the area of patient-centered health IT research was only sparsely focused in the past [7]. Patient-centered health IT as a dedicated research focus is motivated by the increasing diversification of health IT and the rising demand of patients for tailored, easyto-use health care web applications [17,51]. Personal health records, which enable patients to store medical information while maintaining data sovereignty, represent a type of PHS that received exceptionally much attention and has been investigated from various perspectives [e.g. 7,24,37,45,46]. In the form of web-based interventions (WBI), PHS received attention in the domain of health care/medical informatics [5]. WBI can also be considered PHS: They support patients in becoming knowledgeable on their own health. However, WBI development efforts and research focuses more on functional aspects while PHS represent a more technical perspective focusing on computer science or information systems aspects instead of treatments or outcomes. Hence, we decided to use our own definition of PHS that emphasizes patient centeredness, focusses on patient needs, and puts lesser focus on clinical relevance or treatment effects (cf. section 1). Extant research on information security and privacy of PHS concentrates mostly on individual technologies and security aspects [e.g. 10] or introduces specialized architectures and applications [e.g. 9]. Broader applicable research is scarce in the literature. Yet, such research is useful to enhance the understanding of PHS and can facilitate the fulfillment of the rising demand for PHS while maintaining information security and privacy. 3. Research Approach The research environment is characterized by the needs of patients and PHS providers; for instance, security, privacy, and a general striving for healthiness. To account for the interdisciplinary nature of PHS, we draw input from the domains of information security,
cloud computing, health care, and health IT. We look at extant research focusing on information security and privacy requirements of cloud or health IT services published in journals and conferences focusing on information systems, computer science, or medical informatics. These outlets are likely to yield results and insights germane to the development and design of PHS as well as PHS information security and privacy aspects. Identified articles focus on information security and privacy of a diverse selection of PHSrelated IT: A review of information security and privacy of electronic medical records [6], a survey of security issues of cloud computing [44], an analysis of privacy and security related issues of health information exchange between health care organizations [29], a discussion of security and privacy issues relevant for integration of electronic health records with health care application clouds [54], a systems view on privacy and information security in health care [39], a discussion of security requirements of a lifelong electronic health record system [49], and an elaboration on privacy aspects of eHealth with a special focus on disclosure attacks and statistical analysis [41]. Identified articles were independently assessed by three researchers. An initial group discussion was conducted to ensure that all researchers had a consistent understanding of the PHS concept, the objective of our analysis as well as to address and clarify any open issues. Subsequently, the researchers independently read identified articles. Proposed information security and privacy requirements were independently recorded and categorized by each researcher. Each researcher assessed recorded information security and privacy requirements for relevancy in the PHS context and consolidated semantically equivalent requirements. The three resulting lists of information security and privacy requirements were then consolidated and checked for consistency. Finally, any disputes with respect to aspects like semantic equivalence, relevance, categorization, or formulation were resolved through group discussion until consensus was reached. 4. Results Our literature analysis resulted in six main information security and privacy requirements for provision of PHS: the CIA triad [23,25] (confidentiality, integrity, and availability) and accountability/non-repudiation, perimeter definition, and usability. The following section introduces the main information security and privacy requirements and their sub-requirements (requirements mentioned for the first time are highlighted in italics). Table 1 and
Table 1. List of information security and privacy requirements for the three main requirements confidentiality, integrity, and availability. A ‘1’ indicates that the requirement was mentioned as relevant in the respective article. Information Security and Privacy [39] [49] [41] [6] [54] [29] [44] Requirement Confidentiality
1
1
Anonymity Authorization
1
1
1
1
1
1
1 1
Limited Access Right Duration
1
No unauthorized person must be able to access users’ (patients’) information The real identity of users (patients) must not be revealed Access must be limited to necessary information and data 1 segregation must be ensured 1
1
Non-Disclosure Transmission and Storage Security
1
Unnecessary access rights must be revoked 1
1
1
Unlinkability
1 1
1
1
Integrity
1
1
1
1
1
1
Availability
1
1
1
1
1
1
Backup
1
1
1
1
1
Long Storage Times
1
1
1
1
Recoverability
1
Requirement Description
It cannot be possible to force users (patients) to reveal information they do not want to reveal Eavesdropping has to be prevented during transmission and storage It must not be possible to reveal relationships between items through observation It must be ensured that information content is as intended and not unintentionally changed Up-to-date information must be available whenever needed Redundancy must be employed to ensure that data can be restored It must be possible to store information as long as it is required (even a lifetime or longer) It must be possible to restore lost information to a specific point in time Failure of single nodes must not impede the performance of the whole service
Resilience to Failures
1
Scalability
1 PHS have to be adaptable to changing performance needs
Up-to-Datedness
1
1
Table 2 provide an overview of the identified information security and privacy requirements and a mapping to the literature. Confidentiality entails that only authorized users can access information. This requires transmission and storage security, i.e. protection of information during transmission and in storage, and proper authorization so that users can only access information they need to access [6,29,39,41,44,54]. By implementing a limited access right duration, it must be ensured that unnecessary access rights are revoked [49]. It should not be possible to link users (patients) to their real identity (anonymity) and unlinkability demands that users’ (patients’) records cannot be linked through observation [41]. Non-disclosure implies that users (patients) cannot be forced to reveal information they want to keep secret [41,54]. Integrity requires that information is protected against unauthorized modification or deletion as well
There cannot be a significant delay between data entry and dissemination to users (patients)
as irrevocable, accidental, and undesired changes by authorized users [6,29,39,44,49,54]. To satisfy the availability requirement, a PHS needs to be accessible and fully operational whenever a user requires access to the PHS so that stored information and services can be retrieved and used when needed. Accordingly, PHS need to be adaptable to changing performance needs (scalability) and have to offer resilience to software and hardware failures of individual components, which should not severely impact the performance of the whole PHS [44]. Availability entails up-to-datedness so that updates are almost instantaneously disseminated to all affected users [29,49]. Furthermore, appropriate backup mechanisms are required so that information can be restored from redundant storage [6,29,44,49,54]. To correct errors and inconsistencies that are detected after some time, recoverability is required so that it is possible to restore information to its state at a specific
Table 2. List of Information security and privacy requirements for the three main requirements accountability/non-repudiation, perimeter definition, and usability. A ‘1’ indicates that the requirement was mentioned as relevant in the respective article. Information Security and Privacy [39] [49] [41] [6] [54] [29] [44] Requirement Accountability/NonRepudiation
1
Audit Trails
1
Authentication
1
Perimeter Definition
1
1
1
Physical Hardware Security System Vulnerability Analysis Usability Access Control Credential Substitutability Education, Alerts, and Reminders Emergency Access Informed Consent Patient Access
1
1
1
1
1
1
1
1
1
1
Intrusion Detection Network Security
1
1 1
1
1
1
1
Requirement Description
Accesses to and uses of information must be attributed to 1 the respective party and it must not be possible to deny such actions afterwards Relevant activity (e.g. document accesses) must be logged It must be determined who is using the software and 1 verified that they are who they claim to be The boundaries of trusted access to the information system 1 must be known and controlled 1 Unintended actions/IS activity must be detected Unauthorized access must be avoided and access rights 1 must be managed Impairment of hardware (theft, natural disasters, ...) has to 1 be prevented 1 System vulnerabilities must be detected
1
1
1
1
1
1
1
1
1
1
1 1
1
1 Important information has to be easily accessible Users (patients) have to be able to control who can access 1 what information Authorization details must be substitutable (loss, technological obsolescence)
1
User ethics, obligations, and proficiency must be reinforced
1
In case of emergency, medical professionals must be able to access required information Users (patients) have to agree to uses of their information and patient consent must be managed Users (patients) have to be able to retrieve information stored on them
1 1
1 1
point in time [29,39,49]. Furthermore, it must be possible to preserve information for long storage times because some information may be relevant across a whole lifetime or even longer [29,49]. The CIA triad is a generally accepted foundation for information security. For PHS, some additional information security and privacy requirements need to be addressed. Accountability/non-repudiation ensures that accesses to and uses of information are attributed to the corresponding party and that such actions cannot be denied afterwards. Authentication measures need to be implemented so that it can be verified that users are who they claim to be and communications remain between the intended senders and recipients [6,29,39,41,44,54]. Moreover, audit trails must be used to monitor PHS activity, sound alarms if undesired activity is detected, and retrace user activity if necessary [6,29,39,54]. Establishment of a perimeter definition demands that the physical and logical boundaries of the information system are known and controlled.
Unauthorized access needs to be prevented and network access rights need to be managed (network security); additionally, physical hardware security needs to be ensured so that theft and tampering with the hardware is prevented and effects of natural disasters are lessened [6,39,44]. System vulnerability analyses should be conducted so that unknown vulnerabilities can be detected and fixed, and the PHS is protected from malware like viruses or trojans [39,44]. This should be complemented by intrusion detection so that security or privacy compromises are detected and can be countered [6,44]. Last but not least usability is important for information security and privacy because important information needs to be easily accessible and security measures should not severely impede PHS use. Emergency access requires that vital information is accessible without patient consultation in case of emergency [49]. If credentials are lost, compromised, or need to be replaced for another reason, credential substitutability warrants that credentials (e.g. smart
cards, keys, or passwords) can be replaced [49,54]. Education, alerts, and reminders are important to reinforce user ethics and users’ proficiency with the system [6,39]. Patient access requires that users (patients) are able to access their information and information on them [29]. For utilization of patients’ information, informed consent needs to be given by patients [6,29,54]. Moreover, it is important that patients are provided with access control so that patients are able to easily and granularly configure who can access their information [6,29,39,44,49,54]. 5. Discussion We identified seven articles in related research fields that focus on information security and privacy requirements. Assessing the seven articles led to identification of 24 information security and privacy requirements, which we grouped into six main requirements. The six main requirements include the CIA triad (confidentiality, integrity, availability), which is basically the foundation for information security [25] so that it would be odd if it was not contained in the source research papers and our collection of requirements. Next to the CIA triad, we identified three further main requirements: Accountability/non-repudiation adds legal aspects so that malicious activity can be punished and is thus less rewarding, at least, for attackers acting spontaneously. Perimeter definition focuses more on the physical security of PHS and their components as well as detection of any unwanted or malicious activity that might still bypass implemented security measures. Usability introduces a further important aspect. It is important that security measures are not too restrictive so that users are not discouraged by extensive effort, limited possibilities, or too complex procedures. Furthermore, users need to be able to understand and use a PHS. It is worth to notice that individual information security and privacy requirements were mentioned with varying frequency. Requirements like authorization, authentication, or access control were mentioned in six of the articles while requirements like anonymity, unlinkability, resilience to failure, or emergency access where only mentioned in one article. This should however not be taken as indication for a varying importance. It is rather an indication for the interdisciplinary influences on PHS and the lack of more general research. More specialized research focuses only on the information security and privacy requirements pertinent to the respective research focus so that some requirements that are otherwise important are not mentioned. For instance, emergency access is highly unlikely to be seen as information security and
privacy requirement without an influence like a medical context. Similarly, long storage times are often not that important, but for management of personal health information (e.g. in a personal health record) it needs to be ensured that information remains accessible and modifiable across a lifetime or even longer, for instance, to represent family history. It should also be noted that the six main requirements groups are not strictly disjunct. Integrity has for instance no sub-requirements because these (backup, storage and transmission security, audit trails, et cetera) are already listed in other categories. Hence, sub-requirements of main requirements can also contribute to fulfilling another main requirement. We settled such classification issues by group discussion and added sub-requirements to those main requirements they have the strongest connection with. The classification into main requirements and subrequirements should be rather perceived as means for structuring and consolidation of results instead of a strict classification or hierarchy of requirements. The compilation of information security and privacy requirements illustrates basic PHS aspects that need to be considered when providing a PHS while maintaining information security and privacy. The collection of information security and privacy requirements can also be used to assess the quality of information security and privacy provision of an individual PHS. However, since PHS can provide any functionality as long as users find it helpful, the individual explicit information security and privacy requirements and priorities of PHS are manifested in various ways. For example, a secure processing environment is of lesser importance in a PHS that handles only encrypted information as in a PHS providing decision support functionality that requires access to unencrypted sensitive medical information. While the elicited requirements should be applicable to a broad range of PHS, their importance depends on the respective PHS. Some requirements might be of marginal importance for a certain PHS and individual PHS are likely to require more detailed, specialized requirements as well as further requirements that are not generally applicable to PHS. In order to use the presented list of security requirements as a guide for secure development and deployment of PHS, a complete understanding of the respective PHS must be established. Subsequently, importance of security requirements needs to be assessed within the context of the respective PHS. Once these steps are completed, measures and processes need to be identified to fulfill the relevant security requirements. Finally, the fit of PHS characteristics, security requirements, and measurements needs to be continuously verified to account for changes of the PHS or its environment.
Another important aspect is that fulfilling information security and privacy requirements comes at some cost. Implemented measures might increase the effort required for operating or maintaining the system and they obviously require monetary efforts for implementation and operation. It is thus worth looking at the system environment. If a PHS is only used in a specific facility some appropriate measures may already be in place (user identification, measures for perimeter definition). Large-scale nationwide health information technology infrastructures (HTI), like the HTI currently being established in Germany [12], may also provide measures (smart card identification, secure communication channels, public key infrastructure, ...) that can be used by PHS. The design of a PHS itself can also be more or less favorable for realizing information security and privacy requirements. If a PHS with mobile access would store its data in a cloud environment instead of directly on the smartphone the information would be better protected if a smartphone were lost and could also be easier restored. This would however demand more focus on transmission security and stable Internet access. A PHS might also require access to very specific information so that it might not be possible for a PHS provider to fulfill certain information security and privacy requirements, as illustrated in the following example: If a PHS requires access to genetic information, it will be possible to reidentify even anonymized information [30] so that anonymity cannot be warranted. In such a case, elaborate measures to ensure anonymity would only cause performance overhead and users need to trust in the confidential handling of their information. In such a situation, it would be more rewarding to focus on measures ensuring requirements like authorization or transmission and storage security instead of wasting valuable resources on anonymity. When offering PHS over the Internet, in the cloud, or on mobile device, it is imperative to ensure information security and privacy so that users are actually willing to use the services [7] and not subject to risks or harm through unreliable services. The presented list of PHS information security and privacy requirements supports development and deployment of PHS that benefit users’ and society as a whole instead of making them vulnerable to harm through information security and privacy infringements. 6. Conclusion To account for the paradigm shift from paternalism towards increased patient involvement of today’s health care systems, we derived information security and privacy requirements of PHS. Due to the diversity
of PHS, which can provide any functionality patients find useful and can be developed for a range of technology like conventional workstations, client server architectures, cloud computing, or mobile end user devices, we focused on compiling a list of information security and privacy requirements that are applicable to a broad range of PHS. PHS are too diverse to devise a simple solution for secure as well as privacy-ensuring development and deployment of any PHS. Our research contributes to overcoming the information security and privacy challenges of PHS by establishing a foundation of things to be done in order to ensure information security and privacy when developing or providing PHS. Improved information security and privacy of PHS is advantageous for patients and society as a whole: Besides reduced risks and harm of information security and privacy infringements, patients may be more willing to share personal, medical information. As a consequence, PHS can be better tailored to patients’ needs and individual situation so that patients can reap more benefits from PHS use, which leads to an improved overall state of health. Our results highlight important information security and privacy aspects for provision of PHS and can serve as a guide for the secure and privacyensuring provision of PHS via public networks. The resulting list of information security and privacy requirements is compiled of 24 individual requirements which are grouped into six main requirements. Next to the CIA triad (confidentiality, integrity, availability), we identified accountability/ non-repudiation, perimeter definition and usability as further main information security and privacy requirements. The requirements should be tested, verified, and, if necessary, extended or refined in future health IT projects and research. Other further research opportunities include the assessment of security measures with respect to selected requirements. This is especially interesting for requirements where usability is affected and measures are not readily available in computer science literature or practice; for example, different approaches for facilitation of emergency access [14]. Analysis of possibilities for integration with other health care systems in order to leverage their security measures to satisfy information security and privacy requirements is also worth considering (e.g. the German HTI [12] or personal health records [9,45]). This could ease development and deployment of PHS through synergies. Requirements represent a fundamental aspect of PHS since they shape the resulting software and its development. For patient-centered health IT solutions information security and privacy are of vital importance because such services produce value by managing, assessing, and working on users’ sensitive,
personal health information. To ease PHS requirements engineering, a crucial, early step in the PHS development process [36], and to contribute to the mastering of arising information security and privacy challenges, we derived a list of information security and privacy requirements that should be applicable to a broad, if not exhaustive, range of PHS. With our work, we emphasize important information security and privacy aspects for development, deployment, and assessment of PHS, which handle sensitive, personal health information and must thus be developed and disseminated in a way that ensures information security and privacy.
[10] Chan, A.T.S., Cao, J., Chan, H., and Young, G. A WebEnabled Framework for Smart Card Applications in Health Services. Communications of the ACM 44, 9 (2001), 76–82. [11] Council of the European Communities. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data. Official Journal L281 of 11/23/1995, (1995), 31–39.
7. References
[12] Dehling, T. and Sunyaev, A. Information Security of Patient-Centred Services Utilising the German Nationwide Health Information Technology Infrastructure. Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec’12), USENIX Association (2012).
[1] Ahern, D.K., Woods, S.S., Lightowler, M.C., Finley, S.W., and Houston, T.K. Promise of and Potential for Patient-Facing Technologies to Enable Meaningful Use. American Journal of Preventive Medicine 40, 5 Suppl 2 (2011), S162–S172.
[13] Dehling, T. and Sunyaev, A. Architecture and Design of a Patient-Friendly eHealth Web Application: Patient Information Leaflets and Supplementary Services. Proceedings of the 18th Americas Conference on Information Systems, AIS (2012), paper 5.
[2] Anderson, R.M. and Funnell, M.M. Patient Empowerment: Reflections on the Challenge of Fostering the Adoption of a New Paradigm. Patient Education and Counseling 57, 2 (2005), 153–157.
[14] Dünnebeil, S., Köbler, F., Koene, P., Leimeister, J.M., and Krcmar, H. Encrypted NFC Emergency Tags Based on the German Telematics Infrastructure. Proceedings of the 2011 Third International Workshop on Near Field Communication, IEEE Computer Society (2011), 50–55.
[3] Anthes, G. HTML5 Leads a Web Revolution. Communications of the ACM 55, 7 (2012), 16–17. [4] Appari, A. and Johnson, M.E. Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 6, 4 (2010), 279–314. [5] Barak, A., Klein, B., and Proudfoot, J.G. Defining Internet-Supported Therapeutic Interventions. Annals of Behavioral Medicine 38, 1 (2009), 4–17. [6] Barrows, R.C. and Clayton, P.D. Privacy, Confidentiality, and Electronic Medical Records. Journal of the American Medical Informatics Associations 3, 2 (1996), 139–148. [7] Bélanger, F. and Crossler, R.E. Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Quarterly 35, 4 (2011), 1017– A36. [8] Blechman, E.A., Raich, P., Raghupathi, W., and Blass, S. Strategic Value of an Unbound, Interoperable PHR Platform for Rights-Managed Care Coordination. Communications of the Association for Information Systems 30, 1 (2012), Article 6. [9] Calvillo, J., Román, I., and Roa, L.M. Empowering Citizens with Access Control Mechanisms to their Personal Health Resources. International Journal of Medical Informatics 82, 1 (2013), 58–72.
[15] Ekonomou, E., Fan, L., Buchanan, W., and Thüemmler, C. An Integrated Cloud-Based Healthcare Infrastructure. Proceedings of the 3rd IEEE International Conference on Cloud Computing Technology and Science (IEEE CloudCom 2011), IEEE Computer Society (2011), 532–536. [16] Fan, L., Buchanan, W., Thümmler, C., et al. DACAR Platform for eHealth Services Cloud. Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing (CLOUD 2011), IEEE Computer Society (2011), 219–226. [17] Forkner-Dunn, J. Internet-Based Patient Self-Care: The Next Generation of Health Care Delivery. Journal of Medical Internet Research 5, 2 (2003), e8. [18] Garber, L. The Challenges of Securing the Virtualized Environment. IEEE Computer 45, 1 (2012), 17–20. [19] Guadagnoli, E. and Ward, P. Patient Participation in Decision-Making. Social Science & Medicine 47, 3 (1998), 329–39. [20] Harries, D. and Yellowlees, P.M. Cyberterrorism: Is the US Healthcare System Safe? Telemedicine and e-Health 19, 1 (2013), 61–66.
[21] D’ Heureuse, N., Huici, F., Arumaithurai, M., Ahmed, M., Papagiannaki, K., and Niccolini, S. What’s App?: A Wide-Scale Measurement Study of Smart Phone Markets. SIGMOBILE Mobile Computing and Communications Review 16, 2 (2012), 16–27. [22] Hoffman, S. and Podgurski, A. In Sickness, Health, and Cyberspace: Protecting the Security of Electronic Private Health Information. Boston College Law Review 48, 2 (2007), Paper 06–15. [23] ISO. Information Technology - Security Techniques Code of Practice for Information Security Management. ISO/IEC 27002:2005, (2005). [24] Kaletsch, A. and Sunyaev, A. Privacy Engineering: Personal Health Records in Cloud Computing Environments. ICIS 2011 Proceedings, (2011), paper 2. [25] Kessler, G.C. Information Security: New Threats or Familiar Problems? IEEE Computer 45, 2 (2012), 59–65. [26] Kumar, S., Nilsen, W., Pavel, M., and Srivastava, M. Mobile Health: Revolutionizing Healthcare Through Transdisciplinary Research. IEEE Computer 46, 1 (2013), 28–35.
[33] Mercuri, R.T. The HIPAA-Potamus in Health Care Data Security. Communications of the ACM 47, 7 (2004), 25–28. [34] Muñoz, R.F., Aguilera, A., Schueller, S.M., Leykin, Y., and Pérez-Stable, E.J. From Online Randomized Controlled Trials to Participant Preference Studies: Morphing the San Francisco Stop Smoking Site into a Worldwide Smoking Cessation Resource. Journal of Medical Internet Research 14, 3 (2012), e64. [35] Neuhauser, D. The Coming Third Health Care Revolution: Personal Empowerment. Quality Management in Health Care 12, 3 (2003), 171–184. [36] Nuseibeh, B. and Easterbrook, S. Requirements Engineering: A Roadmap. Proceedings of the Conference on The Future of Software Engineering, ACM (2000), 35–46. [37] Ozdemir, Z., Barron, J., and Bandyopadhyay, S. An Analysis of the Adoption of Digital Health Records Under Switching Costs. Information Systems Research 22, 3 (2011), 491–503. [38] Pyper, C., Amery, J., Watson, M., and Crook, C. Access to Electronic Health Records in Primary Care - A Survey of Patients’ Views. Medical Science Monitor 10, 11 (2004), SR17–22.
[27] Lane, N.D., Miluzzo, E., Lu, H., Peebles, D., Choudhury, T., and Campbell, A.T. A Survey of Mobile Phone Sensing. IEEE Communications Magazine 48, 9 (2010), 140–150.
[39] Rindfleisch, T.C. Privacy, Information Technology, and Health Care. Communications of the ACM 40, 8 (1997), 92– 100.
[28] Levinson, W., Kao, A., Kuby, A., and Thisted, R.A. Not All Patients Want to Participate in Decision Making. A National Study of Public Preferences. Journal General Internal Medicine 20, 6 (2005), 531–535.
[40] Simon, S.R., Evans, J.S., Benjamin, A., Delano, D., and Bates, D.W. Patients’ Attitudes Toward Electronic Health Information Exchange: Qualitative Study. Journal of Medical Internet Research 11, 9 (2009), e30.
[29] Linden, H. van der, Kalra, D., Hasman, A., and Talmon, J. Inter-Organizational Future Proof EHR Systems: A Review of the Security and Privacy Related Issues. International Journal of Medical Informatics 78, 3 (2009), 141–160.
[41] Slamanig, D. and Stingl, C. Privacy Aspects of eHealth. Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, IEEE Computer Society (2008), 1226–1233.
[30] Lunshof, J.E., Chadwick, R., Vorhaus, D.B., and Church, G.M. From Genetic Privacy to Open Consent. Nature Reviews Genetics 9, 5 (2008), 406–411. [31] Mandl, K.D., Mandel, J.C., Murphy, S.N., et al. The SMART Platform: Early Experience Enabling Substitutable Applications for Electronic Health Records. Journal of the American Medical Informatics Association 19, 4 (2012), 597–603. [32] Mell, P. and Grance, T. A NIST Definition of Cloud Computing. 2011. http://csrc.nist.gov/publications/nistpubs/800-145/SP800145.pdf.
[42] Song, D., Shi, E., and Fischer, I. Cloud Data Protection for the Masses. IEEE Computer 45, 1 (2012), 39–45. [43] Stutz, M. Linux and the Tools Philosophy. 2000. http://linuxdevcenter.com/pub/a/linux/2000/07/25/LivingLin ux.html. [44] Subashini, S. and Kavitha, V. A Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications 34, 1 (2011), 1–11. [45] Sunyaev, A., Chornyi, D., Mauro, C., and Krcmar, H. Evaluation Framework for Personal Health Records: Microsoft Health Vault vs. Google Health. Proceedings of the Hawaii International Conference on System Sciences (HICSS 34), IEEE Computer Society (2010).
[46] Sunyaev, A. and Chornyi, D. Supporting Chronic Disease Care Quality: Design and Implementation of a Health Service and Its Integration with Electronic Health Records. ACM Journal of Data and Information Quality 3, 2 (2012), 3:1–3:21. [47] Sunyaev, A. and Schneider, S. Cloud Services Certification. Communications of the ACM 56, 2 (2013), 33– 36. [48] Tomes, N. Patient Empowerment and the Dilemmas of Late-Modern Medicalisation. The Lancet 369, 9562 (2007), 698–700. [49] Wainer, J., Campos, C.J.R., Salinas, M.D.U., and Sigulem, D. Security Requirements for a Lifelong Electronic Health Record System: An Opinion. Open Medical Informatics Journal 2, (2008), 160–165.
[50] Weiss, G.M. and Lockhart, J.W. The Impact of Personalization on Smartphone-Based Activity Recognition. AAAI Workshop on Activity Context Representation: Techniques and Languages, (2012). [51] Wilson, E.V. Patient-Centered Publications, Hershey, PA, U.S., 2009.
E-Health.
IGI
[52] Van Wyk, K.R. and McGraw, G. Bridging the Gap between Software Development and Information Security. Security Privacy, IEEE 3, 5 (2005), 75–79. [53] Yau, S.S. and An, H.G. Software Engineering Meets Services and Cloud Computing. IEEE Computer 44, 10 (2011), 47–53. [54] Zhang, R. and Liu, L. Security Models and Requirements for Healthcare Application Clouds. Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), IEEE Computer Society (2010), 268–275.
