Advertisement

Developing a comprehensive information security framework for mHealth: a detailed analysis

  • Nattaruedee VithanwattanaEmail author
  • Glenford Mapp
  • Carlisle George
Original Article

Abstract

It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform.

Keywords

mHealth Information security Wearable devices Cloud computing Security framework Security requirements 

References

  1. 1.
    World Health Organisation (2011) mHealth: new horizons for health through mobile technologies (online). http://www.who.int/goe/publications/goe_mhealth_web.pdf Accessed 6 Jan 2017
  2. 2.
    European Commission (2014) GREEN PAPER on mobile Health (“mHealth”) (online). https://ec.europa.eu/digital-agenda/en/news/green-paper-mobile-health-mhealth. Accessed 10 Jan 2017
  3. 3.
    Germanakos P, Mourlas C, Samaras G (2005) A mobile agent approach for ubiquitous and personalized eHealth Information Systems. In: Proceedings of the workshop on ’Personalization for e-Health’ of the 10th international conference on user modeling (UM’05), Edinburgh, pp 67–70Google Scholar
  4. 4.
    European Commission (2014) Healthcare in your pocket: unlocking the potential of mHealth (online). http://europa.eu/rapid/press-release_IP-14-394_en.htm. Accessed 10 Jan 2017
  5. 5.
    Whittaker R (2012) Issues in mHealth: finding from key informant interviews (online). http://www.jmir.org/2012/5/e129/. Accessed 10 Jan 2017
  6. 6.
    Avancha S, Baxi A, Kotz D (2012) Privacy in mobile technology for personal healthcare. ACM Comput Surv 45(1):Article 2CrossRefGoogle Scholar
  7. 7.
    Vodafone Global Enterprise (2013) Evaluating mHealth barriers: privacy and regulation (online). http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/VodafoneGlobalEnterprise-mHealth-Insights-Guide-EvaluatingmHealth-Adoption-Privacy-and-Regulation.pdf. Accessed 20 Jan 2017
  8. 8.
    Adesina AO, Agbele KK, Februarie R, Abidoye AP, Nyongesa HO (2011) Ensuring the security and privacy of information in mobile health-care communication systems. S Afr J Sci 107(9/10):Art. #508. doi: 10.4102/sajs.v107i9/10.508 CrossRefGoogle Scholar
  9. 9.
    Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75CrossRefGoogle Scholar
  10. 10.
    Takabi H, Joshi JBD, Ahn GJ (2010) SecureCloud: towards a comprehensive security framework for cloud computing environments. In: International computer software and applications conference, pp 393–398Google Scholar
  11. 11.
    Brock M, Goscinski A (2010) Toward a framework for cloud security. In: Lecture Notes in Computer Science, vol 6082. Springer, Berlin, pp 254–263Google Scholar
  12. 12.
    Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Future Gener Comput Syst 28:583–592CrossRefGoogle Scholar
  13. 13.
    Mapp G, Aiash M, Ondiege B, Clarke M (2014) Exploring a new security framework for cloud storage using capabilities. 2014 IEEE 8th symposium on service oriented system engineering (SOSE). IEEE, Oxford, pp 484–489Google Scholar
  14. 14.
    Hunter A (2017) Taxonomies (online). http://www0.cs.ucl.ac.uk/staff/a.hunter/tradepress/tax.html. Accessed 25 Jan 2017
  15. 15.
    Noy NF, McGuinness DL (2001) Ontology development 101: a guide to creating your first ontology (online). http://protege.stanford.edu/publications/ontology_development/ontology101.pdf. Accessed 19 Jan 2017
  16. 16.
    Gonzalez NM, Miers CC, Redigolo FF, Simplicio M, Carvalho T, Naslund M, Pourzandi M (2011) A taxonomy model for cloud computing services. First international conference on cloud computing and services science (CLOSER). Springer, Netherlands, pp 56–65Google Scholar
  17. 17.
    Mell P, Grance T (2010) The NIST definition of cloud computing. Commun ACM 53(6):50Google Scholar
  18. 18.
    Johnston S (2008) Taxonomy: the 6 layer cloud computing stack (online). https://samj.net/2008/09/17/taxonomy-the-6-layer-cloud-computing-stack/. Accessed 16 March 2017
  19. 19.
    U.S. Food and Drug Administration (2015) Implants and prosthetics (online). http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/ImplantsandProsthetics/. Accessed 10 Jan 2017
  20. 20.
    Medical Device and Diagnostic Industry (2013) Body hackers implant homemade health monitor (online). http://www.mddionline.com/blog/devicetalk/body-hackers-implant-homemade-health-monitor. Accessed 10 Jan 2017
  21. 21.
    Karulf E (2008) Body area networks (BAN) (online). http://www.cse.wustl.edu/~jain/cse574-08/ftp/ban/index.html. Accessed 10 Jan 2017
  22. 22.
    Jovanov E (2005) Wireless technology and system integration in body area networks for m-health applications. 2005 27th annual international conference of the IEEE engineering in medicine and biology science (EMBS). IEEE, Shanghai, pp 7158–7160CrossRefGoogle Scholar
  23. 23.
    HealthIT.gov (2016) Are there different types of personal health records (PHRs)? (online). https://www.healthit.gov/providers-professionals/faqs/are-there-different-types-personal-health-records-phrs. Accessed 11 Jan 2017
  24. 24.
    Dumortier J, Verhenneman G (2013) Legal regulation of electronic health records: a comparative analysis of Europe and the US. In: George C, Whitehouse D, Duquenoy P (eds) eHealth: legal, ethical and governance challenges. Springer, BerlinGoogle Scholar
  25. 25.
    Yahya F, Walters RJ, Wills GB (2016) Goal-based security components for cloud storage security framework: a preliminary study. In: 2016 international conference on cyber security and protection of digital services (cyber security). IEEE, London, pp 1–5Google Scholar
  26. 26.
    Martin K (2012) Everyday cryptography. Oxford University Press Inc, United States of AmericaCrossRefzbMATHGoogle Scholar
  27. 27.
    Kang J, Adibi S (2015) A review of security protocols in mHealth wireless body area networks (WBAN). The series of communications in computer and information science, vol 523, pp 61–83Google Scholar
  28. 28.
    Convery S (2007) Network authentication, authorization, and accounting. Internet Protocol J 10:2–11Google Scholar
  29. 29.
    International Organization for Standardization (2011) ISO27005:2011 information security—security techniques—information security risk management (online). https://www.iso.org/standard/56742.html. Accessed 17 March 2017
  30. 30.
    El-Abed M, Giot R, Hemery B, Schwartzmann J, Rosenberger C (2012) Towards the security evaluation of biometric authentication systems. IACSIT Int J Eng Technol 4(3):315–320CrossRefGoogle Scholar
  31. 31.
    CSA (2016) The treacherous 12 cloud computing top threats in 2016 (online). https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf. Accessed 17 March 2017
  32. 32.
    Savage M (2012) Mobile device protection: tackling mobile device security risks. (online). http://searchsecurity.techtarget.com/magazineContent/Mobile-device-protection-Tackling-mobile-device-security-risks. Accessed 15 Jan 2017
  33. 33.
    Gejibo S, Mancini F, Mughal KA, Valvik RA, Klungsoyr J (2012) Secure data storage for Java ME-based mobile data collection systems. In: 2012 IEEE 14th international conference on e-Health networking, applications and services (Healthcom 2012). IEEE, Beijing, pp 498–501Google Scholar
  34. 34.
    Jung C (2011) Mobile data collection systems: a review of the current state of the field (online). https://humanitarian-nomad.org/wp-content/uploads/2013/03/NOMAD-MDC-Research.pdf. Accessed 18 Jan 2017
  35. 35.
    Gejibo SH (2015) Towards a secure framework for mHealth, PhD thesis. University of Bergen, BergenGoogle Scholar
  36. 36.
    Halderman JA, Schoen SD, Heninger N, Clarkson W, Paul W, Calandrino JA, Feldman AJ, Appelbaum J, Felten EW (2008) Lest we remember: cold boot attack on encryption keys. In: Proceedings of 17th USENIX security symposium (Sec’08), San JoseGoogle Scholar
  37. 37.
    Scarfone K, Souppaya M (2013) Guidelines for managing the security of mobile devices in the enterprise (online). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf. Accessed 15 Jan 2017
  38. 38.
    Gardner RW, Garera S, Pagano MW, Green M, Rubin AD (2009) Securing medical records on smart phones. 2009 16th ACM conference on computer and communications security (CCS). ACM, Chicago, pp 31–40Google Scholar
  39. 39.
    Schneider FB (2017) Something you know, have, or are (online). https://www.cs.cornell.edu/courses/cs513/2005fa/NNLauthPeople.html. Accessed 18 Jan 2017
  40. 40.
    ICD Security Solutions (2012) Access control continued: biometrics and other forms of access authorization (online). https://www.icdsecurity.com/2014/10/20/access-control-continued-biometrics-and-other-forms-of-access-authorization/. Accessed 18 Jan 2017
  41. 41.
    Luxton DD, Kayl RA, Mishkind MC (2012) mHealth data security: the need for HIPAA compliant standardization. Telemed e-Health 18(4):284CrossRefGoogle Scholar
  42. 42.
    Cloud Standards Customer Council (2012) Impact of cloud computing on healthcare (online). http://www.cloud-council.org/deliverables/CSCC-Impact-of-Cloud-Computing-on-Healthcare.pdf. Accessed 18 Jan 2017
  43. 43.
    Mapp G, Riley L (2014) yRFC3: the simple protocol lite (SP-Lite) specification (online). http://www.mdx.ac.uk/__data/assets/pdf_file/0030/124797/yrfc3-SP-Lite.pdf. Accessed 20 Jan 2017
  44. 44.
    Padiy A, Mapp G (2017) Simple protocol—Java userspace implementation (online). http://www.mdx.ac.uk/__data/assets/pdf_file/0019/50059/Simple-Protocol-Java-Userspace-Implementation.pdf. Accessed 22 Jan 2017
  45. 45.
    TayloyWessing (2017) How secure is blockchain? (online). https://www.taylorwessing.com/download/article-how-secure-is-block-chain.html. Accessed 23 Jan 2017
  46. 46.
    Korolov M (2016) The blockchain is now being hyped as the solution to all inefficient information processing systems (online). http://www.csoonline.com/article/3050557/security/is-the-blockchain-good-for-security.html. Accessed 23 Jan 2017
  47. 47.
    ENISA (2017) Distributed ledger technology and cyber security—improving information security in the financial sector (online). https://www.enisa.europa.eu/publications/blockchain-security. Accessed 25 Jan 2017
  48. 48.
    Pair S (2015) The secure blockchain is Bitcoin’s biggest asset (online). https://www.infosecurity-magazine.com/opinions/the-secure-Blockchain-is-bitcoins/. Accessed 23 Jan 2017
  49. 49.
    Hall M, Barry J (2013) The sun technology papers. Springer, The United States of AmericaGoogle Scholar
  50. 50.
    Sardis F, Mapp G, Loo J, Aiash M, Vinel A (2013) On the investigation of cloud-based mobile media environments with service-populating and QoS-aware mechanisms. IEEE Trans Multimedia 15(4):769–777CrossRefGoogle Scholar
  51. 51.
    TopQuadrant (2013) Controlled vocabularies, taxonomies, and thesauruses (and ontologies) (online). http://www.topquadrant.com/docs/whitepapers/cvtaxthes.pdf. Accessed 25 Jan 2017
  52. 52.
    Moreira ES, Martimiano LAF, Brandao AJS, Bernardes MC (2008) Ontologies for information security management and governance. Inf Manag Comput Secur 16(2):150–165CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2017

Authors and Affiliations

  • Nattaruedee Vithanwattana
    • 1
    Email author
  • Glenford Mapp
    • 1
  • Carlisle George
    • 1
  1. 1.School of Science and TechnologyMiddlesex UniversityLondonUK

Personalised recommendations