Abstract
Decentralized applications are increasingly recognized as efficient tools to overcome security challenges in the management of highly sensitive health information. However, research still lacks the understanding of how to address the complex security challenges in the design of health data management applications (HDMAs). In this study, we structurally analyzed security requirements of health data management systems to improve the efficiency of their design. We leveraged threat modeling to inform the design of HDMAs and proposed the system architecture accordingly to facilitate the security of interorganizational health data exchange. Our results contribute to the exaptation of threat modeling to the innovative design of decentralized applications for health data management and to the exploration of benefits of decentralization for healthcare.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Azaria A, Ekblaw A, Vieira T, Lippman A (2016) MedRec: Using Blockchain for Medical Data Access and Permission Management. ICBDR
Dagher GG, Mohler J, Milojkovic M, Marella PB (2018) Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Urban Areas 39:283–297
Erler C, Schinle M, Dietrich M (2022) Decision Model to Design a Blockchain-based System for Storing Sensitive Health Data. In: CIS 2022 Research Papers
Gersch M (2022) Digitalisierung im Gesundheitswesen. Handbuch Digitalisierung, Vahlen
Ghayvat H, Sharma M, Gope P, Sharma PK (2022) SHARIF: solid pod-based secured healthcare information storage and exchange solution in Internet of Things. IEEE Trans Indus Inform. 18(8) (2022)
Hunker J, Probst CW (2011) insiders and insider threats - an overview of definitions and mitigation techniques. J Wirel Mob Netw Ubiq Comput Dependable Appl
Häyrinen K, Saranto K, Nykänen P (2008) Definition, structure, content, use and impacts of electronic health records: a review of the research literature. Int J Med Inform
Ismail L, Materwala H, Karduck AP, Adem A (2020) Requirements of health data management systems for biomedical care and research: scoping review. J Med Internet Res
Kannengießer N, Lins S, Dehling T, Sunyaev A (2020) Trade-offs between distributed ledger technology characteristics. ACM Comput Surv 53:2
Liu Y, Lu Q, Paik HY, Xu X, Chen S, Zhu L (2020) Design pattern as a service for blockchain-based self-sovereign identity. IEEE Softw. 37(5) (2020)
McGhin T, Choo K, Liu CZ, He D (2019) Blockchain in healthcare applications: Research challenges and opportunities. J Netw Comput Appl 135:62–75
Roehrs A, da Costa CA, da Rosa Righi R (2017) OmniPHR: a distributed architecture model to integrate personal health records. J Biomed Informat
Saad M, et al (2019) Exploring the Attack Surface of Blockchain: A Systematic Overview. ArXiv
Shae Z, Tsai JJ (2017) On the design of a blockchain platform for clinical trial and precision medicine. In: IEEE 37th International Conference on Distributed Computing Systems
Shostack A (2014) Threat Modeling: Designing for Security. Wiley Publishing
Tuma K, Çalikli G, Scandariato R (2018) Threat analysis of software systems: a systematic literature review. J Syst Softw 144:275–294
Xia Q, Sifah EB, Asamoah KO, Gao J, Du X, Guizani M (2017) MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access
Xiong W, Lagerström R (2019) Threat modeling - a systematic literature review. Comput Secur
Zhang P, White J, Schmidt DC, Lenz G, Rosenbloom ST (2018) FHIRChain: applying blockchain to securely and scalably share clinical data. CSBJ 267–278 (2018)
Acknowledgments
The authors thank all participants of the expert workshops (Dr. Jochen Rill, Dr. Elias Strehle, Dr. Markus Schinle, Philip Andris, Dr. med. Christian Sigler) within the resarch project BloG\(^3\), funded by the German Federal Ministry of Education and Research (BMBF) (16SV8371). Special thanks to Dr. Jochen Rill, Dr. Elias Strehle and Nil Busra Bedir for discussing the design of the system architecture.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Erler, C., Hu, S., Danelski, A., Stork, W., Sunyaev, A., Gersch, M. (2023). Threat Modeling to Design a Decentralized Health Data Management Application. In: Rocha, Á., Ferrás, C., Ibarra, W. (eds) Information Technology and Systems. ICITS 2023. Lecture Notes in Networks and Systems, vol 692. Springer, Cham. https://doi.org/10.1007/978-3-031-33261-6_38
Download citation
DOI: https://doi.org/10.1007/978-3-031-33261-6_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33260-9
Online ISBN: 978-3-031-33261-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)