Abstract
U-Healthcare promises increases in efficiency, accuracy and availability of medical treatment; however it also introduces the potential for serious abuses including major privacy violations, staff discrimination and even life-threatening attacks.
In this position paper we highlight some potential threats and open the discussion about the security requirements of this new scenario. We take a few initial steps towards a U-Healthcare security policy and propose a system architecture designed to help enforce the policy’s goals.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, R.: Security in Clinical Information Systems. BMA Report. British Medical Association (Jan. 1996), http://www.cl.cam.ac.uk/~rja14/Papers/policy11.pdf
Anderson, R.: A security policy model for clinical information systems. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1996), http://www.cl.cam.ac.uk/~rja14/Papers/oakpolicy.pdf
Anderson, R.: An Update on the BMA Security Policy. In: Cambridge workshop on Personal Information — Security, Engineering and Ethics (1996), http://www.cl.cam.ac.uk/~rja14/Papers/bmaupdate.pdf
Anderson, R.: Healthcare Protection Profile — Comments (1998), http://www.cl.cam.ac.uk/~rja14/Papers/healthpp.pdf
Beckwith, R.: Designing for Ubiquity: The Perception of Privacy. IEEE Pervasive Computing 2(2), 40–46 (2003)
Bohn, J., Gärtner, F., Vogt, H.: Dependability Issues of Pervasive Computing in a Healthcare Environment. In: Hutter, D., et al. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, Springer, Heidelberg (2004)
Cherry, S.: Total Recall. IEEE Spectrum 42(11) (2005), http://www.spectrum.ieee.org/nov05/2153
Clayton, P.D.: For the Record: Protecting Electronic Health Information. National Academy Press, Washington DC (1997)
Gostin, L.: Health Care Information and the Protection of Personal Privacy: Ethical and Legal Considerations. Annals of Internal Medicine 127(5) (1997), http://www.annals.org/cgi/content/full/127/5_Part_2/683
Jiang, X., Landay, J.A.: Modeling privacy control in context-aware systems. IEEE Pervasive Computing 1(3) (2002), http://guir.cs.berkeley.edu/projects/ubicomp-privacy/pubs/infospace.pdf
Korhonen, I., Pärkkä, J., Van Gils, M.: Health Monitoring in the Home of the Future. IEEE Engineering in Medicine and Biology Magazine 22(3), 66–73 (2003)
Langheinrich, M.: Privacy by Design — Principles of Privacy-Aware Ubiquitous Systems. In: Ubicomp 2001 (2001), http://www.vs.inf.ethz.ch/publ/papers/privacy-principles.pdf
Lowrance, W.W.: Privacy and health research a report to the U.S. Secretary of Health and Human Services. U.S. Department of Health and Human Services (1997)
Malan, D., Fulford-Jones, T., Welsh, M.: CodeBlue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care. In: International Workshop on Wearable and Implantable Body Sensor Networks (April 2004), http://www.eecs.harvard.edu/~mdw/papers/codeblue-bsn04.pdf
Health Privacy Project. Medical Privacy Stories (Nov. 2003), http://www.patientprivacyrights.org/site/PageServer?pagename=True_Stories#True_Stories
Reid, J., et al.: A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. In: Eighth Australasian Conference on Information Security and Privacy (ACISP 2003) (2003)
Rindfleisch, T.C.: Privacy, information technology, and health care. Communications of the ACMÂ 40(8) (1997)
Rubin, A.: Records No Longer for Doctors’ Eye Only. Los Angeles Times, (1 Sept., 1998)
Zhang, L., Ahn, G.-J., Chu, B.-T.: A role-based delegation framework for healthcare information systems. In: The Seventh ACM Symposium on Access Control Models and Technologies (SACMAT’02), ACM Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Beresford, A.R., Stajano, F. (2007). Towards a Security Policy for Ubiquitous Healthcare Systems (Position Paper). In: Stajano, F., Kim, H.J., Chae, JS., Kim, SD. (eds) Ubiquitous Convergence Technology. ICUCT 2006. Lecture Notes in Computer Science, vol 4412. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71789-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-71789-8_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71788-1
Online ISBN: 978-3-540-71789-8
eBook Packages: Computer ScienceComputer Science (R0)