Managing security and privacy in ubiquitous eHealth information interchange

Ubiquitous computing has the potential to significantly improve the quality of healthcare delivery by making relevant patient health history and vital signs readily available on-demand to caregivers. However, this promise of the ability to track electronic health information signals from distributed ubiquitous devices, conflicts with the security and privacy concerns that most people have regarding their personal information and medical history. While security and privacy concerns have been dealt with extensively in mainstream computing, there is need for new techniques and tools that can enable ubiquitous system designers in healthcare domains to build in appropriate levels of protection. Such techniques can help ensure that patient information is minimally but sufficiently available to different stakeholders in the care giving chain, and are useful in ubiquitous environments where traditional security mechanisms may be either impractical or insufficient. This paper presents a goal-centric and policy-driven framework for deriving security and privacy risk mitigation strategies in ubiquitous health information interchange. Specifically, we use scenario analysis and goal-oriented techniques to model security and privacy objectives, threats, and mitigation strategies in the form of safeguards or countermeasures. We demonstrate that traditional solutions are insufficient, while introducing the notion of purpose-driven security policies based on sensitivity meta-tags. We also show how administrative safeguards (such as those required by HIPAA rules) can be refined into intermediate specifications that can be analyzed more systematically. To validate the utility of our approach, we illustrate our major concepts using examples from ubiquitous emergency response scenarios.