TY - GEN
T1 - Managing security and privacy in ubiquitous eHealth information interchange
AU - Oladimeji, Ebenezer A.
AU - Chung, Lawrence
AU - Jung, Hyo Taeg
AU - Kim, Jaehyoun
N1 - Publisher Copyright:
© 2011 Association for Computing Machinery. All rights reserved.
PY - 2011
Y1 - 2011
N2 - Ubiquitous computing has the potential to significantly improve the quality of healthcare delivery by making relevant patient health history and vital signs readily available on-demand to caregivers. However, this promise of the ability to track electronic health information signals from distributed ubiquitous devices, conflicts with the security and privacy concerns that most people have regarding their personal information and medical history. While security and privacy concerns have been dealt with extensively in mainstream computing, there is need for new techniques and tools that can enable ubiquitous system designers in healthcare domains to build in appropriate levels of protection. Such techniques can help ensure that patient information is minimally but sufficiently available to different stakeholders in the care giving chain, and are useful in ubiquitous environments where traditional security mechanisms may be either impractical or insufficient. This paper presents a goal-centric and policy-driven framework for deriving security and privacy risk mitigation strategies in ubiquitous health information interchange. Specifically, we use scenario analysis and goal-oriented techniques to model security and privacy objectives, threats, and mitigation strategies in the form of safeguards or countermeasures. We demonstrate that traditional solutions are insufficient, while introducing the notion of purpose-driven security policies based on sensitivity meta-tags. We also show how administrative safeguards (such as those required by HIPAA rules) can be refined into intermediate specifications that can be analyzed more systematically. To validate the utility of our approach, we illustrate our major concepts using examples from ubiquitous emergency response scenarios.
AB - Ubiquitous computing has the potential to significantly improve the quality of healthcare delivery by making relevant patient health history and vital signs readily available on-demand to caregivers. However, this promise of the ability to track electronic health information signals from distributed ubiquitous devices, conflicts with the security and privacy concerns that most people have regarding their personal information and medical history. While security and privacy concerns have been dealt with extensively in mainstream computing, there is need for new techniques and tools that can enable ubiquitous system designers in healthcare domains to build in appropriate levels of protection. Such techniques can help ensure that patient information is minimally but sufficiently available to different stakeholders in the care giving chain, and are useful in ubiquitous environments where traditional security mechanisms may be either impractical or insufficient. This paper presents a goal-centric and policy-driven framework for deriving security and privacy risk mitigation strategies in ubiquitous health information interchange. Specifically, we use scenario analysis and goal-oriented techniques to model security and privacy objectives, threats, and mitigation strategies in the form of safeguards or countermeasures. We demonstrate that traditional solutions are insufficient, while introducing the notion of purpose-driven security policies based on sensitivity meta-tags. We also show how administrative safeguards (such as those required by HIPAA rules) can be refined into intermediate specifications that can be analyzed more systematically. To validate the utility of our approach, we illustrate our major concepts using examples from ubiquitous emergency response scenarios.
KW - Goal-centric risk mitigation
KW - Purpose-driven policies
KW - Sensitivity metatags
KW - Ubiquitous eHealth
KW - Vulnerability points
UR - https://www.scopus.com/pages/publications/79955982545
U2 - 10.1145/1968613.1968645
DO - 10.1145/1968613.1968645
M3 - Conference contribution
AN - SCOPUS:79955982545
SN - 9781450305716
T3 - Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
BT - Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
T2 - 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
Y2 - 21 February 2011 through 23 February 2011
ER -
