论文信息 - Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach

Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach

Employing wireless devices, like sensors and re-mote controllers, in medical workflows has become the norm in healthcare treatments, substantially increasing the quality of patient care. Medical data gathered and processed by the hardware and software components continuously traverses the existing IT infrastructures ranging from hospital datacenters to regional healthcare information exchanges. Recent regulations classify such IT infrastructures as critical, mandating precise and specific security requirements. The provision of security is thus not only a technical, but a legal requirement as well. Any vulnerability in a medical device may endanger the patients’ privacy, and even their lives. The availability of security expertise, however, cannot be assumed as guaranteed throughout the whole life cycle of the medical devices, mainly due to the scarcity of security experts, among other things.We propose a holistic approach that addresses the challenge of scarce security expertise during the operational phases and is specially devised for mobile medical devices interconnected through healthcare IT infrastructures. Moreover, the model tackles security issues at design time, providing solution architectures that incorporate the security concerns. It combines well-established methodologies and reference models: the former used in the field of Industrial Internet of Things (IIoT) to build robust architectures, and the later employed to guarantee information assurance and security.

Massimiliano Masi | Tanja Pavleska | Helder Aranha | Giovanni Paolo Sellitto

[1] Alignment Report for Reference Architectural Model for Industrie 4 . 0 / Intelligent Manufacturing System Architecture , 2022 .

[2] Albin Zuccato,et al. Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems , 2010, ESSoS.

[3] Jeremy Hilton,et al. A Reference Model of Information Assurance & Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[4] Mathias Uslar,et al. The Use Case and Smart Grid Architecture Model Approach , 2017 .

[5] Massimiliano Masi,et al. Automating Smart Grid Solution Architecture Design , 2018, 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[6] Thilo Sauter,et al. Smart Grid Reference Architecture, an Approach on a Secure and Model-Driven Implementation , 2018, 2018 IEEE 27th International Symposium on Industrial Electronics (ISIE).

[7] T. Giordano,et al. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research. , 2006, Annual review of medicine.

[8] Joan Hash,et al. SP 800-66 Rev. 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule , 2008 .

[9] J. Murphy. The General Data Protection Regulation (GDPR) , 2018, Irish medical journal.