A Security Framework for Nationwide Health Information Exchange based on Telehealth Strategy

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

[1]  Liang Xiao,et al.  A Security Model and its Application to a Distributed Decision Support System for Healthcare , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[2]  Whitfield Diffie The first ten years of public-key cryptography , 1988 .

[3]  Sana Ullah,et al.  A Secure RFID-based WBAN for Healthcare Applications , 2013, Journal of Medical Systems.

[4]  Arthur L Kellermann,et al.  What it will take to achieve the as-yet-unfulfilled promises of health information technology. , 2013, Health affairs.

[5]  J. Vest Health information exchange: national and international approaches. , 2012, Advances in health care management.

[6]  Peng Gong,et al.  A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[7]  B. B. Zaidan,et al.  Meeting the Security Requirements of Electronic Medical Records in the ERA of High-Speed Computing , 2014, Journal of Medical Systems.

[8]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[9]  Ming-Chien Hung,et al.  An Assessment of Patient Safety in Acupuncture Process Under EMR Support , 2011, Journal of Medical Systems.

[10]  Hamid A. Jalab,et al.  Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance , 2010 .

[11]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[12]  Jung Ho Park,et al.  Patients' perceptions of a health information exchange: A pilot program in South Korea , 2013, Int. J. Medical Informatics.

[13]  Eric C. Pan,et al.  The value of health care information exchange and interoperability. , 2005, Health affairs.

[14]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[15]  Miss Laiha Mat Kiah Impact of data privacy and confidentiality on developing telemedicine applications: A review participates opinion and expert concerns , 2011 .

[16]  Kaihong Liu,et al.  Reusing electronic patient data for dental clinical research: a review of current status. , 2013, Journal of dentistry.

[17]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[18]  Charles Adams,et al.  Understanding Public-Key Infra-structure: Concepts, Standards, and Deployment Con-siderations , 1999 .

[19]  B. B. Zaidan,et al.  Secure Topology for Electronic Medical Record Transmissions , 2010 .

[20]  Miss Laiha Mat Kiah,et al.  Suitability of using SOAP protocol to secure electronic medical record databases transmission , 2010 .

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  E. Regidor,et al.  The use of personal data from medical records and biological materials: ethical perspectives and the basis for legal restrictions in health research. , 2004, Social science & medicine.

[23]  Frederik Vercauteren,et al.  Speed Records for NTRU , 2010, CT-RSA.

[24]  Alejandro Flores,et al.  Secure exchange of information in electronic health records , 2010 .

[25]  Saleh Oqeili,et al.  Mathematical Attacks on RSA Cryptosystem , 2006 .

[26]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[27]  David W. Bates,et al.  Health information exchange and patient safety , 2007, J. Biomed. Informatics.

[28]  Douglas Stebila,et al.  Performance analysis of elliptic curve cryptography for SSL , 2002, WiSE '02.

[29]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[30]  Melissa Steward Electronic Medical Records , 2005, The Journal of legal medicine.

[31]  Krzysztof J. Cios,et al.  Uniqueness of medical data mining , 2002, Artif. Intell. Medicine.

[32]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[33]  Snezana Sucurovic,et al.  Implementing security in a distributed web-based EHCR , 2007, Int. J. Medical Informatics.

[34]  Gilad J. Kuperman,et al.  Health-information exchange: why are we doing it, and what are we doing? , 2011, J. Am. Medical Informatics Assoc..

[35]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[36]  Emmanuel Barillot,et al.  XML, bioinformatics and data integration , 2001, Bioinform..

[37]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[38]  D. Brailer Interoperability: the key to the future health care system. , 2005, Health affairs.

[39]  L. Iezzoni Assessing Quality Using Administrative Data , 1997, Annals of Internal Medicine.

[40]  Thomas H. Payne,et al.  National-scale clinical information exchange in the United Kingdom: lessons for the United States , 2011, J. Am. Medical Informatics Assoc..

[41]  G. Kuperman,et al.  Approaches to patient health information exchange and their impact on emergency medicine. , 2006, Annals of emergency medicine.

[42]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[43]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[44]  B. B. Zaidan,et al.  MIRASS: Medical Informatics Research Activity Support System Using Information Mashup Network , 2014, Journal of Medical Systems.

[45]  Tom Gonzalez A Reflection Attack on Blowfish , 2010 .

[46]  B. B. Zaidan,et al.  Design and Develop a Video Conferencing Framework for Real-Time Telemedicine Applications Using Secure Group-Based Communication Architecture , 2014, Journal of Medical Systems.

[47]  Alex Biryukov,et al.  Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[48]  Dipak Kalra,et al.  Inter-organizational future proof EHR systems: A review of the security and privacy related issues , 2009, Int. J. Medical Informatics.

[49]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[50]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[51]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[52]  D. Box,et al.  Simple object access protocol (SOAP) 1.1 , 2000 .

[53]  Martin Naedele Standards for XML and Web Services Security , 2003, Computer.

[54]  Chien-Lung Hsu,et al.  The Role of Privacy Protection in Healthcare Information Systems Adoption , 2013, Journal of Medical Systems.

[55]  Rui Zhang,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[56]  Allen Brown SOAP Security Extensions: Digital Signature , 2001 .

[57]  Abd Ghani,et al.  An integrated and distributed framework for a Malaysian telemedicine system (MYtel) , 2010 .

[58]  Philippe Lambin,et al.  Benefits of a clinical data warehouse with data mining tools to collect data for a radiotherapy trial. , 2013, Radiotherapy and oncology : journal of the European Society for Therapeutic Radiology and Oncology.

[59]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[60]  B. B. Zaidan,et al.  Open source EMR software: Profiling, insights and hands-on analysis , 2014, Comput. Methods Programs Biomed..

[61]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[62]  Antoine Joux,et al.  Why Textbook ElGamal and RSA Encryption Are Insecure , 2000, ASIACRYPT.

[63]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[64]  Alfred Menezes,et al.  Elliptic Curves and Cryptography , 1999 .

[65]  Warwick Ford,et al.  XML Key Management Specification (XKMS) , 2001, WWW Posters.

[66]  Gilad J. Kuperman,et al.  Application of information technology: Developing data content specifications for the Nationwide Health Information Network Trial Implementations , 2010, J. Am. Medical Informatics Assoc..

[67]  B. B. Zaidan,et al.  Challenges, Alternatives, and Paths to Sustainability: Better Public Health Promotion Using Social Networking Pages as Key Tools , 2015, Journal of Medical Systems.

[68]  Leslie Lenert,et al.  Shifts in the architecture of the Nationwide Health Information Network , 2012, J. Am. Medical Informatics Assoc..

[69]  Costas Lambrinoudakis,et al.  A security architecture for interconnecting health information systems , 2004, Int. J. Medical Informatics.

[70]  A. N. Norali,et al.  Telehealth in Malaysia — An overview , 2010, 2010 IEEE Symposium on Industrial Electronics and Applications (ISIEA).

[71]  Mark E Frisse,et al.  Health information exchange reduces repeated diagnostic imaging for back pain. , 2013, Annals of emergency medicine.

[72]  T. M. Chester Cross-platform integration with XML and SOAP , 2001 .

[73]  Richard C Wasserman,et al.  Electronic medical records (EMRs), epidemiology, and epistemology: reflections on EMRs and future pediatric clinical research. , 2011, Academic pediatrics.

[74]  E. Coiera,et al.  Research Paper: Building a National Health IT System from the Middle Out , 2009, J. Am. Medical Informatics Assoc..

[75]  David A. Cooper,et al.  Quantum resistant public key cryptography: a survey , 2009, IDtrust '09.

[76]  Ron Vetter,et al.  Information Security Blueprint for National Health Information Network , 2012 .

[77]  Lucas Macri The DIRECT Project , 2003 .

[78]  Udo R. Krieger,et al.  eHealth interconnection infrastructure challenges and solutions overview , 2012, 2012 IEEE 14th International Conference on e-Health Networking, Applications and Services (Healthcom).

[79]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[80]  Charles Safran,et al.  Toward a national framework for the secondary use of health data: an American Medical Informatics Association White Paper. , 2007, Journal of the American Medical Informatics Association : JAMIA.

[81]  B. B. Zaidan,et al.  An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1 , 2013, Journal of Medical Systems.