Secure solution for mobile access to patient's health care record

Mobile devices are today widely accepted and their capability to provide access to services independent of user time and location make them well suited for provision of healthcare services to both patients and healthcare personnel. However, mobile services are still not generally allowed to operate with highly sensitive and personal data, mainly due to the lack of a defined security standard, low protection of data transferred through the mobile and wireless network and no standard and widely accepted user authentication method that ensure confidentiality. In this paper we propose a secure solution for mobile access to Electronic Health Record (EHR) systems. The proposed solution enables secure authentication and communication between a mobile device and a healthcare service provider through usage of a two-factor authentication method on a mobile phone and encryption. The proposed solution is independent of mobile network provider and type of the mobile device the application is running on, and provides multifactor authentication without the traditional requirement that the user has an additional authentication token. This simplifies use without compromising security. In the paper we present the usage scenarios, discuss the feasibility of the proposed solution together with its limitations, and present results from a prototype test bed.

[1]  Jeffrey Wood,et al.  Mobile eLearning Platform for Interactive Patient Education , 2009, 2009 International Conference on Mobile, Hybrid, and On-line Learning.

[2]  Anders Moen Hagalisletto,et al.  Using the mobile phone in two-factor authentication , 2007 .

[3]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[4]  Latif Al-Hakim,et al.  Web Mobile-Based Applications for Healthcare Management , 2007 .

[5]  John Fulcher The use of smart devices in eHealth , 2003, ISICT.

[6]  José Carlos Brustoloni,et al.  Hardening Web browsers against man-in-the-middle and eavesdropping attacks , 2005, WWW '05.

[7]  Robert S. H. Istepanian,et al.  Emerging mobile communication technologies for health: some imperative notes on m-health , 2003, Proceedings of the 25th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (IEEE Cat. No.03CH37439).

[8]  Xu Huang,et al.  E-health Services with Secure Mobile Agent , 2009, 2009 Seventh Annual Communication Networks and Services Research Conference.

[9]  Muttukrishnan Rajarajan,et al.  XML Security based Access Control for Healthcare Information in Mobile Environment , 2006, 2006 Pervasive Health Conference and Workshops.

[10]  Patrick Schaumont,et al.  Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques , 2004, CASES '04.

[11]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[12]  Serge Vaudenay A classical introduction to cryptography - applications for communications security , 2005 .

[13]  Lionel Tarassenko,et al.  Chemotherapy side-effect management using mobile phones , 2008, 2008 30th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[14]  Kjell Jørgen Hole,et al.  Security Analysis of Mobile Phones Used as OTP Generators , 2010, WISTP.

[15]  Annie I. Antón,et al.  Towards understanding user perceptions of authentication technologies , 2007, WPES '07.

[16]  John A. MacDonald Cellular authentication & key agreement for service providers , 2008, 2008 Second International Conference on Pervasive Computing Technologies for Healthcare.

[17]  Ilias Maglogiannis,et al.  Enabling Secure Mobile Access for Electronic Health Care Applications , 2006, 2006 Pervasive Health Conference and Workshops.

[18]  Ingrid Rügge,et al.  Mobile Applications in Health Care-a Regional Perspective , 2004 .

[19]  H. De Vroom,et al.  Organization for Economic Cooperation and Development (OECD) , 2006 .

[20]  Michael Baentsch,et al.  Remote Client Authentication , 2008, IEEE Security & Privacy.