Secure healthcare data sharing among federated health information systems

The current trend in designing health information systems is to apply federated architectures to integrate existing systems. This exacerbates the security guarantees that such systems are required to satisfy and demands the introduction of advanced methods to deal with security. This paper aims at describing how federated health information systems can offer security properties by adopting proper mechanisms to protect the exchanged data and the provided functionalities from malicious manipulations. We have experimentally evaluated the costs in terms of performance penalty related to the introduction of security mechanisms within the proposed solution.

[1]  D. Baker,et al.  Deficits in communication and information transfer between hospital-based and primary care physicians: implications for patient safety and continuity of care. , 2007, JAMA.

[2]  P. Donzelli,et al.  On federating Health Information Systems , 2012, 2012 International Conference on Green and Ubiquitous Technology.

[3]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[4]  Brannigan Vm,et al.  Patient privacy in the era of medical computer networks: a new paradigm for a new technology. , 1995 .

[5]  Massimo Ficco,et al.  A Generic Intrusion Detection and Diagnoser System Based on Complex Event Processing , 2011, 2011 First International Conference on Data Compression, Communications and Processing.

[6]  Mark O'Neill,et al.  Web Services Security , 2003 .

[7]  Giuseppe De Pietro,et al.  Notifying medical data in health information systems , 2012, DEBS.

[8]  Andrew D. Gordon,et al.  Secure sessions for web services , 2007, SWS '04.

[9]  Luigi Troiano,et al.  A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques , 2005, J. Univers. Comput. Sci..

[10]  Jörg Schwenk,et al.  On Breaking SAML: Be Whoever You Want to Be , 2012, USENIX Security Symposium.

[11]  Martin Naedele Standards for XML and Web Services Security , 2003, Computer.

[12]  H. K. Huang,et al.  PACS and Imaging Informatics: Basic Principles and Applications , 2004 .

[13]  Costas Lambrinoudakis,et al.  A security architecture for interconnecting health information systems , 2004, Int. J. Medical Informatics.

[14]  Elske Ammenwerth,et al.  From a paper-based transmission of discharge summaries to electronic communication in health care regions , 2006, Int. J. Medical Informatics.

[15]  Laxmi N. Bhuyan,et al.  Anatomy and Performance of SSL Processing , 2005, IEEE International Symposium on Performance Analysis of Systems and Software, 2005. ISPASS 2005..

[16]  Nhan Do,et al.  Application of Information Technology: Exchange of Computable Patient Data between the Department of Veterans Affairs (VA) and the Department of Defense (DoD): Terminology Mediation Strategy , 2008, J. Am. Medical Informatics Assoc..

[17]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[18]  Elisa Bertino,et al.  Standards for Web Services Security , 2009 .

[19]  Alfred Winter Health information systems. , 1992, Health for the millions.

[20]  Duane DeCouteau,et al.  Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0 , 2008 .

[21]  Jan H. P. Eloff,et al.  Security in health-care information systems - current trends , 1999, Int. J. Medical Informatics.

[22]  Giuseppe De Pietro,et al.  On Securing Communications among Federated Health Information Systems , 2012, SAFECOMP Workshops.

[23]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.