This is the fifth and the final of the series of blog posts that I have been writting on the $sbject, inspired by the paper[1].
Let me include the following diagram which illustrates the overall picture on the security requirements of a health information system.
In my previous four posts in this series,
I have discussed about Identity Management/Authentication,, Authorization, Auditing and Cryptographic Operations related to the security of health information systems. In this post, I am going to write about another three aspects which are discussed in the paper[1]: de-identification of EMRs for research purposes, user interaction and dispute resolution and security metrics.
5. De-identification
While the EMRs are very useful in medical research as statistics, it should be guaranteed that the records are properly de-identified before disclosing them for research purposes.
Due to the ambiguities in related laws, complexities in de-identifying protected data and the risk involved, the data is rarely shared for research purposes which negatively affect the medical research.
The paper mentions that it is challenging task than implied in the report to develop cryptographic mechanisms to properly anonymize records as required by secondary use considerations.
I need to read about data de-identification before providing my on views on this. However, those techniques should use proper protection against re-identification in order to maintain individuals’ health privacy and build trust in the health care system.
During the research, I came across a description of an interesting research project named "Cloud DNA" [2]. This project is said to investigate on how to enable scientists to share properly de-identified EHRs in the cloud for easy storage, sharing and retrieval.
6. User Interaction/Dispute Resolution
User Interaction:
Among other factor that we discussed, user interfaces for patients, providers and administrators are eaqully improtant for a secure system.
The paper suggests the following areas to be explored with regard to this aspect:
1. User friendly mechanisms to deal with complexity of user-selected privacy preferences.
2. How much data to make available to patients in what format
3. Techniques for patients to delegate their access rights
Educating the patients on how to use a PHR service or patient's interface of an EMR system is very important aspect in realizing the goal of a widespread health information echo system. While informing them that they have the control of outside access to their records, it is important to highlight that more it is accessible to physicians, better the service they get.
When the patient signs up for a PHR service or a health care provider, he can be presented with a set of easily understandable questions which ultimately defines the access control policies of their medical records.
Dispute resolution
While it needs for patient to have access to and control of their records, should the patients given the right to correct their record? Or else how to resolve disputes on the information in the records? Most administrators do not like this since they can not always trust patients to keep their medical records honestly.
But the patients should be given the chance to raise any dispute against the records in their profile.
The paper illustrated following aspects to be explored with regard to this:
1. Developing way for patients to securely and privately monitor their health records.
2. Allowing ways for patients to dispute the records while preserving original records
3. Coming up with ways to resolve conflicts on the deisputed records
In my view: Patients should have access to all his EMRs and should be able to establish access control over them. But they should not be able to change the medical records as they wish. If there is dispute, or if a patient suspects a particular report, there should be a way to mark it as suspected immediately - but could only be changed by an authorized medical officer after further tests etc.
7. Security Metrics
Though it is obvious that EMRs have benefits over traditional paper based medical records, there should be proper security metrics to gauge the level of information security/privacy provided by a particular health care information system.
The paper mentions that in order to provide such assessment/analisis, meaningful matrics should be well developed and accepted which opens up research problems on which current work is also going on. Since the domain is limited, the paper believes that matrics can be developed.
Challenges in developpping such metrics are the variety and complexity of threat models and diffculty of measuring potential flaws in Software.
Research problems related to this aspect are:
1. developing threat models covering both electronic and paper based medical records.
2. developing techniques to quantify level of risk associated with sw based health information system
Conclusion:
I have done a webinar on Security Patterns with WSO2 ESB for which I picked use cases from health care domain and it was when I first got interested in investigating further on the security, privacy and identity management requirements of healthcare IS. In that effort, I mainly referred MSc thesis on the topic : Security in SOA-Based Healthcare Systems by Richard Sassoon.
User Interaction:
Among other factor that we discussed, user interfaces for patients, providers and administrators are eaqully improtant for a secure system.
The paper suggests the following areas to be explored with regard to this aspect:
1. User friendly mechanisms to deal with complexity of user-selected privacy preferences.
2. How much data to make available to patients in what format
3. Techniques for patients to delegate their access rights
Educating the patients on how to use a PHR service or patient's interface of an EMR system is very important aspect in realizing the goal of a widespread health information echo system. While informing them that they have the control of outside access to their records, it is important to highlight that more it is accessible to physicians, better the service they get.
When the patient signs up for a PHR service or a health care provider, he can be presented with a set of easily understandable questions which ultimately defines the access control policies of their medical records.
Dispute resolution
While it needs for patient to have access to and control of their records, should the patients given the right to correct their record? Or else how to resolve disputes on the information in the records? Most administrators do not like this since they can not always trust patients to keep their medical records honestly.
But the patients should be given the chance to raise any dispute against the records in their profile.
The paper illustrated following aspects to be explored with regard to this:
1. Developing way for patients to securely and privately monitor their health records.
2. Allowing ways for patients to dispute the records while preserving original records
3. Coming up with ways to resolve conflicts on the deisputed records
In my view: Patients should have access to all his EMRs and should be able to establish access control over them. But they should not be able to change the medical records as they wish. If there is dispute, or if a patient suspects a particular report, there should be a way to mark it as suspected immediately - but could only be changed by an authorized medical officer after further tests etc.
7. Security Metrics
Though it is obvious that EMRs have benefits over traditional paper based medical records, there should be proper security metrics to gauge the level of information security/privacy provided by a particular health care information system.
The paper mentions that in order to provide such assessment/analisis, meaningful matrics should be well developed and accepted which opens up research problems on which current work is also going on. Since the domain is limited, the paper believes that matrics can be developed.
Challenges in developpping such metrics are the variety and complexity of threat models and diffculty of measuring potential flaws in Software.
Research problems related to this aspect are:
1. developing threat models covering both electronic and paper based medical records.
2. developing techniques to quantify level of risk associated with sw based health information system
Conclusion:
- I have been writing this series of blog posts about the security, privacy, access control and identity management aspects related to health care IT systems from the understanding that I got from various sources and my experiences as well. This was mainly inspired by the paper[1] which provides a research road map on the same topic.
- The paper[1] is mainly based on the PCAST report 2010 and this PCAST report have caused some arguments in the field. However, the paper[1] and this blog series has only taken the technical requirements that it has highlighted into consideration to identify the research problems and this blog series doesn't intend to support or unsupport the report.
- Although the research community has identified and actively working on the research problems pertaining to the subject, there are many obstacles as well, such as difficulty in obtaining testbeds and test data for research due to the sensitivity and critical nature of the data. Therefore it has been hard for research to comeup with successful results without realistic and live data and also those results obtained from sample mock data are unlikely to be accepted by the community.
- No matter how technically strong the healthcare IT solution is, there should be adequate and non-ambiguous legislation to fully realize the goal of a nation wide health IT echo system.
- During my research on this, I've come across some active and interesting research efforts from some research groups such as Health & Medical Security Lab[3], SHARPS [4] , CERIAS [5], and MediVault [5].
- The paper[1] provides a good overall understanding of the security requirements of a healthcare information system. Most importantly, it provides a very good understanding about the current research problems in the area for a budding researcher who is passionate about carrying out research in security, privacy and access control aspects, outcome of which can be contributed to realize the vision of the secured and viable health IT echo system.
I have done a webinar on Security Patterns with WSO2 ESB for which I picked use cases from health care domain and it was when I first got interested in investigating further on the security, privacy and identity management requirements of healthcare IS. In that effort, I mainly referred MSc thesis on the topic : Security in SOA-Based Healthcare Systems by Richard Sassoon.
References:
[1] A Research Roadmap for Healthcare IT Security inspired by the PCAST Health Information Technology Report
[2] Cloud DNA
[3] Health and Medical Security Lab
[4] SHARPS
[5] CERIAS
[6] MediVault
[7] Security in SOA-Based Healthcare Systems