Content uploaded by Bradley Malin
Author content
All content in this area was uploaded by Bradley Malin on Jan 16, 2015
Content may be subject to copyright.
A preview of the PDF is not available
Towards the security and privacy analysis of patient portals
Abstract and Figures
Clinical information systems (CIS) significantly influence the quality and efficiency of health care delivery. However, CIS are complex environments that integrate information technologies, human stakeholders, and patient-specific data. Given the sensitivity of patient data, federal regulations require healthcare providers to adopt policy, as well as technology, protections for patient data. Ad hoc system design and implementation of CIS can cause unforeseen and unintended privacy and security breaches. The introduction of model-based design techniques combined with the development of high-level modeling abstractions and analysis methods provide a mechanism to investigate these concerns by conceptually simplifying CIS without losing expressive power. This work introduces the Model-based Design Environment for Clinical Information Systems (MODECIS) -a graphical design environment that assists CIS architects in formalizing CIS systems as well-defined services. MODECIS leverages Service-Oriented Architectures to create realistic system models at an abstract level. By modeling CIS using abstractions, we enable the analysis of legacy architectures, as well as the design and simulation of, future CIS. We present the feasibility of MODECIS via modeling certain functions, such as the authentication process of the MyHealth@Vanderbilt patient portal.
Figures - uploaded by Bradley Malin
Author content
All figure content in this area was uploaded by Bradley Malin
Content may be subject to copyright.
The use of mobile and wireless technologies has great potential to improve the efficiency and quality of healthcare delivery. The main goal of this chapter is to describe the current state of the art in the research field of development and integration of mobile services in the healthcare sector by addressing the two main challenges: usability and security. The authors investigate the main requirements and approaches for developing highly usable, user-friendly, and well-accepted mobile healthcare services. In addition, they identify various ways of addressing security and privacy issues in mobile healthcare services and discuss the advantages and shortcomings of each approach. Finally, the chapter presents the CONNECT (Care Online: Novel Networks to Enhance Communication and Treatment) project and describes how security and usability issues can be addressed during the development of mobile access to a multi-modal Internet-based patient support system.
In this paper, we propose a secure and privacy-preserving Service Oriented Architecture (SOA) for health information integration and exchange in which patients are "part owners" of their medical records, have complete ownership of their integrated health information and decide when and how data is modified or exchanged between healthcare providers or insurance companies. This architecture is different from integrated Personal Health Record (PHR) such as Google Health and Microsoft HealthVault in that electronic health records are not stored in online databases but instead are aggregated on-demand using web service requests. Web service providers working on behalf of the patients do not keep copies of the complete EHR but instead provide a pass-through service, and would require PKI-based security certificates to initiate health information exchange.
In a game-theoretic framework, given parametric agent utility functions, we solve the inverse problem of computing the feasible set of utility function parameters for each individual agent, given that they play a correlated equilibrium strategy. We model agents as utility maximizers, then cast the problem of computing the parameters of players' utility functions as a linear program using the fact that their play results in a correlated equilibrium. We focus on situations where agents must make tradeoffs between multiple competing components within their utility function. We test our method first on a simulated game of Chicken-Dare, and then on data collected in a real-world trial of a mobile fitness game in which five players must balance between protecting their privacy and receiving a reward for burning calories and improving their physical fitness. Through the learned utility functions from the fitness game, we hope to gain insight into the relative importance each user places on safeguarding their privacy vs. achieving the other desirable objectives in the game.
https://etd.library.vanderbilt.edu//available/etd-11192012-144514/
Standardizing the care of patients with complex problems in hospital settings is a difficult challenge for physicians, nurses and other medical professionals. Diverse conditions further complicate patient management. While in acute care settings such as intensive care units, the inherent problems of stabilizing and improving vital patient parameters is further complicated by the division of responsibilities among different individuals and teams, in outpatient settings the management of chronic diseases introduces additional complications related to the long-term treatment of patients. The use of evidence-based guidelines for managing complex clinical problems has become the standard of practice. Computerized support for implementing such guidelines has tremendous potential; however, addressing this problem requires a carefully coordinated use of various techniques from the field of computer science, as guidelines developed by the medical community are not directly interpretable by computers. In this thesis, first, we present a survey of literature and a study on the open questions from the field of clinical decision support focusing on the use of model-based techniques for specifying and implementing evidence-based guidelines. Following the survey, we describe a model-based architecture for enabling the construction, management, verification and execution of such guidelines. The presented architecture is model-based in the sense that it relies upon the formal modeling of medical guidelines, including the specification of input parameters such as signs and symptoms, output parameters such as medical actions, and other guideline-related constraints such as rules, regulations and policies. The behavioral semantics of these models is provided by the application of custom-built formal behavioral templates defined with the help of Matlab Simulink/Stateflow and model composition. The benefits of our approach are illustrated with the modeling, execution and formal analysis of a clinically relevant example, a sepsis management guideline.
The Internet is going through several major changes. It has become a vehicle of Web services rather than just a repository of information. Many organizations are putting their core business competencies on the Internet as a collection of Web services. An important challenge is to integrate them to create new value-added Web services in ways that could never be foreseen forming what is known as Business-to-Business (B2B) services. Therefore, there is a need for modeling techniques and tools for reliable Web service composition. In this paper, we propose a Petri net-based algebra, used to model control flows, as a necessary constituent of reliable Web service composition process. This algebra is expressive enough to capture the semantics of complex Web service combinations.
Model-based development necessitates the transformation of models between different stages and tools of the design process. These transformations must be precisely, preferably formally, specified, such that end-to-end semantic interoperability is maintained. The paper introduces a graph-transformation- based technique for specifying these model transformations, gives a formal definition for the semantics of the transformation language, describes an implementation of the language, and illustrates its use through an example.
This document defines a language for specifying business process behavior based on Web Services. This language is called Web Services Business Process Execution Language (abbreviated to WS-BPEL in the rest of this document). Processes in WS-BPEL export and import functionality by using Web Service interfaces exclusively. Business processes can be described in two ways. Executable business processes model actual behavior of a participant in a business interaction. Abstract business processes are partially specified processes that are not intended to be executed. An Abstract Process may hide some of the required concrete operational details. Abstract Processes serve a descriptive role, with more than one possible use case, including observable behavior and process template. WS-BPEL is meant to be used to model the behavior of both Executable and Abstract Processes. WS-BPEL provides a language for the specification of Executable and Abstract business processes. By doing so, it extends the Web Services interaction model and enables it to support business transactions. WS-BPEL defines an interoperable integration model that should facilitate the expansion of automated process integration in both the intra-corporate and the business-to-business spaces.
The Web Services Business Process Execution Language (BPEL for short) is a recently developed language that is used to specify com-positions of web services. In the last few years, a considerable amount of work has been done on modelling (parts of) BPEL and developing verification techniques and tools for BPEL. In this paper, we provide an overview of the different models of BPEL that have been proposed. Furthermore, we discuss the verification techniques for BPEL that have been put forward and the verification tools for BPEL that have been developed.
The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple-view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operates in, and capture the requirements and the design of the application, simultaneously. Models are descriptive , in the sense that they allow the formal analysis, verification, and validation of the embedded system at design time. Models are also generative, in the sense that they carry enough information for automatically generating embedded systems using the techniques of program generators. Because of the widely varying nature of embedded systems, a single modeling language may not be suitable for all domains; thus, modeling languages are often domain-specific. To decrease the cost of defining and integrating domain-specific modeling languages and corresponding analysis and synthesis tools, the model-integrated approach is applied in a metamodeling architecture, where formal models of domain-specific modeling languages-called metamodels-play a key role in customizing and connecting components of tool chains. This paper discusses the principles and techniques of model-integrated embedded software development in detail, as well as the capabilities of the tools supporting the process. Examples in terms of real systems will be given that illustrate how the model-integrated approach addresses the physical nature, the assurance issues, and the dynamic structure of embedded software.
Leveraging service oriented programming paradigm would significantly affect the way people build software systems. However, to achieve this goal a solid software design methodology should be grounded on proper mathematical foundations, specific service-oriented principles, concepts and patterns. This paper contributes to the above goal proposing a lightweight, but complete, mathematical framework capable of capturing the essential components of service-oriented programming paradigm. To this end, we propose mathematical definitions for individual service, service-oriented environment and service-oriented application. Analysis of the properties and the functionalities of these components with respect to data processing mechanisms enables us to introduce a service-oriented application classification schema. For each application class we first identify specific properties and then discuss their use in a service-oriented design methodology.
The Patient-Centered Access to Secure Systems Online (PCASSO) project is designed to apply state-of-the-art-security to the communication of clinical information over the Internet.
The authors report the legal and regulatory issues associated with deploying the system, and results of its use by providers and patients. Human subject protection concerns raised by the Institutional Review Board focused on three areas-unauthorized access to information by persons other than the patient; the effect of startling or poorly understood information; and the effect of patient access to records on the record-keeping behavior of providers.
Objective and subjective measures of security and usability were obtained.
During its initial deployment phase, the project enrolled 216 physicians and 41 patients; of these, 68 physicians and 26 patients used the system one or more times. The system performed as designed, with no unauthorized information access or intrusions detected. Providers rated the usability of the system low because of the complexity of the secure login and other security features and restrictions limiting their access to those patients with whom they had a professional relationship. In contrast, patients rated the usability and functionality of the system favorably.
High-assurance systems that serve both patients and providers will need to address differing expectations regarding security and ease of use.
The increasing integration of patient-specific genomic data into clinical practice and research raises serious privacy concerns. Various systems have been proposed that protect privacy by removing or encrypting explicitly identifying information, such as name or social security number, into pseudonyms. Though these systems claim to protect identity from being disclosed, they lack formal proofs. In this paper, we study the erosion of privacy when genomic data, either pseudonymous or data believed to be anonymous, are released into a distributed healthcare environment. Several algorithms are introduced, collectively called RE-Identification of Data In Trails (REIDIT), which link genomic data to named individuals in publicly available records by leveraging unique features in patient-location visit patterns. Algorithmic proofs of re-identification are developed and we demonstrate, with experiments on real-world data, that susceptibility to re-identification is neither trivial nor the result of bizarre isolated occurrences. We propose that such techniques can be applied as system tests of privacy protection capabilities.
Despite their demonstrated effectiveness, clinical decision support (CDS) systems are not widely used within the U.S. The Roadmap for National Action on Clinical Decision Support, published in June 2006 by the American Medical Informatics Association, identifies six strategic objectives for achieving widespread adoption of effective CDS capabilities. In this manuscript, we propose a Service-Oriented Architecture (SOA) for CDS that facilitates achievement of these six objectives. Within the proposed framework, CDS capabilities are implemented through the orchestration of independent software services whose interfaces are being standardized by Health Level 7 and the Object Management Group through their joint Healthcare Services Specification Project (HSSP). Core services within this framework include the HSSP Decision Support Service, the HSSP Common Terminology Service, and the HSSP Retrieve, Locate, and Update Service. Our experiences, and those of others, indicate that the proposed SOA approach to CDS could enable the widespread adoption of effective CDS within the U.S. health care system.
In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.