E-Health Security
The security of electronic health (e-health) systems was another research area I was looking into in the past. While this area is on the one hand an application domain on general system security, it has some particular issues on the other hand which make it an interesting specific subfield. In healthcare, privacy and security come more closer together than in most other fields, and usable security has a very strong demand due to the situations patients can be (e.g. from simply sick to unable to talk, more, or even remember any credentials for authentication or alike).
Secure Storage of Health Records in the Cloud
Within the project e-Business Plattform für Gesundheit (eBPG), I led a small research team at university, where we designed and developed a cryptographic protection of health care data that can be stored at decentralized and outsourced places (e.g. in the cloud). The cryptographic mechanism should be compatible to existing access control and management frameworks, but it should also be usable in practice, especially for older or technology-unskilled people. We developed a fully functioning prototype ranging from a OpenXDS-based electronic health record database, an own user front-end implementation, and of course the encryption and security components that allowed an easy to use end-to-end encryption of the health data. We published a whitepaper about this project.
Moreover, in another line of research I was experimenting with the idea of applying the concept of Trusted Virtual Domains to the e-health cloud. You can read more about it in the article "Securing the E-Health Cloud".
Secure Access of Health Records on End Devices
Once we are able to securely store EHRs in the cloud, we still need to allow for a secure access of these data on the end devices (laptops, smartphones, etc.). In particular, using mobile devices poses challenges, not only in general but very much in the healthcare domain. The reason is that in healthcare there are other circumstances and additional requirements on technical equipment usage when it comes to immediate help for patients. A medical doctor cannot afford to fumble with password login or other security controls when access to patient data is critical for the patient's life. For example, I discussed this issue in this article (in German).
During my postdoc time at university, I was the acting project manager of the RUBTrust/MediTrust project, where we aimed at developing and evaluating a secure and trustworthy client platform for the administration and processing of sensitive data. RUBTrust concerned data of students in an electronic administration system of a university, and MediTrust concerned electronic health data of patients. Both projects included an intensive end-user study to evaluate the usability of the underlying security mechanisms. In particular, this project was implementing and testing ideas from applying the TVD concept to the e-health cloud.
Research Works
Journal of Medical Internet Research 2016; 18(7):e191, DOI: 10.2196/jmir.4480
Technical Report, Ruhr-Universität Bochum, December 2013.
E-HEALTH-COM, Nr. 6, 2013, S. 38-39.
Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.
Datenschutz und Datensicherheit (DuD) 06/2012, pp. 419-424, Springer Gabler, 2012.
Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012
IHI 2012: Proceedings of the 2nd ACM SIGHIT International Symposium on Health Informatics, ACM, 2012.
Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol. 4, pp. 385-389, ISfTeH, Luxembourg, 2011.
Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress.
Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), pp. 220-229, ACM.
Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012.