Certification and Security in Health-Related Web Applications: Concepts and Solutions

Advances in telecommunications and informatics have provided humanity with the opportunity to provide advanced services to people world-wide. One of the areas that have most benefited from information technology is the health sector. Health-related web applications have provided advanced services, such as telemedicine, to patients and doctors. However, these applications have brought along several responsibilities: to record, process and store medical information by following standard and lawful procedures, to protect medical data from unauthorized access, to ensure continuity and constant availability of healthcare services, etc.

The Web attracted more patients in this way increasing the popularity of freely available medical advice and knowledge. The abundance of web sites that offer medical content affected the way patients face their doctors, gave them a second opinion and increased their awareness. Its' successor, Web 2.0, was built on the same technologies and concepts, but also added a layer of semantic abstraction, offered a network as a platform sensation and gave a social networking aspect to healthcare and medical applications.

The web offers access to many databases that contain medical information, and has significantly changed the way patients seek medical help. According to recent surveys, 50% of patients access medical information via the internet before visiting their doctor and this information affects their choice of treatment. The assistant role of virtual communities for patients who seek for medical help and advice is undeniable. Researchers, practitioners, medical industry and patients jointly contribute their findings, products and experiences, to the community's knowledge base. The information transferred inside a health related virtual community and the stockpiled knowledge must be carefully protected from unauthorized use and validated in order to be qualitative and useful.

With the use of web-based healthcare applications, such as telemedicine, tele-healthcare, tele-homecare etc, doctors are able to provide medical services to patients in distant and isolated areas. All these applications assume that medical data, such as vital signs and a patient’s medical profile, are transferred securely and reliably over the complex infrastructure of the World Wide Web. Moreover, they assume the trustfulness of the source and destination of medical data.

Till now, the most widely used service is the distribution of informative content (i.e. medical documents, surveys, medical advices, news etc.). Content should be easily located and retrieved from patients. In order to facilitate new users, content can be forwarded to patients via appropriate services. However, information dissemination inside a medical community needs to be secured and certified. For example, dissemination via mailing lists requires security measures to be taken, to ensure the safe transfer of medical data, while medical rss feeds require validation and certification concerning their sources. In the former case (website transmission) cryptographic protocols, such as SSL (Secure Socket Layer), can be used by a member to communicate with the community site, whereas in the latter case a respectful healthcare association is required to certify the feed sources.

In the case of telemedicine systems, for example, a patient’s medical profile and other medical information are transferred over the network from the examination lab to the doctor's office in order for the doctor to be able to perform a diagnosis. According to the CIA model (confidentiality, integrity and availability), the medical information transferred across the network should be encrypted, secured and protected until it reaches its final destination. Patients' medical profiles should be accessible by their doctors in order to support diagnosis and care, but must be invisible to other patients, medical companies or individuals who don’t have the appropriate privileges. Moreover, medical data should be preserved for future use and must always be available, although protected from unauthorized alterations. The use of standards in the whole process of collecting, transferring, storing and managing sensitive medical data is a requirement and should be accompanied by auxiliary auditing and monitoring services in order to build a trust model between patients and doctors.

Security in Health-Related Web Applications has many aspects such as: a) authentication, which guarantees that medical data and consultation are genuine, b) authorization, which assures that medical data are accessed by appropriate right holders, thus reinforcing trust between the partners of a medical transaction, c) non-repudiation, which guarantees that both trustees will fulfill their obligations to a contract and will acknowledge all  conducted transactions, thus gradually enhancing the bonds between partners, d) risk management which refers to the ongoing iterative process of assessing web based applications for vulnerabilities, reinforcing them against threats and implementing appropriate security controls.

Certification is an addition to traditional aspects of security and is a means of guaranteeing that medical data are exchanged and processed appropriately. It requires auditing and ensures appropriateness of the medical process in terms of information security and compliance to suitable standards and regulations (ISO/IEC 27000 series, HIPAA directions and data protection laws).

Methodologically, taking security measures may maintain integrity, ensure availability and protect confidentiality however it does not guarantee the “ultimate” level of computer security. In the case of transferring medical data across complex computer networks, it might not suffice to secure the exchanging endpoints. Throughout its lifecycle, medical data is vulnerable to unauthorized access, alteration or manipulation, which without any security checks or presence of auditing procedures can easily go undetected, and weaken its reliability. In a secure lifecycle, medical data is managed and protected so that it remains authentic, reliable and useable, while retaining its integrity. These attributes of medical data can be preserved by implementing an effective Information Security Management System (ISMS) for Medical Information that ensures all three aspects of the aforementioned CIA model by implementing policies and procedures, allocating human and machine resources for all physical, personal and organizational aspects. Implementing an ISMS is not just putting measures in place, it means also auditing the system, evaluating its effectiveness and correcting it based on any identified security vulnerabilities or pitfalls, whether a security problem is caused from a human mistake or a manufacturer error.

Certification in web applications springs from the need to verify the accurate, impervious and protected exchange of data across the web. The persons accessing medical data, as well as the exchanging parties during transfers of medical data need to be accurately identified. Certifying these issues means that an auditing body can track down responsibilities and identify the culprit responsible for any breach of security, in any of the following areas: confidentiality, integrity, availability, authorization, non-repudiation.

These issues are of extreme importance when applied to medical virtual communities and the assistant role they provide to patients who seek for medical help and advice. In such communities it is important that the information transferred inside the community and the stockpiled knowledge is carefully protected from unauthorized access or use and validated in order to be qualitative and useful.

Summarizing all the above issues, any health-related web application (tele-medicine, tele-healthcare, tele-consultation etc.) must be examined under the prism of certification, security and confidentiality, but also fulfill authentication and non-repudiation requirements, thus providing a holistic approach in building trust within a networked web of medical information and tele-services.  Developers of web based medical applications should also consider how certification applies in their applications. In the following section we depict the critical issues on building, maintaining, securing and certifying health related applications and summarize the available solutions.

Security risks and compliance to standards

As telemedicine applications evolve, the amount of sensitive information that travels through the World Wide Web increases and subsequently more strict security measures need to be taken in order to protect this information from unauthorized access. The measures can vary from simple password encryption policies to advanced cryptographic methods such as elliptic curves. For example a medical web community can employ Virtual Private Network technology as an access control measure for its users. A Virtual Private Network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Since the users of the health community connect to the application via an encrypted tunnel, any conducted communication is private and therefore secure. However, this is not always sufficient to build trust between the users of the community, thus certification is another step forward.

The ISO/IEC 27000 series of standards intends to cover all the different levels and aspects of security, such as auditing of the data transfer process, assessment of information security risks, implementation of information security controls and continuous monitoring, maintenance and improvement of information security. Data protection authorities can associate the level of provided protection with the applied security measures and certify whether an organization is providing adequate level of protection for medical data. It needs to be examined whether an authoritative party, such as a national health association, the world health organization or the EU, is providing specific guidelines for taking appropriate security measures for medical data and achieving an adequate level of protection.  

An integral part of the ISO/IEC 27000 series in regards to health information systems, is the ISO/IEC 27799:2008 standard, which defines guidelines to support the interpretation and implementation of ISO/IEC 27002:2005 in health informatics. It specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. Healthcare organizations that comply with this standard ensure a minimum level of security and maintain confidentiality, integrity and availability of personal health information. Although the development of a security management system, which follows the ISO 27799:2008 directives, is a complicated task it is the first step in providing secure and trustful web based healthcare applications. Defining a clear and concise ISMS policy, which leads to the implementation of information security policies, is the real source pool for hardening the strength of a security management system. These policies can be systemic (e.g. access control policy), data (e.g. privacy policy) or human related (rules of conduct).   

The Health Insurance Portability and Accountability Act of 1996 is an attempt to use federal law in order to protect the privacy of medical records. The implementation of the HIPAA privacy regulations proved to be costly, inconsistent, and frustrating to both physicians and patients. Moreover, healthcare applications on the web usually cross national borders and as such, they face several legal issues, such as licensing, accreditation, concerns of identity theft and dependency, which are difficult to be properly addressed by legislative entities.

The opt-out policy adopted by the U.S. Government defines that companies cannot collect consumer’s data if the consumer asks for it. Concerning medical information, U.S. laws assume total confidentiality in several issues (i.e. abortions, contraception or psychological diseases) but delegate decisions to the state laws in others. European Union has adopted an opt-in model for all personal data, which assumes that all personal information is classified until their owner grants access on them. According to the EC directive for medical data protection (95/46/EC), only health professionals can access medical information and are responsible for protecting confidentiality. According to the Recommendation (97) 5, medical data can be collected without user consent, only for preventing a real danger or in the case of a criminal offence. Moreover, if the law provides for this, data may be collected and processed in order to preserve vital interests of the data subject, or of a third person. In the case of genetic data this includes the members of the data subject’s genetic line.

Target audience

Students of management of healthcare systems and healthcare managers in general will use this book as a companion that helps them avoid design pitfalls and a walkthrough towards building trustful healthcare applications. More specifically, managers will understand what is critical and what is not in their information systems in terms of security and will be facilitated when taking strategic decisions that concern the Health Information Systems.

Medical professionals will use the book as a reference, a gateway which can lead to potential solutions for issues, which just lurk in the background. More specifically, they will learn how to protect their patients and themselves, from loss or theft of information and they will better understand the needs of the medical community. Furthermore, they will be able to identify the need for a security oriented mentality which will prohibit them away from dwelling into security pitfalls with even legal consequences.

Members of the pharmaceutical profession will identify the value of security when using health web applications and learn the pitfalls that lurk in the World Wide Web when not being able to identify the requestor of medical information or the providing hand of pharmaceutical products by means of internet pharmacies.

Security professionals working in medical institutions will be able to identify the specific requirements of the medical community, learn how medical practitioners perceive security and thus implement the proper measures to achieve an adequate level of security for medical data.

Security auditors, who aim to audit healthcare organizations, can identify by reading this book the security problems of health information systems in general and health web applications in particular, in order to build a concrete methodology in their line of work in regards to medical applications.

Computer science and medical students will get informed on the new advances in security, certification and building of trust in a healthcare community.

This book aims to bridge the two worlds of healthcare and information technology, to increase the security awareness of professionals, students and users from both worlds and to highlight the recent advances in certification and security in health related web applications.

The chapters

The book includes fourteen chapters that cover many different aspects of security and certification in health related web applications, ranging from the legal and ethical issues that concern the use and dissemination of medical data to different flexible data access control models and to the difficult task of increasing security awareness of users.

In the first chapter, entitled “Secure exchange of Electronic Health records”, the authors examine the traditional approaches in data access control, such as Mandatory Access Control, Discretionary Access control and Role-Based Access Control in terms of a shared care environment, where many medical professionals cooperate and exchange patient information. After a comparison of access control policies, the authors conclude that a shared care environment must define which information is collected, stored and accessed and suggest a flexible access control mechanism that protects privacy of patients and guarantees authorized access to stored data. The attribute-based encryption model allows the encryption of different sections of an electronic health record, which can be decrypted only by the owners of the proper key. Patients grant access to their doctors, who consequently are able to delegate access to collaborating physicians.

In the second chapter, entitled “Modeling access control in healthcare organizations”, the authors examine the security of hospital applications. They first explore issues in managing access control and security of healthcare information and review the possible threats and vulnerabilities for a hospital security plan, such as hardware or software failure, weak passwords and password stealing, misuse and abuse of the hospital information system etc. The paper introduces a hierarchical access model, which covers data ownership and access control issues and discusses the security issues that arise.

In chapter three, “A Context-Aware Authorization Model for Process-Oriented Personal Health Record Systems”, authors assume a process-oriented approach in Patient Health Records management and present a security framework that addresses several authorization and access control issues. The proposed framework capitalizes on tight and just-in-time authorization in order to guarantee that only authorized users get access to patient data and only for performing a specific task. A set of permissions, which is continuously adjusted in order to adapt to the changing context, reduces the risk of compromising information integrity during task execution.

The fourth chapter, entitled “Improving Security Policy Coverage in Healthcare”, presents a privacy protection architecture called PRIMA, which attempts to increase the usability of healthcare applications without compromising the security of patient information. The components of the PRIMA architecture guarantee policy definition, auditing of actions and restrictions throughout the clinical process and refinement of the original policies per case. As a result, the security policies and exceptions are more precise and realistic and fit to the clinical workflow instead of impeding it thus enabling improved privacy protection for the patient and increased usability of the clinical workflow.

The fifth chapter, entitled “Flexibility and Security of Careflow Systems Modeled by Petri Nets”, deals with design and analysis of healthcare workflow systems and provides a solution that improves their structural and behavioral flexibility. Giving emphasis on flexibility, without neglecting security, security in careflow systems is conceptually modeled using Petri nets and colored Petri nets. In this model, security and flexibility are covered separately and incrementally in sequential order. Dynamic change, case handling and mainly worklets are employed for increasing workflow flexibility in design and run time and consequently security models are applied in each step of the careflow system.

Chapter six, “Information security standards for Health Information systems - The Implementer’s Approach”, provides an overview of information security management standards in the context of health care information systems and focuses on the most widely accepted ISO/IEC 27000 family of standards for information security management. The chapter is a guide for developing a complete and robust information security management system for a health care organization, which mentions special implications that are met in a health care organization, as well as special considerations related to health related web applications. The guide is based on special requirements of ISO/IEC 27799:2008.

Chapter seven, “Statistical models for EHR security in Web healthcare information systems”, capitalizes on the quality and reliability issues of web information systems in healthcare. It presents how a wrong security policy decreases the reliability of the system and consequently deteriorates its overall quality and suggests several statistical models for evaluating the reliability of software. The modelling and study of the reliability of an EHR, especially when it is based on a service-oriented architecture, is performed with statistical models and measures called web metrics which assess the performance of health related applications and alert when reliability reaches critical levels.

Chapter eight, entitled “Identity Management and Audit Trail Support for Privacy Protection in E-Health Networks”, focuses in e-health networks and privacy protection. Since e-health networks can improve the efficiency and quality of care, they set a major requirement for security, privacy and trust management in a systematic manner. The chapter suggests Federated Identity Management and a single sign on framework in order to control access to patient data, and an auditing and reporting mechanism in order to validate and ensure compliance to security policies.

The ninth chapter, which is entitled “Certification and Security Issues in Biomedical Grid Portals: The GRISSOM Case Study”, discusses certification and security issues in biomedical grid portals and presents the security infrastructure of GRISSOM (Grids for In Silico Systems biology and Medicine) platform. GRISSOM consists of a web-based portal and a Web Service that enables statistical data analysis over a grid infrastructure. The chapter presents the security infrastructure that manages user authentication and access issues and offers data encryption, Grid secure access and Web Service Security.

Chapter ten, “Health 2.0 and Medicine 2.0: Safety, Ownership and Privacy Issues”, examines security of health related web applications under the collaborative prism of Medicine 2.0 and Health 2.0. The virtual interactions between patients and health professionals raise concerns about disintermediation and magnify the need for privacy and information security. The chapter considers the key debates that occur in the literature with respect to the terms Medicine 2.0 and Health 2.0 and examines all potential solutions to security and privacy issues from a patient-centered aspect.

The eleventh chapter, entitled “Securing and Prioritizing Health Information in TETRA Networks”, studies the issues of collecting and transferring patient information using mobile devices. The study refers to TETRA networks and examines how simply a healthcare professional can collect physiological data from mobile and/or remote patients and how securely and reliably health information can be transferred from emergency places to hospitals. The chapter gives an overview of the TETRA technology and analyses the characteristics of TETRA calls.

Chapter twelve, “Online advertising in relation to medicinal products and health related services: Data & Consumer Protection Issues”, examines several issues of online advertising in relation to medicinal products and health related services. The chapter clearly shows that the marketing of medicinal products over the internet puts consumers at a number of risks related to both their privacy and their health and studies whether the existing EU legislation can efficiently protect the individual, who may be induced to disclose his/her health related information.

In chapter thirteen, “Password Sharing and How to Reduce It”, authors present a cross sectional case study of how healthcare professionals actually deal with password authentication in typical real world scenarios. The chapter compares the professionals’ actual practice with what they feel about password sharing and what are the most frequent problems associated with it and suggests how to solve or minimize some of these problems by using both technological and social cultural mechanisms.

Finally, chapter fourteen, “Behavioral Security: Investigating the attitude of nursing students toward security concepts and practices”, presents a case study on behavioral factors toward the applicability of security measures and practices in healthcare applications and investigates human attitudes in regards to security consciousness and familiarity. The study empirically assesses the intention of undergraduate nursing students to apply security concepts and practices and concludes that the perceived benefits, the general security orientation and self-efficacy of nursing students in applying security concepts and practices is more significant than a series of other constructs.

Conclusions

The main aim of this book is to enlighten the path for building secure and trustful healthcare applications for the web, which is expected to serve patients’ and practitioners’ aims. This holistic approach comprises several actions, such as:

• To alert patients and practitioners in regards to security issues, and more specifically,
• To raise the level of security awareness of: a) IT professionals, who develop, maintain or contribute to health related communities, b) patients that reveal their privacy to a doctor over the web and make use of medical advices shared by other patients, c) medical professionals that use web based applications and may not understand the special issues that arise when accessing medical data across huge and potentially unsecured computer networks, d) pharmacists that use the World Wide Web to acquire medical information or pharmaceutical products or to supply pharmaceutical services of their own by means of internet pharmacies,
• To propose a set of technologies, which can under circumstances ensure that patients and medical professionals benefit from using community services while minimizing the risk of phishers, spammers, hackers and crackers exploiting potential security holes,
• To form a methodology for certifying the validity of exchangeable medical data, exchanging parties and the exchange process.  
• To review the certification and security procedures through collaboration, to identify open threats and emerging needs and to provide solutions.
• To cover as many security and certification issues as possible and provide practical solutions and case study applications.
• To identify the need for frequently revisable security plans and periodical risk assessments in order to update the overall security of health information systems.

This holistic solution can be summarized to a flexible security management system, which complies with standards, takes into account all the restrictions imposed by law and continuously evolves and strengthens against potential risks. The gains from a certified security management solution are many for patients and medical professionals: (1) the availability of healthcare information is valuable for the effective operation of healthcare organizations, (2) the protection of the personal and healthcare information, promotes the trust among patients and the healthcare professionals, (3) minimizing risk from the medical law point of view protects healthcare enterprises and organizations from legal sanctions – penalties and reduces negotiation overhead between the healthcare organization and the patient.

This book provides a novel aspect of security of medical applications, which covers both security and certification. It touches several legal and ethical issues that relate to the use of health information and introduces a new perspective on the security of healthcare information systems which relates to the acceptance of security policies and technologies by the medical community members. It is an excellent source of comprehensive knowledge and literature on the topic of certification and security in e-health applications and we hope that readers will find it useful when endeavoring in their line of work.

Anargyros Chryssanthou, Ioannis Apostolakis, Iraklis Varlamis
Editors