A Security and Privacy Validation Methodology for e-Health Systems

e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, m...

Full description

Saved in:
Bibliographic Details
Published inACM transactions on multimedia computing communications and applications Vol. 17; no. 2s; pp. 1 - 22
Main Authors Amato, Flora, Casola, Valentina, Cozzolino, Giovanni, De Benedictis, Alessandra, Mazzocca, Nicola, Moscato, Francesco
Format Journal Article
LanguageEnglish
Published New York, NY ACM 01.06.2021
Subjects
Automated reasoning
Computing methodologies
Distributed computing methodologies
Domain-specific security and privacy architectures
Finite Model Theory
Security and privacy
Software and application security
Theory of computation
Verification by model checking
security and privacy for e-Health data
formal methods for security validation
e-Health management systems
security and privacy validation
Online AccessGet full text

Cover

More Information
Summary:e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While several security mechanisms exist that can be applied in an e-Health system, they may not be adequate due to the complexity of involved workflows, and to the possible inherent correlation among health-related concepts that may be exploited by unauthorized subjects. In this article, we propose a novel methodology for the validation of security and privacy policies in a complex e-Health system, that leverages a formal description of clinical workflows and a semantically enriched definition of the data model used by the workflows, in order to build a comprehensive model of the system that can be analyzed with automated model checking and ontology-based reasoning techniques. To validate the proposed methodology, we applied it to two case studies, subjected to the directives of the EU GDPR regulation for the protection of health data, and demonstrated its ability to correctly verify the fulfillment of desired policies in different scenarios.
ISSN:1551-6857
1551-6865
DOI:10.1145/3412373