Data-centric privacy protocol for intensive care grids

• Published in: IEEE transactions on information technology in biomedicine Vol. 14; no. 6; pp. 1327 - 1337
• Main Authors: Luna, J, Dikaiakos, M, Marazakis, M, Kyprianou, T
• Format: Journal Article
• Language: English
• Published: United States IEEE 01.11.2010
• Subjects: Access control; Authentication; Authorization; Computer Communication Networks - legislation & jurisprudence; Computer Communication Networks - standards; Computer Security - legislation & jurisprudence; Computer Security - standards; Confidentiality - legislation & jurisprudence; Confidentiality - standards; Data fragmentation; Data privacy; Data security; Electronic Health Records - legislation & jurisprudence; Electronic Health Records - standards; European Union; health grids; Humans; intensive care grid (ICGrid); Intensive Care Units - standards; Medical Informatics; Privacy; Protocols; security
• ISSN: 1089-7771; 1558-0032
• DOI: 10.1109/TITB.2010.2073478

Modern e-Health systems require advanced computing and storage capabilities, leading to the adoption of technologies like the grid and giving birth to novel health grid systems. In particular, intensive care medicine uses this paradigm when facing a high flow of data coming from intensive care unit's (ICU) inpatients just like demonstrated by the ICGrid system prototyped by the University of Cyprus. Unfortunately, moving an ICU patient's data from the traditionally isolated hospital's computing facilities to data grids via public networks (i.e., the Internet) makes it imperative to establish an integral and standardized security solution to avoid common attacks on the data and metadata being managed. Particular emphasis must be put on the patient's personal data, the protection of which is required by legislations in many countries of the European Union and the world in general. In this paper, we extend our previous research with the following contributions: 1) a mandatory access control model to protect patient's metadata; 2) a major security revision to our previously proposed privacy protocol by contributing with a "quality of security" quantitative metric to improve fragmented data's assurance; and finally, 3) a set of early results to demonstrate that our protocol not only improves a patient personal data's security and privacy but also achieves a performance comparable with existing approaches.