Skip to main content

Securing Medical Data in Smart Patient-Centric Healthcare Systems

Periodic Reporting for period 1 - SERUMS (Securing Medical Data in Smart Patient-Centric Healthcare Systems)

Reporting period: 2019-01-01 to 2020-06-30

In order to achieve high quality healthcare provision, it is increasingly important to collect highly confidential and personal medical data that has been obtained from a variety of sources, including personal medical devices and to share this through a variety of means, including public networks and other systems whose security cannot be implicitly trusted. Patients rightly expect full privacy, except where permission has been explicitly given, but they equally expect to be provided with the best possible medical treatment.
Evidence suggests that integrating home-based healthcare into a holistic treatment plan is more cost effective, reduces travel-associated risks and costs, and increases the quality of healthcare provision, by allowing the incorporation of more frequent home-, work- and environment-based monitoring and testing into medical diagnostics. There is thus a strong and urgent demand to deliver better, more efficient and more effective healthcare solutions that can achieve excellent patient-centric healthcare provision, while also complying with increasingly strict regulations on the use and sharing of patient data.
This provision needs to be multi-site, crossing traditional physical and professional boundaries of hospitals, health centres, home and workplace, and even national borders. It needs to engage hospitals, medical practitioners, consultants and other specialists, as well as incorporating patient-provided data that is produced by personal monitoring devices, healthcare apps, environmental monitoring etc. This creates huge pressures.
The goal of Serums is to put patients at the centre of future healthcare provision, enhancing their personal care, and maximising the quality of treatment that they can receive, while ensuring trust in the security and privacy of their confidential medical data.
Work done during the reporting period (months 1-18) includes reaching our success criteria (SC):
SC1: Produced the initial requirements analysis for the three hospital use cases considered (from ZMC -the Netherlands; from FCRB - Spain; from USTAN -UK). All use cases address slightly different problems and intentionally stress the distribution of data and systems in real applications, and how data may be shared across through untrusted networks.
SC2: Defined initial format for smart patient records. The need for a format that can be able to bring dispersed sources of data with different formats is illustrated by our use cases, we have defined a format that can work also for other variations of the use cases, and hence is flexible and universal.
SC3: Defined initial security metrics and authentication policies; Defined initial Change Plan.
SC4: Developed initial authentication methods and initial data fabrication and semantics-preserving encryption techniques. The authentication methods explore novel solutions with the idea to suit a variety of users (e.g. picture passwords instead of conventional passwords for increased memorability). IBM's DFP has been used to express (through the tools rule modelling language) rules for the data from the different use cases, and are in different stages of iteration.
SC5: Developed initial version of the SERUMS data lake and the associated storage and access methods
SC6: Developed initial privacy-preserving learning techniques, initial data fabrication and semantic-preserving encryption, initial Smart Health Centre System (SHCS); Initial versions of use cases developed and evaluated. The USTAN's use case has started to be explored for the privacy-preserving learning techniques given it uses structured data. The other use cases have been used for the evaluation of the authentication mechanisms. An initial SHCS has been developed forming a SERUMS Platform.
SC7: Completed final requirements analysis, as the use cases have been refined and the first evaluation results have been achieved.
SC8: Defined refined format for smart patient records.
We have developed novel privacy-preserving learning techniques that have a solid theoretical foundation. We expect until the end of the project to evaluate them on our SERUMS fabricated data sets, and refine the learning techniques as required. This will be a very important result as the predominance of big data analytics and the dangers of information leakage are very present.
We will improve the data fabrication process and its validation to make sure the quality of the fabrication makes the data undistinguishable from real data. This is fundamental as a technique, and will enable us to use our system entirely without compromising its security and privacy. This will generate data sets that are realistic and can be used for the purposes of research in a number of areas.
We will develop new authentication mechanisms that can be adapted to suit the abilities and the needs of the users, considering not just young users used to technology, but the elderly and frail that may find some aspects of technology harder to deal with. The picture-passwords being develop aim to enhance the diversity of needs and abilities and help users. Our evaluation through the use case partners throughout the remainder of the project will make it possible to refine our approaches further.
The smart patient record and the use of the data lake will serve as a mechanism to deal with very diverse data with different provenance. This is essential for our project and a realistic healthcare system that should be able to share medical records across systems in Europe.
Solutions that need to be secure and can be audited include our approach with blockchain. We need to continue working on rules to ensure that we can handle different local legislation and also conform with GDPR at all times.