Securing Medical Data in Smart Patient-Centric Healthcare Systems

In order to achieve high quality healthcare provision, it is increasingly important to collect highly confidential and personal medical data that has been obtained from a variety of sources, including personal medical devices and to share this through a variety of means, including public networks and other systems whose security cannot be implicitly trusted. Patients rightly expect full privacy, except where permission has been explicitly given, but they equally expect to be provided with the best possible medical treatment.
Evidence suggests that integrating home-based healthcare into a holistic treatment plan is more cost effective, reduces travel-associated risks and costs, and increases the quality of healthcare provision, by allowing the incorporation of more frequent home-, work- and environment-based monitoring and testing into medical diagnostics. There is thus a strong and urgent demand to deliver better, more efficient and more effective healthcare solutions that can achieve excellent patient-centric healthcare provision, while also complying with increasingly strict regulations on the use and sharing of patient data.
This provision needs to be multi-site, crossing traditional physical and professional boundaries of hospitals, health centres, home and workplace, and even national borders. It needs to engage hospitals, medical practitioners, consultants and other specialists, as well as incorporating patient-provided data that is produced by personal monitoring devices, healthcare apps, environmental monitoring etc. This creates huge pressures.
The goal of Serums is to put patients at the centre of future healthcare provision, enhancing their personal care, and maximising the quality of treatment that they can receive, while ensuring trust in the security and privacy of their confidential medical data.

Work done during the reporting period (months 37-42) includes reaching our final success criteria (SC):

SC13 Developed final versions of the Serums tools and technologies
SC14 Develop and tested the final version of the Smart Health Centre System; developed and
evaluated final versions of use cases and produced the future roadmap.

We have developed novel privacy-preserving learning techniques that have a solid theoretical foundation. In the final period, we were able to evaluate them on one of our more complex SERUMS synthetic data sets (obtained through the use of IBM's Data Fabrication Platform). This is a very important result as the predominance of big data analytics and the dangers of information leakage are very present. This work was successfully completed in the final 6 months of the project.

In this period, we have also improved the data fabrication process and its validation to make sure the quality of the fabrication makes the data undistinguishable from real data. This is fundamental as a technique, and will enable us to use our system entirely without compromising its security and privacy. This will generate data sets that are realistic and can be used for the purposes of research in a number of areas. We achieved good results in this area, and were able to make use of a rich and complex dataset to improve and evaluate our technology developed and used in other parts of the project.

We have developed new authentication mechanisms that can be adapted to suit the abilities and the needs of the users, considering not just young users used to technology, but the elderly and frail that may find some aspects of technology harder to deal with. The picture-passwords being developed aim to enhance the diversity of needs and abilities and help users. Our evaluation through the use case partners throughout the project have allowed us to refine our approaches further.
The final evaluation made in the last 6 months of the project led to a few further recommendations and final changes to our technology.

Further final efforts in testing and formal verification of our Smart Patient Health Care system, including all individual technical components and their integration, led to further insights and evidence of correctness for our overall approach and developed technologies.

The smart patient record and the use of the data lake has been used in the project as a mechanism to deal with very diverse data with different provenance. This is essential for our project and a realistic healthcare system that should be able to share medical records across any system in use in Europe.
Solutions that need to be secure and can be audited include our approach with blockchain. We have completed the set of access rules required for our context which we believe can handle different local legislation and also conform with GDPR at all times.