Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions
Open Access
- 30 October 2017
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Access
- Vol. 6, 464-478
- https://doi.org/10.1109/access.2017.2767561
Abstract
e-Healthcare promises to be the next big wave in healthcare. It offers all the advantages and benefits imaginable by both the patient and the user. However, current e-Healthcare systems are not yet fully developed and mature, and thus lack the degree of confidentiality, integrity, privacy and user trust necessary to be widely implemented. Two primary aspects of any operational healthcare enterprise are the quality of healthcare services and patient trust over the healthcare enterprise. Trust is intertwined with issues like confidentiality, integrity, accountability, authenticity, identity and data management, to name a few. Privacy remains one of the biggest obstacles to ensuring the success of e-Healthcare solutions in winning patient trust as it indirectly covers most security concerns. Addressing privacy concerns requires addressing security issues like access control, authentication, non-repudiation, and accountability, without which end to end privacy cannot be ensured. Achieving privacy from the point of data collection in wireless sensor networks (WSN), to incorporating the internet of things (IoT), to communication links, to data storage and access, is a huge undertaking and requires extensive work. Privacy requirements are further compounded by the fact that the data handled in an enterprise is of an extremely personal and private nature, and its mismanagement, either intentionally or unintentionally, could seriously hurt both the patient and the future prospects of an e-Healthcare enterprise. Research carried out in order to address privacy concerns is not homogenous in nature. It focuses on the failure of certain parts of the e-Healthcare enterprise to fully address all aspects of privacy. In the middle of this ongoing research and implementation, a gradual shift has occurred, moving e-Healthcare enterprise controls away from an organizational level towards the level of patients. This is intended to give patients more control and authority over decision making regarding their PHI/EHR. A lot of work and effort is necessary in order to better assess the feasibility of this major shift in e-Healthcare enterprises. Existing research can be naturally divided on the basis of techniques used. These include data anonymization/ pseudonymization and access control mechanisms primarily for stored data privacy. This, however, results in giving a back seat to certain privacy requirements (accountability, integrity, non-repudiation, identity management). This paper reviews research carried out in this regard and explores whether this research offers any possible solutions to either patient privacy requirements for e-Healthcare or possibilities for addressing the (technical as well as psychological) privacy concerns of the users.Funding Information
- Deanship of Scientific Research at King Saud University through the research group (RG-1435-048)
- National Natural Science Foundation of China (61671349)
This publication has 53 references indexed in Scilit:
- Pseudonymization of patient identifiers for translational researchBMC Medical Informatics and Decision Making, 2013
- Privacy in mobile technology for personal healthcareACM Computing Surveys, 2012
- A Survey of System Architecture Requirements for Health Care-Based Wireless Sensor NetworksSensors, 2011
- Wireless sensor networks for healthcare: A surveyComputer Networks, 2010
- Security and Privacy Issues in Wireless Sensor Networks for Healthcare ApplicationsJournal of Medical Systems, 2010
- Privacy preservation and information security protection for patients’ portable electronic health recordsComputers in Biology and Medicine, 2009
- Requirements and design spaces of mobile medical careACM SIGMOBILE Mobile Computing and Communications Review, 2007
- Securing electronic health records without impeding the flow of informationInternational Journal of Medical Informatics, 2007
- What is e-Health (2): The death of telemedicine?Journal of Medical Internet Research, 2001
- Role-based access control modelsComputer, 1996