160 likes | 267 Views
“Mobile Health in a Modern World: Tying in Convenience with Security. Luke Varner Fall 2013 IT-6873. What is Mobile Health?.
E N D
“Mobile Health in a Modern World: Tying in Convenience with Security Luke Varner Fall 2013 IT-6873
What is Mobile Health? Mobile Health, often abbreviated as mHealth, refers to the use of mobile communications devices in the reception and delivery of healthcare services. Some examples of mHealth devices include: • Laptops • PDAs • Smartphones • Tablets • Heart rate monitors These devices provide convenience as well as the ability to treat and administer healthcare services remotely. While the convenience and utility of using mobile devices in healthcare cannot be understated, there are growing concerns about the security of the devices, especially in regard to the information they contain.
Mobile Health Sensors Mobile health sensors are devices used by patients and practitioners that monitor and collect data on a variety of health conditions including: • Heart function • Blood glucose levels • Sleep cycles • Eating habits • Pregnancy Monitoring The sensors are used in different ways. Some collect data and it is analyzed by a practitioner after a certain period of time. Other sensors are connected to gateways and provide real time health information about a patients health status.
Mobile Health Sensor Security The functionality and capability these mobile health devices provide is important but the need to maintain confidentiality, privacy, and HIPAA compliance is becoming an ever increasing issue. The increasing availability of mobile devices also means there are more avenues for attackers to try to gain access or tamper with your information. The last thing we want with mobile health devices is someone stealing or messing with our health information. The next few slides will discuss and analyze current literature surrounding mHealth sensors and their security.
Literature Review: Adaptive Security and Privacy for mHealth Sensing • Market for sensing devices has grown very large. • Concern over the privacy of the information these devices contain. • Encryption is crucial, but small devices lack the computing power for long key encryption/decryption. • Inefficient against brute force attacks. • Solution: Dynamic message authentication codes that vary the size of packets based on the presence of potential threats. • Ensures smallest as well as most secure form of transmission of sensor data. • Figure 1b illustrates the adaptability of the new model and how the size can very based on perceived threat.
Synthesis and Analysis mHealth sensing device use is on the rise and we need to adapt and develop ways of ensuring the security of PHI with all devices that we use. New technology is no excuse for ignorance about health information security. This article identifies how we are adapting technology capabilities to accommodate for security. Before long, the computing power of mobile sensor devices will allow health organizations to use stronger security and encryption methods. We just need to make sure we are updating our security standards and policies as new technology comes out. Cutting edge technology is not only available to those with good intentions but also to those with dishonest intentions.
Questions As a security professional, how would you address the threat that new devices and technologies pose to mobile devices in the health industry?
Literature Review: Plug-n-Trust: Practical Trusted Sensing for mHealth • Delivery and protection of sensor data is insecure in transmission. • Need methods to secure the gateway mechanism that is transferring patient data. Typically a mobile phone. • Solution: Employ the use of Plug-n-Trust smart cards to ensure information security. • Transmission and access to sensor data could only occur when the smart card was plugged in to phone. • Simple and secure mechanism that is affordable. • Small hard disk size limits tampering of device information and maintains software infrastructure integrity. • Figure 1 illustrates the architecture of how the plug-n-trust system would operate.
Synthesis and Analysis The plug-in-trust method adopts a smart approach at securing health information on convenient mobile devices. As the first article discusses, in order to enable the level of security we are striving for on our mobile devices we need to adapt to the level of technology that is available. Plug-in-trust uses the small size of smart cards as an advantage for device security. There is discussion of whether the plug-n-trust system is too limited and if smart cards are the way to go. This has lead to research investigating the application of sandboxes and virtual machines on mobile devices as a way of securing information. Because of the usefulness of virtual machines in securing temporary sessions and creating safe avenues for data transmission I see their use in securing mobile data transmission as being significant.
Questions What do you think of the Plug-n-Trust system of securing the transmission of mHealth sensor data? Do you think that virtual machines and sandboxes will have a legitimate use and purpose in mobile device security in the future? Why?
Literature Review: Efficient Security Mechanisms for mHealth Applications Using Wireless Body Sensor Networks • Wireless body sensors are becoming increasingly useful for constant health monitoring applications. • Because of frequent information gathering and transmission it is even more crucial to ensure information security and integrity. • Solution: Implement a three tiered security architecture to secure data transmission. The three tiers being the sensor on the patient, the transmission medium (router), and the base station. • The method encourages a three layered security approach that provides security and protection at all levels of information transmission. Figure 1 illustrates the 3-tiered architecture proposed in the study
Synthesis and Analysis This approach is similar to the Plug-n-Trust study in that it identified a three tiered approach to mHealth information security. This study, however, chose to adopt a methodology for covering all the devices involved with information transmission. The methods used by the researchers were proven in concept but are yet to be used in actual health environments. I would argue that while the architecture seems very secure, the speed and economy of the system might be in question. Because of the issues of data sensitivity and necessity of speed in sensor transmission of patients requiring constant monitoring, it is critical to review this model in a real test scenario.
Questions How would you go about testing new mHealth technologies and systems that are designed to monitor patients in critical health situations? What are your feelings about the use of mobile devices in the healthcare industry? Specifically, do you think we should be using any new technology that becomes available or should we be more cautious about adopting and using this technology?
Presentation Summary mHealth is a rapidly growing field involving the use of mobile devices in the transmission and reception of health information. Due to the nature of the information being transmitted on these devices, security is at the forefront of issues regarding mHealth. More specifically, this presentation focused on the security of mobile health sensor technology. Three different approaches and methodologies were discussed including Adaptive Security, Plug-n-Trust, and a three tiered architecture. The information and suggestions presented in these studies identify the growing importance of keeping security levels up to par with the technology that is available as well as placing the patient first when creating security protocols and policy.
References Kumar Sahoo, P. (2012). Efficient Security Mechanisms for mHealth Applications Using Wireless Body Sensor Networks. Sensors (14248220), 12(9), 12606-12633. doi:10.3390/s120912606. Retrieved fromhttps://connect.spsu.edu/eds/pdfviewer/,DanaInfo=.aeikvDjhzkxrz46Nr43+pdfviewer?vid=4&sid=eb41fd0a-8e58-46b9-95d8-6055601d0e01%40sessionmgr11&hid=16 Sorber, J., Shin, M., Peterson, R., & Kotz, D. (2012). Plug-n-trust: practical trusted sensing for mhealth.MobiSys, 309-322. doi: 10.1145/2307636.2307665. Retrieved from http://sharps.org/wp-content/uploads/SORBER-MOBISYS.pdf. Mare, Shrirang. Sorber, Jacob. Shin, Minho. Cornelius, Cory Kotz David.(2010). Adaptive Security and Privacy for mHealth Sensing. Retrieved from: http://sharps.org/wp-content/uploads/MARE-HEALTHSEC.pdf
Acknowledgements I would like to thank my fellow classmates for their help in the creation of this presentation. I have learned and adopted fresh view points as a result of our discussion postings and presentations. Specifically, I would like to thank Daniel Gellman and Jonathan Ashley whose articles I used in this presentation. I would also like to thank Dr. Zhang for her guidance and facilitation of interesting discussion and debate.