ABSTRACT
The deployment of Internet of Things platforms as well as the use of mobile and wireless technologies to support healthcare environments have enormous potential to transform healthcare. This has also led to a desire to make eHealth and mHealth part of national healthcare systems. The COVID-19 pandemic has accelerated the requirement to do this to reduce the number of patients needing to attend hospitals and General Practitioner surgeries. This direction, however, has resulted in a renewed need to look at security of future healthcare platforms including information and data security as well as network and cyber-physical security. There have been security frameworks that were developed to address such issues. However, it is necessary to develop a security framework with a combination of security mechanisms that can be used to provide all the essential security requirements for healthcare systems. In addition, there is now a need to move from frameworks to prototypes which is the focus of this paper. Several security frameworks for eHealth and mHealth are first examined. This leads to a new reference model from which an implementation framework is developed using new mechanisms such as Capabilities, Secure Remote Procedure Calls, and a Service Management Framework. The prototype is then evaluated against practical security requirements.
ABSTRACT
AIM: New challenges are being faced by global healthcare systems such as an increase in the elderly population, budget cuts as well as the ongoing Covid-19 pandemic. As pressures mount on healthcare systems to provide treatment to patients, mHealth is seen as one of the possible solutions to addressing these challenges. Given the sensitivity of health data, the rapid development of the mHealth sector raises privacy concerns. The aims of this research were to investigate privacy threats/concerns in the context of mHealth and the management of chronic diseases and to propose a novel privacy framework to address these concerns. SUBJECT AND METHOD: The study adopted a modified version of the engineering design process. After defining the problem, information was gathered through literature reviews, and analyses of existing regulatory (privacy) frameworks and past research on privacy threats/concerns. Requirements for a new framework were then specified leading to its development and comparison with existing frameworks. RESULTS: A novel future-proof privacy framework was developed and illustrated. Using existing regulatory frameworks for privacy and privacy threats/concerns from research studies, privacy principles and their resulting requirements were identified. Furthermore, mechanisms and associated technologies needed to implement the privacy principles/requirements into a functional prototype were also identified. A comparison of the proposed framework with existing frameworks, showed that it addressed privacy threats/concerns in a more comprehensive manner. CONCLUSION: This research makes a valuable contribution to protecting privacy in mHealth. The novel framework developed is an improvement on existing frameworks. It is also future-proof since its foundations are built on regulatory frameworks and privacy threats/concerns existing at the time of its deployment/revision.