Towards the Use of Blockchain in Mobile Health Services and Applications.

With the advent of cryptocurrencies and blockchain, the growth and adaptation of cryptographic features and capabilities were quickly extended to new and underexplored areas, such as healthcare. Currently, blockchain is being implemented mainly as a mechanism to secure Electronic Health Records (EHRs). However, new studies have shown that this technology can be a powerful tool in empowering patients to control their own health data, as well for enabling a fool-proof health data history and establishing medical responsibility. Additionally, with the proliferation of mobile health (m-Health) sustained on service-oriented architectures, the adaptation of blockchain mechanisms into m-Health applications creates the possibility for a more decentralized and available healthcare service. Hence, this paper presents a review of the current security best practices for m-Health and the most used and widely known implementations of the blockchain protocol, including blockchain technologies in m-Health. The main goal of this comprehensive review is to further discuss and elaborate on identified open-issues and potential use cases regarding the uses of blockchain in this area. Finally, the paper presents the major findings, challenges and advantages on future blockchain implementations for m-Health services and applications.

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps.

Background: Smartphones can tackle healthcare stakeholders' diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective: To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods: Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results: The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions: Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.