Security in remote healthcare

How to protect the patient’s data and identity in an increasingly digital world. Best practice advice from the Personal Connected Healthcare Alliance.

Remote health monitoring and Electronic Health Record (EHR) technologies are under development worldwide to improve the quality and safety of healthcare coordination and public health – while still ensuring the privacy and security of patient health information.  Interoperability and scalability enable cost savings and are thus fundamental to affordable healthcare coordination.

The remote monitoring and EHR ecosystem includes end-users taking measurements using state-of-the-art medical & fitness sensors, gateways to communicate these measurements over a network to health & fitness providers, and finally to health information services to allow access to patient information by a clinician.

The Personal Connected Health Alliance (PCHA) is a leading organisation convening, constraining and advocating global technology standards to advise developers of end-to-end interoperable solutions for personal connected health.  It publishes the Continua Design Guidelines that clearly define interoperable interfaces that enable the secure flow of medical data among sensors, gateways, and end services, removing ambiguity in underlying healthcare standards and ensuring consistent implementation through product certification.

The Continua Design Guidelines implements a Personal Health Devices Interface centered around or defined by the IEEE 11073 Personal Health Device (PHD) family of standards for data format and exchange between the sensor and the gateway.  It defines a Services Interface centered around or defined by the Integrating the Healthcare Enterprise (IHE) PCD-01 Transaction to move data between a Personal Health Gateway and Health & Fitness Services.

A Health Information Service Interface is centered around or defined by the Health Level 7 International (HL7)-based Personal Health Monitoring Report (PHMR) to move information between a Health and Fitness Service and Healthcare Information Service provider (e.g. EHR).  End-to-end security and privacy are addressed through a combination of identity management, consent management and enforcement, entity authentication, confidentiality, integrity and authentication, non-repudiation of origin, and auditing.

Personal Health Devices Interface

The IEEE 11073 Personal Health Device family of standards was developed by the IEEE to specifically address the interoperability of personally owned medical or health devices (e.g. thermometers and blood pressure monitors) with an emphasis on personal use and a more simple communications model.  This family of standards ensures that the user of the data knows exactly what was measured where, when, and how, and that this critical information is not lost as it is transported from the sensor, across the gateway and, ultimately, to the electronic health record system.

The Continua Design Guidelines support the secure transmission of IEEE 11073 standards-based personal health data from a Personal Health Device (e.g. sensor) to the Personal Health Gateway over a variety of networking transports including USB, ZigBee, NFC, Bluetooth and Bluetooth Low Energy (LE).

Data confidentiality and integrity across the Personal Health Devices Interface is achieved via the underlying network communication technology associated with each device.  For example, a PHD interface employing the ZigBee standard would implement security mechanisms per the ZigBee Healthcare Profile.  The Bluetooth LE transport would utilise LE security mechanisms such as Passkey Entry Pairing, association models, key generation, and encryption.

Data Authentication, Authorisation, Integrity, Confidentiality, Privacy, Availability, Accessibility and Traceability may be incorporated into the IEEE 11073 device specialisations and would be supported in the Continua Design Guidelines.

phones

Services Interface

The Services Interface allows the uploading of the data gathered at the patient point of care to include personal health device observations, the exchange of questionnaires and responses, and the management of consent directives over a wide area network via HTTP and RESTful interfaces.  The design guidelines ensure interoperability by constraining the IHE profile specifications and the HL7 messaging standards, providing implementation guidance and then independent interface certification to ensure adherence to the correct guidelines.  For the Services Interface, security is achieved through confidentiality, integrity and service authentication, consent management, consent enforcement, auditing, and entity authentication as outlined below.

Confidentiality, Integrity and Service Authentication employs web services layer security between the gateway and EHR via the Web Services Interoperability Basic Security Profile.  This profile provides interoperability guidance for core web service specifications such as SOAP.

Consent management is achieved via the HL7 CDA® Release 2 Consent Directive.  This directive documents a bilateral agreement between the patient and an individual or organisation, which grants or withholds authorisation to access individually identifiable health information about the patient. HL7 has produced a draft standard for trial use for implementing consent directives using CDA Release 2.

Consent Enforcement is realised by implementing the World Wide Web Consortium’s (W3C) eXtensible Markup Language (XML) Encryption Standard to enable enforcement of patient consent by encrypting the measurement or questionnaire payload in addition to using point-to-point link security. This enables both the sender and the receiver of the payload to control access to the payload based on the consent policy.  In the case of the transport protocol using hData over HTTP, consent enforcement is enabled through the use of IHE DEN profile.

Auditing is accomplished via IHE’s Audit Trail and Node Authentication (ATNA) Integration Profile, creating a secured domain by ensuring that communicating entities are authenticated by local systems (e.g., X.509) before allowing network access.

Entity Authentication constrain the Web Services (WS) Security profile from the WS-Interoperability Basic Security Profile by using only the WS-Security Header with the SAML 2.0 assertion as security token and allowing the use of any other token for providing the identity information, including OAuth.  Assertion is utilised via SAML 2.0 within HTTP/SOAP uploads and OAuth access tokens are used in REST/hData uploads.

Health Information

Services Interface

The Health Information Services Interface provides for the electronic exchange of health records employing an HL7-based PHMR.  Continua worked with HL7 to develop and define the PHMR to aggregate and deliver personal healthcare monitoring information to electronic medical record systems, including the representation of measurements captured by personal health devices.  Continua is currently updating the HL7 PHMR specification, turning the Draft Standards for Trial Use (DSTU) into a final normative specification.  Security is achieved through confidentiality, integrity and authentication, entity authentication, identity management, consent management, consent enforcement, non-repudiation of origin, and auditing as outlined below.

Confidentiality, Integrity and Authentication employs transport layer security as specified in IHE’s Cross Enterprise Document Reliable Interchange (XDR) profile for direct communications.  For indirect communications via the IHE Cross Enterprise Document Media Interchange (XDM) profile, the exported file is delivered via email using S/MIME to ensure security.

Entity Authentication is achieved via the IHE Cross-Enterprise User Assertion Profile (XUA), to provide a means to communicate claims about the identity of an authenticated principal (e.g., user, application, system) in transactions that cross enterprise boundaries.  The IHE Cross-Enterprise User Assertion Profile – Attribute Extension (XUA++), extends the XUA profile with options that enable access controls on the service side (consumer of the data).

Identity Management is realised via IHE’s Patient Identity Feed Transaction to communicate patient identification and demographic data, IHE Patient Identifier Cross-Reference HL7 Version 3 (PIXV3) to provide cross-referencing of patient identifiers from multiple Patient Identifier Domains (systems that share a common identification scheme and issuing authority for patient identifiers), and Patient Demographics Query HL7 Version 3 (PDQV3) to allow for multiple distributed applications to query a patient information server for a list of patients, based on user-defined search criteria, and retrieve a patient’s demographic information directly into the application.

Consent Management is accomplished via the HL7 CDA Release 2 Consent Directive that, as explained earlier, grants or withholds authorisation to access individually identifiable health information about the patient.

Consent Enforcement is achieved via the IHE Document Encryption Profile which provides a means to encrypt health documents independent of particular transport, healthcare application, or document type, thereby supporting end-to-end confidentiality in heterogeneous or unanticipated workflows.

Non-Repudiation of Origin, which is the assurance that someone cannot deny something, such as the receipt of a message or the authenticity of a statement or contract, is realised via the IHE Document Digital Signature profile that specifies the use of digital signatures for documents that are shared between organisations.

Auditing, similar to the Services Interface, is accomplished via IHE’s Audit Trail and Node Authentication Integration Profile.

The PCHA’s Continua Design Guidelines is the only international initiative to establish a secure end-to-end ICT framework for personal connected health and care with open standards.  It is the implementation specifics defined by these Continua Design Guidelines, and the independent certification of each vendor’s implementation, that helps to ensure secure and authentic interoperability from remote personal healthcare devices/sensors to personal health gateways and on to electronic health records systems.

For further information, white papers are available on the Personal Connected Health Alliance website.

Thom Erickson is member, board of directors, Personal Connected Health Alliance (PCHA) and VP, product management, Qualcomm Technologies.

RECENT ARTICLES

Aeris to acquire IoT business from Ericsson

Posted on: December 8, 2022

Ericsson and Aeris Communications, a provider of Internet of Things (IoT) solutions based in San Jose, California, have signed an agreement for the transfer of Ericsson’s IoT Accelerator and Connected Vehicle Cloud businesses.

Read more

Telenor IoT passes milestone of 20mn SIM cards

Posted on: December 8, 2022

Telenor, the global IoT provider and telecom operator, has experienced rapid growth over the last years and ranks among the top 3 IoT operators in Europe and among the top IoT operators in the world. The positive development is due to an accelerated pace of new customers combined with a successful growth of existing customers’

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

Talking Heads: The M2M Doctor is in the House

Posted on: December 26, 2013

Mobile health is M2M at its most rewarding. So says, Dan MacDuffie CEO of Wyless (left). And he should know, his managed services company has achieved 50% yearon- year growth recently and a growing portion of that is in mHealth and Wellness services. He’s certain we’re standing on the threshold of a new generation of health services that cut delivery costs, extend the reach

Read more

Talking Heads: mHealth gains ground as one-stop shops and M2M with ‘wired safety net’ bring efficient patient monitoring

Posted on: December 23, 2013

For years analysts have touted mobile healthcare as a huge opportunity for those offering machine-to-machine communication (M2M) services. Truth be told, the progress so far has been patchy, at best. So M2M Now asked Alexander Bufalino, SEVP Global Marketing at Telit, to describe the hurdles in the way of M2M mHealth, how they are now being overcome and what

Read more

Unlocking the total value of M2M

Posted on: December 19, 2013

Do you ever wonder why people and organisations invest in machine-to-machine communications (M2M) and the Internet of Things (IoT), asks Fred Yentz? Reasons may differ somewhat across industry segments but in most cases they fall in one or more of three categories: To make money, to save money or to be compliant. ILS Technology is squarely focused on helping

Read more

Paving the way to the Internet of Things

Posted on: December 17, 2013

Combining the ARM computing engine with location-awareness and wireless connectivity It’s set to be the Perfect Storm: The rapid growth of high-speed cellular networks and the introduction of IP version 6 which has enough IP addresses for every grain of sand on Earth. Add to this mix the proliferation of the ARM embedded computing architecture, now the de facto global

Read more

What’s the ‘real deal’ on the Internet of Things?

Posted on: December 16, 2013

The ‘Internet of Things’ buzzword appears to have picked up steam during the past several months as large players such as GE and Cisco have touted their stories on the growing number of connected devices. But, as Alex Brisbourne of KORE asks, how different, if at all, is the Internet of Things when compared with other connected device markets,

Read more

M2M Now Magazine December 2013 Edition

Posted on: December 5, 2013

M2M Now magazine explores the evolving opportunities and challenges facing CSPs across this sector. Our exclusive interviews pass on some key lessons learned by those who have taken the first steps in next gen Machine to Machine (M2M) services. In the latest issue: TALKING HEADS: Alexander Bufalino of Telit tells how one-stop shops and M2M with a ‘wired

Read more