Security and Privacy for Mobile Health-Care (m-Health) Systems

Fast and secure access to patients’ records helps to save lives with timely treatment in emergency situations. Therefore, anywhere-anytimeaccessible online health-care or medical systems play a vital role in daily life. Advances in (wireless) communications and computing technologies have lent great forces to migrating health-care systems from the paper based to the EHR (electronic health record) based, giving rise to increased efficiency in human operations, reduced storage costs and medical errors, improved data availability and sharing, etc. Unfortunately, such convenience also comes with concerns, which should be carefully addressed. For example, medical or health record privacy is a major concern to the patients and becomes the major barrier in the deployment of the EHR-based health-care systems. It is observed that privacy and security breaches have already penetrated every aspect of our activities and living environment including health care, financial, voting, e-commerce, military, etc. Thus, there is an urgent need for the development of architectures assuring privacy and security that are imperative to safeguarding confidential information wherever it digitally resides. Despite the paramount importance, little progress has been introduced by researchers in the design of security and privacy architectures for the EHR-based health-care system. In particular, two extremely critical issues are rarely touched in the research realm: health information privacy and sharing. Health information privacy (or medical record privacy) refers to the confidentiality and access restrictions of patients’ protected health information (PHI) which contains sensitive and personal information such as disease history and undergoing treatment. There are good reasons for keeping the records private and limiting the access to only minimum-necessary information: an employer may decide not to hire someone with psychological issues, an insurance company may refuse to provide life insurance when aware of the disease history of a patient, a person with certain types of disease may be discriminated by the health-care provider, and so on. However, fundamental developments of health-care systems have threatened the confidentiality of medical records and patient privacy [1], one of which is the exponential increase in the use of computers and automated information systems for health records. Computers (connected to a network) are now commonly used by the health-care providers to store and retrieve patients’ electronic health records (EHRs).