Security in remote healthcare

Thom Erickson, VP, product management, Qualcomm
Technologies

How to protect the patient’s data and identity in an increasingly digital world. Best practice advice from the Personal Connected Healthcare Alliance.

Remote health monitoring and Electronic Health Record (EHR) technologies are under development worldwide to improve the quality and safety of healthcare coordination and public health – while still ensuring the privacy and security of patient health information.  Interoperability and scalability enable cost savings and are thus fundamental to affordable healthcare coordination.

The remote monitoring and EHR ecosystem includes end-users taking measurements using state-of-the-art medical & fitness sensors, gateways to communicate these measurements over a network to health & fitness providers, and finally to health information services to allow access to patient information by a clinician.

The Personal Connected Health Alliance (PCHA) is a leading organisation convening, constraining and advocating global technology standards to advise developers of end-to-end interoperable solutions for personal connected health.  It publishes the Continua Design Guidelines that clearly define interoperable interfaces that enable the secure flow of medical data among sensors, gateways, and end services, removing ambiguity in underlying healthcare standards and ensuring consistent implementation through product certification.

The Continua Design Guidelines implements a Personal Health Devices Interface centered around or defined by the IEEE 11073 Personal Health Device (PHD) family of standards for data format and exchange between the sensor and the gateway.  It defines a Services Interface centered around or defined by the Integrating the Healthcare Enterprise (IHE) PCD-01 Transaction to move data between a Personal Health Gateway and Health & Fitness Services.

A Health Information Service Interface is centered around or defined by the Health Level 7 International (HL7)-based Personal Health Monitoring Report (PHMR) to move information between a Health and Fitness Service and Healthcare Information Service provider (e.g. EHR).  End-to-end security and privacy are addressed through a combination of identity management, consent management and enforcement, entity authentication, confidentiality, integrity and authentication, non-repudiation of origin, and auditing.

Personal Health Devices Interface

The IEEE 11073 Personal Health Device family of standards was developed by the IEEE to specifically address the interoperability of personally owned medical or health devices (e.g. thermometers and blood pressure monitors) with an emphasis on personal use and a more simple communications model.  This family of standards ensures that the user of the data knows exactly what was measured where, when, and how, and that this critical information is not lost as it is transported from the sensor, across the gateway and, ultimately, to the electronic health record system.

The Continua Design Guidelines support the secure transmission of IEEE 11073 standards-based personal health data from a Personal Health Device (e.g. sensor) to the Personal Health Gateway over a variety of networking transports including USB, ZigBee, NFC, Bluetooth and Bluetooth Low Energy (LE).

Data confidentiality and integrity across the Personal Health Devices Interface is achieved via the underlying network communication technology associated with each device.  For example, a PHD interface employing the ZigBee standard would implement security mechanisms per the ZigBee Healthcare Profile.  The Bluetooth LE transport would utilise LE security mechanisms such as Passkey Entry Pairing, association models, key generation, and encryption.

Data Authentication, Authorisation, Integrity, Confidentiality, Privacy, Availability, Accessibility and Traceability may be incorporated into the IEEE 11073 device specialisations and would be supported in the Continua Design Guidelines.

phones

Services Interface

The Services Interface allows the uploading of the data gathered at the patient point of care to include personal health device observations, the exchange of questionnaires and responses, and the management of consent directives over a wide area network via HTTP and RESTful interfaces.  The design guidelines ensure interoperability by constraining the IHE profile specifications and the HL7 messaging standards, providing implementation guidance and then independent interface certification to ensure adherence to the correct guidelines.  For the Services Interface, security is achieved through confidentiality, integrity and service authentication, consent management, consent enforcement, auditing, and entity authentication as outlined below.

Confidentiality, Integrity and Service Authentication employs web services layer security between the gateway and EHR via the Web Services Interoperability Basic Security Profile.  This profile provides interoperability guidance for core web service specifications such as SOAP.

Consent management is achieved via the HL7 CDA® Release 2 Consent Directive.  This directive documents a bilateral agreement between the patient and an individual or organisation, which grants or withholds authorisation to access individually identifiable health information about the patient. HL7 has produced a draft standard for trial use for implementing consent directives using CDA Release 2.

Consent Enforcement is realised by implementing the World Wide Web Consortium’s (W3C) eXtensible Markup Language (XML) Encryption Standard to enable enforcement of patient consent by encrypting the measurement or questionnaire payload in addition to using point-to-point link security. This enables both the sender and the receiver of the payload to control access to the payload based on the consent policy.  In the case of the transport protocol using hData over HTTP, consent enforcement is enabled through the use of IHE DEN profile.

Auditing is accomplished via IHE’s Audit Trail and Node Authentication (ATNA) Integration Profile, creating a secured domain by ensuring that communicating entities are authenticated by local systems (e.g., X.509) before allowing network access.

Entity Authentication constrain the Web Services (WS) Security profile from the WS-Interoperability Basic Security Profile by using only the WS-Security Header with the SAML 2.0 assertion as security token and allowing the use of any other token for providing the identity information, including OAuth.  Assertion is utilised via SAML 2.0 within HTTP/SOAP uploads and OAuth access tokens are used in REST/hData uploads.

Health Information

Services Interface

The Health Information Services Interface provides for the electronic exchange of health records employing an HL7-based PHMR.  Continua worked with HL7 to develop and define the PHMR to aggregate and deliver personal healthcare monitoring information to electronic medical record systems, including the representation of measurements captured by personal health devices.  Continua is currently updating the HL7 PHMR specification, turning the Draft Standards for Trial Use (DSTU) into a final normative specification.  Security is achieved through confidentiality, integrity and authentication, entity authentication, identity management, consent management, consent enforcement, non-repudiation of origin, and auditing as outlined below.

Confidentiality, Integrity and Authentication employs transport layer security as specified in IHE’s Cross Enterprise Document Reliable Interchange (XDR) profile for direct communications.  For indirect communications via the IHE Cross Enterprise Document Media Interchange (XDM) profile, the exported file is delivered via email using S/MIME to ensure security.

Entity Authentication is achieved via the IHE Cross-Enterprise User Assertion Profile (XUA), to provide a means to communicate claims about the identity of an authenticated principal (e.g., user, application, system) in transactions that cross enterprise boundaries.  The IHE Cross-Enterprise User Assertion Profile – Attribute Extension (XUA++), extends the XUA profile with options that enable access controls on the service side (consumer of the data).

Identity Management is realised via IHE’s Patient Identity Feed Transaction to communicate patient identification and demographic data, IHE Patient Identifier Cross-Reference HL7 Version 3 (PIXV3) to provide cross-referencing of patient identifiers from multiple Patient Identifier Domains (systems that share a common identification scheme and issuing authority for patient identifiers), and Patient Demographics Query HL7 Version 3 (PDQV3) to allow for multiple distributed applications to query a patient information server for a list of patients, based on user-defined search criteria, and retrieve a patient’s demographic information directly into the application.

Consent Management is accomplished via the HL7 CDA Release 2 Consent Directive that, as explained earlier, grants or withholds authorisation to access individually identifiable health information about the patient.

Consent Enforcement is achieved via the IHE Document Encryption Profile which provides a means to encrypt health documents independent of particular transport, healthcare application, or document type, thereby supporting end-to-end confidentiality in heterogeneous or unanticipated workflows.

Non-Repudiation of Origin, which is the assurance that someone cannot deny something, such as the receipt of a message or the authenticity of a statement or contract, is realised via the IHE Document Digital Signature profile that specifies the use of digital signatures for documents that are shared between organisations.

Auditing, similar to the Services Interface, is accomplished via IHE’s Audit Trail and Node Authentication Integration Profile.

The PCHA’s Continua Design Guidelines is the only international initiative to establish a secure end-to-end ICT framework for personal connected health and care with open standards.  It is the implementation specifics defined by these Continua Design Guidelines, and the independent certification of each vendor’s implementation, that helps to ensure secure and authentic interoperability from remote personal healthcare devices/sensors to personal health gateways and on to electronic health records systems.

For further information, white papers are available on the Personal Connected Health Alliance website.

Thom Erickson is member, board of directors, Personal Connected Health Alliance (PCHA) and VP, product management, Qualcomm Technologies.

RECENT ARTICLES

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more

Protecting assets with LTE, NTN & 5G LPWA

Posted on: March 15, 2024

In this compelling piece, part of the Key Industry Insights Series, Analyst Robin Duke-Woolley of Beecham Research and Kevin Guan of Fibocom, explain how LTE Cat 4/1/1bis/M, NTN and 5G LPWA are working to change the game for protecting goods and supply chains with total, global coverage asset tracking for reduced losses and improved operations

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more