Abstract
Interactions in healthcare systems, by necessity, involve sharing sensitive information that must be protected. Thus, to understand the existing privacy and security research conducted in the context of healthcare organizations, we conducted a systematic literature review of \(N=205\) papers that examine the security and privacy of patient data . We found that current research focuses heavily on the technological solutions, which are presented to benefit large-scale medical facilities such as hospitals, but generally ignore the unique security challenges of smaller private practices which might not have the resources to protect patient data. Additionally, only 18 (<9%) papers have conducted user studies to understand the patient and staff’s risk perception of healthcare data. We conclude by identifying research gaps and provide potential solutions to enable robust data security for sensitive patient data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Throughout this work, we will refer to all individuals with access and responsibility for protecting healthcare data, including patients and healthcare workers, as users.
- 2.
References
Abd-alrazaq, A.A., et al.: Patients and healthcare workers experience with a mobile application for self-management of diabetes in Qatar: a qualitative study. Comput. Methods Program. Biomed. Update 1, 100002 (2021)
Abouelmehdi, K., Beni-Hessane, A., Khaloufi, H.: Big healthcare data: preserving security and privacy. J. Big Data 5(1), 1–18 (2018). https://doi.org/10.1186/s40537-017-0110-7
Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., Saadi, M.: Big data security and privacy in healthcare: a review. Procedia Comput. Sci. 113, 73–80 (2017)
Abraham, C., Chatterjee, D., Sims, R.R.: Muddling through cybersecurity: insights from the us healthcare industry. Bus. Horiz. 62(4), 539–548 (2019)
Acharya, S., Susai, G., Pillai, M.: Patient portals: Anytime, anywhere, pp. 779–781 (2015)
Aiswarya, R., Divya, R., Sangeetha, D., Vaidehi, V.: Harnessing healthcare data security in cloud, pp. 482–488 (2013)
Al Hamid, H.A., Rahman, S.M.M., Hossain, M.S., Almogren, A., Alamri, A.: A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography. IEEE Access 5, 22313–22328 (2017)
Al-Karaki, J.N., Gawanmeh, A., Ayache, M., Mashaleh, A.: Dass-care: a decentralized, accessible, scalable, and secure healthcare framework using blockchain, pp. 330–335 (2019). https://doi.org/10.1109/IWCMC.2019.8766714
Alam, M.G.R., Munir, M.S., Uddin, M.Z., Alam, M.S., Dang, T.N., Hong, C.S.: Edge-of-things computing framework for cost-effective provisioning of healthcare data. J. Parallel Distrib. Comput. 123, 54–60 (2019)
Albarrak, A.I.: Information security behavior among nurses in an academic hospital. Health Med. 6(7), 2349–2354 (2012)
Alboaie, S., Nita, L., Stefanescu, C.: Executable choreographies for medical systems integration and data leaks prevention, pp. 1–4 (2015). https://doi.org/10.1109/EHB.2015.7391612
Almehmadi, T., Alshehri, S., Tahir, S.: A secure fog-cloud based architecture for MIoT, pp. 1–6 (2019). https://doi.org/10.1109/CAIS.2019.8769524
Alshalali, T., M’Bale, K., Josyula, D.: Security and privacy of electronic health records sharing using hyperledger fabric, pp. 760–763 (2018). https://doi.org/10.1109/CSCI46756.2018.00152
Altuntaş, G., Semerciöz, F., Eregez, H.: Linking strategic and market orientations to organizational performance: the role of innovation in private healthcare organizations. Procedia-Soc. Behav. Sci. 99, 413–419 (2013)
Alyami, H., Feng, J.L., Hilal, A., Basir, O.: On-demand key distribution for body area networks for emergency case (2014). https://doi.org/10.1145/2642668.2642684
Anghelescu, P.: Encryption of multimedia medical content using programmable cellular automata, pp. 11–16 (2012)
Anghelescu, P., Ionita, S., Sofron, E.: Block encryption using hybrid additive cellular automata, pp. 132–137 (2007)
Arumugham, S., Rajagopalan, S., Rayappan, J.B.B., Amirtharajan, R.: Networked medical data sharing on secure medium-a web publishing mode for DICOM viewer with three layer authentication. J. Biomed. Inf. 86, 90–105 (2018)
Asija, R., Nallusamy, R.: Data model to enhance the security and privacy of healthcare data, pp. 237–244 (2014). https://doi.org/10.1109/GHTC-SAS.2014.6967590
Aski, V., Dhaka, V.S., Kumar, S., Parashar, A., Ladagi, A.: A multi-factor access control and ownership transfer framework for future generation healthcare systems, pp. 93–98 (2020). https://doi.org/10.1109/PDGC50313.2020.9315840
Ayad, H., Khalil, M.: A semi-blind information hiding technique using DWT-SVD and QAM-16 for medical images, pp. 1–7 (2017)
Ayad, H., Khalil, M.: A semi-blind information hiding technique using DWT-SVD and QAM-16 for medical images (2017). https://doi.org/10.1145/3090354.3090433
Ayanlade, O., Oyebisi, T., Kolawole, B.: Health information technology acceptance framework for diabetes management. Heliyon 5(5), e01735 (2019)
Baker, A., Vega, L., DeHart, T., Harrison, S.: Healthcare and security: understanding and evaluating the risks, pp. 99–108 (2011)
Balamurugan, G., Joseph, K.S., Arulalan, V.: An iris based reversible watermarking system for the security of teleradiology, pp. 1–6 (2016)
Bao, S.D., Chen, M., Yang, G.Z.: A method of signal scrambling to secure data storage for healthcare applications. IEEE J. Biomed. Health Inf. 21(6), 1487–1494 (2017). https://doi.org/10.1109/JBHI.2017.2679979
Basavegowda, R., Seenappa, S.: Electronic medical report security using visual secret sharing scheme, pp. 78–83 (2013)
Bechtel, J.M., Lepoire, E., Bauer, A.M., Bowen, D.J., Fortney, J.C.: Care manager perspectives on integrating an mhealth app system into clinical workflows: a mixed methods study. Gener. Hospital Psychiatry 68, 38–45 (2021)
Besher, K.M., Subah, Z., Ali, M.Z.: IoT sensor initiated healthcare data security. IEEE Sens. J. 21(10), 11977–11982 (2020)
Bharghavi, G., Kumar, P.S., Geetha, K., Sasikala Devi, N.: An implementation of slice algorithm to enforce security for medical images using DNA approach, pp. 0984–0988 (2018). https://doi.org/10.1109/ICCSP.2018.8524413
Bharghavi, G., Kumar, P.S., Geetha, K., Devi, N.S.: An implementation of slice algorithm to enforce security for medical images using DNA approach, pp. 0984–0988 (2018)
Bhola, J., Soni, S., Cheema, G.K.: Recent trends for security applications in wireless sensor networks-a technical review, pp. 707–712 (2019)
Bhuiyan, M.Z.A., Zaman, A., Wang, T., Wang, G., Tao, H., Hassan, M.M.: Blockchain and big data to transform the healthcare, pp. 62–68 (2018)
Binobaid, S., Fan, I.S., Almeziny, M.: Investigation interoperability problems in pharmacy automation: a case study in Saudi Arabia. Procedia Comput. Sci. 100, 329–338 (2016)
Boddy, A., Hurst, W., Mackay, M., El Rhalibi, A.: A study into detecting anomalous behaviours within healthcare infrastructures, pp. 111–117 (2016)
Bodur, G., Gumus, S., Gursoy, N.G.: Perceptions of Turkish health professional students toward the effects of the internet of things (IOT) technology in the future. Nurse Educ. Today 79, 98–104 (2019)
Branley-Bell, D., et al.: Your hospital needs you: eliciting positive cybersecurity behaviours from healthcare staff using the aide approach. Ann. Disaster Risk Sci. 3(1), 1–16 (2020)
Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: A blockchain based proposal for protecting healthcare systems through formal methods. Procedia Comput. Sci. 159, 1787–1794 (2019)
Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Formal modeling for magnetic resonance images tamper mitigation. Procedia Comput. Sci. 159, 1803–1810 (2019)
Brunese, L., Mercaldo, F., Reginelli, A., Santone, A.: Radiomic features for medical images tamper detection by equivalence checking. Procedia Comput. Sci. 159, 1795–1802 (2019)
Burke, W., Oseni, T., Jolfaei, A., Gondal, I.: Cybersecurity indexes for ehealth, pp. 1–8 (2019)
Cao, F., Huang, H.K., Zhou, X.: Medical image security in a HIPAA mandated PACS environment. Computer. Med. Imaging Graph. 27(2–3), 185–196 (2003)
Chan, K.G., Pawi, S., Ong, M.F., Kowitlawakul, Y., Goy, S.C.: Simulated electronic health documentation: a cross-sectional exploration of factors influencing nursing students’ intention to use. Nurse Educ. Pract. 48, 102864 (2020)
Chaudhry, J., Qidwai, U., Miraz, M.H.: Securing big data from eavesdropping attacks in scada/ics network data streams through impulsive statistical fingerprinting, pp. 77–89 (2019)
Chen, Y., Chen, W.: Finger ECG-based authentication for healthcare data security using artificial neural network, pp. 1–6 (2017)
Choi, S.J., Johnson, M.E., Lee, J.: An event study of data breaches and hospital IT spending. Health Policy Technol. 9(3), 372–378 (2020)
Coventry, L., Branley, D.: Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113, 48–52 (2018)
Coventry, L., et al.: Cyber-risk in healthcare: Exploring facilitators and barriers to secure behaviour, pp. 105–122 (2020)
Currie, W.: Health organizations’ adoption and use of mobile technology in France, the USA and UK. Procedia Comput. Sci. 98, 413–418 (2016)
Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain. Cities Soc. 39, 283–297 (2018)
Das, S., Kim, A., Tingle, Z., Nippert-Eng, C.: All about phishing: Exploring user research through a systematic literature review. arXiv preprint arXiv:1908.05897 (2019)
Das, S., Wang, B., Tingle, Z., Camp, L.J.: Evaluating user perception of multi-factor authentication: a systematic review. In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) (2019)
Demjaha, A., Caulfield, T., Sasse, M.A., Pym, D.: 2 fast 2 secure: a case study of post-breach security changes, pp. 192–201 (2019)
Duque, H., Montagnat, J., Pierson, J.M., Brunie, L., Magnin, I.: Dm2: a distributed medical data manager for grids, pp. 138–147 (2003)
Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)
Dykstra, J., Mathur, R., Spoor, A.: Cybersecurity in medical private practice: results of a survey in audiology, pp. 169–176 (2020). https://doi.org/10.1109/CIC50333.2020.00029
El Bouchti, A., Bahsani, S., Nahhal, T.: Encryption as a service for data healthcare cloud security, pp. 48–54 (2016)
Elmogazy, H., Bamasak, O.: Towards healthcare data security in cloud computing, pp. 363–368 (2013)
Esposito, C., Castiglione, A.: Cloud-based management of healthcare data: security and privacy concerns and a promising solution
Essa, Y.M., Hemdan, E.E.D., El-Mahalawy, A., Attiya, G., El-Sayed, A.: IFHDS: intelligent framework for securing healthcare bigdata. J. Med. Syst. 43(5), 1–13 (2019)
Garner, S.A., Kim, J.: The privacy risks of direct-to-consumer genetic testing: a case study of 23 and Me and ancestry. Wash. UL Rev. 96, 1219 (2018)
Geetha, R., Geetha, S.: Efficient high capacity technique to embed EPR information and to detect tampering in medical images. J. Med. Eng. Technol. 44(2), 55–68 (2020)
Georgiou, D., Lambrinoudakis, C.: Compatibility of a security policy for a cloud-based healthcare system with the EU general data protection regulation (GDPR). Information 11(12), 586 (2020)
Gordon, L.A., Loeb, M.P., Zhou, L., et al.: Investing in cybersecurity: insights from the Gordon-Loeb model. J. Inf. Secur. 7(02), 49 (2016)
Goudar, V., Potkonjak, M.: Addressing biosignal data sharing security issues with robust watermarking, pp. 618–626 (2014). https://doi.org/10.1109/SAHCN.2014.6990402
Goudar, V., Potkonjak, M.: On admitting sensor fault tolerance while achieving secure biosignal data sharing, pp. 266–275 (2014). https://doi.org/10.1109/ICHI.2014.44
Goudar, V., Potkonjak, M.: A robust watermarking technique for secure sharing of basn generated medical data, pp. 162–170 (2014)
Gritzalis, D.: A baseline security policy for distributed healthcare information systems. Comput. Secur. 16(8), 709–719 (1997)
Gritzalis, D., Katsikas, S., Keklikoglou, J., Tomaras, A.: Determining access rights for medical information systems. Comput. Secur. 11(2), 149–161 (1992)
Gritzalis, D., Lambrinoudakis, C.: A security architecture for interconnecting health information systems. Int. J. Med. Inf. 73(3), 305–309 (2004)
Gritzalis, D., Tomaras, A., Katsikas, S., Keklikoglou, J.: Data security in medical information systems: the Greek case. Comput. Secur. 10(2), 141–159 (1991)
Gross, M.S., Miller Jr, R.C.: Ethical implementation of the learning healthcare system with blockchain technology. Blockchain in Healthcare Today, Forthcoming (2019)
Guennoun, M., El-Khatib, K.: Securing medical data in smart homes, pp. 104–107 (2009). https://doi.org/10.1109/MEMEA.2009.5167964
Guizani, K., Guizani, S.: IoT healthcare monitoring systems overview for elderly population, pp. 2005–2009 (2020)
Gupta, A., Bansiya, A.: Utilizing cloud computing for stronger healthcare data security. Int. J. Sci. Res. Eng. Trends 6, 2384 (2020)
Gupta, V., Metha, G.: Medical data security using cryptography, pp. 866–869 (2018)
Hammouchi, H., Cherqi, O., Mezzour, G., Ghogho, M., El Koutbi, M.: Digging deeper into data breaches: an exploratory data analysis of hacking breaches over time. Procedia Comput. Sci. 151, 1004–1009 (2019)
Hollis, K.F.: To share or not to share: ethical acquisition and use of medical data. AMIA Summits Transl. Sci. Proc. 2016, 420 (2016)
Holmgren, A.J., Adler-Milstein, J.: Health information exchange in us hospitals: the current landscape and a path to improved information sharing. J. Hospital Med. 12(3), 193–198 (2017)
Hsu, W.W.Q., Chan, E.W.Y., Zhang, Z.J., Lin, Z.X., Bian, Z.X., Wong, I.C.K.: Chinese medicine students’ views on electronic prescribing: a survey in Hong Kong. Eur. J. Integr. Med. 7(1), 47–54 (2015)
Huang, C.D., Behara, R.S., Goo, J.: Optimal information security investment in a healthcare information exchange: An economic analysis. Decis. Support Syst. 61, 1–11 (2014)
Ibrahim, A., Mahmood, B., Singhal, M.: A secure framework for sharing electronic health records over clouds, pp. 1–8 (2016). https://doi.org/10.1109/SeGAH.2016.7586273
Ibrahim, A., Mahmood, B., Singhal, M.: A secure framework for sharing electronic health records over clouds, pp. 1–8 (2016)
Ivaşcu, T., Frîncu, M., Negru, V.: Considerations towards security and privacy in internet of things based ehealth applications, pp. 275–280 (2016). https://doi.org/10.1109/SISY.2016.7601512
Izza, S., Benssalah, M., Drouiche, K.: An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. J. Inf. Secur. Appl. 58, 102705 (2021)
Jabeen, T., Ashraf, H., Khatoon, A., Band, S.S., Mosavi, A.: A lightweight genetic based algorithm for data security in wireless body area networks. IEEE Access 8, 183460–183469 (2020)
Jabeen, T., Ashraf, H., Ullah, A.: A survey on healthcare data security in wireless body area networks. J. Ambient Intell. Humanized Comput. 1–14 (2021)
Jaigirdar, F.T.: Trust based security solution for internet of things healthcare solution: an end-to-end trustworthy architecture, pp. 1757–1760 (2018)
Jalali, M.S., Razak, S., Gordon, W., Perakslis, E., Madnick, S.: Health care and cybersecurity: bibliometric analysis of the literature. J. Med. Internet Res. 21(2), e12644 (2019)
Janjic, V., et al.: The serums tool-chain: Ensuring security and privacy of medical data in smart patient-centric healthcare systems, pp. 2726–2735 (2019)
Jayanthilladevi, A., Sangeetha, K., Balamurugan, E.: Healthcare biometrics security and regulations: biometrics data security and regulations governing PHI and HIPAA act for patient privacy, pp. 244–247 (2020)
Joshitta, R.S.M., Arockiam, L., Malarchelvi, P.S.K.: Security analysis of sat_jo lightweight block cipher for data security in healthcare IoT, pp. 111–116 (2019)
Kamoun, F., Nicho, M.: Human and organizational factors of healthcare data breaches: the swiss cheese model of data breach causation and prevention. Int. J. Healthcare Inf. Syst. Inf. (IJHISI) 9(1), 42–60 (2014)
Karthick, R., Ramkumar, R., Akram, M., Kumar, M.V.: Overcome the challenges in bio-medical instruments using IoT-a review. Materials Today: Proceedings (2020)
Kaur, J., et al.: Security risk assessment of healthcare web application through adaptive neuro-fuzzy inference system: a design perspective. Risk Manage. Healthcare Policy 13, 355 (2020)
Kausar, F.: Iris based cancelable biometric cryptosystem for secure healthcare smart card. Egyptian Inf. J. (2021)
Kaw, J.A., Loan, N.A., Parah, S.A., Muhammad, K., Sheikh, J.A., Bhat, G.M.: A reversible and secure patient information hiding system for IoT driven e-health. Int. J. Inf. Manage. 45, 262–275 (2019)
Kelkar, V., Tuckley, K.: Reversible watermarking for medical images with added security using chaos theory, pp. 84–87 (2018). https://doi.org/10.1109/CESYS.2018.8724039
Kenny, G., O’Connor, Y., Eze, E., Ndibuagu, E., Heavin, C.: A ground-up approach to mHealth in Nigeria: a study of primary healthcare workers’ attitude to mHealth adoption. Procedia Comput. Sci. 121, 809–816 (2017)
Khaloufi, H., Abouelmehdi, K., Beni-hssane, A., Saadi, M.: Security model for big healthcare data lifecycle. Procedia Comput. Sci. 141, 294–301 (2018)
Khan, F.A., Ali, A., Abbas, H., Haldar, N.A.H.: A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Procedia Comput. Sci. 34, 511–517 (2014)
Khan, J., et al.: Medical image encryption into smart healthcare IoT system, pp. 378–382 (2019). https://doi.org/10.1109/ICCWAMTIP47768.2019.9067592
Khan, J., et al.: Medical image encryption into smart healthcare IoT system, pp. 378–382 (2019)
Kierkegaard, P.: Medical data breaches: notification delayed is notification denied. Comput. Law Secur. Rev. 28(2), 163–183 (2012)
Kim, J., Feng, D.D., Cai, T.W., Eberl, S.: Integrated multimedia medical data agent in e-health. In: Proceedings of the Pan-Sydney area Workshop on Visual Information Processing, vol. 11, pp. 11–15 (2001)
Kiourtis, A., Mavrogiorgou, A., Kyriazis, D., Graziani, A., Torelli, F.: Improving health information exchange through wireless communication protocols, pp. 32–39 (2020). https://doi.org/10.1109/WiMob50308.2020.9253374
Kiruba, W.M., Vijayalakshmi, M.: Implementation and analysis of data security in a real time IoT based healthcare application, pp. 1460–1465 (2018)
Ko, J., Lu, C., Srivastava, M.B., Stankovic, J.A., Terzis, A., Welsh, M.: Wireless sensor networks for healthcare. Proc. IEEE 98(11), 1947–1960 (2010)
Kondawar, S.S., Gawali, D.H.: Security algorithms for wireless medical data, pp. 1–6 (2016)
Krishna, R., Kelleher, K., Stahlberg, E.: Patient confidentiality in the research use of clinical medical databases. Am. J. Public Health 97(4), 654–658 (2007)
Krombholz, K., Busse, K., Pfeffer, K., Smith, M., von Zezschwitz, E.: “If https Were Secure, i Wouldn’t need 2fa”-end User and Administrator Mental Models of https, pp. 246–263 (2019)
Kumar, M., Chand, S.: Medhypchain: a patient-centered interoperability hyperledger-based medical healthcare system: regulation in covid-19 pandemic. J. Netw. Comput. Appl. 179, 102975 (2021)
Kumar, S., Namdeo, V.: Enabling privacy and security of healthcare-related data in the cloud
Kumar, V.N., Rochan, M., Hariharan, S., Rajamani, K.: Data hiding scheme for medical images using lossless code for mobile HIMS, pp. 1–4 (2011)
Kuo, M.H., Chrimes, D., Moa, B., Hu, W.: Design and construction of a big data analytics framework for health applications, pp. 631–636 (2015)
Lee, C.Y., Ibrahim, H., Othman, M., Yaakob, R.: Reconciling semantic conflicts in electronic patient data exchange, pp. 390–394 (2009)
Lees, P.J., Chronaki, C.E., Simantirakis, E.N., Kostomanolakis, S.G., Orphanoudakis, S.C., Vardas, P.E.: Remote access to medical records via the internet: feasibility, security and multilingual considerations, pp. 89–92 (1999). https://doi.org/10.1109/CIC.1999.825913
Li, P., Xu, C., Luo, Y., Cao, Y., Mathew, J., Ma, Y.: Carenet: building regulation-compliant home-based healthcare services with software-defined infrastructure, pp. 373–382 (2017)
Li, X., Huang, X., Li, C., Yu, R., Shu, L.: Edgecare: leveraging edge computing for collaborative data management in mobile healthcare systems. IEEE Access 7, 22011–22025 (2019)
Liu, H., Kadir, A., Liu, J.: Color pathological image encryption algorithm using arithmetic over galois field and coupled hyper chaotic system. Opt. Lasers Eng. 122, 123–133 (2019)
Lohiya, S., Ragha, L.: Privacy preserving in data mining using hybrid approach, pp. 743–746 (2012). https://doi.org/10.1109/CICN.2012.166
Lomotey, R.K., Pry, J., Sriramoju, S.: Wearable IoT data stream traceability in a distributed health information system. Pervasive Mob. Comput. 40, 692–707 (2017)
Jones, J.M., Duezguen, R., Mayer, P., Volkamer, M., Das, S.: A literature review on virtual reality authentication. In: Furnell, S., Clarke, N. (eds.) HAISA 2021. IAICT, vol. 613, pp. 189–198. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81111-2_16
Mahima, K.T.Y., Ginige, T.: A secured healthcare system using blockchain and graph theory (2020). https://doi.org/10.1145/3440084.3441217
Majam, T., Theron, F.: The purpose and relevance of a scientific literature review: a holistic approach to research. J. Public Adm. 41(3), 603–615 (2006)
Maji, A.K., et al.: Security analysis and implementation of web-based telemedicine services with a four-tier architecture, pp. 46–54 (2008)
Majumdar, R., Das, S.: Sok: an evaluation of quantum authentication through systematic literature review. In: Proceedings of the Workshop on Usable Security and Privacy (USEC) (2021)
Mashima, D., Ahamad, M.: Enhancing accountability of electronic health record usage via patient-centric monitoring (2012). https://doi.org/10.1145/2110363.2110410
Masood, I., Wang, Y., Daud, A., Aljohani, N.R., Dawood, H.: Privacy management of patient physiological parameters. Telematics Inf. 35(4), 677–701 (2018)
Masood, I., Wang, Y., Daud, A., Aljohani, N.R., Dawood, H.: Towards smart healthcare: patient data privacy and security in sensor-cloud infrastructure. Wirel. Commun. Mob. Comput. 2018 (2018)
Mbonihankuye, S., Nkunzimana, A., Ndagijimana, A.: Healthcare data security technology: hipaa compliance. Wirel. Commun. Mob. Comput. 2019 (2019)
McLeod, A., Dolezel, D.: Cyber-analytics: modeling factors associated with healthcare data breaches. Decis. Support Syst. 108, 57–68 (2018)
Melchiorre, M.G., Papa, R., Rijken, M., van Ginneken, E., Hujala, A., Barbabella, F.: eHealth in integrated care programs for people with multimorbidity in Europe: insights from the ICARE4EU project. Health Policy 122(1), 53–63 (2018)
Miah, S.J., Hasan, J., Gammack, J.G.: On-cloud healthcare clinic: an e-health consultancy approach for remote communities in a developing country. Telematics Inf. 34(1), 311–322 (2017)
Mirto, M., Cafaro, M., Aloisio, G.: Peer-to-peer data discovery in health centers, pp. 343–348 (2013)
Mounia, B., Habiba, C.: Big data privacy in healthcare Moroccan context. Procedia Comput. Sci. 63, 575–580 (2015)
Naseem, M.T., Qureshi, I.M., Muzaffar, M.Z., et al.: Robust watermarking for medical images resistant to geometric attacks, pp. 224–228 (2012). https://doi.org/10.1109/INMIC.2012.6511496
Nausheen, F., Begum, S.H.: Healthcare IoT: benefits, vulnerabilities and solutions, pp. 517–522 (2018)
Noah, N., Das, S.: Exploring evolution of augmented and virtual reality education space in 2020 through systematic literature review. Comput. Animation Virtual Worlds e2020 (2021)
Noel, K., Yagudayev, S., Messina, C., Schoenfeld, E., Hou, W., Kelly, G.: Tele-transitions of care. a 12-month, parallel-group, superiority randomized controlled trial protocol, evaluating the use of telehealth versus standard transitions of care in the prevention of avoidable hospital readmissions. Contemp. Clin. Trials Commun. 12, 9–16 (2018)
Nofer, M., Gomber, P., Hinz, O., Schiereck, D.: Blockchain Bus. Inf. Syst. Eng. 59(3), 183–187 (2017)
Olaronke, I., Oluwaseun, O.: Big data in healthcare: Prospects, challenges and resolutions, pp. 1152–1157 (2016)
Pai, R.R., Alathur, S.: Determinants of mobile health application awareness and use in India: an empirical analysis, pp. 576–584 (2020)
Paksuniemi, M., Sorvoja, H., Alasaarela, E., Myllyla, R.: Wireless sensor and data transmission needs and technologies for patient monitoring in the operating room and intensive care unit, pp. 5182–5185 (2006)
Palta, J.R., Frouhar, V.A., Dempsey, J.F.: Web-based submission, archive, and review of radiotherapy data for clinical quality assurance: a new paradigm. Int. J. Radiat. Oncol.* Biol.* Phys. 57(5), 1427–1436 (2003)
Pandey, A.K., et al.: Key issues in healthcare data integrity: analysis and recommendations. IEEE Access 8, 40612–40628 (2020)
Pandey, H.M.: Secure medical data transmission using a fusion of bit mask oriented genetic algorithm, encryption and steganography. Future Gener. Comput. Syst. 111, 213–225 (2020)
Parameswari, R., Latha, R.: Analysis of wavelet transform approach for healthcare data security in cloud framework. Int. J. Sci. Res. Sci. Eng. Technol. 2, 241–246 (2016)
Parmar, M., Shah, S.: Reinforcing security of medical data using blockchain, pp. 1233–1239 (2019). https://doi.org/10.1109/ICCS45141.2019.9065830
Perumal, A.M., Nadar, E.R.S.: Architectural framework of a group key management system for enhancing e-healthcare data security. Healthcare Technol. Lett. 7(1), 13–17 (2020)
Petković, M.: Remote patient monitoring: Information reliability challenges, pp. 295–301 (2009)
Pirbhulal, S., Samuel, O.W., Wu, W., Sangaiah, A.K., Li, G.: A joint resource-aware and medical data security framework for wearable healthcare systems. Future Gener. Comput. Syst. 95, 382–391 (2019)
Pirbhulal, S., Shang, P., Wu, W., Sangaiah, A.K., Samuel, O.W., Li, G.: Fuzzy vault-based biometric security method for tele-health monitoring systems. Comput. Electr. Eng. 71, 546–557 (2018)
Połap, D., Srivastava, G., Yu, K.: Agent architecture of an intelligent medical system based on federated learning and blockchain technology. J. Inf. Secur. Appl. 58, 102748 (2021)
Połap, D., Srivastava, G., Jolfaei, A., Parizi, R.M.: Blockchain technology and neural networks for the internet of medical things, pp. 508–513 (2020). https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162735
PraveenKumar, R., Divya, P.: Medical data processing and prediction of future health condition using sensors data mining techniques and r programming. Int. J. Sci. Res. Eng. Dev. 3(4) (2020)
Psarra, E., Patiniotakis, I., Verginadis, Y., Apostolou, D., Mentzas, G.: Securing access to healthcare data with context-aware policies, pp. 1–6 (2020)
Qazi, U., Haq, M., Rashad, N., Rashid, K., Ullah, S., Raza, U.: Availability and use of in-patient electronic health records in low resource setting. Comput. Methods Program. Biomed. 164, 23–29 (2018)
Rajagopalan, S., Dhamodaran, B., Ramji, A., Francis, C., Venkatraman, S., Amirtharajan, R.: Confusion and diffusion on FPGA-Onchip solution for medical image security, pp. 1–6 (2017)
Reni, G., Molteni, M., Arlotti, S., Pinciroli, F.: Chief medical officer actions on information security in an Italian rehabilitation centre. Int. J. Med. Inf. 73(3), 271–279 (2004)
del Rey, A.M., Pastora, J.H., Sánchez, G.R.: 3d medical data security protection. Exp. Syst. Appl. 54, 379–386 (2016)
Richardson, J.E., Ancker, J.S.: Public perspectives of mobile phones’ effects on healthcare quality and medical data security and privacy: A 2-year nationwide survey, vol. 2015, p. 1076 (2015)
Rocha, A., et al.: Innovations in health care services: the caalyx system. Int. J. Med. Inf. 82(11), e307–e320 (2013)
Rodrigues, H.A.M., Antunes, L., Correia, M.E.: Proposal of a secure electronic prescription system, pp. 165–168 (2013)
Rodriguez-Colin, R., Claudia, F.D.J., Trinidad-Blas, G.: Data hiding scheme for medical images, pp. 32–32 (2007). https://doi.org/10.1109/CONIELECOMP.2007.14
Safkhani, M., Rostampour, S., Bendavid, Y., Bagheri, N.: IoT in medical & pharmaceutical: designing lightweight RFID security protocols for ensuring supply chain integrity. Comput. Netw. 181, 107558 (2020)
Sammoud, A., Chalouf, M.A., Hamdi, O., Montavont, N., Bouallegue, A.: A new biometrics-based key establishment protocol in Wban: Energy efficiency and security robustness analysis. Comput. Secur. 96, 101838 (2020)
Sartipi, K., Yarmand, M.H., Down, D.G.: Mined-knowledge and decision support services in electronic health, pp. 1–6 (2007)
Schmeelk, S.: Where is the risk? analysis of government reported patient medical data breaches, pp. 269–272 (2019)
Shaarani, I., et al.: Attitudes of patients towards digital information retrieval by their physician at point of care in an ambulatory setting. Int. J. Med. Inf. 130, 103936 (2019)
Shahbaz, S., Mahmood, A., Anwar, Z.: Soad: securing oncology EMR by anonymizing DICOM images, pp. 125–130 (2013). https://doi.org/10.1109/FIT.2013.30
Shakil, K.A., Zareen, F.J., Alam, M., Jabin, S.: Bamhealthcloud: a biometric authentication and data management system for healthcare data in cloud. J. King Saud Univ. Comput. Inf. Sci. 32(1), 57–64 (2020)
Shen, H., et al.: Miaps: a web-based system for remotely accessing and presenting medical images. Comput. Methods Program. Biomed. 113(1), 266–283 (2014)
Shere, A.R., Nurse, J.R., Flechais, I.: Security should be there by default: investigating how journalists perceive and respond to risks from the internet of things, pp. 240–249 (2020)
Shi, W., Dustdar, S.: The promise of edge computing. Computer 49(5), 78–81 (2016)
Shrivastava, S., Srikanth, T., VS, D.: e-Governance for healthcare service delivery in India: challenges and opportunities in security and privacy, pp. 180–183 (2020)
Shrivastava, U., Song, J., Han, B.T., Dietzman, D.: Do data security measures, privacy regulations, and communication standards impact the interoperability of patient health information? a cross-country investigation. Int. J. Med. Inf. 148, 104401 (2021)
da Silva Etges, A.P.B., et al.: Development of an enterprise risk inventory for healthcare. BMC Health Serv. Res. 18(1), 1–16 (2018)
Simões, A., et al.: Participatory implementation of an antibiotic stewardship programme supported by an innovative surveillance and clinical decision-support system. J. Hosp. Infect. 100(3), 257–264 (2018)
Simplicio, M.A., Iwaya, L.H., Barros, B.M., Carvalho, T.C., Näslund, M.: Secourhealth: a delay-tolerant security framework for mobile health data collection. IEEE J. Biomed. Health Inf. 19(2), 761–772 (2014)
Sosu, R.N.A., Quist-Aphetsi, K., Nana, L.: A decentralized cryptographic blockchain approach for health information system, pp. 120–1204 (2019). https://doi.org/10.1109/ICCMA.2019.00027
Soualmi, A., Alti, A., Laouamer, L.: A blind image watermarking method for personal medical data security, pp. 1–5 (2019). https://doi.org/10.1109/ICNAS.2019.8807442
Sreeji, S., Shiji, S., Vysagh, M., Amma, T.A.: Security and privacy preserving deep learning framework that protect healthcare data breaches. Int. J. Res. Eng. Sci. Manage. 3(7), 148–152 (2020)
Stobert, E., Barrera, D., Homier, V., Kollek, D.: Understanding cybersecurity practices in emergency departments, pp. 1–8 (2020)
Stowell, E., et al.: Designing and evaluating mhealth interventions for vulnerable populations: a systematic review, pp. 1–17 (2018)
Sudha, G., Ganesan, R.: Secure transmission medical data for pervasive healthcare system using android, pp. 433–436 (2013)
Sutton, L.N.: PACS and diagnostic imaging service delivery-A UK perspective. Eur. J. Radiol. 78(2), 243–249 (2011)
Tan, C.C., Wang, H., Zhong, S., Li, Q.: Body sensor network security: an identity-based cryptography approach, pp. 148–153 (2008)
Tan, C.C., Wang, H., Zhong, S., Li, Q.: Ibe-lite: a lightweight identity-based cryptography for body sensor networks. IEEE Trans. Inf. Technol. Biomed. 13(6), 926–932 (2009)
Thamilarasu, G., Lakin, C.: A security framework for mobile health applications, pp. 221–226 (2017). https://doi.org/10.1109/FiCloudW.2017.96
Tian, Y., et al.: Popcorn: a web service for individual prognosis prediction based on multi-center clinical data collaboration without patient-level data sharing. J. Biomed. Inf. 86, 1–14 (2018)
Tolba, A., Al-Makhadmeh, Z.: Predictive data analysis approach for securing medical data in smart grid healthcare systems. Future Gener. Comput. Syst. 117, 87–96 (2021)
Tyler, J.L.: The healthcare information technology context: a framework for viewing legal aspects of telemedicine and teleradiology, pp. 1–10 (2001)
U.S. Department of Health & Human Services: Anthem pays OCR \$16 Million in record HIPAA settlement following largest health data breach in history, 15 Oct 2018. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/anthem/index.html
Usman, M.A., Usman, M.R.: Using image steganography for providing enhanced medical data security, pp. 1–4 (2018). https://doi.org/10.1109/CCNC.2018.8319263
Uy, R.C.Y., Kury, F.S., Fontelo, P.: Wireless networks, physician handhelds use, and medical devices in us hospitals, pp. 1–6 (2015)
Vallathan, G., Rajamani, V., Harinee, M.P.: Enhanced medical data security and perceptual quality for healthcare services, pp. 1–6 (2020). https://doi.org/10.1109/ICSCAN49426.2020.9262309
Vassis, D., Belsis, P., Skourlas, C.: Secure management of medical data in wireless environments, pp. 427–432 (2012)
Véliz, C.: Not the doctor’s business: privacy, personal responsibility and data rights in medical settings. Bioethics 34(7), 712–718 (2020)
Vidya, M., Padmaja, K.: Enhancing security of electronic patient record using watermarking technique. Mater. Today Proc. 5(4), 10660–10664 (2018)
Vijayalakshmi, A.V., Arockiam, L.: Hybrid security techniques to protect sensitive data in e-healthcare systems, pp. 39–43 (2018)
Wagner, P.: Third party breaches-a survey of threats and recommendations, SSRN 3782822 (2021)
Walker-Roberts, S., Hammoudeh, M., Dehghantanha, A.: A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure. IEEE Access 6, 25167–25177 (2018)
Wang, C.X.: Security issues to tele-medicine system design, pp. 106–109 (1999)
Wang, D., Kale, S.D., O’Neill, J.: Please call the specialism: Using wechat to support patient care in china, pp. 1–13 (2020)
Wang, D., Huang, Q., Chen, X., Ji, L.: Location of three-dimensional movement for a human using a wearable multi-node instrument implemented by wireless body area networks. Comput. Commun. 153, 34–41 (2020)
Weaver, A.C., et al.: Federated, secure trust networks for distributed healthcare it services, pp. 162–169 (2003). https://doi.org/10.1109/INDIN.2003.1300264
Yaghmai, V., Salehi, S.A., Kuppuswami, S., Berlin, J.W.: Rapid wireless transmission of head CT images to a personal digital assistant for remote consultation1. Acad. Radiol. 11(11), 1291–1293 (2004)
Yang, W., et al.: Securing mobile healthcare data: a smart card based cancelable finger-vein bio-cryptosystem. IEEE Access 6, 36939–36947 (2018)
Yang, Y., Xiao, X., Cai, X., Zhang, W.: A secure and high visual-quality framework for medical images by contrast-enhancement reversible data hiding and homomorphic encryption. IEEE Access 7, 96900–96911 (2019)
Yang, Y., Xiao, X., Cai, X., Zhang, W.: A secure and high visual-quality framework for medical images by contrast-enhancement reversible data hiding and homomorphic encryption. IEEE Access 7, 96900–96911 (2019). https://doi.org/10.1109/ACCESS.2019.2929298
Yesmin, T., Carter, M.W.: Evaluation framework for automatic privacy auditing tools for hospital data breach detections: a case study. Int. J. Med. Inf. 138, 104123 (2020)
Zatout, Y., Campo, E., Llibre, J.F.: Toward hybrid WSN architectures for monitoring people at home, pp. 308–314 (2009). https://doi.org/10.1145/1643823.1643880
Zhang, B., Chen, S., Nichols, E., D’Souza, W., Prado, K., Yi, B.: A practical cyberattack contingency plan for radiation oncology. J. Appl. Clin. Med. Phys. 21(7), 181–186 (2020)
Acknowledgments
We would like to thank the Inclusive Security and Privacy-focused Innovative Research in Information Technology (InSPIRIT) Laboratory at the University of Denver. We would also like to thank Salman Hosain for their initial contribution in this research and Alisa Zezulak for helping with the proofreading of this paper. Any opinions, findings, and conclusions or recommendations expressed in this material are solely those of the authors and do not necessarily reflect the views of the University of Denver, the University of Washington, and the Designer Security.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Tazi, F., Dykstra, J., Rajivan, P., Das, S. (2022). SOK: Evaluating Privacy and Security Vulnerabilities of Patients’ Data in Healthcare. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-10183-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10182-3
Online ISBN: 978-3-031-10183-0
eBook Packages: Computer ScienceComputer Science (R0)