e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While several security mechanisms exist that can be applied in an e-Health system, they may not be adequate due to the complexity of involved workflows, and to the possible inherent correlation among health-related concepts that may be exploited by unauthorized subjects. In this article, we propose a novel methodology for the validation of security and privacy policies in a complex e-Health system, that leverages a formal description of clinical workflows and a semantically enriched definition of the data model used by the workflows, in order to build a comprehensive model of the system that can be analyzed with automated model checking and ontology-based reasoning techniques. To validate the proposed methodology, we applied it to two case studies, subjected to the directives of the EU GDPR regulation for the protection of health data, and demonstrated its ability to correctly verify the fulfillment of desired policies in different scenarios.
A Security and Privacy Validation Methodology for e-Health Systems / Amato, F.; Casola, V.; Cozzolino, G.; De Benedictis, A.; Mazzocca, N.; Moscato, F.. - In: ACM TRANSACTIONS ON MULTIMEDIA COMPUTING, COMMUNICATIONS AND APPLICATIONS. - ISSN 1551-6857. - 17:2s(2021), pp. 1-22. [10.1145/3412373]
A Security and Privacy Validation Methodology for e-Health Systems
Amato F.
;Casola V.
;Cozzolino G.;De Benedictis A.
;Mazzocca N.
;
2021
Abstract
e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While several security mechanisms exist that can be applied in an e-Health system, they may not be adequate due to the complexity of involved workflows, and to the possible inherent correlation among health-related concepts that may be exploited by unauthorized subjects. In this article, we propose a novel methodology for the validation of security and privacy policies in a complex e-Health system, that leverages a formal description of clinical workflows and a semantically enriched definition of the data model used by the workflows, in order to build a comprehensive model of the system that can be analyzed with automated model checking and ontology-based reasoning techniques. To validate the proposed methodology, we applied it to two case studies, subjected to the directives of the EU GDPR regulation for the protection of health data, and demonstrated its ability to correctly verify the fulfillment of desired policies in different scenarios.| File | Dimensione | Formato | |
|---|---|---|---|
|
2021-06 ACM Transaction.pdf
solo utenti autorizzati
Tipologia:
Versione Editoriale (PDF)
Licenza:
Accesso privato/ristretto
Dimensione
2.16 MB
Formato
Adobe PDF
|
2.16 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
