Cargando…

Trust Information-Based Privacy Architecture for Ubiquitous Health

BACKGROUND: Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulat...

Descripción completa

Detalles Bibliográficos
Autores principales: Ruotsalainen, Pekka Sakari, Blobel, Bernd, Seppälä, Antto, Nykänen, Pirkko
Formato: Online Artículo Texto
Lenguaje:English
Publicado: JMIR Publications Inc. 2013
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4114421/
https://www.ncbi.nlm.nih.gov/pubmed/25099213
http://dx.doi.org/10.2196/mhealth.2731
_version_ 1782328424846589952
author Ruotsalainen, Pekka Sakari
Blobel, Bernd
Seppälä, Antto
Nykänen, Pirkko
author_facet Ruotsalainen, Pekka Sakari
Blobel, Bernd
Seppälä, Antto
Nykänen, Pirkko
author_sort Ruotsalainen, Pekka Sakari
collection PubMed
description BACKGROUND: Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. OBJECTIVE: The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. METHODS: A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system analysis. RESULTS: The architecture mimics the way humans use trust information in decision making, and enables the DS to design system-specific privacy policies using computational trust information that is based on systems’ measured features. The trust attributes that were developed describe the level systems for support awareness and transparency, and how they follow general and domain-specific regulations and laws. The monitoring component of the architecture offers dynamic feedback concerning how the system enforces the polices of DS. CONCLUSIONS: The privacy management architecture developed in this study enables the DS to dynamically manage information privacy in ubiquitous health and to define individual policies for all systems considering their trust value and corresponding attributes. The DS can also set policies for secondary use and reuse of health information. The architecture offers protection against privacy threats existing in ubiquitous environments. Although the architecture is targeted to ubiquitous health, it can easily be modified to other ubiquitous applications.
format Online
Article
Text
id pubmed-4114421
institution National Center for Biotechnology Information
language English
publishDate 2013
publisher JMIR Publications Inc.
record_format MEDLINE/PubMed
spelling pubmed-41144212014-08-04 Trust Information-Based Privacy Architecture for Ubiquitous Health Ruotsalainen, Pekka Sakari Blobel, Bernd Seppälä, Antto Nykänen, Pirkko JMIR Mhealth Uhealth Original Paper BACKGROUND: Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. OBJECTIVE: The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. METHODS: A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system analysis. RESULTS: The architecture mimics the way humans use trust information in decision making, and enables the DS to design system-specific privacy policies using computational trust information that is based on systems’ measured features. The trust attributes that were developed describe the level systems for support awareness and transparency, and how they follow general and domain-specific regulations and laws. The monitoring component of the architecture offers dynamic feedback concerning how the system enforces the polices of DS. CONCLUSIONS: The privacy management architecture developed in this study enables the DS to dynamically manage information privacy in ubiquitous health and to define individual policies for all systems considering their trust value and corresponding attributes. The DS can also set policies for secondary use and reuse of health information. The architecture offers protection against privacy threats existing in ubiquitous environments. Although the architecture is targeted to ubiquitous health, it can easily be modified to other ubiquitous applications. JMIR Publications Inc. 2013-10-08 /pmc/articles/PMC4114421/ /pubmed/25099213 http://dx.doi.org/10.2196/mhealth.2731 Text en ©Pekka Sakari Ruotsalainen, Bernd Blobel, Antto Seppälä, Pirkko Nykänen. Originally published in JMIR mHealth and uHealth (http://mhealth.jmir.org), 08.10.2013. http://creativecommons.org/licenses/by/2.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR mHealth and uHealth, is properly cited. The complete bibliographic information, a link to the original publication on http://mhealth.jmir.org/, as well as this copyright and license information must be included.
spellingShingle Original Paper
Ruotsalainen, Pekka Sakari
Blobel, Bernd
Seppälä, Antto
Nykänen, Pirkko
Trust Information-Based Privacy Architecture for Ubiquitous Health
title Trust Information-Based Privacy Architecture for Ubiquitous Health
title_full Trust Information-Based Privacy Architecture for Ubiquitous Health
title_fullStr Trust Information-Based Privacy Architecture for Ubiquitous Health
title_full_unstemmed Trust Information-Based Privacy Architecture for Ubiquitous Health
title_short Trust Information-Based Privacy Architecture for Ubiquitous Health
title_sort trust information-based privacy architecture for ubiquitous health
topic Original Paper
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4114421/
https://www.ncbi.nlm.nih.gov/pubmed/25099213
http://dx.doi.org/10.2196/mhealth.2731
work_keys_str_mv AT ruotsalainenpekkasakari trustinformationbasedprivacyarchitectureforubiquitoushealth
AT blobelbernd trustinformationbasedprivacyarchitectureforubiquitoushealth
AT seppalaantto trustinformationbasedprivacyarchitectureforubiquitoushealth
AT nykanenpirkko trustinformationbasedprivacyarchitectureforubiquitoushealth