Abstract
In this chapter, the authors describe the software architecture of a commercially run home assistance system that allows patients or elderly people to stay longer at home. Since such systems often have to handle sensitive medical information, the protection of the privacy is a major concern. In addition, legislation often restricts access to health information to qualified persons (i.e. medical personnel), who are not always available in a commercial setting. The home assistance system can offer several services, ranging from scheduling necessary tasks and following up their execution, to monitoring the patient’s health status and responding promptly to requests for help or in case of emergency situations, and all this without the need to maintain personal medical data or identifying information about patients and caregivers in the home assistance centre.
TopIntroduction
The average life expectancy in the Western world has risen well above 80 years. Also, the limited birth rate has resulted in a greying population and caused the population pyramid to flip upside down or at least to become more cube-like. The progress of medicine has made many diseases and disorders curable or at least less life threatening. However, the downside of this evolution is that the government’s social security budget needs to expand year after year and may grow faster than the country’s economic growth. One way to cut costs is to have elderly people stay at their homes much longer instead of moving them to nursing homes and dismiss patients sooner from hospitals. However, these elderly people or patients often need extra care or have to be monitored from time to time or continuously. Luckily, technology can fulfil these needs.
For more than a decade, elderly people can get help to stay longer at home. In the morning, a nurse, often employed by a nursing organization or self-employed, visits the old person, helps him to get out of bed and to get dressed, administers medication and checks his health status. Later, a cleaning woman may arrive to keep the house tidy and clean. At noon, someone from a catering service may bring an appropriate lunch. In the afternoon, family members, neighbours or volunteers may pay him a short visit and do some necessary shopping. In the evening, a nurse may help the old person get prepared for the night. Weekly, the general practitioner (GP) visits the old person, examines him and assesses whether it remains sensible to keep him at home. Sometimes, an orderly working for a specialized patient transport company collects the patient and brings him to the hospital for additional tests or a specialized treatment. Some weak old persons even get a special fall detector that calls an emergency number as soon as a fall is detected. This works fine as long as someone of the family or a close friend organizes the network of caregivers and schedules the different tasks. It remains difficult to quickly respond to last minute changes (e.g. someone cannot get there in time). Moreover, more and more elderly people do not have relatives who can take on this duty. Also, some people need more supervision and/or monitoring than the previous setting is capable of offering.
There are many initiatives for designing and building such advanced home assistance centres. Often, hospitals are involved since they have skilled employees who are qualified to handle medical data and to make the correct assessments. However, hospitals are not the best players to run these home assistance centres. They often lack the technicians who are necessary to install and maintain the necessary equipment in the home environment. Moreover, these assistance centres should also offer support for non-medical services such as catering, cleaning, shopping, etc. These services are already provided by specialized organizations or companies. Hence, it is very likely that in the near future commercial businesses will start to operate home assistance centres.
There is one important impediment for a commercial deployment, however. Many countries have legislations that limit the access to medical data to qualified personnel (e.g. doctors, paramedics, etc.). That means that if the home assistance centres (HACs) have to process medical data, they also need to employ medical personnel. Also, home assistance systems are by definition distributed systems (part of the system is deployed at the patient’s home and part at the centre) with many access points, which makes it much harder to restrict access to sensitive (medical or health) data. Therefore, the system should preferably be designed in such a way that HACs never see or process such data.
Protecting the privacy of the elderly person or patient is of utmost importance. Even when the patient’s medical data is properly protected, information about the patient’s health could be indirectly inferred if one knows which specialist is treating the patient (e.g. when the doctor in attendance is an oncologist, one can easily deduce that the patient suffers from cancer). Therefore, not only the medical data needs to be protected, but also the patient’s network should remain hidden as much as possible. We have seen in the past many cases of accidental or deliberate leakage of privacy sensitive information; often because of the loss or theft of storage media or laptops. Hence, the system should avoid to store as much as possible identifying information about patients, doctors, etc.
In the sequel of this chapter, we will no longer distinguish between patient and elderly person, and denote both by the term patient.
Key Terms in this Chapter
Hash Function: A one-way function that transforms a variable-length bit-string into a fixed-length bit-string.
Symmetric Key Cryptography: Cryptography which uses the same key to encrypt data and to decrypt the ciphertext. Symmetric key cryptography is several orders of magnitude more efficient than public key cryptography.
Commitment: A commitment scheme allows one party to commit to a value, without disclosing it to a second party. It would be able to reveal the value at some later point, but without the possibility of changing it undetected by the second party.
Symmetric Key Cryptography: Cryptography which uses the same key to encrypt data and to decrypt the ciphertext. Symmetric key cryptography is several orders of magnitude more efficient than public key cryptography.
Invitation Code: Code used to prove being invited to join the patient’s network.
Public Key Cryptography: Asymmetric cryptography using a pair of keys of which one is made public (the public key) and the other is kept confidential (the private key). It is impossible to derive the private key from the public key. The public key is used to encrypt information, while the corresponding private key is necessary to decrypt the ciphertext. Some schemes allow for signing information (with the private key), and verifying the signature (with the corresponding public key).
Invitation Code: Code used to prove being invited to join the patient’s network.
Certificate: An (electronic) document consisting of a set of attributes and usually signed by a trusted authority. The signature testifies the validity of the link between the listed attributes.
Authentication Code: Code used to authenticate a communication means. The administration centre sends such a code to every communication device specified by the caregiver. This code should be copied in the interactive registration form.
Public Key Cryptography: Asymmetric cryptography using a pair of keys of which one is made public (the public key) and the other is kept confidential (the private key). It is impossible to derive the private key from the public key. The public key is used to encrypt information, while the corresponding private key is necessary to decrypt the ciphertext. Some schemes allow for signing information (with the private key), and verifying the signature (with the corresponding public key).
Caregiver: Any individual or organization responsible for providing care to the patient.
Verifiable Encryption: An encryption scheme that allows a party to prove certain properties about an encrypted value without disclosing it.
Commitment: A commitment scheme allows one party to commit to a value, without disclosing it to a second party. It would be able to reveal the value at some later point, but without the possibility of changing it undetected by the second party.
Certificate: An (electronic) document consisting of a set of attributes and usually signed by a trusted authority. The signature testifies the validity of the link between the listed attributes.
Anonymous Credential: A type of electronic credentials that allows a user to authenticate herself in a privacy-preserving manner. It is possible to prove properties of attributes contained in the anonymous credential without revealing them.
Anonymous Credential: A type of electronic credentials that allows a user to authenticate herself in a privacy-preserving manner. It is possible to prove properties of attributes contained in the anonymous credential without revealing them.
Authentication Code: Code used to authenticate a communication means. The administration centre sends such a code to every communication device specified by the caregiver. This code should be copied in the interactive registration form.
Trusted Platform Module: ( TPM): It is a tamper free device that often contains secret keys and/or private keys which cannot be extracted. It runs a verified operating system that provides a limited number of secure services.
Trusted Platform Module: (TPM): It is a tamper free device that often contains secret keys and/or private keys which cannot be extracted. It runs a verified operating system that provides a limited number of secure services.
Verifiable Encryption: An encryption scheme that allows a party to prove certain properties about an encrypted value without disclosing it.
Hash Function: A one-way function that transforms a variable-length bit-string into a fixed-length bit-string.
Caregiver: Any individual or organization responsible for providing care to the patient.