A Wireless System for Secure Electronic Healthcare Records Management

A Wireless System for Secure Electronic Healthcare Records Management

Petros Belsis (Technological Education Institute, Greece), Christos Skourlas (Technological Education Institute, Greece) and Stefanos Gritzalis (University of the Aegean, Greece)
DOI: 10.4018/978-1-4666-6339-8.ch080


Recent advances in wireless computing and in the hardware of wireless devices has opened new directions in many domains; for example in the medical domain the medical personnel in hospitals is able to use wireless devices to gain ubiquitous access to medical related information. However the sensitivity of medical related data poses many challenges in the effort to securely manage these data. In this paper the authors present an agent based architecture for efficient management of medical data. The authors present the security choices and also provide experimental details about the flexibility of our approach.
Chapter Preview


As the hardware becomes better and cheaper, mobile devices become enabled with new features and are able to support a variety of applications. Among else, they can be used in medical applications in order to provide better services for the patients and also to make the work of medical personnel easier.

For example with medical devices doctors are able to access patient related data everywhere within the hospital premises and are able to retrieve or update patient medical records (Belsis et al., 2008). With recent developments in very small devices such as sensor networks or RFID tags, it is easy to collect continuously data of medical or other type of interest and to update continuously databases.

From this point of view, access to information becomes ubiquitous since there is no need to approach a steady point to access the necessary information. In the past this was not so easy to achieve, since it was necessary to access a specific stable point for this purpose; on the other side with today’s technologies a lot of the necessary functionalities are provided by mobile devices.

For instance, a doctor may acquire valuable information about a patient’s condition while approaching a patient using a mobile device which collects data from a sensor attached to the patient; accordingly the doctor using the same device may collect more information by querying a database for details stored regarding the health condition of this patient. This treatment model becomes beneficial in case of emergency situations, or alternatively in emergency camps and in any other case characterized by lack of fixed, wired infrastructures.

The benefits related with the deployment of similar infrastructures are manifold; among them we can distinguish: provision of better and faster e-healthcare services, lower costs, easier expansion and scalability of the proposed architectures, to name the most important. However, there are several factors that need to be considered, related with the sensitivity of data and imposed by the legislative framework in most of the western countries. These factors have to do with the incorporation of appropriate characteristics in the developed architectures, as well as with the embodying of appropriate security solutions that guarantee the security properties of medical information. Among the main design and implementation challenges we can distinguish (Vassis et al., 2008):

  • The capability to provide information to doctors independently of their exact location;

  • Achievement of information integration using interoperable standards for medical information storage and exchange;

  • The ability to ensure that no sensitive medical information will be disclosed to unauthorized parties.

Mobile environments integrate a variety of heterogeneous applications, and demand flexible management of resources, available to wirelessly interconnected users and devices. Policy based management has supported efficiently the secure management of target resources which often span the borders of an organizational domain. Static oriented security management solutions fail, since there is no central administration available and due to several factors such as the large number of participant users, the mobility of users and devices, there is a necessity for flexible, context related applicability of access control decisions.

The volatility of these environments makes developers forced to deal with contradictory requirements:

  • The necessity to provide access from anywhere to anyone authorised to use medical related information;

  • Ensuring at the same time non-disclosure of treatment-related information to non-authorised persons.

These restrictions direct our choices towards the creation of an appropriate architecture and towards the selection of appropriate security technologies that comply with the strict privacy and security restrictions related with medical wireless infrastructures.

Complete Chapter List

Search this Book: