The continuous growth of wireless technologies introduces a paradigm shift in the way information may be treated. Especially in the medical domain, Information Systems may gain benefits from the utilization of wireless devices which gain continuously in terms of resources. Existing legislation in US and EU countries introduces a lot of new challenges. Above all else, the information exchanged should be encrypted, and verified to reach the intended recipient. The authors of this chapter discuss the challenges hindering the efforts to disseminate in an accurate and secure manner medical information over wireless infrastructures. They present based on the results of two projects partially funded by the EU, an architecture that allows secure dissemination of electronic healthcare records. The chapter presents the architecture based on software agent technologies and enables query and authentication mechanisms in a transparent to the user manner. The chapter also discusses the security oriented choices of the approach and argues based on experimentation that the architecture efficiently supports a sufficient number of users.
TopIntroduction
Recent advances in mobile technologies have led to a continuous raise in the degree of integration of mobile devices to many different types of Information Systems. Among else, the medical domain is a field that is of particular interest for the potential benefits that mobile applications can exhibit in this domain. As mobile devices become more powerful, they are integrated as a non high-cost solution in many environments.
The medical domain can benefit a lot by their deployment, since the use of handheld devices may provide doctors and expert medical personnel with accurate information independently of the exact location provided that they are moving within a wireless environment which usually covers the clinic (Belsis et al 2008) in which they belong to.
From this point of view, access to information becomes ubiquitous since there is no need to approach or connect to a fixed point to access the necessary information. In the past this was not so easy to achieve, since it was necessary to access a specific stable point for this purpose; on the other side with today’s technologies a lot of the necessary functionalities are provided by mobile devices.
For instance, a doctor may acquire valuable information about a patient’s condition while approaching a patient using a mobile device which collects data from a sensor attached to the patient; accordingly, the doctor using the same device may collect more information by querying a database for stored details regarding the health condition of this patient. This treatment model becomes beneficial in case of emergency situations, or alternatively in emergency camps and in any other case characterized by lack of fixed, wired infrastructures.
The benefits related with the deployment of similar infrastructures are manifold; among them we can distinguish: provision of better and faster e-healthcare services, lower costs, easier expansion and scalability of the proposed architectures, to name the most important. However, there are several factors in terms of security that need to be considered, related with the sensitivity of data and imposed by the legislative framework in most of the western countries. These factors have to do with the incorporation of appropriate characteristics in the developed architectures, as well as with the embodying of appropriate security solutions that guarantee the security properties of medical information. Among the main design and implementation challenges we can distinguish (Vassis et al, 2008):
- •
The capability to provide information to doctors independently of their exact location;
- •
Achievement of information integration using interoperable standards for medical information storage and exchange;
- •
The ability to ensure that no sensitive medical information will be disclosed to unauthorized parties.
Mobile environments integrate a variety of heterogeneous applications, and demand flexible management of resources, available to wirelessly interconnected users and devices. Policy based management has supported efficiently the secure management of target resources which often span the borders of an organizational domain. Static oriented security management solutions fail, since there is no central administration available and due to several factors such as the large number of participant users and the mobility of users and devices; hence, there is a necessity for flexible, context related applicability of access control decisions.
The volatility of these environments makes developers forced to deal with contradictory requirements:
- •
The necessity to provide access from anywhere to anyone authorized to use medical related information,
- •
Ensuring at the same time non-disclosure of treatment-related information to non-authorized persons.
These restrictions direct our choices towards the creation of an appropriate architecture and towards the selection of appropriate security technologies that comply with the strict privacy and security restrictions related with medical wireless infrastructures.