Scaleable and Open Framework for Human and Digital Trust between Informal and Formal Infrastructures in Personal Health Care

个人医疗保健中非正式和正式基础设施之间的人类和数字信任的可扩展和开放框架

• 批准号: TS/I002561/1
• 负责人: William Buchanan
• 金额: $ 31万
• 依托单位: Edinburgh Napier University
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2011
• 资助国家: 英国
• 起止时间: 2011 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=TS%2FI002561%2F1
• 关键词: Scaleable; Open; Framework; Human; Digital

As with any safety critical industry, there is a strong requirement for trust in the capture, storage and consumption of health care data. Errors in any part of this process can reduce human trust in the infrastructure. Unfortunately many systems do not radiate the rights of access to data throughout the complete infrastructure, and thus there can often be weaknesses in the transfer of rights to access between systems. Another issue in health care relates to the integration of the access rights between differing domains, such as for the formal health care infrastructure, and the informal carer infrastructure. While there can often be well-defined roles for access to data within a formal infrastructure, very little exists for informal care. The key aim of this project is to create a completely integrated infrastructure, where identity and role are used to define the rights to data capture and store, and onto the consumption of the services that are exposed to differing domains, which are strictly consumed using an integrated security policy. Figure 1 outlines the infrastructure (see attachments), where data is captured from the patient environment, and marked up with the required context (such as the patient ID, capturer ID, location, device type, captured units, and so on). This context information allows the data to be used in many different ways, such as tracking a certain device around the health care environment, or to determine the blood pressure for a range of patients. This data is then stored in its original captured form within patient data buckets, using the encryption keys of the capture service and the patient. Access to the buckets is then carefully controlled by a security policy, and is exposed through carefully managed services, which require an identity ticket verifying the role and identity of user consuming the service. Figure 1 shows an example of an EWS (Early Warning Score) which aggregates a number of clinical assessments such as blood pressure and heart rate. The service then, if the user has the correct rights to access the service for the patient, delivers an abstraction of the interface, thus supporting a wide range of devices, and customising the user interface based on the rights of the user. The core infrastructure has high levels of security and trust, where a security policy controls every action, and there will be three well defined, and open, interfaces to allow existing health care infrastructures to integrate with the e-Health Cloud. Once identity has been verified, using a federated trust infrastructure, a ticket is issued which verifies the identity, and is then used to access a service, based on their rights. The data is then carefully managed within a domain and no direct access can be made to it, apart from through carefully managed services. A SPoC (Single Point of Contact), as illustrated in Figure 2 is then used to control the flow of information between domains, using well defined policies, and rights are based on role and identity. A key challenge will thus be in integrating existing infrastructures, such as HealthVault with a new e-Health Cloud, while still perserving security rights. This will be achieved through a policy translation engine, which converts the enhanced policy definition into HealthVault.A key element of the system is the integration of patient simulation agents, that will mimic real-life clinical data, such as for heart rate and blood pressure, and which have defined patient profiles to provide likely changes in measured parameters. For example this would simulate an increase in blood pressure at given times for a patient who has been modelled at being a risk of a cardiac arrest. This simulator will provide the data to test a large scale infrastructure, with millions of simulated patients, and also will allow health care professionals and carers the opportunity to test the system and thus build up trust, using simulated patient profiles.

与任何安全关键行业一样，在医疗保健数据的捕获、存储和消费方面，都存在对信任的强烈要求。这个过程中的任何错误都会降低人们对基础设施的信任。遗憾的是，许多系统并没有将数据访问权辐射到整个基础设施，因此在系统之间的访问权转移方面往往存在弱点。保健方面的另一个问题涉及不同领域之间的准入权的整合，例如正规保健基础设施和非正规护理基础设施。虽然在正式的基础设施中，数据访问往往有明确的角色，但非正式护理的角色很少。该项目的主要目标是创建一个完全集成的基础设施，其中身份和角色用于定义数据捕获和存储的权限，以及暴露于不同域的服务的消费，这些服务严格使用集成的安全策略进行消费。图1概述了基础设施（参见附件），其中数据从患者环境中捕获，并标记了所需的上下文（例如患者ID、捕获者ID、位置、设备类型、捕获的单元等）。这种上下文信息允许以许多不同的方式使用数据，例如跟踪医疗保健环境周围的某个设备，或确定一系列患者的血压。然后，使用捕获服务和患者的加密密钥，将该数据以其原始捕获形式存储在患者数据桶中。然后，对存储桶的访问由安全策略仔细控制，并通过仔细管理的服务公开，这些服务需要身份票证来验证使用服务的用户的角色和身份。图1显示了EWS（早期预警评分）的一个示例，它汇总了许多临床评估，如血压和心率。然后，如果用户具有访问患者服务的正确权限，则服务提供接口的抽象，从而支持广泛的设备，并基于用户的权限定制用户接口。核心基础设施具有高度的安全性和信任度，其中安全策略控制着每一个操作，并且将有三个定义明确的开放式接口，允许现有的医疗保健基础设施与电子健康云集成。一旦使用联合信任基础设施验证了身份，就会发出一个验证身份的票证，然后根据权限使用该票证访问服务。然后，数据在一个域中被仔细管理，除了通过精心管理的服务之外，不能直接访问它。然后，如图2所示，使用定义良好的策略，使用单点联系（SinglePointofContact）来控制域之间的信息流，并且权限基于角色和身份。因此，一个关键的挑战将是整合现有的基础设施，如HealthVault与新的电子健康云，同时仍然保持安全权利。这将通过一个策略转换引擎来实现，该引擎将增强的策略定义转换为HealthVault。该系统的一个关键要素是患者模拟代理的集成，该代理将模拟真实的临床数据，例如心率和血压，并定义了患者配置文件，以提供测量参数的可能变化。例如，这将模拟在给定时间对于已经被建模为具有心脏骤停风险的患者的血压的增加。这个模拟器将提供数据来测试大规模的基础设施，数百万模拟患者，也将允许医疗保健专业人员和护理人员有机会测试系统，从而建立信任，使用模拟患者配置文件。

项目成果

Technical evaluation of an e-Health platform

电子医疗平台的技术评估

• 发表时间: 2012
• 期刊: Proceedings of the IADIS International Conference e-Health 2012, EH 2012, Part of the IADIS Multi Conference on Computer Science and Information Systems 2012, MCCSIS 2012
• 作者: Lo O

Cyber Security and Privacy - Trust in the Digital World and Cyber Security and Privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised Selected Papers

网络安全和隐私 - 数字世界的信任以及网络安全和隐私 2013 年欧盟论坛，比利时布鲁塞尔，2013 年 4 月，修订后的精选论文

• DOI: 10.1007/978-3-642-41205-9_8
• 发表时间: 2013
• 作者: Buchanan W

Norms and standards in modular medical architectures

模块化医疗架构的规范和标准

• DOI: 10.1109/healthcom.2013.6720705
• 发表时间: 2013
• 作者: Thuemmler C

Monitoring information security risks within health care

监控医疗保健中的信息安全风险

• DOI: 10.1016/j.cose.2013.04.005
• 发表时间: 2013
• 期刊: Computers & Security
• 影响因子: 5.6
• 作者: Van Deursen N