TY - GEN
T1 - Sensitive Data Exchange Protocol Suite for Healthcare
AU - Ecarot, Thibaud
AU - Fraikin, Benoit
AU - Ouellet, Francis
AU - Lavoie, Luc
AU - McGilchrist, Mark
AU - Ethier, Jean Francois
N1 - Publisher Copyright:
© 2020 IEEE.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2020/7
Y1 - 2020/7
N2 - Learning Healthcare System (LHS) is an increasingly deployed approach in health to improve patient care. For the successful implementation of this approach, communications must become cross-cutting between research and primary care. To meet this need, standardized protocols for health data exchange, such as Fast Healthcare Interoperability Resources from Health Level Seven organization, are massively used in healthcare organizations. However, these protocols don't meet new security needs and they don't natively integrate anonymization mechanisms for data sources and patients while maintaining individuation. In this paper, a new protocol suite is proposed for sensitive health data exchange. Thus, an architecture is presented: it integrates proxies and anonymizers for the extraction and transmission phases of sensitive data. Then, requirements on several new protocols are detailed to meet the exchanges needs between the learning health system entities. Finally, a comparison of security properties and a vulnerability analysis are carried out between the Fast Healthcare Interoperability Resources protocol and the protocol suite proposed. These analyses show that the protocol suite integrates most of the defenses against common protocol attacks and that anonymization, confidentiality, authentication and logging requirements are met.
AB - Learning Healthcare System (LHS) is an increasingly deployed approach in health to improve patient care. For the successful implementation of this approach, communications must become cross-cutting between research and primary care. To meet this need, standardized protocols for health data exchange, such as Fast Healthcare Interoperability Resources from Health Level Seven organization, are massively used in healthcare organizations. However, these protocols don't meet new security needs and they don't natively integrate anonymization mechanisms for data sources and patients while maintaining individuation. In this paper, a new protocol suite is proposed for sensitive health data exchange. Thus, an architecture is presented: it integrates proxies and anonymizers for the extraction and transmission phases of sensitive data. Then, requirements on several new protocols are detailed to meet the exchanges needs between the learning health system entities. Finally, a comparison of security properties and a vulnerability analysis are carried out between the Fast Healthcare Interoperability Resources protocol and the protocol suite proposed. These analyses show that the protocol suite integrates most of the defenses against common protocol attacks and that anonymization, confidentiality, authentication and logging requirements are met.
KW - Communication system security
KW - Data security
KW - Network security
KW - Protocols
KW - Public healthcare
UR - http://www.scopus.com/inward/record.url?scp=85094100420&partnerID=8YFLogxK
U2 - 10.1109/ISCC50000.2020.9219707
DO - 10.1109/ISCC50000.2020.9219707
M3 - Conference contribution
AN - SCOPUS:85094100420
T3 - Proceedings - IEEE Symposium on Computers and Communications
BT - 2020 IEEE Symposium on Computers and Communications, ISCC 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 IEEE Symposium on Computers and Communications, ISCC 2020
Y2 - 7 July 2020 through 10 July 2020
ER -