A Comprehensive Model for Securing Sensitive Patient Data in a Clinical Scenario

The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented.

Automated summary

This paper focuses on analyzing and researching the clinical environment from a security and privacy perspective. It introduces the ecosystem and stakeholders of the clinical environment, and examines the protocols implemented between clinical components. It also presents a use case of the patient sample life cycle, categorizes crucial clinical information, and identifies the threat model and security and privacy needs for the use case. The paper provides protection mechanisms and enabling technologies for each sensitivity level, and concludes with the main challenges and future steps for the use case.