4.6 Article

A Comprehensive Model for Securing Sensitive Patient Data in a Clinical Scenario

Journal

IEEE ACCESS
Volume 11, Issue -, Pages 137083-137098

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2023.3338170

Keywords

Security; Regulation; Protocols; Privacy; Hospitals; Middleware; Medical treatment; Patient monitoring; Threat assessment; Clinical scenario; patient data; privacy; security; threat model

Ask authors/readers for more resources

This paper focuses on analyzing and researching the clinical environment from a security and privacy perspective. It introduces the ecosystem and stakeholders of the clinical environment, and examines the protocols implemented between clinical components. It also presents a use case of the patient sample life cycle, categorizes crucial clinical information, and identifies the threat model and security and privacy needs for the use case. The paper provides protection mechanisms and enabling technologies for each sensitivity level, and concludes with the main challenges and future steps for the use case.
The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available