8.1 Introduction
In the digital-rich era, online data management becomes increasingly essential. In the health domain, a seismic change is occurring from traditional, paper-based documents to electronic records stored in database systems (Nguyen, Bellucci, & Nguyen, 2014). This can cause many challenges. For instance, care providers may require the access to vital information in different locations; however, many safety issues arise in the handoff of patients among healthcare providers since necessary information cannot be shared. For clinical research, it is necessary to obtain approvals from cancer patients or their families before using their genomic data (Grossman et al., 2016). When it comes to distributed data analytics, the study goal can be balancing privacy and utility while attempting to share, integrate, and visualize health records (Grossman et al., 2016; Wang, Gui, Liu, Jin, & Chen, 2014; Takabi, Joshi, & Ahn, 2010). Due to the increasing use of Internet of Things (IoT) technology in the healthcare domain, certain e-health services are now equipped with more powerful communication and computing capabilities. As a result, connected objects can threaten system security and personal privacy by opening more interactive channels.
According to Solanas et al. (2014), the concept smart health (s-health) refers to āthe provision of health services by using the context-aware network and sensing infrastructure of smart cities.ā Demirkan (2013) pointed that a smart healthcare system (SHS) should provide āopportunities for healthcare organizations to deploy solutions with fewer risks and increased context awareness, converging electronic medical records (EMRs), cloud platforms, social networks, advanced sensors, and data analysis techniques.ā The SHS technology can create values for taxpayers, care providers, and researchers by tracking, analyzing and processing healthcare information anytime, anywhere. For instance, elderly people can enjoy healthcare services at home (Amrutha, Haritha, Haritha Vasu, Jensy, & Charly, 2017). By building medical data centers for data collection and transmission, authorized individuals can access and decide whether to share their physiological data with clinicians for disease diagnosis (Prakash & Balaji Ganesh, 2019). Due to the portable design, smart health services are especially helpful in emergency situations (Ambhati, Kota, Chaudhari, & Jain, 2017). For example, a diabetic patient suddenly faints in their workplace. In this medical scene, ambulance personnel often require his/her history records. With mobile applications tracking patients' diet, exercise, sleep, and blood sugar levels, it is now much easier to learn the basic health conditions immediately.
Policies are required to maintain system security and privacy so as to earn customersā and stakeholdersā trust. In Australia, the National Statement on Ethical Conduct in Human Research (NHMRC) labels health data items as individually identifiable, reidentifiable, and nonidentifiable.1 On this basis, security policies can be defined to constrain data collection and publishing, with the security categories and circumstantial information being considered. The Health Insurance Portability and Accountability Act 1996 (HIPPA)2 suggests several privacy levels as the guidelines of anonymization. Specially, it identifies the āsafe harborsā including 18 attribute types (name, address, date, biometric information, serial numbers of personal devices, etc.) to be removed from individual records before getting disclosed. Similar requirements can be found in the EU General Data Protection Regulation (GDPR).3 In practice, researchers are required to use health data in an ethical and confidential manner. According to OāKeefe and Connolly (2010), the secured access to and use of health data can be guaranteed by following three procedures: (1) Obtaining consent from data owners (i.e., the patients) for using data; (2) gaining access by satisfying requirements defined for targeted resources, and (3) anonymizing personal data for secondary use, such as public health research activities (Lowrance, 2003). As wireless sensors such as wearable devices and environmental monitors intertwine into our daily lives, unprecedented challenges arise in maintaining security and minimizing privacy risks.
To help other researchers in the related fields, we identify security and privacy challenges by combining social (healthcare) and technical features of s-health applications. To see why such issues occured and how they might be tackled, the rest of this chapter is organized in the following sections: in Section 8.2, we clarify some key concepts related to SHSs (also known as s-health) and identify related technologies. Based on the functional characteristics, we determine the major focuses and review emerging strategies related to Identification, Access Control, and Privacy Preservation in Section 8.3. The key findings are discussed in Section 8.4. Finally, we conclude the study with a summary of key contributi...