Security and Privacy Support in an eHealth Environment

This use case consists of the development of an application for the management of Medical Data, providing security and privacy support in an eHealth environment. The use case will be used to demonstrate how GUARD builds privacy-by-design and enables patients to monitor, track, and control the position and propagation of sensitive and personal data between different services or departments of the Policlinico Tor Vergata (PTV) hospital. Furthermore, it will demonstrate how to guarantee a better interaction between the different departments of the PTV, leveraging the improved control of security and privacy issues enabled by the adoption of the GUARD platform. 

The PTV is located in the southeast of Rome (Italy), an area that houses approximately 850,000 inhabitants, and it is a reference point for a population of over 1,500,000 inhabitants, including the province of Frosinone. PTV is a scientific research institute. Its areas of specialization are aimed at defining an organization and an adequate supply of services in order to meet the health needs of the territory of reference. In addition, the institute accommodates university courses for medical students, nurses, and technicians. 

With a total of 557 beds at its disposal, the institute is split into several units. With regards to the treatment of oncological diseases, PTV houses the Medical Oncology Unit with six beds, including DH, and an outpatient clinic. In addition, there are two General Surgery units for the treatment of the Colorectal Oncology Network. In 2017, a Breast Unit was introduced. The unit has been recognized by the Regional Committee, as the facility meets all the requirements reported in DCA no.U00247/2014, “Oncological network for the management of breast cancer in Lazio”.

Oncological patients at PTV follow a very complex clinical path of both diagnosis and treatment. In a typical case, a suspected diagnosis of breast cancer is followed by complex imaging studies and a biopsy. If the lesion is confirmed, a surgical phase may occur, followed by more clinical examinations as well as radiotherapy or chemotherapy. Should the cancer return, then the patient may have to go through the entire procedure again.

This clinical path involves distinct departments of the PTV hospital, each of them having its own IT infrastructure, programs, users, and data format. The flow of required patient personal data from department to department in a non-uniform way is a process that is difficult to find, protect and update. The purpose of this use case is to build a new Medical Record Management System that permits to manage data generated from heterogeneous IT applications in PTV, embedding the GUARD platform features, as described in the figure below, in order to allow a better data flow between hospital departments, ensuring patient privacy and preventing malicious data manipulation. This translates into better medical cures and better privacy for oncological patients, thereby taking advantage of the tracking features of the GUARD platform.

GUARD features involved in the use case

The GUARD concept goes beyond traditional security paradigms, still largely based on protecting a single infrastructure, by targeting trust and security mechanisms for end-to-end digital services and business chains. The GUARD approach is based on embedding heterogeneous inspection and monitoring mechanisms in each software/hardware element of the chain, while common interfaces and APIs are used to programmatically collect the security context, ruled by control access policies. The integration of the service chains in GUARD takes place through the integration of bespoke GUARD security agents. 

Local security agents encompass a heterogeneous set of technologies for monitoring and enforcement. This includes logging and event reporting capabilities developed by programmers into their software, logging facilities built into the kernel as well as monitoring and enforcement frameworks built in the kernel, and the application or system libraries that inspect network traffic and system calls.

The main objective of this use case is to demonstrate the usefulness and ease of use of some features offered by GUARD:

• Evaluating performance in collecting the security context, especially logs, network traffic, events, and other monitored parameters
• Demonstrating the “programmability” of local agents
• Verifying consistency and interoperability of the prototypes developed by partners
• Demonstrating the effectiveness of detection algorithms
• Showing how private data and sensitive information can be tracked and controlled within the chain
• Reporting impressions comments from users about the usability and friendliness of the user interface

The application realized for this use case contemplates the separate management of the departments, each department’s application consists of several services, deployed on public cloud infrastructure in an isolated environment from other departments. Data exchange between departments is mediated by GUARD’s data tracking module (as shown in the figure below), which is responsible for approving and recording any exchanges of medical records. The implementation of this module follows the International Data Space (IDS) Architecture. The data owner will be able to control and track the propagation of their data through GUARD’s dashboard.