Page 28 - Trust in ICT 2017
P. 28

1                                                    Trust in ICT


            5.2.1.2    Actors

            Trust Platform: responsible for trust evaluation between data owners and data consumers.
            Data Usage Manager: responsible for matching trust level to data usage policy

            Data Owners: responsible for providing user preferences, trust-related information and personal data usage
            policy if necessary.

            Data  Consumers:  responsible  for  providing  trust-related  information  and  data  usage  purposes  for  trust
            evaluation.

            5.2.1.3    Triggers

            Creation of new data from data owners.
            Request of data consumption from applications, services or people with any purpose.
            Request of data usage policy changes from both data owners and data manager platform.

            5.2.2   Secure Remote Patient Care and Monitoring

            E-health applications, that provide the capability for remote monitoring and care, eliminate the need for
            frequent  office  or  home  visits  by  care  givers,  provide  great  cost-saving  and  convenience  as  well  as
            improvements. “Chronic disease management” and “aging independently” are among the most prominent
            use  cases  of  remote  patient  monitoring  applications.  Remote  patient  monitoring  applications  allow
            measurements from various medical and non-medical devices in the patient’s environment to be read and
            analysed remotely. Alarming results can automatically trigger notifications for emergency responders, when
            life-threatening conditions arise. On the other hand, trigger notifications can be created for care givers or
            family members when less severe anomalies are detected. Dosage changes can also be administered based
            on remote commands, when needed.
            In  many  cases,  the  know-how  about  the  details  of  the  underlying  communications  network  and  data
            management may be outsourced by the medical community to e-health application/ solution provider. The
            e-health solution provider may in turn refer to Machine-to-Machine (M2M) service providers to provide
            services such as connectivity, device management. The M2M service provider may intend to deploy a service
            platform that serves a variety of M2M applications (other than e-health solution provider). To that end, the
            M2M  service  provider  may  seek  to  deploy  optimizations  on  network  utilization,  device  battery  or  user
            convenience features such as ability of using web services to reach application data from a generic web
            browser. The M2M service provider may try to provide uniform Application Programming Interfaces (APIs)
            for all those solution providers to reach its service platform in a common way. From the standpoint of the
            M2M application, the application data layer rides on top a service layer provided by this service platform. By
            providing the service platform and its APIs, the M2M service provider facilitates development and integration
            of applications with the data management and communication facilities that are common for all applications.
            As part of providing connectivity services, the M2M service provider may also provide secure sessions for
            transfer of data for the solution providers that it serves. In many jurisdictions around the world, privacy of
            patient healthcare data is tightly regulated and breaches are penalized with hefty fines. This means the e-
            health application provider may not be able to directly rely on the security provided by the M2M service
            provider links/sessions and instead implement end to end security at application layer. This puts additional
            challenges on the M2M service platform for trust, since it needs to provide its optimizations on encrypted
            data.

            5.2.2.1    Description
            One particular issue with e-health is that not only the data is encrypted, but it may also contain data at
            different  sensitivity  levels,  not all  of  which appropriate  to each  user.  For  instance  in  the  US the  Health
            Insurance Portability and Accountability Act (HIPAA) regulates the use and disclosure of protected health
            information. Different actors within a healthcare scenario may have different levels of authorizations for
            accessing the data within the health records, so the information system must take care to present the health
            data to each user according to the level of authorization for that user. A process, common to address this


            20
   23   24   25   26   27   28   29   30   31   32   33