Analysis and Modelling of p2p Security for Future Patient-centered Healthcare Ecosystem
Project leader: Björn Eskofier
Project members: Imrana Abdullahi Yari
Start date: 1. October 2018
End date: 30. September 2021
Funding source: Deutscher Akademischer Austauschdienst (DAAD)
Project Partner Website: Refinio GmbH
The patient-centred healthcare ecosystem (PHE) is a future digital healthcare model where all healthcare stakeholders will eventually transition from an isolated approach to a collaborative approach around the patient. Among other benefits, the PHE will enable individuals to take control of their health information in a confidential and secure environment. Currently evolving PHEs either use a centralized database or blockchain technology for storing medical records.
On the one hand, healthcare industries that store data in a centralized database experience more data breaches than any other sector, as revealed in the latest report by the Office of the Australian Information Commissioner on data breaches. Moreover, the Protenus Breach Barometer in the US reported 369 health data breaches in the third quarter of 2018, affecting 8 million patients. On the other hand, the immutable nature of data storage in blockchain makes it impossible for users to erase their stored information, which goes in contrary to the European regulation on data protection.
The OnePatient PHE by Refinio ONE (a German-based health technology startup) is based on peer-to-peer technology; an alternative to centralized database and blockchain technology. Although blockchain also uses peer-to-peer technology, the data is inherently shared publicly, and in case the blockchain encryption gets broken, all the data becomes public. In contrast, when the OnePatient PHE encryption gets broken, only one user is affected at a time. However, storing medical records in peer-to-peer technology still requires research in terms of security and education and awareness to users about data security and privacy.
In our work, we aim to i) investigate the possible and inherent security and privacy issues for future PHEs like OnePatient, ii) design security models such as Firewall, Trust Reputation System, etc. to provide additional security, and iii) finally evaluate the effectiveness of our security models.