Guidelines for the technological development in the e-health application domain


Published on

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Published in: Health & Medicine
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Guidelines for the technological development in the e-health application domain

  1. 1.     Guidelines for the technological development in the e-health application domain Ivano Malavolta Università degli Studi dell’Aquila
  2. 2. Introduction Great progress in the health sector applied to etc. However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth image acquisition image elaboration robotics
  3. 3. Introduction The E-Health Technology project focusses on Remote assistance via mobile devices Modernization of business processes Design of new services in the cloud
  4. 4. Introduction The role of University of L’Aquila in the project Research Prototypes development Research actions State of the art Architectural solutions
  5. 5. Introduction In this talk we will present the main solutions for architecting an e-health software system in terms of its Security engineering Reliability assurance etc. Data management infrastructure
  6. 6.     Remainder of the talk •  Introduction •  Cloud computing •  User authentication •  User authorization •  Data encryption •  Sensitive data separation •  Conclusions
  7. 7. Cloud computing The use of computing power that is located “elsewhere”à in the cloud Advantages: no infrastructure elasticity low risk
  8. 8. Cloud computing Challenges in the e-health application domain: Who can enter the system? Who can do what in the system? Who can read my data? Where is my data?
  9. 9. User authentication Strong authentication is mandatory •  one possible implementation: two-factor + challenge-response Something you know Something you have ex. username and password ex. card or security token +
  10. 10. OATH1 Open standard for the interoperability of authentication methods •  Supports both hardware and software implementations Advantages: •  always with the user •  low investment risk •  scalable •  customizable •  no waiting time for issuing a new token
  11. 11. User authorization Access control is the basis of Information Security prevent disclosure to unauthorized users prevent modification by unauthorized users Confidentiality Integrity
  12. 12. XACML Open standard proposing •  a declarative language for defining access control policies •  a run-time architecture for enforcing the policies defining enforcing
  13. 13. Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels: prevent information disclosure while sending data prevent reading saved data in the database Communication Database
  14. 14. Sensitive data separation Multi-tenant architecture with a dedicated database for each agency Advantages: •  data isolation ( required by law) •  customized services •  easy disaster recovery
  15. 15. Conclusions (i)
  16. 16. Conclusions (ii) What is not covered in this talk: •  digital documents with legal validity •  Analog copies of digital documents •  Graphometric signatures with legal validity These aspects are covered in our research article* * available also in English  
  17. 17.     Contact Ivano Malavolta Università degli Studi dell’Aquila
  18. 18. Images credits • • • • • • • • • • •