MiCare: Context-aware authorization for integrated healthcare service

(1)

MiCARE: Context-aware Authorization

for Integrated Healthcare Service

Tse-Ming Tsai1_{, Jiann-Tsuen Liu}1_{, Jane Yung-jen Hsu}2

1_{Advanced eCommerce Institute, Institute for Information Industry, Taiwan}

{eric,jamsliu}@iii.org.tw 2

Computer Science and Information Engineering, National Taiwan University yjhsu@csie.ntu.edu.tw

1 The Vision: Pervasive Healthcare

As the elderly population constitutes a larger proportion of the aging society, providing quality long term care becomes an increasingly critical issue over the world. Our research aims to enable a patient-centric, instead of the existing hospital-centric, pervasive healthcare environment. Envision a new alliance of “Community Healthcare Center” linking various contracted service providers such as hospitals, pharmacies, caregivers, transportation and security firms to offer end-users personalized medical/care services ubiquitously. Figure 1 presents the overview of the proposed MiCARE ubiquitous care service platform. As is illustrated, mobile technology plays an important role in enhancing the pervasive healthcare infrastructure.

Fig. 1. MiCARE Ubiquitous Care Service Platform

MiCARE Ubiquitous Care Service Platform

Medical Info Collector/Controller Medical Info Collector/Controller Security & Privacy Security & Privacy Home Gateway Home Gateway Smart Notification/Alarm Smart Notification/Alarm Services Gateway Services Gateway

Mobile Information Portal

Event-Driven Cooperation Event-Driven Cooperation Service Information Exchange Service Information Exchange

Smart Object /Mobile Info synchronization Smart Object /Mobile Info

synchronization HIS Location-Based Service Location-Based Service adajpaifj adajpaifj 1SICMV 7.38 492 15 LIFESCAN SureStep omron CLOSE START Home Gateway &

Wearable Medical Sensor

HC Service Cooperation/Integration Mobile Environment

Support

Tablet/SmartPhone/PDA/RFID

MiCARE Ubiquitous Care Service Platform

Medical Info Collector/Controller Medical Info Collector/Controller Security & Privacy Security & Privacy Home Gateway Home Gateway Smart Notification/Alarm Smart Notification/Alarm Services Gateway Services Gateway

Mobile Information Portal

Event-Driven Cooperation Event-Driven Cooperation Service Information Exchange Service Information Exchange

Smart Object /Mobile Info synchronization Smart Object /Mobile Info

synchronization HIS Location-Based Service Location-Based Service adajpaifj adajpaifj 1SICMV 7.38 492 15 LIFESCAN SureStep omron CLOSE START Home Gateway &

Wearable Medical Sensor

HC Service Cooperation/Integration Mobile Environment

Support

(2)

Within the pervasive healthcare vision, our research will focus on (1) seamless integration of care services, and (2) context-aware authorization of healthcare records.

Given that most players in this domain have existing IT systems, it is necessary to enable seamless integration of care services provided by their legacy applications. In order to satisfy the patients’ different healthcare needs, we plan to utilize the eXFlow workflow engine with Web services support [1] to orchestrate services over the distributed heterogeneous systems. On the other hand, we have identified the following issues associated with the general care procedure.

λ

Privacy protection is an important concern for most people. Personal Health Record often contains extremely private information that needs to be secured perfectly with well-managed controlled access only.

A variety of medical staff, such as nurses, therapists and pharmacists, may participate in a given care situation. Their roles can vary dynamically over time, location, and procedure. Each role usually needs to access data sources from a different discipline – event domain.

Medical staff involved in a given care situation may need to exchange the patient’s personal healthcare record.

As a result, it is important to design a mechanism that manages the access, retrieval, and sharing of personal healthcare records. In a mobile environment, access authorization should be based on the dynamically changing context.

In 1996, the United States federal government enacted HIPAA (Health Insurance Portability and Accountability Act) [2] to standardize the management of security, privacy and data exchange of personal medical information. HIPAA specifies the requirements for healthcare quality in patient care. To meet the challenge, we built the MiCARE framework for securing personal privacy and enforcing data access authorization. MiCARE employs a rule-based approach that offers flexibility when different roles taking care of the patient in dynamic contexts. The proposed architecture utilizes P2P engagement for distributed data exchange.

We are facing a practical challenge in Taiwan. Given that the regulations are not quite as sophisticated as HIPPA, how can the service providers establish the trust to share information resources? The problem is further compounded by the demands from patients to receive professional and personalized healthcare services anytime and anywhere – even outside of the hospital. Such ubiquitous care service requires the specification of rights and ownership for each data object within the system boundary as well as when it is checked out and mobile. A flexible access policy and authorization scheme is necessary to enable mobile healthcare integrating various data sources and parties. Ensuring privacy of patient case history is the most critical issue in realizing the vision of pervasive healthcare.

(3)

2 Current

Research

To illustrate dynamic data access control in MiCARE, Figure 2 presents a sample scenario of in-home and mobile healthcare service. James, a patient with a certain long-term health problem, receives care at home. Upon entering James’s house, a nurse is authorized to access James’ “personal information”, but she does not have the access right to his “rehabilitation information” initially. When a therapist arrives at a later time, access right to the “rehabilitation information” on the nurse’s PDA is authorized in order to support collaboration. However, this access right is immediately revoked after the therapist leaves James’ house. Such a situation demands secured access control on multiple types of data from different sources and authority.

Search Peer / Communication

Get locat

ion

GetPerm

ission

Get location

Get Perm_ission

Get time / Get Role Search Peer / Communication

Home Gateway Get time / Get Role WebCam sensor Nurse Therapist Patient Get Location

Search Peer / Communication

Get locat

ion

GetPerm

ission

Get location

Get Perm_ission

Get time / Get Role Search Peer / Communication

Home Gateway Get time / Get Role WebCam sensor Nurse Therapist Patient Get Location

Fig. 2. In-Home and Mobile Healthcare for distributed P2P object exchange

MiCARE implements dynamic access rights by adopting a rule engine to separate access logic from data. It recruits P2P to integrate distributed data sources within the mobile healthcare practice. In addition, the concept of DRM is used to offer multi-data encapsulation for secured and flexible context-aware digital content sharing.

Figure 3 illustrates the detailed design architecture for each care node for context-aware authorization. There are three major components identified with dotted lines. The Multi-part Data Packer corresponds to the box on the left, Dynamic Access Right Inference is denoted by the top box on the right, and the bottom box on the right represents the Context Monitor.

(4)

Sensor Network Interface Adapter OS / Network

Context / Event Monitor P2P Communicator Rule DB

Rule Engine (Jess) View Render Rule Manipulation Tool Multi-Object Handler Multi-Object Container Rule Interpreter Multi-Object Composer (Verify/ Meta data)

Multi-part Data Packer Dynamic Access Right Inference

Context Monitor

Multi-part Data Packer Dynamic Access Right Inference

Context Monitor

Fig. 3. Design modules for each care node

A POC implementation of MiCARE has been completed on the iPAQ H5500 PDA running Jeode Java VM with the JESS4.5 inference engine. The JXTA for J2ME is adopted to provide the P2P infrastructure. Each care node running on the PDA serves as the care information carrier as well as a collaboration tool. The multi-pack documents are represented in ODRL. The current implementation will be used in a field study of in-home patient care.

3 Expectations Towards the Workshop

We look forward to the opportunity to share our experience in designing and implementing the MiCARE platform. In particular, we are interested in exchanging experiences on designing new business models and applying the latest IT technology to the pervasive and ubiquitous healthcare domain. We’d also like to consult the other workshop participants regarding the adoption/adaptation on the following standards:

– HIPPA

– Domain content semantic: HL7/DICOM

– Right Expression Language: ORDL/XrML/XACML

– Remote System integration: Web Services (SOAP/UDDI/WSDL/WSCI/WSS) In addition, we’d like to discuss the application of new technology on

– P2P distributed data object and access policy

– DRM (Digital Right Management) vs. PRM (Privacy Right Management) – Mobile/Ubiquitous computing application to healthcare

– Context-aware issues for nomadic case

(5)

4 About the Authors

Our most important research effort in this stage is to make all parties feel safe about their information resource sharing, including service providers and end-users. Security and privacy have always been the most important issues in medical and healthcare applications — especially in the ubiquitous computing environment when the requirements are definitely more demanding. We propose the MiCARE services as an essential framework to support a dynamic, mobile, and context-aware environment. While taking care of the patient, we should both ensure and enforce the context-aware authorization of different data objects in dynamically changing context. By integrating the technology of context-aware, rule inference, digital rights language, and P2P infrastructure, we practices context-aware authorization in dynamic healthcare services. The workflow engine eXFlow2.0 with Web services support is another product we have developed. The engine is mature enough to be deployed for B2Bi of back-end heterogeneous systems.

Tse-Ming Tsai is a project manager at the Institute for Information Industry’s Advanced e-Commerce Technology Institute, Taipei, Taiwan. His research interests include Web Services, context-aware, and e-commerce technologies. Tsai received an MS in information management from National Taiwan University.

Jiann-Tsuen Liu is an engineer at the Institute for Information Industry’s Advanced e-Commerce Technology Institute, Taipei, Taiwan. His research interests include P2P and mobile computing.

Jane Hsu is an associate professor of Computer Science and Information Engineering at National Taiwan University. She received her PhD in computer science from Stanford University in 1991. Her research interests include intelligent agents, data mining, mobile robots, and e-commerce technologies. Being a member of AAAI, IEEE, ACM, and the Phi Tau Phi Scholastic Honor Society, Prof. Hsu frequently serves as organizers, program committee and executive committee members in many key international conferences and societies in AI, agents, and e-commerce. Prof. Hsu serves on the editorial board of International Journal of Computational Intelligence (2004- ) and Intelligent Data Analysis – An International Journal (1997-2002).

References

1. Nathan Chung-Nin Chung, Wen-Shih Huang, Tse-Ming Tsai, Seng-cho

Timothy Chou: eXFlow: A Web Services-Compliant System to Support B2B Process Integration. HICSS 2004