contadores web
Skip to main navigation menu Skip to main content Skip to site footer
##common.pageHeaderLogo.altText##

Scientific and technological research article

Vol. 19 No. 2 (2017)

Model of assessment of requirements of privacy, security and quality of service for mobile medical applications

DOI
https://doi.org/10.22267/rus.171902.90
Submitted
August 8, 2016
Published
2017-08-30

Abstract

 Introduction: The development of mobile technologies has facilitated the creation of mHealth applications, which are considered key tools for safe and quality care for patients from remote populations and with lack of infrastructure for the provision of health services. The article considers a proposal for an evaluation model that allows to determine weaknesses and vulnerabilities at the security level and quality of service (QoS) in mHealth applications. Objective: To carry out an approximation of a model of analysis that supports the decision making, concerning the use and production of safe applications, minimizing the impact and the probability of occurrence of the risks of computer security. Materials and methods: The type of applied research is of a descriptive type, because each one details the characteristics that the mobile health applications must have to achieve an optimum level of safety. The methodology uses the rules that regulate applications and mixes them with techniques of security analysis, using the characterization of risks posed by Open Web Application Security Project-OWASP and the QoS requirements of the International Telecommunication Union-ITU. Results: An effective analysis was obtained in actual current applications, which shows their weaknesses and the aspects to be corrected to comply with appropriate security parameters. Conclusions: The model allows to evaluate the safety and quality of service (QoS) requirements of mobile health applications that can be used to evaluate current applications or to generate the criteria before deployment.

References

  1. Dzenowagis J, Kernen G. Global Vision, Local Insight: Report for the WSIS. Geneve: WHO; 2005;1-41.
  2. Bukachi F, Pakenham-Walsh N. Information technology for health in developing countries. Chest. 2007;132(5):1624-30.
  3. World Health Organization. New horizons for health through mobile technologies. Geneve: WHO; 2011;3.
  4. Engle KL, Plourde KF, Zan T. Evidence-based adaptation and scale-up of a mobile phone health information service. MHelth Journal. 2017;3(3):1-9.
  5. Aitken M. Patient Adoption of mHealth. USA: IMS Institute for Healthcare Informatics; 2015.
  6. ARXAN. Arxan’s 5th Annual State of Application Security Report Reveals Disparity between Mobile App Security Perception and Reality. USA: ARXAN; 2016. p. 2-6. Available from: https://www.arxan.com/2016/01/12/arxans-5th-annual-state-of-application-security-report-reveals-disparity-between-mobile-app-security-perception-and-reality/
  7. USA Food Drug Adm. Guidance for Industry and Food and Drug Administration Staff [Internet]. USA: USA Food Drug Adm; 2016. p. 1-44. Available from: https://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf
  8. Comisión Europea. Libro Verde: sobre sanidad móvil. Bruselas: CE; 2014.
  9. Martínez-Pérez B, de la Torre-Díez I, López-Coronado M. Privacy and Security in Mobile Health Apps : A Review and Recommendations. J Med Syst. 2015;39(1):181.
  10. Arora S, Yttri J, Ph D, Nilsen W. Privacy and Security in Mobile Health ( mHealth ) Research. Alcohol Res. 2014;36(1):143-51.
  11. Sanchez M, Leyva A, Gonzalez S. Quality of Service in Wireless Technologies for mHealth Service Providing. Mobile Health. 2015;5:971-89.
  12. OSWAP. Top 10 Mobile Risks. United States: OSWAP; 2012.
  13. Vital Wave Consulting. MHealth for Development: The Opportunity of Mobile Technology for Healthcare in the Developing World. Washington and Berkshire: Foundation Vodafone, Foundation Partnership; 2009.
  14. Unión Internacional de Telecomunicaciones. Recomendación UIT-t p.800: Métodos de determinación subjetiva de la calidad de transmission. Ginebra: UIT; 1996.
  15. Unión Internacional de Telecomunicaciones. Recomendación UIT-T G.1010: Categorías de calidad de servicio para los usuarios de extremo de servicios multimedios. Ginebra: UIT; 2001.
  16. Islam SMR, Kwak D, Kabir H. The Internet of Things for Health Care : A Comprehensive Survey. IEEE Access. 2015;3:678-708.
  17. Kotz D. A threat taxonomy for mHealth privacy. Bangalore: IEEE; 2011. p. 1-6.
  18. U.S. Department of Health and Human Services. Recommendations on Privacy and confidentiality, 2006-2008. USA: US Dep Heal Hum Serv; 2009.
  19. Goncalves F, Macedo J, Nicolau M, Santos A. Security Architecture for Mobile E-Health Applications in Medication Control. USA: Software, Telecommun Comput Networks (SoftCOM), 2013 21st Int Conf on IEEE; 2013;1-8.
  20. Payne J. The State of Standards and Interoperability for mHealth among Low- and Middle-Income Countries. USA: The mHealth Alliance; 2013. p. 48.
  21. Skorin-Kapov L, Matijasevic M. Analysis of QoS requirements for e-Health services and mapping to evolved packet system QoS classes. Int J Telemed Appl. 2010;2010:1-19.
  22. Alinejad A, Philip N, Istepanian RSH. Mapping of multiple parameter m-health scenarios to mobile WiMAX QoS variables. Proc Annu Int Conf IEEE Eng Med Biol Soc EMBS. 2011;15:32-5.
  23. Gállego JR, Hernández-Solana Á, Canales M, Lafuente J, Valdovinos A, Fernández-Navajas J. Performance analysis of multiplexed medical data transmission for mobile emergency care over the UMTS channel. IEEE Trans Inf Technol Biomed. 2005;9(1):13-22.
  24. Guillen E, Ramirez L, Estupiñan E. Análisis de seguridad para el manejo de la información médica en telemedicina. Cienc E Ing Neogranadina. 2011;21(2):57-89.
  25. Gutiérrez-Martínez J, Núñez-Gaona MA, Aguirre-Meneses H, Delgado-Esquerra RE. Implementación de la seguridad en el manejo de las imágenes médicas. Investig en Discapac. 2014;3(4):177-84.
  26. H-Dolin R, Alschuler L, Boyer S, Calvin B, M-Behlen F, V-Biron P, et al. Model Formulation: HL7 Clinical Document Architecture, Release 2. JAMIA. 2006;13:30-9.
  27. Crook MA. The Caldicott report and patient confidentiality. J Clin Pathol. 2003;56(6):426-8.
  28. Freier A, Karlton P, Kocher P. The Secure Sockets Layer (SSL) Protocol Version 30. IETF. 2011;3:1-67.
  29. Turner S. Transport layer security. IEEE Internet Comput. 2014;18(6):60-3.
  30. Gómez R, Hernán D, Donoso Y, Herrera A. Metodología y gobierno de la gestión de riesgos de tecnologías de la información Methodology and Governance of the IT Risk Management. Rev Ing. 2010;31:109-18.
  31. Microsoft. Guía de administración de riesgos de seguridad. USA: Microsoft; 2017. Available from: https://www.microsoft.com/latam/technet/recursos/migracion/srsgch00.mspx#ERC
  32. Patient View. European Directory of Health Apps 2012-2013: A review by patient groups and empowered consumers. London: Patient View; 2013. 200 p.
  33. Santillán A, Martínez J. Apps de salud: Nuevas herramientas para el cuidado del paciente cardiológico. Enferm Cardiol. 2015;(66):28-34.
  34. The App intelligence. Informe 50 mejores Apps de Salud en español [Internet]. Madrid: The App intelligence; 2014. p. 4-8. Available from: http://boletines.prisadigital.com/Informe-TAD-50-Mejores-Apps-de-Salud.pdf

Downloads

Download data is not yet available.