The University of Southampton
University of Southampton Institutional Repository

Modelling compliance threats and security analysis of cross border health data exchange

Modelling compliance threats and security analysis of cross border health data exchange
Modelling compliance threats and security analysis of cross border health data exchange
Digital health data is created, stored and processed in healthcare IT infrastructures. These infrastructures are the target of large-scale cyber-attacks and are found to be vulnerable, primarily for two main reasons: the heterogeneity of infrastructure and the numerous stakeholders (medical staff, managers, patients, regulators etc.). Furthermore, the stakeholders have different attitudes, skills, awareness and data handling practices that offer many opportunities for malicious activities. Healthcare in general is characterised by a multitude of regulations and adherence to them is essential to the functioning of the system. Compliance management is usually described in terms of risks and involves activities such as risk identification, assessment and treatment. Our paper conceptualises the notion of a “compliance threat” and discusses the security of cross-border health data ex-change. The paper presents the architecture of the System Security Modeller and illustrates the security risk assessment of the “break glass” scenario which requires health data communication in an emergency situation.
health data, compliance, GDPR, security, modelling
180-189
Springer
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Meacham, Kenneth
3d0e5c6b-8a98-4f2f-be51-aef0dad61fa5
Papay, Juri
21652b35-de29-439c-b343-cb3437ef2f9e
Phillips, Stephen
47610c30-a543-4bac-a96a-bc1fce564a59
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Shafiee, Ardavan
a9046cf7-56f2-48e5-af7b-4518ce6bac5d
Wilkinson, Simon
a9fdfea8-b6fd-49fc-9ec7-182668a51e76
Attiogbe, C.
Ferrarotti, F.
Maabout, S.
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Meacham, Kenneth
3d0e5c6b-8a98-4f2f-be51-aef0dad61fa5
Papay, Juri
21652b35-de29-439c-b343-cb3437ef2f9e
Phillips, Stephen
47610c30-a543-4bac-a96a-bc1fce564a59
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Shafiee, Ardavan
a9046cf7-56f2-48e5-af7b-4518ce6bac5d
Wilkinson, Simon
a9fdfea8-b6fd-49fc-9ec7-182668a51e76
Attiogbe, C.
Ferrarotti, F.
Maabout, S.

Surridge, Michael, Meacham, Kenneth, Papay, Juri, Phillips, Stephen, Pickering, Brian, Shafiee, Ardavan and Wilkinson, Simon (2019) Modelling compliance threats and security analysis of cross border health data exchange. Attiogbe, C., Ferrarotti, F. and Maabout, S. (eds.) In New Trends in Model and Data Engineering. MEDI 2019. vol. 1085, Springer. pp. 180-189 . (doi:10.1007/978-3-030-32213-7_14).

Record type: Conference or Workshop Item (Paper)

Abstract

Digital health data is created, stored and processed in healthcare IT infrastructures. These infrastructures are the target of large-scale cyber-attacks and are found to be vulnerable, primarily for two main reasons: the heterogeneity of infrastructure and the numerous stakeholders (medical staff, managers, patients, regulators etc.). Furthermore, the stakeholders have different attitudes, skills, awareness and data handling practices that offer many opportunities for malicious activities. Healthcare in general is characterised by a multitude of regulations and adherence to them is essential to the functioning of the system. Compliance management is usually described in terms of risks and involves activities such as risk identification, assessment and treatment. Our paper conceptualises the notion of a “compliance threat” and discusses the security of cross-border health data ex-change. The paper presents the architecture of the System Security Modeller and illustrates the security risk assessment of the “break glass” scenario which requires health data communication in an emergency situation.

Text
tridentWorkshop_v11 -SCP4.1 - Accepted Manuscript
Download (624kB)

More information

e-pub ahead of print date: 16 October 2019
Published date: 2019
Keywords: health data, compliance, GDPR, security, modelling

Identifiers

Local EPrints ID: 435374
URI: http://eprints.soton.ac.uk/id/eprint/435374
PURE UUID: a505d3ad-5d92-4332-b1e5-e2d4307ddb27
ORCID for Stephen Phillips: ORCID iD orcid.org/0000-0002-7901-0839
ORCID for Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938

Catalogue record

Date deposited: 01 Nov 2019 17:30
Last modified: 16 Oct 2020 04:01

Export record

Altmetrics

Contributors

Author: Michael Surridge
Author: Kenneth Meacham
Author: Juri Papay
Author: Stephen Phillips ORCID iD
Author: Brian Pickering ORCID iD
Author: Ardavan Shafiee
Author: Simon Wilkinson
Editor: C. Attiogbe
Editor: F. Ferrarotti
Editor: S. Maabout

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×