Safeguarding data flow inside IoT Patient Ecosystems
Hospitals and healthcare organisations have started to evolve from a place of care to a delocalised network of care services. The long-term radical change of perspective goes under the name of “Patient Ecosystem”. This concept emerged a few years ago, and it is exponentially growing thanks to the evolution of mobile services, the augmentation of the number of IoT devices, the wider use of information technology by patients and the increased impact of remote wellness solutions.
In an attempt to project this evolutionary aspect of healthcare systems onto real-life, smart assisted living systems represent an impressive example that may come to one’s mind. Senior people can benefit from advanced services such as constantly monitored health measurements (e.g. blood pressure), fall detection, emergency buttons, location detection etc. This has been made possible through the utilization of multiple sensors and interconnected smart IoT devices such as smart watches. These devices could communicate and exchange valuable health data with smartphones, smart watches and hospital monitoring devices and databases.
Obviously, the main factor that raises considerable concern among the public to be is: “What happens with all this data in terms of security?” Additionally, the recent adoption of the EU General Data Protection Regulation and all discussions around data protection tend to confirm such concerns. Health data, in their vast majority, consist of highly sensitive and personal data that have significant impact in a variety of industry sectors. Can you imagine for example the preciousness of the historical health data of a patient for a health insurance company? And what if access to such data was provided without consent or even worse by means of cyberattacks against an IoT Ecosystem like the one described above? Similar to the assisted living concept, it is not hard to imagine the volume, sensitivity and preciousness of all information exchanged inside the entire interconnected system of a whole hospital.
SPHINX project is going to provide a universal cyber security toolkit for the Health and Care Domain. The proposed toolkit will enable the identification of modern and advanced cyber threats, enhanced with a personalised data security management tool. At this stage, it is important to realise that the very nature of the project consists of safeguarding health data privacy. More specifically, SPHINX is going to thoroughly assess and examine an exhaustive set of parameters that may threaten such privacy, as well as to develop mechanisms in order to prevent its violation inside a Patient Ecosystem. SPHINX is going to be developed and tested inside real world circumstances thanks to the participation of three European hospitals in the consortium (Greece, Portugal, Romania). Eventually, SPHINX toolkit will be used after the termination of the project as the safekeeper of personal data inside real IoT Patient Ecosystems, by deploying cutting-edge technologies. Hence, SPHINX is going to decisively contribute to the actual application of data protection rules such as the GDPR in the health sector, the protection of human rights defined in them and the mitigation of concerns relevant to health data.
Overall, SPHINX project takes seriously into account the current state of play and society’s requirements and concerns on data protection in IoT patient ecosystems in regard to its research and projected results. Furthermore, the project is bound to deliver public solutions which will lead to further development and evolution of Health and Care Domain and promote a deeper feeling of safety and compliance with the GDPR and other relevant regulations.