sphinx-project.eu / Blog  / Safeguarding data flow inside IoT Patient Ecosystems

Safeguarding data flow inside IoT Patient Ecosystems

Hospitals and healthcare organisations have started to evolve from a place of care to a delocalised network of care services. The long-term radical change of perspective goes under the name of “Patient Ecosystem”. This concept emerged a few years ago, and it is exponentially growing thanks to the evolution of mobile services, the augmentation of the number of IoT devices, the wider use of information technology by patients and the increased impact of remote wellness solutions.

In an attempt to project this evolutionary aspect of healthcare systems onto real-life, smart assisted living systems represent an impressive example that may come to one’s mind. Senior people can benefit from advanced services such as constantly monitored health measurements (e.g. blood pressure), fall detection, emergency buttons, location detection etc. This has been made possible through the utilization of multiple sensors and interconnected smart IoT devices such as smart watches. These devices could communicate and exchange valuable health data with smartphones, smart watches and hospital monitoring devices and databases.

Obviously, the main factor that raises considerable concern among the public to be is: “What happens with all this data in terms of security?” Additionally, the recent adoption of the EU General Data Protection Regulation and all discussions around data protection tend to confirm such concerns. Health data, in their vast majority, consist of highly sensitive and personal data that have significant impact in a variety of industry sectors. Can you imagine for example the preciousness of the historical health data of a patient for a health insurance company? And what if access to such data was provided without consent or even worse by means of cyberattacks against an IoT Ecosystem like the one described above? Similar to the assisted living concept, it is not hard to imagine the volume, sensitivity and preciousness of all information exchanged inside the entire interconnected system of a whole hospital.

SPHINX project is going to provide a universal cyber security toolkit for the Health and Care Domain. The proposed toolkit will enable the identification of modern and advanced cyber threats, enhanced with a personalised data security management tool. At this stage, it is important to realise that the very nature of the project consists of safeguarding health data privacy. More specifically, SPHINX is going to thoroughly assess and examine an exhaustive set of parameters that may threaten such privacy, as well as to develop mechanisms in order to prevent its violation inside a Patient Ecosystem. SPHINX is going to be developed and tested inside real world circumstances thanks to the participation of three European hospitals in the consortium (Greece, Portugal, Romania). Eventually, SPHINX toolkit will be used after the termination of the project as the safekeeper of personal data inside real IoT Patient Ecosystems, by deploying cutting-edge technologies. Hence, SPHINX is going to decisively contribute to the actual application of data protection rules such as the GDPR in the health sector, the protection of human rights defined in them and the mitigation of concerns relevant to health data.

A hasty approach of the situation could already have concluded to some optimistic comments and insights about the future. Nonetheless, concerned individuals with deep knowledge of the GDPR could raise a series of questions: “But how will the Sphinx project be tested and developed? Of course, personal data and indeed special (sensitive) categories of personal data are going to be processed in order to achieve satisfying results. Who is going to own, view and process these data? Are the patients going to be informed? And what about any abuse of these data from the SPHINX partner companies?” All these questions may seem complicated at a first glance, however they reflect a crucial aspect of reality in the vast majority of H2020 ICT related research projects. The SPHINX project will come to solutions to these questions, while conducting research, in a complete and efficient manner by taking into consideration all legal and ethical aspects of data protection at European and national level. Moreover, the privacy policy developed in the context of SPHINX is going to address issues concerning the personal data to be collected, and disclosed to third parties and user rights. In addition to the above actions, it is crucial to always bear in mind that SPHINX is not expected to collect, store, and share personal data (e.g. names, email addresses, educational titles, skills, health records, interests etc.) of patients and healthcare professionals as well as of other groups of users within the healthcare domain. This essential fact proves openly that SPHINX intents to “do the job” carefully and act with precaution from the start, while achieving highly efficient results.

Overall, SPHINX project takes seriously  into account the current state of play and society’s  requirements and concerns on data protection in IoT patient ecosystems in regard to its research and projected results. Furthermore, the project is bound to deliver public solutions which will lead to further development and evolution of Health and Care Domain and promote a deeper feeling of safety and compliance with the GDPR and other relevant regulations.

Image Source: https://www.peerbits.com/blog/internet-of-things-healthcare-applications-benefits-and-challenges.html