Privacy and Security in E-Health

Privacy and Security in E-Health


Information technology continues to fuse well with modern health structures. Development of an application to monitor and send feedback on the health status of patients is growing. As a result, people question the robustness of electronic systems as far as system breach and modification of data comes into play. Medical data is a sensitive matter, and security interventions are essential for the success of advanced healthcare protocols. Therefore, assessments that identify and determine the nature and cardinality of such challenges associated with electronic health systems and the kind of technological solutions available are of the utmost importance.

In the wake of a swiftly changing world, characterized by an ever-increasing rise in smartphone penetration, mobile health applications have become popular. The popularity of mobile applications in e-health can be attributed to innovation and improvement in telecommunication, hardware, software applications as well as data transmission plans and affordability of devices (Varatharajan, Manogaran, & Priyan, 2018). Mobile health application now can use several sensors to access the health status of individual patients and thus, aid in health-related decision making. The increase of mobile health application has not witnessed a parallel increase with regard to the mechanisms that ensure the protection of individual privacy and data integrity.

1.1 Problem Formulation

This research proposal focuses on the problem regarding the privacy and security issue in e-health. Highlighting the main privacy and security threats that machine learning algorithm has in regards to the operation of mobile health devices (Thota, Sundarasekar, Manogaran, Varatharajan, & Priyan, 2018). There are several concerns regarding the security, privacy as well as the confidentiality of Mobile health. Mobile health applications use various machines and sensors primarily to collect heterogeneous information about the users and at the same time interact with users (Abdelaziz, Elhoseny, Salama, & Riad, 2018). Re-use of data policies are not always clear neither do users fully understand the benefits and risks (Wang, Kung, & Byrd, 2018). In this regards there is a critical aspect in regards to privacy, security and learning issues that are often dealt with differently thus, bringing about a great diversity among the different applications.

1.2 Significance and Goal of the Study

The primary objective of this study is to highlight the key concerns in regards to the security and privacy in e-health. As such it aims at providing a solution to the challenge through appropriate application of health information technology. Today the creative use of new technologies such as mobile health information as well as sensing technologies has a considerable potential to improve outcomes, health research and at the same time help in reduction of health care cost. Thus, the proposed research will be significant as it will bring forth a better understanding of critical issues that healthcare organizations are facing in the wake of technological innovation.

1.3 Research question

The study will seek to answer the following research questions:

1. What are the underlying problems in e-health services with regards to security and privacy?

The above question will help in identification and discussion of the problem associated with security and privacy concerns of e-health.

2. How can machine learning be included in mobile health solution to provide privacy and information integrity?

This question will reflect on benefits of machine learning in e-health to realize the importance of artificial intelligence in e-health.

3. How can health information technology be used effectively to overcome security and privacy issues in e-health?

This question will specifically address the specific recommendation as a solution to overcome the identified problem.

2. Review of Literature

2.1. Overview

Different health organizations concentrate their resources on providing quality and convenient health services. These efforts resulted in the incorporation of high-tech information systems to aid physicians in their work. Unfortunately, issues of privacy and safety emerged after the use of computer networks. The literature review explores the challenges of integrity and feasibility of technology and the solutions offered. As a prerequisite, the discussion touches on the machine and deep learning by outlining their advantages and connection to the Internet of Things.

2.2. Literature Review

2.2.1. Challenges associated with E-health Services

The emergence of technology in different sections of daily activities proves to be beneficial. Nevertheless, there is a security issue associated with these modern trends; this also applies to the healthcare industry. Thota et al. (2018) affirm that Internet of Things (IoT) technology continues to grow in popularity and people need to be aware of how to guard the systems while in use. The team posits that a centralized system which utilizes cloud technology and security protocols; these systems would guarantee the integrity of medical data from patients. The system would prevent issues of confidentiality, integrity, and availability (Bai, Dai, & Li, 2014). Bai and his colleagues talk about confidentiality stating that medical data is a sensitive entity and E-Health has a high potential of exposing it to the public. Therefore, they urge IT, experts, to provide quality applications which are void of attacks.

On top of this, they feel that a person might interfere with the integrity of the data; modification of records to suit their preferences. The system must detect any unwarranted changes in health records or prevent them. Sadly, some cases of attacks render certain systems irresponsive when needed to treat a patient (Bai, Dai, & Li, 2014). The whole thing is imaginable because medical conditions can be life-threatening. Retrieval of print copies might longer than expected and affect the outcome of the treatment. Therefore, proposals for cloud storage with robust security measures as noted by Thota et al. (2018) and other solutions should be considered in E-health.

2.2.2. Machine Learning and security in E-health

Mobile applications are among the popular modern innovations associated with E-health. Health experts collaborate with information technology companies to develop apps which monitor and provide real-time results of patients. The initiative will guarantee that residents receive quality and timely medical services in the comfort of their homes (McKay et al., 2018). Nevertheless, the problem of appropriate regulation of such a venture creates doubts about its reliability. Obinikpo and Kantarci (2017) echo the idea articulated by Thota and his fellow experts by urging the use of a machine learning model through cloud computing. These two authors confirm that using machine learning is the only effective means of securing big sensed data in healthcare.

Moreover, Obinikpo and Kantraci (2017) respond to the queer of how machine learning is useful in improving the healthcare industry and protecting medical data. The technique utilizes the “feature extraction and modality-specific algorithms to detect handwriting and/ or speech” (Obinikpo & Kantarci, 2017). This model is capable of handling big databases and any type of data manipulation required. In effect, the technique provides an accurate representation of health status as obtained from the source. Some of the acclaimed uses of these algorithms are “telemedicine, air quality monitoring, indoor localization, and smart transportation” (Obinikpo & Kantarci, 2017). However, some weakness associated with machine learning pushed medical IT experts to advance into deep learning. The initial benefits of accurate diagnosis and large storage capabilities would remain but with the added benefit of being able to “optimize non-differentiable discontinuous loss functions” (Obinikpo & Kantarci, 2017). Therefore, it is imperative that deep learning is considered as a viable futuristic solution.

In retrospect, deep learning perfects correlate with the IoT networks. Combining these methods with sensor and actuator systems leads to concise and efficient data generation. The issues of security are solvable through the use of smart transportation structure offered by these algorithms. IoT networks can easily fuse with the algorithms and protect the contents of information from patients and physicians alike. More so, the method of extraction, storage, and treatment of illness is automatic and easily protected through the use of technology. Obinikpo and Kantarci (2017) discuss data collection using crowd-sensing, probes, and the different techniques used namely Boltzmann machine, deep belief networks, and auto-coder. All these activities require minimal human intervention as compared to the traditional systems. They also have an inbuilt security procedure which safeguards information. Subsequently, they are plausible strategies for any individual or firms using technology to improve health services.

2.2.3. Application of Health Information Technology to Improve Security and Privacy

Most critics argue that the advancement of technology in the medical field unveiled major issues in security. Medical records are undoubtedly private information in any form or quantity. One of the known initiatives taken is the HITECH Act; it continues a protocol which automatically reports breaches once detected (Kruse et al., 2017). The installation of Electronic Health Records fastens the reporting process by incorporating a template developed prior to any incident. Apart from this reactive technique, Kruse et al. (2017) posit the use of safeguards in form of access control, physical access control, and administrative safeguards. The access control stipulates the discriminate access to certain information depending on the level of authorization, For example, a person working in an entry-level job, say a cleaner, is restricted from seeing electronic medical files. They only use the system to access their daily schedule, and other areas are inaccessible to them. Physicians and high-ranking officials are the ones who can see sensitive medical data and modify it.

As seen from most hospitals, certain areas are off-limits to the public or families of patients; intensive care unit and storage cabinets are locked and guarded by security officers or automatic doors. The hospitals use physical access control or biometric technology to control traffic in hospital premises (Kruse et al., 2017). The administrative technique involves the managerial policies and procedures employed to detective system weakness and provide a foundation for improvement mechanisms. Information technology caters to the program needed to monitor daily activities, prevent hacking, and provide conclusive reports on the same.

2.2.4 Summary of the Review

The discussion provides primary and secondary information on what exists in the health information systems. More specifically, it caters to the vulnerability attributed to health care systems and what information technology can do to mitigate the situation. The first part offers an assessment of safety issues in confidentiality, integrity, and availability of medical data. A breach in the normal functioning of the system compromises privacy, originality, and the existence of the needed information. After this, an analysis of machine learning concerning health care is done. The examination shows that integrating Internet of Things with machine learning/ deep learning can alleviate safety problems. The last query offers an opportunity to provide direct practices used to protect information. They recommend the use of access control to restrict unauthorized entry into sensitive parts of the system together with providing regular system updates.

3. Method

To conduct this pragmatic research philosophy will be the most appropriate approach as it will offer a practical approach to the study. For this study, a mixed method will be adopted as it allows a thorough exploration of the research topic. The goal of using both qualitative and quantitative research is to gain a better understanding of how the world work. However, these two methods achieve this goal in different ways. In regards to the actual design of the study including data collection strategy, sampling frame as well as how the data are analyzed. Quantitative and qualitative approaches have been differentiated on the basis of data used whether numerical or textual unstructured or structured, logic in regards to deductive or inductive among many other factors. This study will evaluate 500 applications listed under the category of “healthcare and fitness” on Apple App store (McKay, Cheng, Wright, Shill, Stephens, & Uccellini, 2018). All this application will be patient-oriented. Application to be considered for this study must have the capacity to capture data from users, and that communicate with health provider share data on the social network and connect with external sensors.

4. Results

4.1 (RQ-1) What are the underlying challenged in e-health services with regards to security and privacy?

Amongst the 500 Applications, constituting the healthcare and fitness section of the Apple App Store, a significant percentage were found to be susceptible to the multifarious security attacks that hampered the privacy and security of e-health services. These attacks can be divided into 3 distinct categories:

  1. Data Collection Level Attacks

The attacks found successful in penetrating the security mechanisms of modern-day smartphone apps, in this category, constitute of Data Collision, Sybil, Jamming, Spoofing, Selective Forward and Desynchronization Attacks.

  1. Transmission Level Attacks

The attacks found successful in penetrating the security mechanisms of modern-day smartphone apps, in this category, constitute of Man in the Middle, Scrambling, Eavesdropping, Data Tampering, Message Modification, Misallocation, Signaling and Hello Flood Attacks.

  1. Storage Level Attacks

The attacks found successful in penetrating the security mechanisms of a modern-day smartphone app, in this category, constitute of Patient Information, Removable Distribution Media, Social Engineering, and Unauthorized Access and Malware Attacks

4.2 (RQ-2) How can machine learning be included in mobile health solution to provide privacy and information integrity

The present applications providing even primary care diagnostics were inefficient with conventional techniques riddled with limitations. The limitations include incapacity to augment non-differentiable discontinuous loss functions together with infeasible durations of prescribed training. Deep Machine Learning has proven itself as a robust tool but lack of utilization is evident in the presiding app stores in both Apple and Google Play stores. The scalability issues of the traditional top-down approach of machine learning are also negatively impacting the scalability of the e-health service, attributed to the finite nature of the rule base. The inability of the present machine learning tools at use is highlighted due to inefficacious architectures of smart transportation. The ability of the machine learning employed to elicit quality data is severely hampering the efficient working of the present e-health services and applications. The use of bottom-up architectures was seen but they too have been reported as liable for voluminous attacks and in need of improvement and modification.

4.3 (RQ-3) How can health information technology be used effectively to overcome security and privacy issues in e-health?

With various and heterogeneous data being generated and stored, e-health applications urgently call for the operative acquisition of extracted and elicited data as well as the proficient and accurate processing to deduce forecasts, conclusions, and recommendations. Recent developments such as that of distributed ledger technologies were also found a void of utilization that could have aided and abetted both scalability and evolution in terms of quantum computing and A.I. Recent discoveries in the respective field have led to the inception of many techniques in this discipline but not towards any use in e-health. The techniques not found to be utilized are restricted Boltzmann mechanisms, convoluted neural networks, deep feedforward and belief networks. The current upsurge in wearable technology calls for much more interoperation than what is currently available.

5. Discussion

5.1 (RQ-1) What are the underlying challenged in e-health services with regards to security and privacy?

The multifarious and diverse range of attacks signify the vulnerability of the sensitive data that is being used for collaboration, bring e-health services to life but at risk. The discussion pertaining to the different levels include:

  1. Data Collection Level Attacks

The RBAC Model is found to be inducing much vulnerability due to its immense importance as a control system providing modular access to healthcare applications. Ciphering algorithms such as AES was also found to be not effective in fulfilling all the terms of confidentiality pertaining to ROM, RAM, and CPB. The current security frameworks have to be modified and improved to cater to the schema of pairwise key distribution as the current frameworks have not shown any resilience to stationary access node replication attacks.

  1. Transmission Level Attacks

Many apps were found not to be utilizing SSL and SOAP for Channel and Data security. Multifactor authentication was also found not being used by Applications with RBAC. The DUKPT (Derived Unique Key per Transaction) generating secret session keys were also void of any utilization amongst the apps. Not much focus is put holistically to verify, secure and maintaining concealment of the user’s identity.

  1. Storage Level Attacks

Urgent revamp is needed in the model designing for all-inclusive usage access control, for many applications. Lack of a stake authentication system to assert privacy is noted as many applications direct centralized infrastructure to handle authentication processes instead of letting the end users handle it, resulting in the multifarious attacks seen today.

5.2 (RQ-2) How can machine learning be included in mobile health solution to provide privacy and information integrity

Presently, research data signifies A.I (Artificial Intelligence) and Machine Learning as new concepts constituting a niche market. Though the need is immense and applications multifarious, it is important to securely make the utilization sustainable. Many application proved to contain well-known loopholes with the potential to become security risks. Machine learning processes such as DBNs (Dynamic Bayesian Networks) operating the Hashgraph Protocol, has immense power to not only provide security to the next generation of e-health and industry 4.0 but also to evolve over time. All 8 categories of analytics algorithms have to be meticulously planned, implemented and improved to effectively instrument the success of both supervised and unsupervised machine learning. With modifications to the existing techniques (i.e. data visualization, association clustering and dimensionality reduction) and utilization of expert knowledge systems, machine learning can prove to be a vital resource not just limited to security.

5.3 (RQ-3) How can health information technology be used effectively to overcome security and privacy issues in e-health?

The security fundamentals shielding the integrity and functionality of the existence of the respective e-health apps were found to contain a lot of room for improvement in terms of Health IT. There was an absence of awareness creation with the applications as well as severe lack of management concerning new vulnerabilities. Easily preventable measures such as the elimination of server vulnerabilities behind these apps together with inefficient mechanisms for patching are yielding major security concerns. With financiers behind these apps having flat budgets for security preparations for Health IT (Watfa, 2011), has further augmented majority of the applications being categorized as risk-prone and meek. The very economics of security behind the respective vertical market of these apps is proving to be a daunting detriment for Healthcare IT together with e-health services and is found in an urgent state to be resolved.

6. Conclusion

There are several obstacles, despite the gains, that limit the wider and more secure adoption of practices that encompass E-Health, HIT (Health Information Technology), A.I (Artificial Intelligence) & Machine Learning. The technology or its implementation alone cannot overcome the major concerns that are prevalent in these services (i.e. both applications and markets). The considering of human dimensions and the harnessing of the latest tools is critical in disentangling the intricate situation present today. Issues pertaining to Integrity, Availability, and Confidentiality have to be analyzed and treated through a sociotechnical analysis with a technological framework that provides Asynchronous Byzantine Fault Tolerance (ABFT) together with high speed on a decentralized system design. Only adverse effects await if the security of E-Health services is not seen as being viable for financing.


Abdelaziz, A., Elhoseny, M., Salama, A. S., & Riad, A. M. (2018). A machine learning model for improving healthcare services on cloud computing environment. Measurement119, 117-128.

Bai, Y., Dai, L., & Li, J. (2014). Issues and Challenges in Securing eHealth Systems. International Journal of E-Health and Medical Communications, 5(1), 1-19.

Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security Techniques for the Electronic Health Records. Journal of Medical Systems, 41(8):127.

McKay, F. H., Cheng, C., Wright, A., Shill, J., Stephens, H., & Uccelini, M. (2018). Evaluating Mobile Phone Applications for Health Behavior Change: A Systematic Review. Journal of Telemedicine and Telecare, 24(1), 22-30.

Obinikpo, A. A., & Kantarci, B. (2017). Big Sensed Data Meets Deep Learning for Smarter Health Care in Smart Cities. Journal of Sensor and Actuator Networks, 1-22.

Thota, C., Sundarasekar, R., Manogaran, G., Varatharajan, R., & Priyan, M. K. (2018). Centralized fog computing security platform for IoT and cloud in a healthcare system. Exploring the convergence of big data and the internet of things (pp. 141-154). IGI Global.

Varatharajan, R., Manogaran, G., & Priyan, M. K. (2018). A big data classification approach using LDA with an enhanced SVM method for ECG signals in cloud computing. Multimedia Tools and Applications77(8), 10195-10215.

Watfa, M. K. (2011). E- Healthcare systems and Wireless Communications: Current and Future Challenges. Hershey, PA: IGI Global, 138.

Wang, Y., Kung, L., & Byrd, T. A. (2018). Big data analytics: Understanding its capabilities and potential benefits for healthcare organizations. Technological Forecasting and Social Change126, 3-13.