Requisites of Security, Reliability and Usability in ... - Preprints.org

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

1

Article

2

4

Requisites of Security, Reliability and Usability in Mhealth Apps: Systematic Analysis and Proposed Architecture

5 6

Isabel de la Torre Díez1,*, Kashif Saleem2, Susel Góngora Alonso1, Mohammad Sayim Khalil2, Sofiane Hamrioui3, Joel J. P. C. Rodrigues 2,4,5,6 and Miguel López Coronado1

3

7 8 9 10 11 12 13 14 15 16 17

Department of Signal Theory and Communicacitons, University of Valladolid, Spain; [email protected], [email protected], [email protected] 2 Center of Excellence in Information Assurance, King Saud University, Riyadh 12372, Saudi Arabia; [email protected], [email protected] 3 Bretagne Loire and Nantes Universities, UMR 6164, IETR Polytech Nantes, France; [email protected] 4 National Institute of Telecommunications (Inatel), Santa Rita do Sapucaí-MG, Brazil; 5 Instituto de Telecomunicações, Portugal, with ITMO University, Saint Petersburg, Russia; 6 University of Fortaleza (UNIFOR), Fortaleza, CE, Brazil; [email protected] * Correspondence: [email protected] 1

18 19 20 21 22 23 24 25 26 27 28

Abstract: The use of handheld devices has become essential in recent years. On top of these smart miniaturized computers, the emergence of medical applications dramatically enhances the healthcare system. The sudden technological enhancements and the race to be the market leader reduce the quality of products on the shelf. The major aspect neglected in this degradation is how a device handles the privacy and security of critical data. This paper presents a systematic analysis of the existing m-Health apps in the literature in order to highlight the issues in terms of security, reliability and usability. Additionally, this paper proposes the architecture to structure the m-Health services. Academic databases such as IEEE Xplore, Science Direct, ACM Digital Library, Springer Link and PubMed were searched, considering the date of publication from 2007 to the present time.

29 30

Keywords: applications; m-Health; reliability; usability; security

31

1. Introduction

32 33 34 35 36 37 38 39 40 41 42 43

In the last few years, new technologies and smart electronic devices have been introduced at an enormous rate. These handheld devices are making everyday life easier, and therefore, people are gradually relying more on them. We can see this technological invasion in the field of medicine. This inclusion of electronic devices in medicine has led to the term known as e-Health. Smartphones with high processing speeds have helped programmers to develop mobile applications that have emerged as mobile health (m-Health). Moreover, these gadgets help the caretaker by accessing the medical data remotely at any time around the globe. This can help with the diagnosis, treatment and monitoring of certain diseases and especially in providing support while reporting on the risks of diseases [1]. In telemedicine, security is essential since the medical data of people is highly significant. However, while making healthcare related applications available, most of the information security and privacy aspects are not taken into consideration [2].

© 2018 by the author(s). Distributed under a Creative Commons CC BY license.

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

44 45 46 47 48 49 50 51 52 53 54 55 56 57 58

Another factor to consider is the application integrity that ensures the authenticity. This is a highly critical issue in the medical field since a manipulated application could distort a diagnosis or indicate an incorrect dose of a medication and can cause a life threating situation [3]. This paper focuses on the field of telemedicine, specifically the remote services in accordance with the type of potential user of the application. It is imperative to meet certain usability requirements that allow the use by persons with determinate types of disabilities, such as visual and auditory. There are similar reviews that base their studies on security and privacy in m-Health [2, 4] and Android m-Health applications designed for threat analysis that consider possible scenarios of specific domain attacks [5]. Hence, the aim of this paper is to present the analysis of existing research in the literature in terms of the security, reliability and usability of m-Health apps. Furthermore, this paper proposes the architecture to structure the m-Health services. Section II presents the methodology to perform the systematic literature analysis. Section III gives details about the reference architecture. The requisites are given in Section IV. In Section V, the obtained results and discussion are given, and Section VI concludes the paper.

59

2. Methodology

60 61 62 63 64 65 66 67 68 69 70 71 72 73

This section elaborates the methodology used to conduct the search for scientific articles in different databases. While performing the literature review, scientific databases were used, such as IEEE Xplore, Science Direct, ACM Digital Library, Springer Link and PubMed. In addition to these databases, numerous websites were consulted that specialize in mobile applications and security. The key terms applied in the search engines of these databases are ‘M-Health’ AND ‘android’ AND ‘application’ AND ‘security’, both in Spanish and English. The abstract, title, and keywords are considered and have selected the items of the greatest interest with the custom time range of 2007 and onwards. The methodology applied to conduct the search over multiple libraries is demonstrated in Figure 1. The selection process of the papers was done by reading the titles and abstracts of the results obtained, and the papers were classified by reading their abstracts as well as the full article when necessary. All articles repeated in more than one database were eliminated, which resulted in 16 documents that gave rise to the relevant contributions. Next, the results section shows the most relevant works that were found.

74

Figure 1. Search methodology diagram.

75 76 77 78

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

79 80

3. Reference Architecture

81 82 83 84 85 86 87 88 89 90 91 92

A fundamental characteristic that defines m-Health environments is the mobility of patients and the authorized caretakers. This implies that the relevant medical information and the context that must be processed, such as the patient’s location, are available as soon it is requested by the healthcare personnel. On the other hand, patients should receive the information and a rapid assistance, especially in the case of an emergency where the family of the patient should also be notified [6]. The fundamental requirement to conduct remote healthcare processes quickly and efficiently is information sharing without the location barriers. This requirement depends on the specifications of both the communications technology and the services that are utilized [7]. Figure 2 presents a reference architecture that includes the fundamental structure of an m-Health system [4], which is composed of “Point-Of-Care” (PoC), “Healthcare infrastructure services (HIS)” and “Health and Care Services”, as described below.

93

Figure 2. Reference architecture (high level)

94 95

3.1. Point of Care

96 97 98 99 100

The environment of the point of care patient includes body sensors that are responsible for collecting patient’s medical data and other relevant information. From the sensors, the vital signs are acquired and processed by the handheld devices and sent to the HIS infrastructure. These smart devices enable communications, work as a gateway, and handle the caretaker instructions in real time to manage sensors, actuators and to process data.

101

3.2. HIS

102 103 104 105 106 107 108

The health infrastructure services are enhanced day by day since it is a fundamental requirement in making the patient’s information available to the authorized doctors and caregivers whenever required. This network contains a large number of Electronic Clinical Records in their different variants (PHR, PEHR, xHR, etc.) based on both proprietary and open source platforms. Through the AAA (Authentication, Authorization and Accounting) family of protocols, proprietary and open source systems are connected with national and international health systems, including PoC infrastructures.

109

3.3. Health and Care Services

110 111 112 113

The healthcare services’ environment is a heterogeneous group formed by different healthcare providers and their corresponding systems (some based on standards and other owners), including many legacy systems. A common requirement on the part of health personnel to establish a correct remote diagnosis is the ability to access the information obtained both from the mobile devices of the

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

114 115 116 117

patients in the “Point-Of-Care” as well as that provided by other specialists with respect to the different medical tests that were performed. From the point of view of m-Health, this is essential so that medical personnel can perform adequate care in cases of an emergency, regardless of whether it occurs at the patient's home or elsewhere [8].

118

4. Requisites

119 120 121 122 123

This section focuses on the analysis of the requirements related to the security, reliability and usability aspects of the different devices, services and applications. All of them must be taken into account when developing and implementing the different solutions because they are critical to be able to comply with the proposed architecture and offer a quality service that is reliable, complete and has a high degree of usability.

124

4.1. Security

125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162

One of the most complex scenarios that we can face in terms of security is one in which different people connect through different devices to access different resources in an information infrastructure and in shared services. Each person is assigned a unique identifier (patientID, healthExpertID, etc.) and can use a device (smartphone, tablet, etc.) that also has a unique identifier (deviceID). This device is connected through a gateway, for which the unique identifier is known as gatewayID and has a network address associated with it that allows access to certain data and services [4]. Observing this infrastructure perspective, we need to consider multiple connections that are made through various devices by different people. This in practice involves a large number of patients with a large number of personal medical devices (PMDs) that are connected and running different medical applications related to different medical services. Mapping the different identifiers from their origin to their destination requires flexible, secure and reliable management links and routes. In addition to being secure, applications that conduct the origin-destination connections must be user friendly, simple, comfortable and meet some usability requirements that will be detailed later. Therefore, security in this context refers to the need to implement secure access controls and to establish adequate protection of privacy based on identification, authentication and authorization. There are some necessary functional requirements for this. 1. Identification • Patients: patientID • Health personnel and experts: nurseID, doctorID • Patient devices and medical personnel: deviceID • Point of care applications (PoC): appID • Health infrastructure services (HIS): xhrID 2. Link management Mapping of the Personal medical devices (PMDs), Patient devices and Point of care applications towards gateways to a specific patient or user. Mapping of the Devices of health personnel and experts, Health services and expert services to a specific doctor or expert. 3. Access Control Authorize or refuse the access of an identified and authenticated user (user of the PoC, doctor or expert) to a determined resource of the m-Health structure. 4. Protection and Privacy Protect access to information transmitted and stored on a specific patient based on an individual’s access control granted by the patient and privacy security [9].

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

163

4.2. Availability and Reliability

164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195

The availability of services and components of m-Health systems can be fundamental because sometimes a patient’s life can depend on the speed with which an emergency is managed. Some aspects such as the transmission of vital medical data together with other relevant information (such as the patient’s location) must be transmitted to the medical infrastructure (“HIS infrastructure”) and subsequently to the Health and Care Services. Therefore, it must be possible to ensure that all health personnel involved (assistants, doctors, experts, etc.) have all the required information of the patient at the right time [10]. The design guidelines used in common consumer applications do not meet the high availability requirements required by m-Health applications. Therefore, the solutions implemented in m-Health services are designed specifically for each application or service by taking into account the hardware and software used on each occasion. These solutions can be centralized or decentralized. They are based on monitoring the hardware and software involved, detecting possible incidents, malfunctions or system crashes and applying, in each case, the necessary corrections to restore normal service operations. There are some technical requirements needed to ensure high system availability. 1. Self-Control Condition monitoring of the Hardware and Software components. 2. Supply of redundant hardware The hardware should start working whenever the corresponding alarm of the system in charge of control and monitoring is activated. 3. Batteries and uninterruptible power systems In the event that the independent power systems fail, they must begin to operate in order to guarantee the operation of the fundamental elements of the system while restoring the usual power supply. 4. Connectivity backup systems In the case that connectivity is lost through the usual operator, it must be guaranteed through another operator's network. 5. Adaptability The automatic adaptation of the processing and storage systems of the medical infrastructure (“HIS infrastructure”). Depending on the user load with which the system works at all times, the network must be adapted to prevent the system from being saturated by a high number of simultaneous users.

196

4.3. Usability

197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212

An m-Health system must be fully functional and it is necessary to comply with a series of usability requirements. These requirements will allow all potential users of the system (some with possible limitations) to take full advantage of the features and functionalities of the system [11]. How to interact with the system depends on the user group to which we are going, the purpose of the application and the specific characteristics of the device in which the system is running at that moment. Next, three possible scenarios are proposed. Each one of them has different needs to access the m-Health system. One patient, for example, can use a tablet to check some type of relevant medical information and contact the appropriate health personnel, regardless of the specific location of the patient at that precise moment. However, an authorized family member can use Web technology through a user and password to access a portal where they can consult the information of interest about the patient in question. As the last example, a doctor who is visiting a patient in the PoC can use a laptop and a specific application to access the HIS medical infrastructure to consult the complete electronic medical record (EHR) of the patient and offer the proper attention.

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236

The designer, in addition to considering the aspects related to the user interface (also known as Human-Machine Interface or HMI), must take into account multiple factors, such as the possible special needs or limitations that may be had by different user groups’ applications. For example, the usability requirements of a doctor or nurse will not be the same as those of a blind person or a patient with dementia or cognitive impairment. Additionally, the personal devices used by patients must be prepared to collect the possible information provided by the sensors and PMDs that the patient can carry. This requirement is essential to analyze and process the data obtained and give a quick response in case of an emergency [8]. This analysis allows us summarize the basic usability requirements as follows. 1. Adaptative design of the user interface (UI) The user interface must allow a simple and user friendly interaction with the services and applications of the system while adapting to the specific needs of each patient. 2. Adaptation to the PC The interface of the applications and services of the patient points of care must adapt automatically to personal medical devices (“PMDs”) that are active in that scenario. 3. PoC data in multiple devices The data will be collected only once at each patient point of care and must be available for all devices that require them, whether they are the personal medical devices PMDs of the patient or devices used by health personnel that has moved to that PoC. 4. Easy identification of devices The information related to the identification of the devices (patientID, deviceID, etc.) must be easily configurable and allow a secure and efficient management of connections, as previously specified in the requirements of security.

237

5. Results and Discussion

238 239 240 241 242

m-Health has been recognized as one of the fastest growing technological areas in health care. Security has been identified as the dominant concern in the market as rated by more than 50% of surveyed stakeholders. This is reinforced by the current thinking of the administration of health services, where the reluctance to adopt mobile technologies has been associated with inadequacy to address security and privacy issues [9].

243

5.1. Scientific paper in literature

244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262

By conducting a review of the literature [1-2], [4-5], [9], [11-21], we found studies that base their research on the analysis of security and privacy requirements in m-Health. Table 1 shows the main papers found in the literature. In [2], a security and privacy study is presented with respect to m-Health by focusing on a review of the academic literature related to this topic and the proposal of some recommendations for designers to create mobile health applications that meet security and privacy legislation. In their results, they especially mention the documents on security and privacy that are used in the mobile applications and some recommendations for application designers with respect to the methods of security and privacy to be followed to comply with EU laws and EE.UU. In [9], a study is proposed to identify the security and privacy issues in m-Health. The result of the investigation determines that the implementation of protocols of conventional data protection can be costly from the computer point of view and unfavorably reduce the time and energy budgets for small devices. A multilayer approach can offer the most convenient solution for this situation. On the other hand, the continuity of data collection, transfer and storage information in the mobile environment must be balanced between access and adequate security to protect the information and privacy of the patient and health care provider. In [5], they propose a test method for Android m-Health applications that is designed using a threat analysis that considers the possible attack scenarios and specific vulnerabilities of the domain. To demonstrate the method, they used it in applications to control hypertension and diabetes and

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

263 264 265 266 267 268 269 270 271

discover a number of serious vulnerabilities in the most popular applications. They summarize the results of that case study and discuss the experience of using a test method dedicated to the domain instead of the existing Android security test methods. In [12], the authors proposed a U-Prove based mechanism for the authentication of a mobile device that then authorizes services meant for the user utilizing that device, whether it be online or offline. In the online mode, the authenticated handheld device fetches the vital signs from the sensors and compares them with the previously stored records in real time. On the other side, in case that the servers are offline, the attendant can still examine the patient based on the vital signs acquire from body sensors.

272

Table 1. Relevant papers of the literature.

Author Khan Zeb, Kashif Saleem, Jalal Al Muhtadi, ChristophThuemmler [12] Bagheri, H. Sade and Malek, S. [13] Crosby, G.V., Chin, C.A., Ghosh, T. and Murimi, R. [14] Gerdes, M., Trinugroho, Y. B. D., Naess, M. and Fensli, R. [4] Ilić, S. and Dukić, S. [15]

Title U-prove based security framework for mobile device authentication in eHealth networks data

Year 2016

Practical, Formal Synthesis and Automatic Enforcement of Security Policies for Android

2016

Wireless body area networks in mhealth

2015

Security, Reliability and Usability of mHealth Environments Protection of Android Applications from Decompilation Using Class Encryption and Native Code

2015

Journal/Proceedings 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services IEEE 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Springer International Publishing Switzerland Vol. 5, pp. 873-915 Springer International Publishing Switzerland Vol. 5, pp. 1043-1066

2016

IEEE. pp. 10-11

Knorr, K. and Aspinall, D. [5]

Security testing for Android mHealth apps

2015

2015 IEEE 8th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2015 – Proceedings (Sectest)

Martínez-Pérez, B., de la Torre-Díez, I. and López-Coronado, M. [2] Martínez-Pérez, B., de la Torre-Díez, I., López-Coronado, M., Pozo-Crespo, F., Herreros-González, J. and de Castro-Lozano, C. [16] Martínez-Pérez, B., De la Torre-Díez, I., López-Coronado, M. and Herreros-González, J. [17] Rodrígues, J.J.P.C., de la

Privacy and Security in Mobile Health Apps: A Review and Recommendations

2015

Springer – Journal of Medical Systems Vol. 39(1)

Heartkeeper: A Mobile App for the Self-management of Heart Diseases

2008

Group of Telemedicine and e-Health, pp. 2

Mobile apps in cardiology: Review

2013

Journal of Medical Internet Research Vol. 15(7), pp. 1-15

Analysis of the security and

2013

Journal of Medical Internet

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

Torre-Díez, I., Fernández, G. and López-Coronado, M. [18] Sainz De Abajo, B., Rodrígues, J.J.P.C., García Salcines, E., Burón Fernández, F.J., López-Coronado, M. and De Castro Lozano, C. [1] Svanæs, D., Alsos, O. A., and Dahl, Y. [11]

Tejero, A. and de la Torre-Díez, I. [19] De la Torre-Díez, I., Martínez-Pérez, B. and Arambarri, J. [20] Williams, P. A. and Maeder, A. J. [9] Xu, J., Li, S. and Zhang, T. [21]

doi:10.20944/preprints201807.0048.v1

privacy requirements of cloud-based Electronic health records systems

M-Health y T-Health. La Evolución Natural del E-Health

Usability testing of mobile ICT for clinical settings: Methodological and practical challenges Advances and current state of the security and privacy in Electronic health records: Survey from a social perspective Development and Validation of a Mobile Health App for the Self-management and Education of Cardiac Patients Security and Privacy Issues for Mobile Health Security analysis and protection based on smali injection for android applications

Research Vol. 15(8), pp. 1-9

2011

e-Health magazine Vol. 7, pp. 1-10

2010

International Journal of Medical Informatics Vol. 79(4). pp. 24-26

2012

Springer – Journal of Medical Systems Vol. 36(5), pp. 3019-3027

2016

IEEE- Information Systems and Technologies (CISTI), 11th Iberian Conference pp. 1-5

2015

Springer Vol. 5, pp. 873-915

2014

International Conference on Algorithms and Architectures for Parallel Processing, pp. 577-586

273

5.2. Solutions

274 275

The solutions for the categorizes security, availability, relaibiltiy, and usability are presented in this section.

276

5.2.1. Security

277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292

One of the environments that present more security challenges when managing authentication, access control and privacy is that which has multiple sensors, devices, patients and access. User authentication is always a fundamental point in these environments since there are many patients using the same environment. Therefore, we have to be able to guarantee that the data sent to the medical system is for the correct patient. Authentication is the first step of access to any information system, and an m-Health system is no different in this regard. It is mainly used to ensure that the user is who they say they are and, therefore, certain mechanisms are needed to verify their identity. These mechanisms are known as authentication factors and can be classified into three categories: 1. Factors that the user knows: password, PIN, etc., 2. Factors that the user has: smart card, cryptographic card, security “token”, etc., and 3. Factors of the user: fingerprint, retina, voice signature+, etc. To strengthen the security, it is common to combine some of the described authentication mechanisms to form a multiple authentication system. In Norway, [22] defined different levels of authentication and any electronic identification system has high levels of security and authentication. In level 4, it is defined that, of the two

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321

authentication factors used, one of them must be based on the digital certificates issued by a certifying entity authorized. Authentication can be achieved in different ways. One of them is using digital signatures (such as an electronic ID), which can be used to access different systems. For the initial certification and subsequent secure distribution of public-private key pairs, there are some standardized solutions. One of the most used is the Public Key Infrastructure (PKI). In response to the access request, the receiving system sends a random number or a text string. Then, on the device of the user who desires to access the system, the encryption is carried out by means of a private key and the digital signature is obtained. Finally, the receiving system checks the validity of digital signature with the user public key. The private key can be stored in a smart card or in a digital keychain. The most common technique to access this private key is inserting the device into a reader and entering a PIN. Another option that is used with digital key chains is one in which the user enters a PIN on the key chain and it shows a number known as a TAN (Temporary Authorization Number), which allows access to the system [9]. Figure 3 proposes a solution for an m-Health system in which different users make use of a single link device both to send private medical data to the m-Health server and read them. This implies that each user must be perfectly identified before making the connection to the medical server through the shared device. In this way, we can avoid that the data sent by a patient A can be stored in the server as part of medical history of a patient B, or that a patient A requests certain medical information and obtains the corresponding data of a patient B. To achieve this, each user must have their own digital certificate, which must be signed by a qualified certification authority (CA) and must be stored securely in a personal identification device as previously proposed. The application in the link device (Mobile Gateway) is responsible for sending the user’s credentials to the server for authentication. In the same way, the server will be responsible for sending the link device application its own credentials to verify the authenticity of the server with which we are trying to connect. This is known as two-way authentication and allows for establishing a secure connection (based on SSL technology) to transmit the data obtained from each patient through the measurement devices [14].

322 323

Figure 3. Architecture for a multiuser environment of m-Health system.

324

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

325 326

5.2.2. Availability and reliability

327 328 329 330 331 332 333 334

Next, some possible solutions are proposed to increase the levels of reliability and availability of m-Health systems. The main problems that can compromise the reliability of an m-Health system are the loss of the power supply, the loss of connectivity with the communications network, the malfunction of any devices of the m-Health system or the breakdown of the complete m-Health system. The proposed solutions meet the identified requirements and focus on the mobility of the patient, the healthcare personnel and the devices used, especially within the patient care environment (PoC) [10].

335

5.2.2.1. Self control

336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360

In the context in which we find ourselves, self-control refers to the monitoring and identification of failures in the system in order to activate necessary actions when some anomaly type is detected. To regain the normal operations of system, various actions can be performed. Some of them include the automatic recovery of functionality. If this is not possible, they initiate the alternative solution in the case that certain alerts are activated that notify the personnel in charge of system maintenance. The self-control and monitoring system can be integrated into the monitoring system itself or in a separate device. When using the first option, the device will be able to monitor its interfaces and software components and restart or reactivate them if necessary. If we use the second option and implement the self-control and monitoring system in an external device of great availability and reliability, the costs will be increased, but we will have the advantage that it will not be affected by the malfunctioning of system. This does happen in first case in which the monitoring system is integrated into the device. They can occur in certain situations where the failure affects the entire device, including the part of self-control, thus preventing the system to apply the established recovery measures. The largest problem in the availability of an m-Health system is undoubtedly the loss of connectivity with the medical infrastructure (HIS infrastructure) or with any of medical sensors that are incorporated in the patient. As a solution, intermediate devices are proposed that constantly monitor connectivity with the sensors and the medical infrastructure such that if one is losing connectivity (via mobile or WLAN) with any of them, the device will be responsible for resetting. When this loss of connectivity is detected, the monitoring function is responsible for initiating the recovery procedures. In the case that it is not possible to restore the connection, as an alternative solution, the patient will be provided with information and recommendations on how to act according to specific needs of the patient [8].

361

5.2.2.2. Hardware redundancy

362 363 364 365 366 367 368 369 370 371 372

The availability of the fundamental parts of an m-Health system must be assured, even in the event of a hardware failure. For this, one of the most used options is hardware redundancy. By means of this technique, in case that the operations of some basic component of the system are interrupted, it is replaced by another with the same software and configuration characteristics. In this way, the impact of the failure is reduced considerably. To perform hardware redundancy, there are two different techniques. 1. Master – slave” mode: A component is responsible for monitoring the operation of the master device and, in the case that a malfunction or failure is detected, it activates the slave device. This second device will perform the same functions that the master performed in the most transparent way possible for the end user. The component responsible for monitoring will continue to collect information

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

373 374 375 376 377 378 379 380

2.

doi:10.20944/preprints201807.0048.v1

about the status of the master device and will keep the slave device running as long as necessary (for example, until the master device is restored fully) [23]. Parallel mode: In this second mode of operation, two identical devices are deployed. Both devices will be running simultaneously with the same software configuration, but on separate hardware devices. If one fails, the other continues with the operations. A monitoring function will be responsible for detecting the malfunction of one device and will inform regarding the need to replace the spoiled hardware [23].

381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400

The use of redundant hardware is an effective method to ensure the availability of the system, although it will significantly increase the costs. When designing a system, the importance of data, how it will be handled and if truly it requires a high availability will be weighed. In the case of an m-Health system, the availability and reliability of the service is a fundamental requirement. Therefore, to ensure the functionality of the system, the redundancy of the fundamental parts of the hardware is necessary. Considering a possible m-Health scenario with hardware redundancy, we observed that the communication functions with the system that were performed initially with a tablet can be replaced by a smartphone. Depending on the characteristics and specific needs of each person, the user experience may be affected when using a device with a smaller screen, although the main functions will continue to be performed. Some, such as the transmission of information obtained by the sensors to the medical infrastructure servers (HIS infrastructure), can be performed independently of the screen of link device, or even if it does not have one. Furthermore, redundancy in terms of sensors can be solved, for example, by having the patient have two sensors of each type in their point of care (PoC). In this way, if the system detects a fault in the main sensor, it can inform the patient to replace the sensor with the spare while notifying the medical personnel in charge to replace the defective sensor. If the patient cannot perform the replacement of the sensor autonomously, either due to the specific characteristics of sensor or limitations of patient, the most appropriate way to implement hardware redundancy in sensors would be the redundancy in the parallel mode.

401

5.2.2.3. Alternative power

402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417

One of key points of the possibility to have an alternative power source is the ability of continuing to operate normally and without interruptions even when the main power supply fails. In this specific case, we focus on the system’s power in the neighborhood of the patient PoC, where in the case that the link device is connected to the traditional power supply fails, connectivity of the PoC with the medical HIS infrastructure must be made through a linked device powered by batteries (for example, a smartphone or tablet). The electrical fault detection is performed by the independent monitoring system powered by a backup battery, such as an Uninterruptible Power Supply (UPS). Another important aspect for ensuring the availability and reliability of a system is to ensure the functionalities through portable devices when the user is away from home. In this case, the state of batteries should be continuously monitored and if it detects that they are below a certain charge level, actions will be initiated, such as the activation of an energy saving mode that maintains certain fundamental features while saving the maximum possible battery. In addition, alerts and notifications will be sent both to the user and the remote personnel in charge to inform them of the situation and request recharged batteries and the transition of functions to a secondary device with a sufficient charge [10].

418

5.2.2.4. Alternative connectivity

419 420 421

The reliability and availability of a system also depends, to a large extent, on the constant connectivity of a system with the medical infrastructure. This is especially important in scenarios that include measuring the patient's basic data (such as vital signs) and transmitting them to the

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

422 423 424 425 426 427 428 429 430 431 432 433

medical infrastructure (HIS infrastructure) where they are processed and analyzed by health personnel and medical experts to select an action for the patient’s treatment. In case this connectivity fails, procedures should be initiated to reestablish the connection with the medical infrastructure through the backup links. For example, in the case that the fixed line connection of patients fails (as found in its PoC environment), the monitoring function responsible for monitoring the connection of the PoC with the HISinfrastructure will initiate the transition to a connection via a mobile data through a smartphone, tablet or an LTE modem. If the patient is outside their environment’s point-of-care and mobile connectivity is lost (for example, due to a temporary loss of network coverage), the monitoring function in charge will try to reconnect through the alternative mobile network (contracted with another different operator) or an available WLAN network. Additionally, it should inform the patient of the recommended actions to be carried out while the network coverage is down [4].

434

5.2.2.5. Dynamic resources

435 436 437 438 439 440 441 442 443 444 445 446

Within the context of the reliability and availability of an m-Health system, it is also important to assess the adaptability of the components and services that make up the complete system structure. To accommodate the growing number of users or the large amounts of data stored and processed by the system, it is necessary to have dynamic resources to increase the capacity when required. The current trend is clearly oriented towards cloud computing. This technology allows the establishment of, in a simple way, load balances through the use of virtual resources. Thus, when the system’s infrastructure itself begins to reach its limit, computing resources can be migrated to the cloud easily. Subsequently, it can be decided if those needs to increase resources were temporary due to some type of unforeseen event or whether they have been made permanent. Based on this analysis, it can be decided whether it is necessary or not to expand the resources of the system’s infrastructure [10].

447

5.2.3. Usability

448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471

When designing m-Health services, the usability and user friendliness must be taken into account. The combination of the special requirements of patients together with the limited size of the screens used is an added difficulty in aspects such as usability, design efficiency or final user satisfaction, as detailed in [24]. It will also be important to perform tests in realistic scenarios and situations to check the influence of usability requirements on the use of the service by the end user [11]. This publication proposes a model for usability tests in mobile medical services where the physical environment plays a fundamental role by taking into account aspects such as the ability to use the devices without the need to use one’s hands. These principles can also be applied to the design of m-Health services where there are also a large number of sensors and devices that can be used daily by people with great physical limitations. Older people are another potential group of users of m-Health services. For these people to become familiar with the use of new mobile technology solutions, it will be very important for developers to know if they feel interactively comfortable in the developed environment or whether to reconsider any aspect of the design that they had gone through difficult. The functions that the system must offer to this user group should not be limited to providing information and assistance, but it should also be allowed to interact with the service, as detailed in the description of the adjacent issues of accessibility in the services and mobile devices in [25]. The design requirements of m-Health solutions should take into account the different types of people who can make use of the service and the special needs of them, with special attention given to the elderly users group. These people will need to be introduced to their vital signs’ measurements in a simple way, understand the information that is provided through alerts and reminders, interpret the alerts from certain sensors and interact with their assigned medical personnel and their families through video conference or telephony services.

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494

In addition to the user interface (UI) and aspects related to the user’s interaction with the system, there are other problems in the infrastructure system that also have a relevant impact on the m-Health environment’s usability. Some of them are related to the way in which the measures are taken and how the medical patients’ data are subsequently transmitted and processed, since these may be required by more than one service (for example, an external monitoring service, a PHR service, an alarm and one responsible for sending notifications to family members). Traditionally, each measurement device sends the measurement taken to a specific application that is running on the patient’s mobile device. This greatly compromises the usability of the system since, when running different applications on the same device, each of them is communicating with a different dedicated service, and aspects such as the performance of the device itself or its battery life will be reduced drastically. A possible solution is to develop a single application that is responsible for the management of the data measured by the sensors. This application receives processes and sends the data to the different services. The disadvantage of this solution is that the mobile link device still has to send the data to multiple destinations, which would only solve one of the two problems. As a solution to this second problem, an information integration platform (IIP) is proposed that is capable of grouping and distributing the measured data. Thus, the user's mobile link device would have to send the data to the platform only once and later would be responsible for delivering the necessary data to the associated services. Through a subscription system to an IIP, different services could receive the necessary data for their correct operations and would be notified whenever new data were available. Figure 4 shows a proposal for the architecture of an m-Health system in which the information integration platform is implemented as described above [11].

495

Figure 4. Architecture scheme with IIP.

496 497

6. Conclusions

498 499 500 501 502 503 504 505 506

Privacy and security in an application intended for healthcare sector should be given top level consideration and planning. This is because these applications are built to maintain the electronic health records of patients (EHR) that are highly confidential, and a small delay or manipulation can cause life threating situations. The management and implementation of security in an m-Health environment presents numerous challenges. The increased security risks and data privacy coupled with the increased opportunity for theft or loss of devices create the potential for data breaches that affect patient privacy. This paper conducts the analysis of existing research on mobile healthcare applications. Furthermore, this paper provides the solutions related to the security, reliability and usability aspects to structure m-Health services.

507 508

Author Contributions: Conceptualization, Isabel de la Torre Díez and Susel Góngora Alonso; Data curation, Isabel de la Torre Díez and Susel Góngora Alonso; Formal analysis, Isabel de la Torre Díez and Susel Góngora

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

doi:10.20944/preprints201807.0048.v1

509 510 511 512 513 514 515

Alonso; Funding acquisition, Kashif Saleem and Joel J. P. C. Rodrigues; Investigation, Isabel de la Torre Díez and Susel Góngora Alonso; Methodology, Isabel de la Torre Díez, Susel Góngora Alonso and Mohammad Sayim Khalil; Project administration, Isabel de la Torre Díez and Kashif Saleem; Resources, Isabel de la Torre Díez and Susel Góngora Alonso; Software, Susel Góngora Alonso; Supervision, Isabel de la Torre Díez, Kashif Saleem and Sofiane Hamrioui; Validation, Kashif Saleem and Susel Góngora Alonso; Writing – original draft, Isabel de la Torre Díez and Susel Góngora Alonso; Writing – review & editing, Isabel de la Torre Díez, Kashif Saleem, Mohammad Sayim Khalil, Sofiane Hamrioui, Joel J. P. C. Rodrigues and Miguel López Coronado.

516 517 518 519 520 521 522

Funding: This work was supported in part by the U.S. Department of Commerce under Grant BS123456, by the National Funding from the FCT - Fundação para a Ciência e a Tecnologia through the UID/EEA/50008/2013 Project; by the Government of Russian Federation, Grant 074-U01; by FINEP, with resources from Funttel, Grant No. 01.14.0231.00, under the Centro de ReferênciaemRadiocomunicações - CRR project of the Instituto Nacional de Telecomunicações (Inatel), Brazil; and by Brazilian National Council for Research and Development (CNPq) via Grant No. 309335/2017−5. The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no (RG-1439-022).

523

Conflicts of Interest: “The authors declare no conflict of interest.”

524

References

525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559

1. 2. 3.

4. 5. 6. 7. 8.

9. 10. 11. 12.

13.

14. 15.

Sainz De Abajo, B.; Rodrigues, J. J.; Salcines, E.G.; Fernández, F.J.B.; Coronado, M.L.; de Castro Lozano, C. M-Health y T-Health. La Evolución Natural del E-Health. Rev eSalud 2011, 7, 1–10. Martínez-Pérez, B.; de la Torre-Díez, I.; López-Coronado, M. Privacy and Security in Mobile Health Apps: A Review and Recommendations. J Med Syst 2015, 39. Gonçalves, F.; Macedo, J.; Nicolau, M. J.; Santos, A. Security architecture for mobile e-health applications in medication control. Proceedings of 21st Int Conf Software, Telecommun Comput Networks, SoftCOM 2013, pp.1–8. Gerdes, M.; Trinugroho, Y. B. D.; Næss, M.; Fensli, R. Security, Reliability and Usability of mHealth Environments. In: Mobile Health, 2015. pp.1043–1066. Knorr, K.; Aspinall, D. Security testing for Android mHealth apps. Proceedings of IEEE 8th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2015. pp. 1–8. Fielding, R. T. Architectural Styles and the Design of Network-based Software Architectures. Build California, Irvine, 2000, 54, pp. 162. Markle Foundation. Connecting For Health – The Personal Health Working Group (Final Report). Markle Found, 2003, pp. 58. Trinugroho, Y. B. D.; Gerdes, M.; Amjad, M.M.M.; Reichert, F.; Fensli, R. A REST-based publish/subscribe platform to support things-to-services communications. Proceedings of 19th Asia-Pacific Conf Commun APCC 2013, pp. 321–326. Williams, P. A. H.; Maeder, A. J. Security and Privacy Issues for Mobile Health. Springer, 2015, 5, pp. 873–915. Carzaniga, A.; Rosenblum, D. S.; Wolf, A. L. Achieving scalability and expressiveness in an Internet-scale event notification service. Proceedings of Ninet Annu ACM Symp Princ Distrib Comput 2000, pp. 219–227. Svanæs, D.; Alsos, O. A.; Dahl, Y. Usability testing of mobile ICT for clinical settings: Methodological and practical challenges. Int J Med Inform 2010, 79, e24–34. Zeb, K.; Saleem, K.; Al Muhtadi, J.; Thuemmler, C. U-prove based security framework for mobile device authentication in eHealth networks. Proceedings of IEEE 18th Int Conf e-Health Networking, Appl Serv Heal 2016, pp. 9–11. Bagheri, H.; Sadeghi, A.; Jabbarvand, R.; Malek, S. Practical , Formal Synthesis and Automatic Enforcement of Security Policies for Android. Proceedings of IEEE 46th Annu IEEE/IFIP Int Conf Dependable Syst Networks 2016, pp. 514–525. Crosby, G. V.; Chin, C. A.; Ghosh, T.; Murimi, R. Wireless body area networks in mhealth. In: Mobile Health , 2015, pp. 873–915. Ilić, S.; Dukić, S. Protection of android applications from decompilation using class encryption and native code. Proceedings of Zooming Innovation in Consumer Electronics International Conference, ZINC 2016, pp. 10–11.

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 3 July 2018

560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582

16.

doi:10.20944/preprints201807.0048.v1

Martínez-pérez, B.; de la Torre-Díez, I.; López-coronado, M.; Pozo-crespo, F.; Herreros-gonzález, J.; de Castro-lozano, C. Heartkeeper : A Mobile App for the Self-management of Heart Diseases. Telemed e-Health 2008,2. 17. Martínez-Pérez, B.; de la Torre-Díez, I.; López-Coronado, M.; Herreros-González, J. Mobile Apps in Cardiology: Review. JMIR mhealth uhealth 2013, 1, e15, DOI: 10.2196/mhealth.2737. 18. Rodrigues, J. J.; de la Torre, I.; Fernández, G.; López-Coronado, M. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems. J Med Internet Res 2013, 15. 19. Tejero, A.; De La Torre, I. Advances and current state of the security and privacy in electronic health records: Survey from a social perspective. J Med Syst 2012, 36, 3019–27. 20. De La Torre-Diez, I.; Martínez-Perez, B.; Lopez-Coronado, M.; Rodrigues, J. J. P. C.; Arambarri, J. Development and validation of a mobile health app for the self-management and education of cardiac patients. Proceedings of Iber Conf Inf Syst Technol Cist 2016, pp. 1–5. 21. Xu, J.; Li, S.; Zhang, T. Security analysis and protection based on smali injection for android applications. Proceedings of International Conference on Algorithms and Architectures for Parallel Processing 2014, pp. 577–586. 22. Marti, R.; Delgado, J.; Perramon, X. Security specification and implementation for mobile e-health services. Proceedings of IEEE Int Conf e-Technology, e-Commerce e-Service 2004, pp. 241–248. 23. Yi, Huang.; Gannon, D. A Comparative Study of Web Services-based Event Notification Specifications. Proceedings of Int Conf Parallel Process Work 2006, pp. 7–14. 24. Nielsen, J. Usability Engineering. ACM - Digit Libr, 1993, pp. 321–361. 25. Isaacs, J.; Martínez, S.; Scott-Brown, K.; Milne, A.; Evans, A.; Gilmour, D. Mobile Technology and E-Inclusion. Proceedings of International Conference on Universal Access in Human-Computer Interaction 2013, pp. 626–635.