Security analysis and implementation of web-based telemedicine services with a four-tier architecture

2008 Second International Conference on Pervasive Computing Technologies for Healthcare Pub Date : 2008-07-22 DOI:10.4108/ICST.PERVASIVEHEALTH2008.2518

A. Maji, Arpita Mukhoty, A. Majumdar, J. Mukhopadhyay, S. Sural, Soubhik Paul, B. Majumdar

{"title":"Security analysis and implementation of web-based telemedicine services with a four-tier architecture","authors":"A. Maji, Arpita Mukhoty, A. Majumdar, J. Mukhopadhyay, S. Sural, Soubhik Paul, B. Majumdar","doi":"10.4108/ICST.PERVASIVEHEALTH2008.2518","DOIUrl":null,"url":null,"abstract":"Security of telemedicine applications is not often given adequate importance by the developers and healthcare administrators primarily to reduce cost. Though some security safeguards are employed by these applications to comply with existing medical data security and privacy regulations, these are not adequate in todaypsilas context. Moreover, in a Web-based application environment not only the data but also the application itself is vulnerable to attackers. Keeping these concerns in mind, we present the design of a Web-based, four-tier telemedicine system named iMedik which is accessible over desktops as well as handheld devices. We have illustrated how the proposed system differs from existing three-tier Web applications. The compliance status of the application with HIPAA Security Guidelines has also been noted. The security measures described in our approach look into the four-tier architecture from an attackerpsilas viewpoint and present a simple road map for developing secure e-health application with anywhere, anytime availability.","PeriodicalId":313776,"journal":{"name":"2008 Second International Conference on Pervasive Computing Technologies for Healthcare","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Second International Conference on Pervasive Computing Technologies for Healthcare","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.PERVASIVEHEALTH2008.2518","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 36

Abstract

Security of telemedicine applications is not often given adequate importance by the developers and healthcare administrators primarily to reduce cost. Though some security safeguards are employed by these applications to comply with existing medical data security and privacy regulations, these are not adequate in todaypsilas context. Moreover, in a Web-based application environment not only the data but also the application itself is vulnerable to attackers. Keeping these concerns in mind, we present the design of a Web-based, four-tier telemedicine system named iMedik which is accessible over desktops as well as handheld devices. We have illustrated how the proposed system differs from existing three-tier Web applications. The compliance status of the application with HIPAA Security Guidelines has also been noted. The security measures described in our approach look into the four-tier architecture from an attackerpsilas viewpoint and present a simple road map for developing secure e-health application with anywhere, anytime availability.

查看原文本刊更多论文

具有四层体系结构的基于web的远程医疗服务的安全分析和实现

远程医疗应用程序的安全性通常没有得到开发人员和医疗保健管理员的足够重视，主要是为了降低成本。尽管这些应用程序采用了一些安全保护措施来遵守现有的医疗数据安全和隐私法规，但这些措施在当今的医疗环境中是不够的。此外，在基于web的应用程序环境中，不仅数据而且应用程序本身都容易受到攻击者的攻击。考虑到这些问题，我们提出了一个基于web的四层远程医疗系统的设计，该系统名为iMedik，可以通过台式机和手持设备访问。我们已经说明了所建议的系统与现有的三层Web应用程序的不同之处。还注意到应用程序与HIPAA安全指南的合规性状态。我们的方法中描述的安全措施从攻击者的角度研究了四层体系结构，并为开发随时随地可用的安全电子医疗应用程序提供了一个简单的路线图。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 Second International Conference on Pervasive Computing Technologies for Healthcare

自引率

0.00%

发文量