Development of a Security Layer in a Mobile Health System

Mobile Health (mHealth) systems are a growing field that allows optimizing monitor several patients chronic diseases, enhancing response times concerning patients health conditions. Due to the architecture of this type of systems, the security is an important matter for protecting the patient information privacy. Based on the Official Mexican Standard guidelines NOM-024-SSA3-2010, this paper presents the development of a security layer over a mHealth system aimed toward patients with Chronic Kidney Disease in peritoneal dialysis therapy, which was developed in the National Laboratory on Advanced Informatics in collaboration with the Regional Hospital Zone No. 11 of the “Instituto Mexicano del Seguro Social” (IMSS). The proposed security layer is designed to protect two system elements: 1) Patient information and 2) Server availability. To achieve this, a symmetric encryption algorithm, Advanced Encryption Standard (AES), is implemented in the services offered by the system to preserve the confidentiality and integrity of patient information. On the other hand, a security test, reCAPTCHA, is added in the user authentication service of the system to conserve server availability avoiding overloads using bots. To verify the correct functioning of the proposed security layer, a set of unit and integration test was performed for each system service.