Conceptual Privacy Framework for Health Information on Wearable Device

Wearable health tech provides doctors with the ability to remotely supervise their patients' wellness. It also makes it much easier to authorize someone else to take appropriate actions to ensure the person's wellness than ever before. Information Technology may soon change the way medicine is practiced, improving the performance, while reducing the price of healthcare. We analyzed the secrecy demands of wearable devices, including Smartphone, smart watch and their computing techniques, that can soon change the way healthcare is provided. However, before this is adopted in practice, all devices must be equipped with sufficient privacy capabilities related to healthcare service. In this paper, we formulated a new improved conceptual framework for wearable healthcare systems. This framework consists of ten principles and nine checklists, capable of providing complete privacy protection package to wearable device owners. We constructed this framework based on the analysis of existing mobile technology, the results of which are combined with the existing security standards. The approach also incorporates the market share percentage level of every app and its respective OS. This framework is evaluated based on the stringent CIA and HIPAA principles for information security. This evaluation is followed by testing the capability to revoke rights of subjects to access objects and ability to determine the set of available permissions for a particular subject for all models Finally, as the last step, we examine the complexity of the required initial setup.


Introduction
Given that healthcare is one of the most important aspects of not only our lives, but also economy, it is not surprising that it is gaining attention in wearable technology. Healthcare provision via wearable devices brought changes in While wearable healthcare provision devices could bring us better lifestyle and remove the need to regularly visit clinics, it may introduce greater security and privacy issues to our society [8], [9]. Healthcare technology gadgets have to be designed with the aim of improving health, as well as keeping the client out of privacy and secrecy difficulties. Clearly, there is a potential for misuse of health information, which must be addressed.
In this paper, we propose a concise, improved and effective privacy framework for wearable device manufacturers, as well as application developers, capable of  providing greater privacy and security to the wearable device owners. The framework consists of two parts-the principles and the checklists. Since the framework is related to the privacy of health information on a wearable device, several critical aspects are considered when constructing the framework.
For creating the checklists, we propose: N Wearable technology that includes the device technology and its operating system, N Functionalities of health apps, N System architecture based on PHR standard.
For formulating the principles, we offer: N Expanding the existing privacy and security framework related to health information, N Conducting a healthcare system projects case study.
The proposed framework is subsequently compared with other frameworks based on six CIA and HIPAA principles pertaining to Information Security, namely Confidentiality, Integrity, Availability, Authenticity, Non-repudiation and Information security analysis.
This paper is organized as follows: Section 2 presents a review of the aforementioned aspects, while the proposed framework is described in Section 3. In Section 4, we evaluate the framework, and Section 5 concludes the work.

Popular PHR Architectures
Wearable technology, and especially mobile health, can bring advanced supervision to any place at any time without the need for the patient to visit the clinic. As a result, the cost of healthcare can be substantially reduced. To record medical history, two standard formats, Personal Health Record (PHR) and Electronic Health Record (EHR), are used. While PHR is designed by the patient, EHR is designed and supported by the healthcare supplier, such as a clinic or hospital system. Since PHRs contain significant amount of data and must be subjected to stringent privacy rules and controls, they are the main focus of this paper.
Presently, Google [10] healthcare service and Microsoft [11], are the two main PHR providers, as shown in Figure 3. Both companies offer applications that permit the users to control their own PHI with the help of Internet. This enables collation of PHI from different sources pertaining to the same person. Moreover, the user can change the elements in the existing record, as well as share the content with family or healthcare providers. Once they have created a Microsoft account, users can control and handle their own or family member's PHR, as well as authorize others to handle their own PHRs at any time and level. As mentioned earlier, as clients can share their own data with whomever they choose, they are effectively accepting the risks associated with the process. PHRs with different types of protection designs [12] indicate that it is likely that how service providers handle the sensitive data and protect the health information will change in the future.
Via Internet, the clients can check the submitted information and visit schedules at anytime, as well as choose a specific doctor to visit. This method involves client sharing the PHI across the PHR model, which may also include receiving data associated with financial claims and lab results by multiple suppliers. Similarly, physicians will receive all the necessary information about the patient across the system. As the PHR model is based on users holding their data on a central repository, the client must keep and share the entire PHI data via Internet or portable devices. Presently, this includes flash memory or Smartphone, but the number of options is likely to expand in the future. It is essential, however, that these allow the user to add and change fields of database records using the device or a dedicated Internet website.
This model authorizes suitable devices to run processes on user PHR information with specific technology. In case of different vendors providing PHR, a set of standards must be imposed. For example, if a Smartphone health gadget seller supplies a specific application that can record the information received by the same device, it must be recognizable by all other devices involved in the healthcare system and allow the patient to access data with the help of seller's Internet site. In addition, privacy in mobile health in organizations should be using the same client-centric PHRs. Presently, many service providers can provide cellular connectivity. While this reduces the price of technology and expands its usage, it poses much greater risk to security and privacy.

Operating System Main Features
The most popular platforms are largely similar in terms of allowing the users to receive useful applications. However, their operating systems are typically incompatible. As shown in Figure 4, ideally the platform should be able handle all types of health care devices, with the focus on wearable gadgets that always stay with the user.
The Android Operating System designer and developer (Google company) is focusing on health system since many users use the device and would like to benefit from it in terms of improving their health and fitness.
As shown in Figure 4, the operating system needs to support features that can help applications to connect to the wearable device and have hardware that can receive and store data in real time. In case of any issues or noticeable changes in the user's health, the wearable device should automatically start working in emergency mode.
Among the three most widely used operating systems available in the market, only Android has included built-in connectivity to Bluetooth Health Device Profile (HDP) system [15].

Brief Review on Popular Wearable Devices
As of April 2014, the Unit of Cyber Security in Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM) has completed analysis of some wearable devices that are still not available to public worldwide, namely Google Glass from Google Company and Galaxy Gear Fit designed and developed for wearable system from Samsung.
As an appointed explorer (the first author) for the latest wearable devices, we found that, with the sensors available in these wearable devices and help of API, healthcare providers can record data and protect the device owner. Presently, they can use the technology to find out the position of the user and record the number of steps taken, along with other fitness measurements, including heart rate measured by the built-in sensor, these devices are incapable of recording and transmitting data, such as location, without connection to a Wi-Fi network or a specific smartphone ( Figure 5). This scenario may change with the recently announced Android Wear devices (e.g. Galaxy Live, LG G-Watch R, Moto 360), as well as the Apple Watch, which has a Healthkit system, and the Samsung Gear S, which includes 3G, GPS, and a heart rate monitor.
After proper analysis of devices, we concluded that the mechanism that ensures data security is presently lacking, which must be changed in later versions. Data protection is crucial for widespread use of these devices as a means of keeping daily checks of user's health and lifestyle. Thus, this point is added to our checklist.

Review of Health Apps
We analyzed the applications made for different Operating Systems in Table 1, based on the platform, functionality and targeted audience of the specified application. In this study, the strategy of selecting applications follows three main criteria: (1) category, which refers to the listed applications categorized under the patients' section, (2) download per application, or the popularity of the application that can lead users to find more useful applications under the first criteria, and (3) the mobile operating system covered by the selected application.
After conducting an extensive analysis of applications, we conclude that proper transparency in application, ease of User Interface (UI) use, customer interaction with the system and having moderator and privacy settings are the most important aspects of wearable healthcare applications. Hence, these elements are included into the newly proposed framework.

The Proposed Framework
The proposed framework considers the client control across the healthcare information, implying the power to share data with a specific organization or a particular person relevant to the subject. At the same time, it is essential to  differentiate between level of responses. We expect that the portable and wearable devices, like Smartphone and smart watch, with the help of Internet and application developers, will help rapidly expand the use of healthcare technology [16]. The patient should have the option to share the data monitored and stored by these devices with family members [17], [18], [19], or with 3rd parties. For example, doctors can use the data for diagnosis [20], the insurance system can access the information to provide cover for the user, and researchers can access the records in order to conduct analyses and tests [21]. It is also envisaged that other authorized persons may use this information to design diet, health plan or a training program for the client [22]. The framework depicted in Figure 6 is designed with the aim of improving security and privacy level for the healthcare system owner and it may help device manufacturers to improve privacy checklist. Privacy rules in this framework are sourced from major popular frameworks that have been available since 1999 (ONC, the Markle Foundation, HPP, and CCHIT) [23] and various healthcare system projects (CDT, CF) [24]. In Connecting for Health (CF) project, every device should be capable of transferring data, from forms to the data architecture. In CDT, which is based on using policy scenes of the CF, the focus is on policy papers [25].

The Principles
We recommend several improvements to both ONC and CF, which are formulated and programmed by various groups of professionals. Since we have focused on information privacy on wearable devices, the CF framework is deemed a more objective framework and, as it is user-centric, it will be covered in the following sections.
The new framework is based on ten essential principles shown in Figure 6. N Pr10. The systematically distributed PHR database should be involved and the wearable device owner should be able to modify the content at any time.
We acknowledge that wearable healthcare system may provide protection through many different aspects, and the attributes noted above may used by other sectors, not only those related to portable or wearable healthcare system. Since wearable healthcare system is the most likely one to be used, it is a vulnerable service; thus, we may have to adjust remote supervision to control the device. In addition, applications should have the capability to disable remote monitoring and even shut down the device to protect the user's complete PHI package.

The Checklist for Privacy
This checklist was created after an extensive analysis of the currently available devices capable of supporting the healthcare monitoring system. It is divided to two parts, one pertaining to device protection and the other to data privacy and security.

The Improved PHR Model
Once the new improved framework was determined, we designed a new and improved PHR model (Figure 7) that would be more secure as well as flexible. Thus, in our view, it can be used to protect the user, while being responsive at all times.

Framework Evaluation Based on CIA and HIPAA Principles
The evaluation presented here is based on the CIA and HIPAA principles for information security and tried to cover all aspect of privacy and security as well as usability of the model via proper analysis.
As the first step, we tested the ten principles noted above with respect to ensuring better security, as well as providing a user-friendly interface. Thus, we started with flexibility that brings the ability to support frequent changes in policy, and continued with granularity of the process, with respect to the permission levels that can be applied to different objects.
In the second step, we assessed the access control model performance, whereby we tested the authorization complexity of the proposed model. Next, we moved onto analysis that involved modifying access privileges to check if the model is flexible enough. Finally, we tested whether the privileged data is modifiable and, at the same time, attempted to modify the rights of subjects to access objects.
After finishing the analyses noted above, we moved onto testing the capability to revoke rights of subjects to access objects, followed by the ability to determine the set of available permissions for a particular subject for the proposed model. In the final step, we examined the complexity of the required initial setup.
As shown in Figure 7, the requests from different parts of system will be checked by the new framework, which will use the priority settings in order to respond correctly.

Comparison with major frameworks
This comparison is based on the CIA principles for information security and tries to cover all aspect of the wearable device privacy framework in Table 2. We have divided the table into six principles recommended by CIA, with corresponding keys to the existing and new frameworks. We compare our new framework with Office of the National Coordinator for Health Information Technology Framework (ONC) [23], Health Privacy Project Framework (HPP) [26], Best Practices Framework (BP) [27], Markle Common Framework (CF) [28], The Certification Commission for Healthcare Information Technology Framework (CCHIT) [29].

Case Study
We illustrate and evaluate this framework with a wearable privacy awareness system designed for a clinic. For this evaluation, we conduct a case study on a user-a heart surgery patient-to effectively manage his or her situation, including significant variations in his or her blood stress level, frequently elevated blood pressure, and step counts. The doctor advises the patient to subscribe to a health management program designed by the clinic. The patient is also advised to wear a Samsung Wear device that will continuously monitor his activities. The device and application are designed as a wristwatch to prevent any kind of loss or misuse. In the first attempt, the wearable device features pulse waveform and pair- to-pair connection to the patient's mobile system for the authentication of an actual patient. Moreover, if the patient has to move away from the mobile device, he or she has to enter a code in the device to initiate its operation in stand-alone mode (Pr3 and CL4).
During its installation in a smartphone, the application shows the permissions that must be accepted to send information from the mobile and to allow the sensors to continuously provide a report to the installed application (CLP1). After installation, the patient is notified of a carefully designed privacy policy list that is clear, concise, easily understandable, and not too long so as to discourage the patient from simply accepting it without reading it (CLP2, Pr2, Pr8, and Pr6). This privacy policy clearly indicates how information is collected and with whom it will be shared (Pr1). After the patient reads and accepts the privacy policy, the application proceeds to the setup for information collection. This process allows the patient to specify and choose with whom and at what time to share the collected information (Pr9 and CLP4). This selected setting can be changed at any time and is flexible enough to conceal data location when the patient chooses the secrecy option (Pr5). More choices are available for sharing data that can facilitate the level of access to PHI; for example, doctor information and insurance company are not be the same (Pr1). The patient or an authorized person may change the settings and preferences for the specific ID (Pr10 and Pr4) through the mobile, watch, and website interfaces (with username and password).
The device continuously monitors a patient's health and activity and sends encrypted information to the smartphone if paired with a mobile device (CL3). The application in the smartphone is capable of sending information with a set of certified cryptographic keys to a clinic server with a configurable setting of the same application (CL1). It is also capable of verifying that the patient's wearable device is calibrated at all times. The information received by the application in the smartphone is equipped with mobile device capabilities, such as a sensor that determines location (GPS), Wi-Fi address (MAC and localization address), and calendar schedule, to facilitate the effective planning of the patient's health program (Pr4). The application in the wearable device alerts the user to engage in some activity when he or she has free time, such as a notification to exercise by waking or slow jogging. The wearable device enables the patient to send diet information to the application and the server connected to the device using voice command and camera (Pr7). The device's smart notification reminds the patient to take his or her medicine or sends him or her motivational messages to control his or her diet and activity, but only when the patent's calendar registers free time.
The application in the wearable device, smartphone, and secure website interface with username and password provides the patient information about activities that can help prevent illness (CLP3). The patient's doctor may also monitor and analyze the patient's improvement. However, insurance companies may have access to particular information to keep the patient under insurance rules and regulations (Pr1). In case of device loss or theft, the device is automatically disconnected and wiped remotely after the patient reports loss or the back-end server audit log flags a report. The log is reported to both patient and clinic for further investigation (CLP5).
The same back-end server reports the name of the patient and the time and location collected by the wearable device (CL2). In addition, the updates of the application on the wearable device and smartphone are automatically applied to ensure the security of the device and the remote protection of privacy (CL4 and CLP5).

Conclusion
In this paper, we improved privacy and security of wearable devices intended for use in healthcare provision by designing a new framework that can work on every wearable operating system. After an extensive analysis of data and frameworks related to the healthcare system, we proposed a different framework that can support new wearable devices, such as Google Glass, Galaxy Gear Fit or Galaxy Wear. The suggested framework incorporates ten essential principles for wearable healthcare systems. In addition, we have proposed a comprehensive checklist that can help both developers and manufacturers to improve the quality of privacy safeguards in their products. We believe that our conceptual framework is one of the most comprehensive concepts available at the time of publishing this paper.
However, we are fully aware that these frameworks cannot be implemented without law enforcement that combines the security and privacy with regulation. Such collaborative effort between technology developers, service providers and law professionals will ensure that healthcare not only becomes cheaper, but also more accessible to all. We hope that this work has contributed to the better understanding of the security protocols.