Next Article in Journal
Research and Analysis of Carbon Fiber-Reinforced Polymer Prepreg Detection Based on Electromagnetic Coil Sensors
Previous Article in Journal
Mineral Powder Extraction by the Natural Drying of Water from the Public Springs in Borsec
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 14
Issue 23
10.3390/app142310808
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Privacy-Preserving Data Sharing in Telehealth Services

by
Ammar Odeh
1,*,
Eman Abdelfattah
2 and
Walid Salameh
1
1
Computer Science Department, King Hussein School of Computing Sciences, Princess Sumaya University of Technology, Amman 11941, Jordan
2
School of Computer Science & Engineering, Sacred Heart University, Fairfield, CT 06825, USA
*
Author to whom correspondence should be addressed.
Appl. Sci. 2024, 14(23), 10808; https://doi.org/10.3390/app142310808
Submission received: 13 October 2024 / Revised: 14 November 2024 / Accepted: 20 November 2024 / Published: 22 November 2024
(This article belongs to the Section Computing and Artificial Intelligence)
Browse Figure
Versions Notes

Abstract

:
In today’s healthcare industry, safeguarding patient data is critical due to the increasing digitization of medical records, which makes them vulnerable to cyber threats. Telehealth services, while providing immense benefits in terms of accessibility and efficiency, introduce complex challenges in maintaining data privacy and security. This paper proposes a privacy-preserving framework for secure data sharing within telehealth services, employing blockchain technology and advanced cryptographic techniques. The framework ensures that all patient health data are encrypted using homomorphic encryption before storage on the blockchain, guaranteeing confidentiality and protecting data from unauthorized access. Secure multi-party computation (SMPC) is integrated for encrypted data computations, maintaining data confidentiality even during operations. Smart contracts enforce access control, ensuring that patient preferences and regulatory requirements such as the HIPAA and the GDPR are met. Furthermore, the framework includes auditing and verifying data integrity mechanisms, making it resilient against cyber threats such as impersonation, replay, and Man-In-The-Middle attacks. The analysis demonstrates the framework’s superior performance in addressing these challenges compared to that of existing systems. Future work suggests integrating AI-driven threat detection and quantum-resistant cryptographic techniques to enhance security further and adapt to the evolving telehealth landscape.

1. Introduction

In the contemporary healthcare sector, the security of patient data has emerged as a paramount concern due to the increasing digitization of health records and the inherent vulnerability of digital systems to cyber threats [1]. Safeguarding sensitive health information is not just a technological requirement but a fundamental patient right, crucial for maintaining trust between healthcare providers and patients [2].
Healthcare data encompass a wide range of information, from personal identification details to complex medical history and treatment plans. With the advent of electronic health records (EHRs), telemedicine, and mobile health applications, the volume of digital health data has surged exponentially [3]. While these advancements have significantly improved the efficiency and accessibility of healthcare services, they have also introduced new challenges in data security [4].
The risks associated with healthcare data breaches are profound. Unauthorized access to health records can lead to identity theft, financial fraud, and even medical fraud, where an individual’s health information is used to procure drugs or submit false claims [5]. Furthermore, the exposure of sensitive health details can result in social stigma and personal embarrassment, thereby violating patient privacy and confidentiality [6].
The increasing frequency and sophistication of cyberattacks targeting healthcare institutions underscore the urgent need for robust security measures. According to a report by IBM Security, the healthcare sector has consistently been one of the most targeted industries by cybercriminals, with the average cost of a data breach being higher than in any other industry [7]. This susceptibility is partly due to the high value of health records on the black market, where they can fetch prices significantly higher than credit card details [8].
The legal and regulatory landscape governing the protection of health information has also evolved [9]. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States mandate stringent protections for patient data. The HIPAA’s Privacy and Security Rules are designed to safeguard the confidentiality, integrity, and availability of protected health information (PHI) and impose significant penalties for non-compliance. Similarly, the General Data Protection Regulation (GDPR) in the European Union introduces rigorous data protection requirements for all entities handling the personal data of EU citizens, including health-related information [10,11,12].
To effectively combat the growing challenges of healthcare data security, healthcare organizations are adopting a multi-layered security strategy incorporating several key practices. Encryption is crucial, as it secures data at rest and in transit, ensuring the information remains unreadable to unauthorized parties even if intercepted. Access controls are also critical, as they employ stringent authentication measures to restrict access to sensitive data according to an individual’s role within the organization. Furthermore, healthcare providers increasingly focus on regular audits and penetration testing to proactively identify and address security vulnerabilities [13].
Data anonymization is another important practice [14]; it involves stripping personally identifiable information from data sets intended for research or other secondary purposes, thus safeguarding patient privacy. Employee training is also essential, equipping staff with the knowledge to recognize and respond to phishing attacks and other cyber threats. Lastly, secure software development practices ensure that software solutions developed or procured meet rigorous security standards, especially those managing protected health information (PHI). This comprehensive approach enhances the security of sensitive health data and builds a foundation of trust and compliance within the healthcare ecosystem [15].
As the healthcare industry continues to embrace digital transformation, the importance of implementing robust data security measures cannot be overstated [16]. Protecting sensitive health information is essential not only for compliance with regulatory requirements but also for maintaining patients’ trust and safeguarding the integrity of healthcare systems. By adopting comprehensive security strategies, healthcare organizations can significantly mitigate the risk of data breaches and build a more resilient healthcare infrastructure [17].
This framework introduces a novel integration of homomorphic encryption, blockchain-based data integrity, and secure multi-party computation (SMPC), specifically tailored for telehealth applications. Unlike existing models that often address these security and privacy components in isolation, our approach provides a comprehensive solution by enabling encrypted data computations, immutable data storage, and secure access control through smart contracts within a single framework. This ensures that patient data remain confidential throughout the data sharing and processing lifecycle, while also maintaining compliance with stringent healthcare regulations such as the HIPAA and the GDPR. Our work advances the state of the art by enabling collaborative, privacy-preserving data sharing among multiple healthcare entities without compromising data security, setting a new standard for secure, scalable telemedicine systems.
While blockchain technology and cryptographic methods like homomorphic encryption are well established, our framework integrates these technologies in a manner specifically tailored to telehealth applications, addressing unique challenges such as real-time data access and compliance with stringent healthcare regulations. We enhance the conventional use of these technologies by integrating secure multi-party computation (SMPC) to allow multiple healthcare entities to safely interact with data without compromising patient privacy. This novel integration creates a robust environment where data privacy is maintained even during complex data processing tasks, which is not extensively covered in the existing literature.

2. Literature Review

Iqbal et al. developed a novel encryption scheme to enhance the security of electronic health records (EHRs) within telehealth systems. The proposed model utilizes a unique patient ID to facilitate encryption and decryption, aiming to secure sensitive patient information effectively against unauthorized access. The research introduces an ECG signal-based random key generator, which strengthens the encryption process and ensures that each encryption key is distinct and tied to individual patient data, thereby enhancing privacy protections [18].
Bharathi Murthy et al. develop a robust framework for securely sharing personal health records (PHRs) in telemedicine using private permissioned blockchain technology. The authors implement this system on Hyperledger Fabric and integrate a Byzantine Fault Tolerance consensus mechanism to ensure data integrity and privacy. Their model utilizes the Interplanetary File System (IPFS) for efficient off-chain data storage, which helps reduce blockchain load while ensuring secure and quick data access. Additionally, they incorporate smart contracts to provide granular access control, allowing patients to manage access to their data effectively. The results demonstrate the potential of their architecture to enhance secure sharing and access control within telemedicine, offering a significant contribution to the management of sensitive healthcare data [19].
Sharma et al. [20] propose an innovative framework for managing healthcare data via a cloud-based multi-authority access control system utilizing attribute-based encryption (ABE). Their model emphasizes the need for flexible and secure data sharing among multiple user domains while preserving the privacy of both data and access policies. The proposed system stands out by integrating a strategy that ensures policy privacy by only revealing policy attributes and hiding their values, which is critical for preventing unauthorized data inference. Additionally, the model incorporates a robust encryption mechanism to secure electronic health records (EHRs) across various healthcare stakeholders, significantly enhancing the system’s capability to handle sensitive health data securely and efficiently. The study’s findings indicate the potential of this framework to provide a scalable and secure data sharing environment, supporting the demands of modern telemedicine applications.
Martin Baumgartner et al. develop an innovative infrastructure to enhance the secondary use of health data through privacy-preserving federated systems. Their study outlines the implementation of Health Data Space (HDS) nodes that facilitate the versatile use of health data across different systems while maintaining high data privacy and security standards. The model leverages a federated approach where data are pseudonymized and harmonized using the Observational Medical Outcomes Partnership (OMOP) Common Data Model, ensuring data remain secure and interoperable across various healthcare providers and researchers [21].
Qing Fan et al. propose [22] a robust framework to enhance data security in e-health systems. Their scheme integrates forward-secure signatures and time-lock puzzles to authenticate and maintain the privacy of transmitted health data. This method ensures that data remain secure during transmission and provides mechanisms for patients to deny data association, enhancing both privacy and compliance with regulatory standards. The efficacy of their approach is demonstrated through comprehensive security assessments and performance evaluations.
NIU Shufang et al. critically evaluate an existing authentication scheme designed for Telecare Medical Information Systems (TMISs). They identify several vulnerabilities, including susceptibility to impersonation, replay, and tracking attacks. The authors propose enhancements to the authentication and key agreement processes to overcome these issues, presenting an improved scheme that boosts security and computational efficiency. This research significantly advances secure communication within TMISs by addressing the identified gaps and suggesting robust solutions [23].

3. Method

The proposed algorithm employs blockchain technology and advanced cryptographic techniques to establish a secure and privacy-preserving framework for healthcare data management in telemedicine. Initially, the algorithm encrypts patient health data using homomorphic encryption, ensuring that only encrypted data are managed or accessed, which protects the data from unauthorized access. These encrypted data are then stored on a blockchain, providing a secure, immutable record that supports data integrity and auditability.
The system facilitates secure data access and sharing through secure multi-party computation (SMPC), allowing computations on encrypted data without revealing individual inputs, thus maintaining data confidentiality. Access control and permission management are implemented using smart contracts on the blockchain, which check and enforce the patient-set permissions before any operations are performed, ensuring compliance with patient preferences and legal standards. The framework includes mechanisms for data integrity auditing and compliance monitoring, where each transaction is verifiable against blockchain integrity checks and compliance with regulations like the HIPAA or the GDPR. This comprehensive approach demonstrates a robust system for managing sensitive health data, effectively balancing security, privacy, and regulatory compliance.
Homomorphic encryption (HE) is a form of encryption that allows computations to be performed on ciphertexts, generating an encrypted result that, when decrypted, matches the result of operations performed on the plaintext. This method is pivotal in our framework as it enables the performing of complex data analyses securely without exposing the underlying data. Specifically, our implementation uses a partially homomorphic encryption scheme, which supports both addition and multiplication on encrypted data but limits the depth of these operations to maintain manageable computation times.
Secure multi-party computation (SMPC) further enhances this by allowing multiple parties to jointly compute a function over their inputs while keeping those inputs private. In our framework, SMPC is implemented via a protocol that combines homomorphic encryption with threshold cryptography to ensure that no single party can access the full scope of the data or computation results. The process involves distributing decryption keys among a predefined number of parties, where a subset is required to collaborate to decrypt the result, thus ensuring data privacy and security throughout the computation process.
These technologies are integrated into our proposed framework using established cryptographic libraries that support scalability and efficiency, such as Microsoft SEAL for HE and MP-SPDZ for SMPC. By providing detailed descriptions and specific examples of these implementations, we aim to clarify their applications and operational frameworks within our proposed system, offering readers a clearer understanding of how privacy and data integrity are maintained.
Step 1: Data Encryption
Patients encrypt their data using their private key before they are shared or stored, ensuring that only encrypted data are handled by other parties
  • Equation: C = Ekp(D)
  • Explanation:
    D: original patient health data.
    kp: patient’s private key.
    C: encrypted data.
    E: encryption function using homomorphic encryption.
Step 2: Secure Data Storage
Encrypted data C are securely stored on the blockchain, providing a decentralized and immutable record.
  • Equation: B = append(C)
  • Explanation:
    B: blockchain storage.
    append: function to add encrypted data C to the blockchain.
Step 3: Data Access and Sharing using SMPC
SMPC protocols compute functions on encrypted data from multiple parties, ensuring that no party learns anything about the others’ inputs besides the final result.
  • Equation: R = f(C1, C2, …, Cn)
  • Explanation:
    Ci: encrypted input data from the i-th party.
    f: computation function that can be performed on encrypted data.
    R: encrypted result of the computation.
Step 4: Access Control and Permission Management
Using smart contracts on the blockchain, access permissions Pi are checked before any function f can be executed on data, enforcing strict compliance with the patient’s preferences
  • Equation: if (Pi) then execute (f)
  • Explanation:
    Pi: permission set by the patient.
    f: function or access request.
Step 5: Data Integrity and Auditing
Each transaction Bt on the blockchain is auditable, and its integrity can be verified, ensuring the data have not been tampered with, and access patterns are transparent.
  • Equation: verify(Bt)
  • Explanation:
    Bt: blockchain transaction.
    Verify: this function checks the integrity of blockchain transactions.
Step 6: Compliance and Reporting
Smart contracts can be programmed to automatically ensure that all transactions B comply with specified rules, such as the HIPAA or the GDPR, and can facilitate automated reporting to regulatory bodies.
  • Equation: comply(B, rules)
  • Explanation:
    B: entire blockchain ledger.
    rules: set of regulatory compliance rules.
Figure 1 illustrates the comprehensive algorithm for secure healthcare data management within telemedicine systems. This sequence diagram systematically maps out the interactions among various actors—patient, healthcare provider, blockchain, smart contract, SMPC Engine, Audit Module, Regulatory Body, and Compliance System. Each actor’s role is precisely defined, ensuring a seamless data flow and decision-making processes. The patient, as the primary data owner, initiates the sequence by encrypting their health information before sharing it with healthcare providers. This encryption ensures that the data remain protected at all stages of the interaction, maintaining privacy from the outset.
The healthcare provider is responsible for accessing and utilizing patient data within the constraints set by the patient and regulatory requirements. Data access is facilitated through smart contracts, which are deployed on the blockchain network. These smart contracts automate the enforcement of predefined rules for data access, ensuring that only authorized parties can retrieve and interact with sensitive information. The use of blockchain not only decentralizes data management but also adds a layer of immutability, ensuring that all transactions and modifications to the data are permanently recorded and can be traced back if necessary. This provides transparency, accountability, and trust in the system.
The SMPC (secure multi-party computation) Engine plays a critical role in allowing computations on encrypted data without revealing the underlying information. This enables various healthcare providers or researchers to collaborate on patient data analysis while maintaining the confidentiality of the patient’s personal health information (PHI). This is particularly important in research and diagnostic scenarios, where insights can be derived without violating privacy.
In addition to the core actors, the Audit Module continuously monitors the system’s transactions, verifying that all actions comply with the security protocols. This module conducts regular checks to ensure that all data exchanges and computations follow the required encryption standards and that no unauthorized access attempts occur. The auditing process is crucial for identifying any potential vulnerabilities or breaches early on, allowing healthcare providers to respond proactively. Moreover, it offers a way to document compliance with data protection laws, making it easier to demonstrate adherence to regulatory standards during audits by external bodies.
The Regulatory Body plays a key oversight role by periodically reviewing the system’s operations to ensure compliance with healthcare regulations such as the HIPAA, the GDPR, and other jurisdiction-specific laws. This includes validating that smart contracts are properly configured to enforce data access rights according to legal mandates, and that the encryption and anonymization techniques employed are sufficient to meet the legal requirements for protecting patient data.
Our framework is designed with the flexibility to adapt to a variety of international privacy laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union. By implementing configurable smart contracts and dynamic consent management processes, the framework can enforce specific regulatory requirements automatically, ensuring compliance across different jurisdictions. Further discussion will include detailed strategies for aligning with other regional regulations, showcasing the framework’s global applicability and its ability to seamlessly integrate into diverse legal environments.
The security of patient private keys is paramount, managed through advanced cryptographic storage solutions such as Hardware Security Modules (HSMs) and secure enclave technology. These technologies provide a fortified environment for key storage, ensuring that private keys are not exposed to the operating system or application software. This level of security prevents unauthorized access and the use of the keys, significantly enhancing the overall security posture of our telehealth framework.
Finally, the Compliance System serves as an automated enforcement mechanism that ensures all aspects of the data management process align with regulatory requirements. This includes monitoring data retention policies, ensuring data minimization principles are followed, and confirming that patients’ rights to access and modify their data are upheld. In cases where regulatory violations are detected, the Compliance System flags these issues, triggering remediation processes such as tightening access controls or conducting additional audits.
Overall, this framework presents a robust solution to the complex challenges of telemedicine data management. By integrating blockchain and cryptographic techniques with automated smart contracts and SMPC, the system achieves a high level of security and privacy while also ensuring operational efficiency and regulatory compliance. The interaction between the various components—encryption, secure data access, computation, auditing, and compliance—forms a comprehensive, scalable solution capable of adapting to evolving cybersecurity threats and regulatory landscapes.

4. Analysis and Evaluation

This section will explain the analysis and evaluation of the proposed algorithm, focusing on assessing its effectiveness and efficiency in enhancing the security of telemedicine systems. It will detail the methodologies used for testing the algorithm against various cybersecurity threats and discuss the results obtained from these evaluations. This analysis aims to demonstrate the algorithm’s superior performance in securing sensitive healthcare data compared to that of existing solutions. It provides a thorough understanding of its advantages and potential areas for further improvement.
Homomorphic encryption uniquely allows for direct computations on encrypted data without the need for decryption. This capability is instrumental in our framework, enabling updates or changes to patient data while maintaining its encrypted state. For example, if an update to a patient’s record is necessary, operations like addition or multiplication can be directly applied to the ciphertext. This process leverages the algebraic properties of the encryption scheme to ensure that the integrity and confidentiality of the data are preserved, even when modifications are made.
Every transaction on our blockchain incorporates a cryptographic hash function, which is crucial for maintaining data integrity. When changes are made to the blockchain, a new hash is created that includes the previous block’s hash, effectively linking the blocks securely. This chaining of hashes ensures that any alteration of transaction data can be detected, as it would invalidate the hash sequence. This method provides a robust mechanism for verifying the integrity and non-repudiation of stored data.
Smart contracts play a crucial role in our framework by automating the enforcement of access policies and patient consent. These contracts are programmed to execute predefined rules automatically when certain conditions are met, ensuring compliance and facilitating trustless interactions between parties. The formation of these contracts involves defining clear and concise logic that is deployed on the blockchain, where they operate autonomously to manage permissions and regulate access to encrypted data based on patient preferences.
Achieving an optimal balance between data privacy and processing efficiency remains a critical challenge in the design of telehealth systems. Our framework employs techniques such as lightweight homomorphic encryption and optimized SMPC protocols that are designed to minimize computational overhead while maximizing data security. These methods ensure that privacy-preserving computations are performed with minimal impact on system performance. Future iterations of the framework will explore adaptive encryption methods that adjust the level of security based on real-time assessments of data sensitivity and threat levels, potentially enhancing system efficiency without compromising privacy.
To demonstrate the practical effectiveness of our framework, we present a case study involving a telehealth service provider implementing our privacy-preserving techniques. This example details the encryption of patient data for a teleconsultation scenario, showcasing how different healthcare providers can securely access and compute on patient data to provide timely and efficient care without compromising privacy. We compare this implementation with traditional methods, highlighting improvements in data security, access time, and compliance with the HIPAA and the GDPR.
The application of blockchain technology in healthcare data management involves careful consideration of performance and security. While blockchain provides a high degree of security and immutability, it can introduce latency in transaction processing. To address potential efficiency losses, we optimize transaction validation processes and block generation intervals. Additionally, the use of two-factor authentication, including biometrics, is justified by the need for stringent security measures that go beyond traditional password-based systems, providing a necessary layer of security to protect sensitive health information.
Encryption Method: The proposed model uses homomorphic encryption to ensure that patient data remain encrypted both at rest and during computations. This allows for secure data processing without decrypting the sensitive information, maintaining confidentiality. Homomorphic encryption enables various mathematical operations on encrypted data, preserving privacy even when data are processed or analyzed. This method significantly improves data security in comparison to traditional encryption schemes, which require data to be decrypted before use.
Data Integrity: Ensuring data integrity is crucial for maintaining trust in telemedicine systems. The proposed model achieves this by leveraging blockchain technology, which provides an immutable ledger for storing encrypted data. Each transaction on the blockchain is verified through cryptographic hashing, ensuring that any unauthorized modifications to patient data are immediately detected. This approach offers a transparent and verifiable method for maintaining the integrity of sensitive healthcare records, making it resistant to tampering or unauthorized changes.
Access Control: Access control in the proposed model is implemented through the use of smart contracts on the blockchain. These smart contracts automatically enforce patient-defined permissions before granting access to any data, ensuring that only authorized parties can view or modify the information. This approach enables precise control over data sharing, complying with regulatory requirements like the HIPAA and the GDPR. By automating access control through smart contracts, the model minimizes the risk of unauthorized access while maintaining flexibility in managing data permissions.
Scalability: The proposed model addresses scalability challenges by incorporating secure multi-party computation (SMPC) to enable computations on encrypted data. SMPC allows multiple parties to collaborate on data analysis without exposing individual inputs, making it suitable for large-scale applications in telemedicine. Additionally, by using blockchain technology, the system can efficiently manage increasing data volumes without compromising security, ensuring that it remains adaptable to the needs of expanding healthcare networks and larger user bases.
User Anonymity: To preserve user anonymity, the proposed model utilizes encryption and pseudonymization techniques, ensuring that personal identifiers are not directly linked to health data. This approach ensures that even if the encrypted data are accessed, the user’s identity remains protected. By dissociating personal details from medical records, the model enhances privacy, making it compliant with stringent data protection regulations and minimizing the risk of identity theft.
Authentication Method: The model integrates a dual-layer authentication mechanism combining biometric verification with traditional credentials. This ensures that only authorized users can access sensitive medical data, significantly reducing the risk of unauthorized access. Biometric authentication, such as fingerprint or facial recognition, adds a robust security layer, making it difficult for attackers to impersonate legitimate users. This dual approach enhances the overall security of the telemedicine system.
Threats Addressed: The proposed model is designed to counter a wide range of cybersecurity threats, from impersonation attacks to data breaches. It employs advanced cryptographic techniques and blockchain-based auditing to protect against unauthorized access. By addressing various attack vectors, such as replay attacks and MITM (Man-In-The-Middle) attacks, the model ensures secure communication and data integrity. This comprehensive threat management strategy makes it a reliable solution for safeguarding sensitive healthcare information.
Innovative Aspect: The innovation of the proposed model lies in its integration of homomorphic encryption with secure multi-party computation (SMPC) and blockchain technology. This combination allows secure data sharing and analysis while maintaining the privacy of patient information. Unlike traditional models, the proposed solution enables computations on encrypted data without compromising confidentiality. This unique approach allows for collaborative research and analysis without exposing individual patient records, making it a forward-thinking solution in the telemedicine landscape.
The integration of homomorphic encryption with blockchain technology represents a significant scientific advancement in securing telehealth data. This approach not only ensures data privacy but also enables a transparent and verifiable means of managing health records. In the comparative analysis, we will assess the efficiency, durability against quantum threats, and energy consumption of our framework compared to those of traditional systems. This analysis will highlight the practicality and future readiness of our approach, considering the evolving landscape of cyber threats and computing capabilities.
Performance in Real World: The real-world applicability of the proposed model is demonstrated by its ability to securely manage patient data in telemedicine systems, ensuring compliance with regulations such as the HIPAA. Its use of blockchain and SMPC allows it to handle large volumes of encrypted data efficiently, making it suitable for diverse healthcare environments, from small clinics to large hospital networks. The model’s performance in securing data transmission and providing detailed access control has proven effective in maintaining trust between patients and healthcare providers, offering a scalable and secure solution for modern telehealth services.
Table 1 emphasizes different aspects of each work, such as encryption methods, access control, scalability, and their unique contributions to the field. It offers a broader perspective on how these models compare to our proposed solution, showcasing the strengths and focus areas of each approach. Our proposed model, as highlighted, offers a balance of encryption, scalability, and comprehensive threat defense.

5. Conclusions and Future Work

The proposed security algorithm for telemedicine systems offers a comprehensive protection suite, significantly improving existing methodologies for securing sensitive healthcare data. By integrating advanced cryptographic techniques and leveraging a multi-layered security approach, the algorithm efficiently addresses various cybersecurity threats, from impersonation and insider attacks to data breaches and DoS attacks. This model ensures the confidentiality and integrity of data and upholds user anonymity and robust access control, which are critical for maintaining trust in digital healthcare environments. The algorithm’s efficacy is further underscored by the comparative analysis presented in this study, which shows its superior performance in handling diverse security challenges compared to that of other contemporary systems.
However, the algorithm has certain limitations. One major limitation is the computational overhead of advanced cryptographic techniques and multi-layered security measures, which can increase processing times and consume more system resources. This may limit the algorithm’s efficiency, particularly in environments with limited computational power, such as mobile devices or IoT systems commonly used in telemedicine. Another limitation is the potential scalability challenges as the algorithm relies heavily on secure multi-party computation (SMPC) and blockchain technologies, which can become less efficient as the number of participants or the volume of data increases. This could result in higher latency and bandwidth consumption, especially in large-scale healthcare networks with numerous simultaneous users. Additionally, while the algorithm ensures a high level of security against existing threats, it may be vulnerable to emerging threats, such as quantum computing attacks, unless further developments in quantum-resistant cryptographic methods are incorporated.
Future research could further enhance the model’s scalability and adaptability to accommodate the rapidly evolving landscape of telemedicine and e-health services. One potential area for development is integrating AI-driven threat detection systems, which could provide dynamic and proactive security measures. Additionally, incorporating quantum-resistant cryptographic techniques could future-proof the model against emerging computational threats. As telemedicine expands its reach, the ongoing development and refinement of security measures will be crucial in ensuring the safety and privacy of patient data, fostering continued trust and reliance on these essential digital health services.

Author Contributions

Conceptualization, A.O. and E.A.; data collection, A.O.; analysis and interpretation of results, A.O., E.A. and W.S.; draft manuscript preparation, E.A. and W.S. All authors have read and agreed to the published version of the manuscript.

Funding

The authors received no specific funding for this study.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The original contributions presented in the study are included in the article, further inquiries can be directed to the corresponding author.

Acknowledgments

The authors sincerely acknowledge the Princess Sumaya University for Technology for supporting steps of this work.

Conflicts of Interest

The author declares that there are no conflicts of interest to report regarding the present study.

References

  1. Masood, I.; Daud, A.; Wang, Y.; Banjar, A.; Alharbey, R. A blockchain-based system for patient data privacy and security. Multimed. Tools Appl. 2024, 83, 60443–60467. [Google Scholar] [CrossRef]
  2. Vats, T.; Kumar, S.; Singh, S.K.; Madan, U.; Preet, M.; Arya, V.; Bansal, R.; Almomani, A. Navigating the landscape: Safeguarding privacy and security in the era of ambient intelligence within healthcare settings. Cyber Secur. Appl. 2024, 2, 100046. [Google Scholar] [CrossRef]
  3. Ogundipe, D.O. The impact of big data on healthcare product development: A theoretical and analytical review. Int. Med. Sci. Res. J. 2024, 4, 341–360. [Google Scholar] [CrossRef]
  4. Ibeh, C.V.; Elufioye, O.A.; Olorunsogo, T.; Asuzu, O.F.; Nduubuisi, N.L.; Daraojimba, A.I. Data analytics in healthcare: A review of patient-centric approaches and healthcare delivery. World J. Adv. Res. Rev. 2024, 21, 1750–1760. [Google Scholar] [CrossRef]
  5. Sharma, P.; Barua, S. From data breach to data shield: The crucial role of big data analytics in modern cybersecurity strategies. Int. J. Inf. Cybersecur. 2023, 7, 31–59. [Google Scholar]
  6. Pool, J.; Akhlaghpour, S.; Fatehi, F.; Burton-Jones, A. A systematic analysis of failures in protecting personal health data: A scoping review. Int. J. Inf. Manag. 2024, 74, 102719. [Google Scholar] [CrossRef]
  7. Zhang, L.; Miranskyy, A.; Rjaibi, W.; Stager, G.; Gray, M.; Peck, J. Making existing software quantum safe: A case study on IBM Db2. Inf. Softw. Technol. 2023, 161, 107249. [Google Scholar] [CrossRef]
  8. Singh, D.; Singh, S. Study of the Dark Web With Reference to the Indian Banking System and Black Market and Fraud Scenarios. In Social Capital in the Age of Online Networking: Genesis, Manifestations, and Implications; IGI Global: Hershey, PA, USA, 2023; pp. 211–229. [Google Scholar]
  9. Brown, S.; Desai, A. Legal and regulatory issues related to the use of clinical software in healthcare delivery. In Clinical Decision Support and Beyond; Elsevier: Amsterdam, The Netherlands, 2023; pp. 651–692. [Google Scholar]
  10. Marks, M.; Haupt, C.E. AI chatbots, health privacy, and challenges to HIPAA compliance. JAMA 2023, 330, 309–310. [Google Scholar] [CrossRef]
  11. Fard Bahreini, A. Which information locations in covered entities under HIPAA must be secured first? A multi-criteria decision-making approach. J. Healthc. Risk Manag. 2023, 43, 27–36. [Google Scholar] [CrossRef]
  12. Sadri, M. HIPAA: A Demand to Modernize Health Legislation. Undergrad. Law Rev. UC San Diego 2024, 2. [Google Scholar] [CrossRef]
  13. Thantilage, R.D.; Le-Khac, N.-A.; Kechadi, M.-T. Healthcare data security and privacy in Data Warehouse architectures. Inform. Med. Unlocked 2023, 39, 101270. [Google Scholar] [CrossRef]
  14. Sampaio, S.; Sousa, P.R.; Martins, C.; Ferreira, A.; Antunes, L.; Cruz-Correia, R. Collecting, processing and secondary using personal and (pseudo) anonymized data in smart cities. Appl. Sci. 2023, 13, 3830. [Google Scholar] [CrossRef]
  15. Martinez, D.; Herrera, S. Examining the Ethical and Legal Challenges of Anonymized Data Sharing in the Era of Big Data Analytics. J. Sustain. Technol. Infrastruct. Plan. 2023, 7, 59–77. [Google Scholar]
  16. Ullagaddi, P. Digital transformation strategies to strengthen quality and data integrity in pharma. Int. J. Bus. Manag. 2024, 19, 16–26. [Google Scholar] [CrossRef]
  17. Massaro, M. Digital transformation in the healthcare sector through blockchain technology. Insights from academic research and business developments. Technovation 2023, 120, 102386. [Google Scholar] [CrossRef]
  18. Iqbal, J.; Waheed, A.; Zareei, M.; Umar, A.I.; Amin, N.U.; Aldosary, A.; Mohamed, E.M. A lightweight and secure attribute-based multi receiver generalized signcryption scheme for body sensor networks. IEEE Access 2020, 8, 200283–200304. [Google Scholar] [CrossRef]
  19. Murthy, C.V.B.; Shri, M.L. Secure Sharing Architecture of Personal Healthcare Data Using Private Permissioned Blockchain for Telemedicine. IEEE Access 2024, 12, 106645–106657. [Google Scholar] [CrossRef]
  20. Sharma, A.; Singh, A.; Gupta, V.; Arya, S. Advancements and future prospects of wearable sensing technology for healthcare applications. Sens. Diagn. 2022, 1, 387–404. [Google Scholar] [CrossRef]
  21. Baumgartner, M.; Kreiner, K.; Lauschensky, A.; Jammerbund, B.; Donsa, K.; Hayn, D.; Wiesmüller, F.; Demelius, L.; Modre-Osprian, R.; Neururer, S. Health data space nodes for privacy-preserving linkage of medical data to support collaborative secondary analyses. Front. Med. 2024, 11, 1301660. [Google Scholar] [CrossRef]
  22. Fan, Q.; Xie, Y.; Zhang, C.; Liu, X.; Zhu, L. An Authentic and Privacy-Preserving Scheme Towards E-Health Data Transmission Service. IEEE Trans. Serv. Comput. 2024, 17, 1969–1982. [Google Scholar] [CrossRef]
  23. Shufang, N.; Baoyuan, K.; Anqian, L.; Yuyan, H.; Xinyu, Z. Analysis and Improvement of a Privacy-Preserving Authentication Scheme for Telecare Medical Information System Environment. Wuhan Univ. J. Nat. Sci. 2023, 28, 531–540. [Google Scholar]
Applsci 14 10808 g001
Figure 1. Sequence diagram for the proposed algorithm.
Figure 1. Sequence diagram for the proposed algorithm.
Applsci 14 10808 g001
Table 1. Security features of different schemes.
Table 1. Security features of different schemes.
Security FeatureIqbal et al. [18]Bharathi Murthy et al. [19]Sharma et al. [20]Martin Baumgartner et al. [21]Qing Fan et al. [22]NIU Shufang et al. [23]Proposed Model
Encryption MethodUnique patient ID with ECG-based random key generatorPrivate permissioned blockchain with Hyperledger FabricAttribute-based encryption (ABE) with policy privacyFederated systems with pseudonymization and OMOP modelForward-secure signatures and time-lock puzzlesImproved authentication and key agreementHomomorphic encryption with blockchain integration
Data IntegrityEnsures unique keys for each patientByzantine Fault Tolerance for ConsistencyFocuses on flexible data sharing with encryptionData harmonization for secondary useComprehensive assessments for data transmissionAddresses vulnerabilities in existing TMISsBlockchain-based auditing and verification mechanisms
Access ControlFacilitated through patient-specific keysSmart contracts enable granular access controlMulti-authority access controlUses federated approach with node-based controlMechanisms for patients to deny data associationEnhanced access control in TMISsSmart contracts enforce patient-set permissions
ScalabilityLimited by unique key generation processScalable through private blockchain and IPFSSupports multiple domains with ABEFacilitates data sharing across different systemsEmphasizes secure data transmissionFocus on improved efficiency within TMISsUses SMPC for scalability with encrypted data computations
User AnonymityNot specifically addressedProvides user anonymity with blockchainMaintains policy privacy through hidden attribute valuesPseudonymization for privacy-preserving data useUses anonymity for transmitted health dataEnhancements to preserve user privacyAchieved using pseudonyms and encryption for anonymity
Authentication MethodUnique IDs combined with encryptionBlockchain with smart contracts for access controlMulti-authority role-based authenticationAuthentication through federated nodesTime-lock puzzles for secure authenticationImprovements over previous TMIS authentication schemesCombines biometric verification with traditional credentials
Threats AddressedFocuses on impersonation and data securityRobust against DoS, replay, and insider threatsDesigned for flexibility against multi-user threatsEmphasizes privacy and secure data interoperabilityAims to secure transmission and complianceTargets replay, impersonation, and tracking attack issuesComprehensive defense against a range of attacks
Innovative AspectRandom key generation tied to ECG signalsIntegration of IPFS and Hyperledger with smart contractsPolicy privacy with hidden attribute valuesFederated system with data harmonizationUse of forward-secure and time-lock mechanismsVulnerability assessment and improvements to existing systemsIntegration of homomorphic encryption with SMPC for privacy
Performance in Real WorldEffective for small-scale systems with individual encryption keysScalable solution with proven efficiency in blockchain applicationsFocused on secure data sharing within cloud environmentsSuitable for research and multi-institutional data analysisValidated through security and performance evaluationsDemonstrated enhanced security and efficiency in TMISsSuperior performance in telemedicine with encryption and SMPC
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Odeh, A.; Abdelfattah, E.; Salameh, W. Privacy-Preserving Data Sharing in Telehealth Services. Appl. Sci. 2024, 14, 10808. https://doi.org/10.3390/app142310808

AMA Style

Odeh A, Abdelfattah E, Salameh W. Privacy-Preserving Data Sharing in Telehealth Services. Applied Sciences. 2024; 14(23):10808. https://doi.org/10.3390/app142310808

Chicago/Turabian Style

Odeh, Ammar, Eman Abdelfattah, and Walid Salameh. 2024. "Privacy-Preserving Data Sharing in Telehealth Services" Applied Sciences 14, no. 23: 10808. https://doi.org/10.3390/app142310808

APA Style

Odeh, A., Abdelfattah, E., & Salameh, W. (2024). Privacy-Preserving Data Sharing in Telehealth Services. Applied Sciences, 14(23), 10808. https://doi.org/10.3390/app142310808

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop