Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Sep 21, 2020
Date Accepted: Aug 2, 2021
Security Engineering of Patient-Centered Healthcare Information Systems in Peer-to-Peer Environments: Systematic Review
ABSTRACT
Background:
Patient-centered health care information systems (PHS) enable patients to take control and become knowledgeable about their own health, preferably, in a secure environment. Current and emerging PHS use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving Covid-19 decentralized Bluetooth-based tracing systems are examples for disease-centric P2P PHS. Although using P2P technology for the provision of PHS can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues because users must manage information security largely by themselves.
Objective:
This study aims to identify the inherent security issues for PHS deployment on P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment.
Methods:
A systematic literature review following the PRISMA reporting guidelines was conducted. Thematic analysis was used for data analysis. The IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar were searched. The search was run for articles published between 2008 to 2020. The Common Vulnerability Scoring System was used as a guide for scoring the security issues identified in this study.
Results:
Initially, a total of 102,851 articles was identified. A total of 49 articles was finally included in the review based on the eligibility criteria. Our findings are consolidated into eight key security issues associated with PHS implementation and deployment on P2P networks and seven factors promoting them. Moreover, we propose a suitable architecture for P2P PHS and a guideline for the provision of PHS while maintaining information security.
Conclusions:
This study identifies that absence of centralized controls and non-consistent views of the network on some P2P systems have a profound adverse impact in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHS on P2P networks and make use of P2P PHS that are safe-to-use for patients.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.