Mapping Security Requirements of Mobile Health Systems into Software Development Lifecycle

Abstract

The shift to delivering mobile healthcare services is inevitable. However, finding effective ways to protect personal health information handled by these systems is still a challenging task even with the utilization of advanced technology and trained professionals. This is mainly due to the fact that the peripheral defense on the Internet and web-based applications do not handle the root causes of the application's vulnerabilities. This paper proposes a solution for enhancing security and personal privacy in mobile health (mHealth) systems through embedding security schemes into Software-Development Lifecycle (SDLC). The proposed solution, which encompasses various healthcare-specific security needs in mobile health systems, aims at ensuring a balance between personal privacy through making sure that patients have control over their own information from one side and information sharing that is necessary for integrated service delivery from the other side. This balance is achieved through handling security and privacy challenges through careful design and implementation of data protection mechanisms, cryptography, access control, and auditory that give patients and their health care professionals the right to control disclosures of identifiable health data.