Strategic Healthcare IT Research Projects on Security (SHARPS)
Strategic Healthcare IT Advanced Research Projects on Security (SHARPS), led by the University of Illinois at Urbana-Champaign, will advance the requirements, foundations, design, development, and deployment of security and privacy tools and methods. SHARPS is organized around three major health care environments: EHRs, Health Information Exchange (HIE), and Telemedicine (TEL). A multidisciplinary team of computer security, medical, and social science experts will develop security and privacy policies and technology tools to support electronic use and exchange of health information. The healthcare IT research projects will address strategic cross-cutting themes that foster collaboration, consistency, and a multi-purpose technology convergence of EHR, HIE, and TEL.
- Conceptual and Policy Foundations: formulate privacy as an appropriate constraint to information flow (e.g., sharing, distribution, and use for treatment or capital management) by drawing on the foundation of contextual integrity.
- Service Models: overcome security and privacy barriers through functional IT components provided as separable modules or services.
- Open Validation: evaluate validation and testing for healthcare security and privacy by the research community by providing test-beds, methodologies, open-source software, and measurable benchmarks.
- The maturity of security and privacy technologies and policies through the removal of key barriers that prevent the use of valuable health information.
- The creation of an integrated security and privacy research community for health IT that will exist following the culmination of the SHARPS program and will continue to conduct healthcare IT research projects.
Electronic Health Records (EHRs) — The EHR project will focus on issues related to the security and privacy of health records within a single care delivery organization (CDO), such as a hospital or doctor’s office. To reach this goal, this project will include three components:
- Self-Protecting EHRs: Apply attribute-based encryption to EHRs to provide protection for enterprise collaboration and outsourcing.
- Policy Terrain and Implications of Health IT: Develop and analyze a policy map that addresses the implications of achieving contextual integrity and usability.
- Privacy-Aware Health Information Systems: Develop a scientific basis for privacy policies at the patient, provider, institution, and policy levels to prevent indiscriminate sharing of Personal Health Information (PHI).
Health Information Exchange (HIE) — The HIE project is concerned with the security and privacy of health records as they are exchanged between CDOs and/or individuals. The components of the HIE project are:
- Responsive Secure Health Information Exchange: Address the inadequacy of current exchange service models by demonstrating how model-based design can be applied to health IT.
- Experience-Based Access Management: Limit insider threats by establishing a continuously evolving model for access control rules.
- Personal Health Records (PHR): Address third-party PHR privacy standard inadequacy through a social and legal exploration of PHR stakeholders.
Telemedicine (TEL) — The TEL project will address the security and privacy of implantable medical devices, remote monitoring, tele-immersion, and safety. Strategic goals include:
- Implantable Medical Devices: Provide criteria for what constitutes sufficient computer and interoperability safety for Implanted Medical Devices.
- Remote Monitoring for Mobile and Assisted Living: Protect sensitive PHI collected through remote monitoring and home healthcare within the mHealth framework.
- Tele-Immersion: Address the security and privacy needs of remote diagnoses and treatments by linking classification to encryption.
- Patient Safety Assessment: Increase patient confidence regarding the safety and security of telemedical devices by offering accurate technological risk assessments grounded in a review of FDA data.
Dr. Carl A. Gunter, University of Illinois, Urbana-Champaign
For More Information:
Please refer questions and comments regarding SHARPS to SHARP.Security@hhs.gov.