INNBC DApp, a decentralized application to permanently store biomedical data on a modern, proof-of-stake (POS), blockchain such as BNB Smart Chain.

BACKGROUND: A blockchain can be described as a distributed ledger database where, under a consensus mechanism, data are permanently stored in records, called blocks, linked together with cryptography. Each block contains a cryptographic hash function of the previous block, a timestamp, and transaction data, which are permanently stored in thousands of nodes and never altered. This provides a potential real-world application for generating a permanent, decentralized record of scientific data, taking advantage of blockchain features such as timestamping and immutability. IMPLEMENTATION: Here, we propose INNBC DApp, a Web3 decentralized application providing a simple front-end user interface connected with a smart contract for recording scientific data on a modern, proof-of-stake (POS) blockchain such as BNB Smart Chain. Unlike previously proposed blockchain tools that only store a hash of the data on-chain, here the data are stored fully on-chain within the transaction itself as "transaction input data", with a true decentralized storage solution. In addition to plain text, the DApp can record various types of files, such as documents, images, audio, and video, by using Base64 encoding. In this study, we describe how to use the DApp and perform real-world transactions storing different kinds of data from previously published research articles, describing the advantages and limitations of using such a technology, analyzing the cost in terms of transaction fees, and discussing possible use cases. RESULTS: We have been able to store several different types of data on the BNB Smart Chain: raw text, documents, images, audio, and video. Notably, we stored several complete research articles at a reasonable cost. We found a limit of 95KB for each single file upload. Considering that Base64 encoding increases file size by approximately 33%, this provides us with a theoretical limit of 126KB. We successfully overcome this limitation by splitting larger files into smaller chunks and uploading them as multi-volume archives. Additionally, we propose AES encryption to protect sensitive data. Accordingly, we show that it is possible to include enough data to be useful for storing and sharing scientific documents and images on the blockchain at a reasonable cost for the users. CONCLUSION: INNBC DApp represents a real use case for blockchain technology in decentralizing biomedical data storage and sharing, providing us with features such as immutability, timestamp, and identity that can be used to ensure permanent availability of the data and to provide proof-of-existence as well as to protect authorship, a freely available decentralized science (DeSci) tool aiming to help bring mass adoption of blockchain technology among the scientific community.

Machine learning cryptography methods for IoT in healthcare.

BACKGROUND: The increased application of Internet of Things (IoT) in healthcare, has fueled concerns regarding the security and privacy of patient data. Lightweight Cryptography (LWC) algorithms can be seen as a potential solution to address this concern. Due to the high variation of LWC, the primary objective of this study was to identify a suitable yet effective algorithm for securing sensitive patient information on IoT devices. METHODS: This study evaluates the performance of eight LWC algorithms-AES, PRESENT, MSEA, LEA, XTEA, SIMON, PRINCE, and RECTANGLE-using machine learning models. Experiments were conducted on a Raspberry Pi 3 microcontroller using 16 KB to 2048 KB files. Machine learning models were trained and tested for each LWC algorithm and their performance was evaluated based using precision, recall, F1-score, and accuracy metrics. RESULTS: The study analyzed the encryption/decryption execution time, energy consumption, memory usage, and throughput of eight LWC algorithms. The RECTANGLE algorithm was identified as the most suitable and efficient LWC algorithm for IoT in healthcare due to its speed, efficiency, simplicity, and flexibility. CONCLUSIONS: This research addresses security and privacy concerns in IoT healthcare and identifies key performance factors of LWC algorithms utilizing the SLR research methodology. Furthermore, the study provides insights into the optimal choice of LWC algorithm for enhancing privacy and security in IoT healthcare environments.

End-to-end pseudonymization of fine-tuned clinical BERT models : Privacy preservation with maintained data utility.

Many state-of-the-art results in natural language processing (NLP) rely on large pre-trained language models (PLMs). These models consist of large amounts of parameters that are tuned using vast amounts of training data. These factors cause the models to memorize parts of their training data, making them vulnerable to various privacy attacks. This is cause for concern, especially when these models are applied in the clinical domain, where data are very sensitive. Training data pseudonymization is a privacy-preserving technique that aims to mitigate these problems. This technique automatically identifies and replaces sensitive entities with realistic but non-sensitive surrogates. Pseudonymization has yielded promising results in previous studies. However, no previous study has applied pseudonymization to both the pre-training data of PLMs and the fine-tuning data used to solve clinical NLP tasks. This study evaluates the effects on the predictive performance of end-to-end pseudonymization of Swedish clinical BERT models fine-tuned for five clinical NLP tasks. A large number of statistical tests are performed, revealing minimal harm to performance when using pseudonymized fine-tuning data. The results also find no deterioration from end-to-end pseudonymization of pre-training and fine-tuning data. These results demonstrate that pseudonymizing training data to reduce privacy risks can be done without harming data utility for training PLMs.

GEN-RWD Sandbox: bridging the gap between hospital data privacy and external research insights with distributed analytics.

BACKGROUND: Artificial intelligence (AI) has become a pivotal tool in advancing contemporary personalised medicine, with the goal of tailoring treatments to individual patient conditions. This has heightened the demand for access to diverse data from clinical practice and daily life for research, posing challenges due to the sensitive nature of medical information, including genetics and health conditions. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. and the General Data Protection Regulation (GDPR) in Europe aim to strike a balance between data security, privacy, and the imperative for access. RESULTS: We present the Gemelli Generator - Real World Data (GEN-RWD) Sandbox, a modular multi-agent platform designed for distributed analytics in healthcare. Its primary objective is to empower external researchers to leverage hospital data while upholding privacy and ownership, obviating the need for direct data sharing. Docker compatibility adds an extra layer of flexibility, and scalability is assured through modular design, facilitating combinations of Proxy and Processor modules with various graphical interfaces. Security and reliability are reinforced through components like Identity and Access Management (IAM) agent, and a Blockchain-based notarisation module. Certification processes verify the identities of information senders and receivers. CONCLUSIONS: The GEN-RWD Sandbox architecture achieves a good level of usability while ensuring a blend of flexibility, scalability, and security. Featuring a user-friendly graphical interface catering to diverse technical expertise, its external accessibility enables personnel outside the hospital to use the platform. Overall, the GEN-RWD Sandbox emerges as a comprehensive solution for healthcare distributed analytics, maintaining a delicate equilibrium between accessibility, scalability, and security.

The need for cybersecurity self-evaluation in healthcare.

The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.

[Development of competencies in the Medical Informatics Initiative (MII)-educational offers for a competent and secure handling of medical data]. / Kompetenzentwicklung in der Medizininformatik-Initiative (MII) ­ Lehrangebote für einen souveränen und sicheren Umgang mit medizinischen Daten.

In order to achieve the goals of the Medical Informatics Initiative (MII), staff with skills in the field of medical informatics and data science are required. Each consortium has established training activities. Further, cross-consortium activities have emerged. This article describes the concepts, implemented programs, and experiences in the consortia. Fifty-one new professorships have been established and 10 new study programs have been created: 1 bachelor's degree and 6 consecutive and 3 part-time master's degree programs. Further, learning and training opportunities can be used by all MII partners. Certification and recognition opportunities have been created.The educational offers are aimed at target groups with a background in computer science, medicine, nursing, bioinformatics, biology, natural science, and data science. Additional qualifications for physicians in computer science and computer scientists in medicine seem to be particularly important. They can lead to higher quality in software development and better support for treatment processes by application systems.Digital learning methods were important in all consortia. They offer flexibility for cross-location and interprofessional training. This enables learning at an individual pace and an exchange between professional groups.The success of the MII depends largely on society's acceptance of the multiple use of medical data in both healthcare and research. The information required for this is provided by the MII's public relations work. There is also an enormous need in society for medical and digital literacy.

[Blockchain in health: Transforming security and clinical data management]. / Blockchain en salud: transformando la seguridad y la gestión de datos clínicos.

INTRODUCTION: Technological advances continue to transform society, including the health sector. The decentralized and verifiable nature of blockchain technology presents great potential for addressing current challenges in healthcare data management. DISCUSSION: This article reports on how the generalized adoption of blockchain faces important challenges and barriers that must be addressed, such as the lack of regulation, technical complexity, safeguarding privacy, and economic and technological costs. Collaboration between medical professionals, technologists and legislators is essential to establish a solid regulatory framework and adequate training. CONCLUSION: Blockchain technology has the potential to revolutionize data management in the healthcare sector, improving the quality of medical care, empowering users, and promoting the secure sharing of data, but an important cultural change is needed, along with more evidence, to reveal its advantages in front of the existing technological alternative.

Data protection during the coronavirus crisis.

Smartphone apps to track SARS-CoV 2 infections need to fulfill certain minimal requirements to guarantee privacy and justify their use under data protection laws.

Physician, Protect Thyself: Why Psychiatrists Should Be Aware of Their Internet Presence and How to Protect Themselves.

ABSTRACT: Modern psychiatric practice requires the use of the Internet, and the current pandemic has accelerated the adoption of technology in clinics. Psychiatrists receive significant education on protecting patient privacy and medical information when using these tools. However, they receive little training regarding protecting their own personal privacy in the Internet era. Private information, often without one's knowledge, is frequently available online and accessible by patients. The work of physicians and psychiatrists creates additional unique vulnerabilities to privacy. Given the essential nature of the Internet in modern clinical practice, physicians should understand how to monitor and protect personal privacy and safety online. We provide advice to minimize vulnerability to a privacy breach, with a focus on areas unique to psychiatrists and psychiatric practice. We review the literature on physician safety online and offer guidance to get started.

The Epidemiology of Patients' Email Addresses in a French University Hospital: Case-Control Study.

BACKGROUND: Health care professionals are caught between the wish of patients to speed up health-related communication via emails and the need for protecting health information. OBJECTIVE: We aimed to analyze the demographic characteristics of patients providing an email, and study the distribution of emails' domain names. METHODS: We used the information system of the European Hospital Georges Pompidou (HEGP) to identify patients who provided an email address. We used a 1:1 matching strategy to study the demographic characteristics of the patients associated with the presence of an email, and described the characteristics of the emails used (in terms of types of emails-free, business, and personal). RESULTS: Overall, 4.22% (41,004/971,822) of the total population of patients provided an email address. The year of last contact with the patient is the strongest driver of the presence of an email address (odds ratio [OR] 20.8, 95% CI 18.9-22.9). Patients more likely to provide an email address were treated for chronic conditions and were more likely born between 1950 and 1969 (taking patients born before 1950 as reference [OR 1.60, 95% CI 1.54-1.67], and compared to those born after 1990 [OR 0.56, 95% CI 0.53-0.59]). Of the 41,004 email addresses collected, 37,779 were associated with known email providers, 31,005 email addresses were associated with Google, Microsoft, Orange, and Yahoo!, 2878 with business emails addresses, and 347 email addresses with personalized domain names. CONCLUSIONS: Emails have been collected only recently in our institution. The importance of the year of last contact probably reflects this recent change in contact information collection policy. The demographic characteristics and especially the age distribution are likely the result of a population bias in the hospital: patients providing email are more likely to be treated for chronic diseases. A risk analysis of the use of email revealed several situations that could constitute a breach of privacy that is both likely and with major consequences. Patients treated for chronic diseases are more likely to provide an email address, and are also more at risk in case of privacy breach. Several common situations could expose their private information. We recommend a very restrictive use of the emails for health communication.

Patient Perspectives on Health Data Privacy and Implications for Adverse Drug Event Documentation and Communication: Qualitative Study.

BACKGROUND: Adverse drug events are unintended and harmful effects of medication use. Using existing information and communication technologies (ICTs) to increase information sharing about adverse drug events may improve patient care but can introduce concerns about data privacy. OBJECTIVE: This study aims to examine the views of patients and their caregivers about data protection when using ICTs to communicate adverse drug event information to improve patient safety. METHODS: We conducted an exploratory qualitative study. A total of 4 focus groups were held among patients who had experienced or were at risk of experiencing an adverse drug event, their family members, and their caregivers. We recruited participants through multiple avenues and iteratively analyzed the data using situational analysis. RESULTS: Of the 47 participants recruited, 28 attended our focus groups. We identified 3 primary themes. First, participants felt that improved information sharing about adverse drug events within their circle of care would likely improve care. Second, participants were concerned about data handling and inappropriate access but believed that the benefits of information sharing outweighed the risks of privacy breaches. Finally, participants were more concerned about data privacy in the context of stigmatized health conditions. CONCLUSIONS: Current conditions for maintaining health data privacy are consistent with participants' preferences, despite the fact that health data are susceptible to breaches and mismanagement. Information sharing that increases patient safety may justify potential privacy risks. Greater attention to patient concerns and the effect of social and contextual concerns in the design and implementation of health information technologies may increase patient confidence in the privacy of their information.

Privacy-Oriented Technique for COVID-19 Contact Tracing (PROTECT) Using Homomorphic Encryption: Design and Development Study.

BACKGROUND: Various techniques are used to support contact tracing, which has been shown to be highly effective against the COVID-19 pandemic. To apply the technology, either quarantine authorities should provide the location history of patients with COVID-19, or all users should provide their own location history. This inevitably exposes either the patient's location history or the personal location history of other users. Thus, a privacy issue arises where the public good (via information release) comes in conflict with privacy exposure risks. OBJECTIVE: The objective of this study is to develop an effective contact tracing system that does not expose the location information of the patient with COVID-19 to other users of the system, or the location information of the users to the quarantine authorities. METHODS: We propose a new protocol called PRivacy Oriented Technique for Epidemic Contact Tracing (PROTECT) that securely shares location information of patients with users by using the Brakerski/Fan-Vercauteren homomorphic encryption scheme, along with a new, secure proximity computation method. RESULTS: We developed a mobile app for the end-user and a web service for the quarantine authorities by applying the proposed method, and we verified their effectiveness. The proposed app and web service compute the existence of intersections between the encrypted location history of patients with COVID-19 released by the quarantine authorities and that of the user saved on the user's local device. We also found that this contact tracing smartphone app can identify whether the user has been in contact with such patients within a reasonable time. CONCLUSIONS: This newly developed method for contact tracing shares location information by using homomorphic encryption, without exposing the location information of patients with COVID-19 and other users. Homomorphic encryption is challenging to apply to practical issues despite its high security value. In this study, however, we have designed a system using the Brakerski/Fan-Vercauteren scheme that is applicable to a reasonable size and developed it to an operable format. The developed app and web service can help contact tracing for not only the COVID-19 pandemic but also other epidemics.

Addressing Ethical Challenges in US-Based HIV Phylogenetic Research.

In recent years, phylogenetic analysis of HIV sequence data has been used in research studies to investigate transmission patterns between individuals and groups, including analysis of data from HIV prevention clinical trials, in molecular epidemiology, and in public health surveillance programs. Phylogenetic analysis can provide valuable information to inform HIV prevention efforts, but it also has risks, including stigma and marginalization of groups, or potential identification of HIV transmission between individuals. In response to these concerns, an interdisciplinary working group was assembled to address ethical challenges in US-based HIV phylogenetic research. The working group developed recommendations regarding (1) study design; (2) data security, access, and sharing; (3) legal issues; (4) community engagement; and (5) communication and dissemination. The working group also identified areas for future research and scholarship to promote ethical conduct of HIV phylogenetic research.

The ultimate physical limits of privacy.

Among those who make a living from the science of secrecy, worry and paranoia are just signs of professionalism. Can we protect our secrets against those who wield superior technological powers? Can we trust those who provide us with tools for protection? Can we even trust ourselves, our own freedom of choice? Recent developments in quantum cryptography show that some of these questions can be addressed and discussed in precise and operational terms, suggesting that privacy is indeed possible under surprisingly weak assumptions.

To Infinity and Beyond: The Past, Present, and Future of Tele-Anesthesia.

Because the scope of anesthesia practice continues to expand, especially within the perioperative domain, our specialty must continually examine technological services that allow us to provide care in innovative ways. Telemedicine has facilitated the remote provision of medical services across many different specialties, but it remains somewhat unclear whether the use of telemedicine would fit within the practice of anesthesiology on a consistent basis. There have been several reports on the successful use of telemedicine within the preoperative and intraoperative realm. However, patient selection, patient and provider satisfaction, case cancellation rates, equipment reliability, and security of protected health information are just some of the issues that require further examination. This article seeks to review comprehensively the available literature related to the use of telemedicine within the preoperative, intraoperative, and postoperative phases of anesthetic care as well as analyze the major hurdles often encountered when implementing a teleconsultation service. Security of connection, data storage and encryption, federal and state medical licensure compliance, as well as overall cost/savings analysis are a few of the issues that warrant further exploration and research. As telemedicine programs develop within the perioperative arena, it is imperative for institutions to share knowledge, successes, and pitfalls to improve the delivery of care in today's technology-driven medical landscape.

Connected Medical Technology and Cybersecurity Informed Consent: A New Paradigm.

BACKGROUND: Connected medical technology is increasingly prevalent and offers both a host of new therapeutic potentials and cybersecurity-related considerations. Current practice largely does not include discussions of cybersecurity issues when clinicians obtain informed consent. OBJECTIVE: This paper aims to raise awareness about cybersecurity considerations for connected medical technology as they relate to informed consent discussions between patients and clinicians. METHODS: Clinicians, health care cybersecurity researchers, and informed consent experts propose the concept of a cybersecurity informed consent for connected medical technology. RESULTS: This viewpoint discusses concepts designed to facilitate further discussion on the need, development, and execution of cybersecurity informed consent. CONCLUSIONS: Cybersecurity informed consent may be a necessary component of informed consent practices, as connected medical technology proliferates in the health care environment.

All Our Data Will Be Health Data One Day: The Need for Universal Data Protection and Comprehensive Consent.

Tremendous growth in the types of data that are collected and their interlinkage are enabling more predictions of individuals' behavior, health status, and diseases. Legislation in many countries treats health-related data as a special sensitive kind of data. Today's massive linkage of data, however, could transform "nonhealth" data into sensitive health data. In this paper, we argue that the notion of health data should be broadened and should also take into account past and future health data and indirect, inferred, and invisible health data. We also lay out the ethical and legal implications of our model.

COVID-19 Research: Navigating the European General Data Protection Regulation.

Researchers must collaborate globally to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires a legal basis for the processing of sensitive data, additional justification for its processing, and a basis for any transfer of data outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if the data processing activities are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to be determined by individual Member States, which have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork that displays insufficient clarity and impedes joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws that consider the related practical challenges and support collaborative global research in the public interest.

Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations.

The recent rise in cybersecurity breaches in healthcare organizations has put patients' privacy at a higher risk of being exposed. Despite this threat and the additional danger posed by such incidents to patients' safety, as well as operational and financial threats to healthcare organizations, very few studies have systematically examined the cybersecurity threats in healthcare. To lay a firm foundation for healthcare organizations and policymakers in better understanding the complexity of the issue of cybersecurity, this study explores the major type of cybersecurity threats for healthcare organizations and explains the roles of the four major players (cyber attackers, cyber defenders, developers, and end-users) in cybersecurity. Finally, the paper discusses a set of recommendations for the policymakers and healthcare organizations to strengthen cybersecurity in their organization.