Acceptability and user experiences of a patient-held smart card for antenatal services in Nigeria: a qualitative study.

BACKGROUND: Poor maternal, newborn and child health outcomes remain a major public health challenge in Nigeria. Mobile health (mHealth) interventions such as patient-held smart cards have been proposed as effective solutions to improve maternal health outcomes. Our objectives were to assess the acceptability and experiences of pregnant women with the use of a patient-held smartcard for antenatal services in Nigeria. METHODS: Using focus group discussions, qualitative data were obtained from 35 pregnant women attending antenatal services in four Local Government Areas (LGAs) in Benue State, Nigeria. The audio-recorded data were transcribed and analyzed using framework analysis techniques such as the PEN-3 cultural model as a guide. RESULTS: The participants were 18-44 years of age (median age: 24 years), all were married and the majority were farmers. Most of the participants had accepted and used the smartcards for antenatal services. The most common positive perceptions about the smartcards were their ability to be used across multiple health facilities, the preference for storage of the women's medical information on the smartcards compared to the usual paper-based system, and shorter waiting times at the clinics. Notable facilitators to using the smartcards were its provision at the "Baby showers" which were already acceptable to the women, access to free medical screenings, and ease of storage and retrieval of health records from the cards. Costs associated with health services was reported as a major barrier to using the smartcards. Support from health workers, program staff and family members, particularly spouses, encouraged the participants to use the smartcards. CONCLUSION: These findings revealed that patient-held smart card for maternal health care services is acceptable by women utilizing antenatal services in Nigeria. Understanding perceptions, barriers, facilitators, and supportive systems that enhance the use of these smart cards may facilitate the development of lifesaving mobile health platforms that have the potential to achieve antenatal, delivery, and postnatal targets in a resource-limited setting.

A Smart Card-Based Two-Factor Mutual Authentication Scheme for Efficient Deployment of an IoT-Based Telecare Medical Information System.

The integration of the Internet of Things (IoT) and the telecare medical information system (TMIS) enables patients to receive timely and convenient healthcare services regardless of their location or time zone. Since the Internet serves as the key hub for connection and data sharing, its open nature presents security and privacy concerns and should be considered when integrating this technology into the current global healthcare system. Cybercriminals target the TMIS because it holds a lot of sensitive patient data, including medical records, personal information, and financial information. As a result, when developing a trustworthy TMIS, strict security procedures are required to deal with these concerns. Several researchers have proposed smart card-based mutual authentication methods to prevent such security attacks, indicating that this will be the preferred method for TMIS security with the IoT. In the existing literature, such methods are typically developed using computationally expensive procedures, such as bilinear pairing, elliptic curve operations, etc., which are unsuitable for biomedical devices with limited resources. Using the concept of hyperelliptic curve cryptography (HECC), we propose a new solution: a smart card-based two-factor mutual authentication scheme. In this new scheme, HECC's finest properties, such as compact parameters and key sizes, are utilized to enhance the real-time performance of an IoT-based TMIS system. The results of a security analysis indicate that the newly contributed scheme is resistant to a wide variety of cryptographic attacks. A comparison of computation and communication costs demonstrates that the proposed scheme is more cost-effective than existing schemes.

Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMIS.

The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.

A Review of Two-Factor Authentication: Suggested Security Effort Moves to Mandatory.

Two-factor authentication has been available to technology consumers for a long time, and a few years ago businesses and institutions began implementing optional two-factor authentication to improve digital security. Now more universities and hospitals are moving from optional to mandatory two-factor authentication, and employees used to two-factor authentication for their personal digital life must adjust to using two-factor authentication in their work flow. This column will review some of the ongoing and emergent aspects of two-factor authentication to enhance security in an ever-changing digital landscape.

Privacy-Preserving and Efficient Truly Three-Factor Authentication Scheme for Telecare Medical Information Systems.

Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor's diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.

Empowering the patient: Smart Card (SC) Integration with Electronic Medical Record (EMR).

Tata Memorial Hospital (TMH) is a Comprehensive Care Centre for Cancer located in Mumbai, India. Patients from all over India and some from neighboring countries choose to travel to Mumbai (Bombay) to receive treatment at our centre. Given the geographical constraints, TMH has adopted Information Technology to reach out to patients in distant communities. TMH has a home-grown Electronic Medical Record System, the contents of which are shared with patients and providers over the hospital- wide Intranet, and globally through our website. TMH has been carrying out paperless and filmless operations since 2013, enabling the real time exchange of information and ensuring a continuum of care. Paper Records preceding this year are scanned, archived and made available as part of the EMR. Prior to Smart Card implementation, it was not uncommon to find patient or their relatives queuing up for services or payments. This had resulted in delays in providing services, and hardship for patients and their relatives. Overcrowding meant staff being stressed with a propensity for mistakes in data entry, resulting in a faulty service. This would compromise patients if unnoticed, or result in a repetition of service it noticed. In addition, hospital management was concerned about lengthy transaction times and deficiency of service. It was in this context that in the year 2011, the Hospital Management took an initiative to integrate Smart Card Technology with the existing Electronic Medical Record (EMR) and Electronic Financial Record (EFR), to improve interaction between patients and the Institution. The strategy was to use Smart Card (SC), containing an embedded IC chip for patient identification, to carry out all transactions involving patient care, in order to minimize transcription errors and enhance patient safety. The implementation of this strategy involved process re-engineering and training of all staff members. The results of the past 4 years 2013-16 have been analyzed to determine the efficacy of this initiative.

Drug allergy passport and other documentation for patients with drug hypersensitivity - An ENDA/EAACI Drug Allergy Interest Group Position Paper.

The strongest and best-documented risk factor for drug hypersensitivity (DH) is the history of a previous reaction. Accidental exposures to drugs may lead to severe or even fatal reactions in sensitized patients. Preventable prescription errors are common. They are often due to inadequate medical history or poor risk assessment of recurrence of drug reaction. Proper documentation is essential information for the doctor to make sound therapeutic decision. The European Network on Drug Allergy and Drug Allergy Interest Group of the European Academy of Allergy and Clinical Immunology have formed a task force and developed a drug allergy passport as well as general guidelines of drug allergy documentation. A drug allergy passport, a drug allergy alert card, a certificate, and a discharge letter after medical evaluation are adequate means to document DH in a patient. They are to be handed to the patient who is advised to carry the documentation at all times especially when away from home. A drug allergy passport should at least contain information on the culprit drug(s) including international nonproprietary name, clinical manifestations including severity, diagnostic measures, potential cross-reactivity, alternative drugs to prescribe, and where more detailed information can be obtained from the issuer. It should be given to patients only after full allergy workup. In the future, electronic prescription systems with alert functions will become more common and should include the same information as in paper-based documentation.

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

A Robust and Anonymous Two Factor Authentication and Key Agreement Protocol for Telecare Medicine Information Systems.

Nowadays people can get many services including health-care services from distributed information systems remotely via public network. By considering that these systems are built on public network, they are vulnerable to many malicious attacks. Hence it is necessary to introduce an effective mechanism to protect both users and severs. Recently many two-factor authentication schemes have been proposed to achieve this goal. In 2016, Li et al. demonstrated that Lee et al.'s scheme was not satisfactory to be deployed in practice because of its security weaknesses and then proposed a security enhanced scheme to overcome these drawbacks. In this paper, we analyze Li et al.'s scheme is still not satisfactory to be applied in telecare medicine information systems (TMIS) because it fails to withstand off-line dictionary attack and known session-specific temporary information attack. Moreover, their scheme cannot provide card revocation services for lost smart card. In order to solve these security problems, we propose an improved scheme. Then we analyze our scheme by using BAN-logic model and compare the improved scheme with related schemes to prove that our scheme is advantageous to be applied in practice.

Photo Identification on a Medical-Surgical Unit Improves Communication Resulting in Positive Patient Outcomes.

Creating an environment that allows for ease of communication is imperative to meet the demands of health care that is focused on quality, safety, and outcomes. As a way to improve the communication between and identification of nursing staff by the interprofessional team, a process was created to aide in timely identification and communication between health care members. Enhanced communication can result in an increase in Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS) scores for patient satisfaction in responsiveness, communication with nurses, and bathroom help.

A simple intervention to improve antibiotic treatment times for neutropenic sepsis.

OBJECTIVES: Patients with suspected Neutropenic sepsis require rapid antibiotic administration, but despite extensive education, only 67% of patients received antibiotics within 60 minutes . METHODS: A Neutropenic Sepsis Alert Card was created, as a Patient Specific Directive - this allows nurses to administer antibiotics to specific patients without prior medical review. RESULTS: Since the intervention, 301 patients presented with suspected neutropenic sepsis. 277 patients (92%) received their first dose of intravenous antibiotics within 1 hour of arrival into hospital, compared to 95 out of 143 patients (67%) presenting between January and June of 2014 (p=0.036). CONCLUSION: The Neutropenic Sepsis Alert Card can significantly improve door to antibiotic needle time for chemotherapy patients with suspected neutropenic sepsis. This intervention is inexpensive and easily replicable in other health care organisations.

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System.

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das's authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System.

In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.

The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.