A project led by the University of St Andrews has developed new systems which could help put patients in control of their healthcare data in future.
The project, Securing Medical Data in Smart Patient-Centric Healthcare Systems (Serums), was led by Dr Juliana Bowles of the University’s School of Computer Science, and combined the expertise of ten institutions across seven countries.
Focusing on the security and privacy of healthcare systems, the project explored ways to open up research avenues for improving personal care, enhance treatment quality, and ensure patient trust in the security and privacy of their medical data.
Funded by the EU, Serums was established with medical professionals and computer scientists and used artificially synthesised medical data to create a ‘data lake’ of health information in order to test the functioning and security of the new system. The synthetic data replicated realistic medical data without using real medical records and allowed systems and data to be tested to ensure the future security and privacy of real patient records.
In the simulation, patients accessed medical records by creating a unique ‘picture password’, based on a photograph that has meaning to them, for example, their local hospital entrance or waiting room. This encrypted picture password gives greater memorability, and is combined with two-factor authentication such as a text or phone call.
Dr Bowles explained: “Patients can choose which hospital departments or other medical organisations have access to their records, regardless of country location. Authorised professionals access information, such as X-rays and doctor’s notes, based on the level of permission the patient grants them, with different departments given different levels of access to a patient’s data.
“Medical data comes from a variety of sources: personal medical devices, opticians, GPs and other healthcare practitioners. There are many potential benefits to society from combining such data locally, nationally and internationally.
“In the future, systems like the one developed within Serums will make use of real medical data rather than synthetic data. The data lake simulates compliance with GDPR, so when the system is populated by real data, it is designed to be fully private and secure.”
The system has been tested by members of the public across Europe. To overcome the challenges of studies carried out during the pandemic, Serums used an online approach to allow the public to evaluate the system. Participants answered a questionnaire about their opinions on the Serums system, including perceived usability, picture password memorability and security.
Dr Bowles said: “The system has had very encouraging feedback and has been well received by the public.”