Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Publications

Publications by Cátia Pereira Augusto

2013

A secure RBAC mobile agent access control model for Healthcare Institutions

Authors
Santos Pereira, C; Augusto, AB; Cruz Correia, R; Correia, ME;

Publication
2013 IEEE 26TH INTERNATIONAL SYMPOSIUM ON COMPUTER-BASED MEDICAL SYSTEMS (CBMS)

Abstract
In medical organizations, healthcare providers need to have fast access to patients' medical information in order to make accurate diagnoses as well as to provide appropriate treatments. Efficient healthcare is thus highly dependent on doctors being provided with access to patients' medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not inter-operate in a timely manner. Unfortunately the standard operational mode for many healthcare applications, and even healthcare institutions, is to be managed and operated as isolated islands that do not share information in an efficient manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. In this paper we propose a RBAC mobile agent access control model supported by a specially managed public key infrastructure for mobile agent's strong authentication and access control. Our aim is to create the right means for doctors to be provided with timely accurate information, which would be otherwise inaccessible, by the means of strongly authenticated mobile agents capable of securely bridging otherwise isolated institutional eHealth domains and legacy applications.

2013

A secure RBAC mobile agent model for healthcare institutions - Preliminary study

Authors
Santos Pereira, C; Augusto, AB; Cruz Correia, R; Correia, ME;

Publication
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract
Efficient healthcare is thus highly dependent on doctors being provided with access to patients medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not interoperate in a timely manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. The objective of this paper is to establish a mobile agent access control model based on RBAC model that allows the exchange of clinical information between different health institutions that fall within the same circle of trust. © 2013 Springer-Verlag.

2014

Envisioning secure and usable access control for patients

Authors
Ferreira, AM; Lenzini, G; Pereira, CS; Augusto, AB; Correia, ME;

Publication
3nd IEEE International Conference on Serious Games and Applications for Health, SeGAH 2014, Rio de Janeiro, Brazil, May 14-16, 2014

Abstract
Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR.

2017

A qualitative research evaluation of a Portuguese computerized cancer registry

Authors
Santos Pereira, C; Cruz Correia, R; Brito, AC; Augusto, AB; Correia, ME; Bento, MJ; Antunes, L;

Publication
2017 12TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI)

Abstract
A cancer registry is a standardized tool to produce population-based data on cancer incidence and survival. Cancer registries can retrieve and store information on all cancer cases occurring in a defined population. The main sources of data on cancer cases usually include: treatment and diagnostic facilities (oncology centres or hospital departments, pathology laboratories, or imaging facilities etc.) and the official territorial death registry. The aim of this paper is to evaluate the north regional cancer registry (RORENO) of Portugal using a qualitative research. We want to characterize: the main functionalities and core processes, team involved, different healthcare institutions in the regional network and an identification of issues and potential improvements. RORENO links data of thirteen-two healthcare institutions and is responsible for the production of cancer incidence and survival report for this region. In our semi-structure interviews and observation of RORENO we identified a serious problem due to a lack of an automatic integration of data from the different sources. Most of the data are inserted manually in the system and this implies an extra effort from the RORENO team. At this moment RORENO team are still collecting data from 2011. In a near future it is crucial to automatize the integration of data linking the different healthcare institutions in the region. However, it is important to think which functionalities this system should give to the institutions in the network to maximize the engagement with the project. More than a database this should be a source of knowledge available to all the collaborative oncologic network.

2018

HS.Register - An Audit-Trail Tool to Respond to the General Data Protection Regulation (GDPR)

Authors
Gonçalves Ferreira, DN; Leite, M; Pereira, CS; Correia, ME; Coelho Antunes, LF; Correia, RC;

Publication
Building Continents of Knowledge in Oceans of Data: The Future of Co-Created eHealth - Proceedings of MIE 2018, Medical Informatics Europe, Gothenburg, Sweden, April 24-26, 2018

Abstract
Introduction The new General Data Protection Regulation (GDPR) compels health care institutions and their software providers to properly document all personal data processing and provide clear evidence that their systems are inline with the GDPR. All applications involved in personal data processing should therefore produce meaningful event logs that can later be used for the effective auditing of complex processes. Aim This paper aims to describe and evaluate HS.Register, a system created to collect and securely manage at scale audit logs and data produced by a large number of systems. Methods HS.Register creates a single audit log by collecting and aggregating all kinds of meaningful event logs and data (e.g. ActiveDirectory, syslog, log4j, web server logs, REST, SOAP and HL7 messages). It also includes specially built dashboards for easy auditing and monitoring of complex processes, crossing different systems in an integrated way, as well as providing tools for helping on the auditing and on the diagnostics of difficult problems, using a simple web application. HS.Register is currently installed at five large Portuguese Hospitals and is composed of the following open-source components: HAproxy, RabbitMQ, Elasticsearch, Logstash and Kibana. Results HS.Register currently collects and analyses an average of 93 million events per week and it is being used to document and audit HL7 communications. Discussion Auditing tools like HS.Register are likely to become mandatory in the near future to allow for traceability and detailed auditing for GDPR compliance. © 2018 European Federation for Medical Informatics (EFMI) and IOS Press.