Security and privacy in a wireless remote medical system for home healthcare purpose

The study investigates, assesses and evaluates data security and patients' privacy in a real-time wireless telemedicine system utilising GSM/GPRS, BLUETOOTH protocol, and a cellular phone. Fifteen non-risky heart patients, aged (49plusmn14) years (9 females, 6 male) were recruited. The ECGs were continuously monitored (72 h) and transferred anonymously; assigning each patient an identification number and monitoring start time and date, while the patients were performing their every day's indoors and outdoors activities. The data were collected and processed by a modem server at hospital. The server was assigned user-name and password, which were known only by the in charge health care personnel, and the ECGs were identified only by patients' id-number. Authentication, confidentiality and integrity of the data were tested for the risk of insertion attacks, client-to-client attacks and Misconfiguration. Results indicate that no access by unauthorised person was possible to neither mobile phone, nor the Bluetooth module which controls connection establishment and termination, data flow and dial-up communication. No access was possible for unauthorised person at server side and nor the ECG could be personalised. It is conluded that in the present setup, which clinical application is implemented in a small scale, the ECG data is secured and patients' privacy is achieved