The present study aimed to develop a security evaluation methodology and criteria for a ubiquitous healthcare (u health) system. For this purpose, first, we classified the components of a u-health system. Second, security core technologies were selected that could be applied to a u-health system in three aspects, such as administrative safeguards dealing with the operator, policies, documents, systems, and user education, physical safeguards, dealing with control of entrance and exit, and screens or shared instruments, and technical safeguards, dealing with computer system-related technological elements. Then, each security core technology was assigned to each component of a u-health system, and the relative significance of each was determined. Finally, a methodology and criteria for the evaluation of security and privacy were developed. In conclusion, the outcome can be used for enhancing the security level in the design of a u-health system and setting authentication standards for authorization processes for security.
Keywords
Authentication Criteria, Personal Medical Information, Privacy, Security, Test Methodology, U-Health System
User
Information