Mobile Health Solutions for Biomedical Applications

Mobile Health Solutions for Biomedical Applications Phillip Olla Madonna University, USA Joseph Tan Wayne State University, USA

Medical Information science reference Hershey • New York

Director of Editorial Content: Senior Managing Editor: Managing Editor: Assistant Managing Editor: Typesetter: Cover Design: Printed at:

Kristin Klinger Jamie Snavely Jeff Ash Carole Coulson Larissa Vinci Lisa Tosheff Yurchak Printing Inc.

Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue, Suite 200 Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: [email protected] Web site: http://www.igi-global.com/reference and in the United Kingdom by Information Science Reference (an imprint of IGI Global) 3 Henrietta Street Covent Garden London WC2E 8LU Tel: 44 20 7240 0856 Fax: 44 20 7379 0609 Web site: http://www.eurospanbookstore.com Copyright © 2009 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identi.cation purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging-in-Publication Data Mobile health solutions for biomedical applications / Phillip Olla and Joseph Tan, editors. p. ; cm. Includes bibliographical references and index. Summary: “This book gives detailed analysis of the technology, applications and uses of mobile technologies in the healthcare sector by using case studies to highlight the successes and concerns of mobile health projects”--Provided by publisher. ISBN 978-1-60566-332-6 (hardcover : alk. paper) 1. Telecommunication in medicine. 2. Mobile communication systems. 3. Wireless communication systems. 4. Cellular telephones. 5. Medical technology. I. Olla, Phillip. II. Tan, Joseph K. H. [DNLM: 1. Telemedicine. 2. Ambulatory Monitoring. 3. Cellular Phone. 4. Computers, Handheld. 5. Medical Records Systems, Computerized. 6. User-Computer Interface. W 83.1 M6865 2009] R119.9.M58 2009 610.28--dc22 2008040451 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library. All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not necessarily of the publisher.

Need Advanced Ad

Editorial Advisory Board

George Demiris, University of Missouri, USA Nayna Patel, Brunel University, UK Thomas M. Deserno, RWTH Aachen University, Germany Jyoti Choudrie, University of Hertfordshire, UK Paul Hu, University of Utah, USA Patrice Monthrope, University of West Indies, Jamaica Richard Hull, University of Newcastle upon Tyne, United Kingdom Elena Qureshi, Madonna University, USA Francis Lau, University of Victoria, Canada Venus Olla, Nottingham University, UK Dave Parry, Auckland University of Technology, New Zealand Mathew Guah, Erasmus University, The Netherlands Jim Warren, University of Auckland, New Zealand H. Joseph Wen, Southeast Missouri State University, USA Yvette Miller, University of Toronto, Canada Yufei Yuan, McMaster University, Canada Daniel Zeng, University of Arizona, USA Kai Zheng, The University of Michigan, USA Jacqueline Brodie, Napier University, Scotland Carla Wiggins, Idaho State University, USA Bendik Bygstad, Norwegian School of IT, Norway

Table of Contents

Preface . ...............................................................................................................................................xiii

Section I Mobile Health Applications and Technologies Chapter I Evaluation of Two Mobile Nutrition Tracking Applications for Chronically Ill Populations with Low Literacy Skills ........................................................................................................................ 1 Katie A. Siek, University of Colorado at Boulder, USA Kay H. Connelly, Indiana University, USA Beenish Chaudry, Indiana University, USA Desiree Lambert, Trilogy Health Services, USA Janet L. Welch, Indiana University School of Nursing, USA Chapter II Accessing an Existing Virtual Electronic Patient Record with a Secure Wireless Architecture .......... 24 Ana Ferreira, Center for Informatics, Faculty of Medicine in Porto, Portugal Luís Barreto, Instituto Politécnico de Viana do Castelo, Portugal Pedro Brandão, LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal Ricardo Correia, Center for Informatics, Faculty of Medicine in Porto, Portugal Susana Sargento, Universidade de Aveiro, Portugal Luís Antunes, LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal Chapter III Personal Health Records Systems Go Mobile: Defining Evaluation Components................................ 45 Phillip Olla, Madonna University, USA Joseph Tan, Wayne State University, USA Chapter IV Medical Information Representation Framework for Mobile Healthcare ............................................ 71 Ing Widya,University of Twente, The Netherlands HaiLiang Mei,University of Twente, The Netherlands Bert-Jan van Beijnum,University of Twente, The Netherlands Jacqueline Wijsman,University of Twente, The Netherlands Hermie J. Hermens,University of Twente, The Netherlands

Chapter V A Distributed Approach of a Clinical Decision Support System Based on Cooperation...................... 92 Daniel Ruiz-Fernández, University of Alicante, Spain Antonio Soriano-Payá, University of Alicante, Spain Chapter VI Managing Mobile Healthcare Knowledge: Physicians’ Perceptions on Knowledge Creation and Reuse.............................................................................................................................. 111 Teppo Räisänen, University of Oulu, Finland Harri Oinas-Kukkonen, University of Oulu, Finland Katja Leiviskä, University of Oulu, Finland Matti Seppänen, The Finnish Medical Society Duodecim, Finland Markku Kallio, The Finnish Medical Society Duodecim, Finland

Section II Patient Monitoring and Wearable Devices Chapter VII Patient Monitoring in Diverse Environments ..................................................................................... 129 Yousef Jasemian, Engineering College of Aarhus, Denmark Chapter VIII Monitoring Hospital Patients Using Ambient Displays....................................................................... 143 Monica Tentori, CICESE, Mexico Daniela Segura, CICESE, Mexico Jesus Favela, CICESE, Mexico Chapter IX Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks........................... 159 Javier Espina, Philips Research Europe, The Netherlands Heribert Baldus, Philips Research Europe, The Netherlands Thomas Falck, Philips Research Europe, The Netherlands Oscar Garcia, Philips Research Europe, The Netherlands Karin Klabunde, Philips Research Europe, The Netherlands Chapter X Sensing of Vital Signs and Transmission Using Wireless Networks................................................... 180 Yousef Jasemian, Engineering College of Aarhus, Denmark

Chapter XI Towards Wearable Physiological Monitoring on a Mobile Phone....................................................... 208 Nuria Oliver, Telefonica Research, Spain Fernando Flores-Mangas, University of Toronto, Canada Rodrigo de Oliveira, State University of Campinas, Brazil

Section III Context Aware Systems

Chapter XII A Framework for Capturing Patient Consent in Pervasive Healthcare Applications.......................... 245 Giovanni Russello, Imperial College London, UK Changyu Dong, Imperial College London, UK Naranker Dualy, Imperial College London, UK Chapter XIII Technology Enablers for Context-Aware Healthcare Applications..................................................... 260 Filipe Meneses, Universidade do Minho, Portugal Adriano Moreira, Universidade do Minho, Portugal Chapter XIV Modeling Spatiotemporal Developments in Spatial Health Systems.................................................. 270 Bjorn Gottfried, University of Bremen, Germany Chapter XV Context-Aware Task Distribution for Enhanced M-health Application Performance......................... 285 Hailiang Mei, University of Twente, The Netherlands Bert-Jan van Beijnum, University of Twente, The Netherlands Ing Widya, University of Twente, The Netherlands Val Jones, University of Twente, The Netherlands Hermie Hermens, , University of Twente, The Netherlands

Compilation of References................................................................................................................ 308 About the Contributors..................................................................................................................... 332 Index.................................................................................................................................................... 341

Detailed Table of Contents

Preface . ...............................................................................................................................................xiii

Section I Mobile Health Applications and Technologies Chapter I Evaluation of Two Mobile Nutrition Tracking Applications for Chronically Ill Populations with Low Literacy Skills ........................................................................................................................ 1 Katie A. Siek, University of Colorado at Boulder, USA Kay H. Connelly, Indiana University, USA Beenish Chaudry, Indiana University, USA Desiree Lambert, Trilogy Health Services, USA Janet L. Welch, Indiana University School of Nursing, USA In this chapter, the authors discuss two case studies that compare and contrast the use of barcode scanning, voice recording, and patient self reporting as a means to monitor the nutritional intake of a chronically ill population. Chapter II Accessing an Existing Virtual Electronic Patient Record with a Secure Wireless Architecture .......... 24 Ana Ferreira, Center for Informatics, Faculty of Medicine in Porto, Portugal Luís Barreto, Instituto Politécnico de Viana do Castelo, Portugal Pedro Brandão, LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal Ricardo Correia, Center for Informatics, Faculty of Medicine in Porto, Portugal Susana Sargento, Universidade de Aveiro, Portugal Luís Antunes, LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal The main objective of this chapter is to model, develop and evaluate (e.g. in terms of efficiency, complexity, impact and against network attacks) a proposal for a secure wireless architecture in order to access a VEPR. This VEPR is being used within a university hospital by more than 1,000 doctors, on a daily basis. Its users would greatly benefit if this service would be extended to a wider part of the hospital and not only to their workstation, achieving this way faster and greater mobility in the treatment of their patients.

Chapter III Personal Health Records Systems Go Mobile: Defining Evaluation Components................................ 45 Phillip Olla, Madonna University, USA Joseph Tan, Wayne State University, USA This chapter provides an overview of Mobile Personal Health Record (MPHR) systems. A Mobile personal health record is an eclectic application through which patients can access, manage, and share their health information from a mobile device in a private, confidential, and secure environment. Specifically, the chapter reviews the extant literature on critical evaluative components to be considered when assessing MPHR systems. Chapter IV Medical Information Representation Framework for Mobile Healthcare ............................................ 71 Ing Widya,University of Twente, The Netherlands HaiLiang Mei,University of Twente, The Netherlands Bert-Jan van Beijnum,University of Twente, The Netherlands Jacqueline Wijsman,University of Twente, The Netherlands Hermie J. Hermens,University of Twente, The Netherlands This chapter describes a framework which enables medical information, in particular clinical vital signs and professional annotations, be processed, exchanged, stored and managed modularly and flexibly in a mobile, distributed and heterogeneous environment despite the diversity of the formats used to represent the information. Chapter V A Distributed Approach of a Clinical Decision Support System Based on Cooperation...................... 92 Daniel Ruiz-Fernández, University of Alicante, Spain Antonio Soriano-Payá, University of Alicante, Spain This chapter presents an architecture for diagnosis support based on the collaboration among different diagnosis-support artificial entities and the physicians themselves; the authors try to imitate the clinical meetings in hospitals in which the members of a medical team share their opinions in order to analyze complicated diagnoses. Chapter VI Managing Mobile Healthcare Knowledge: Physicians’ Perceptions on Knowledge Creation and Reuse.............................................................................................................................. 111 Teppo Räisänen, University of Oulu, Finland Harri Oinas-Kukkonen, University of Oulu, Finland Katja Leiviskä, University of Oulu, Finland Matti Seppänen, The Finnish Medical Society Duodecim, Finland Markku Kallio, The Finnish Medical Society Duodecim, Finland

This chapter aims to demonstrate that mobile healthcare information system may also help physicians to communicate and collaborate as well as learn and share their experiences within their work community. Physicians’ usage of a mobile system is analyzed through a knowledge management framework known as the 7C model. The data was collected through the Internet among all of the 352 users of the mobile system. The results indicate that frequent use of the system seemed to improve individual physicians’ knowledge work as well as the collective intelligence of a work community. Overall, knowledge management seems to be a prominent approach for studying healthcare information systems and their impact on the work of physicians.

Section II Patient Monitoring and Wearable Devices Chapter VII Patient Monitoring in Diverse Environments ..................................................................................... 129 Yousef Jasemian, Engineering College of Aarhus, Denmark This chapter intends to explore the issues and limitations concerning application of mobile health system in diverse environments, trying to emphasize the advantages and drawbacks, data security and integrity suggesting approaches for enhancements. These issues will be explored in successive subsections by introducing two studies which were undertaken by the author. Chapter VIII Monitoring Hospital Patients Using Ambient Displays....................................................................... 143 Monica Tentori, CICESE, Mexico Daniela Segura, CICESE, Mexico Jesus Favela, CICESE, Mexico In this chapter the authors explore the use of ambient displays to adequately monitor patient’s health status and promptly and opportunistically notify hospital workers of those changes. To show the feasibility and applicability of ambient displays in hospitals they designed and developed two ambient displays that can be used to provide awareness patients’ health status to hospital workers. Chapter IX Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks........................... 159 Javier Espina, Philips Research Europe, The Netherlands Heribert Baldus, Philips Research Europe, The Netherlands Thomas Falck, Philips Research Europe, The Netherlands Oscar Garcia, Philips Research Europe, The Netherlands Karin Klabunde, Philips Research Europe, The Netherlands Wireless Body Sensor Networks (BSNs) are an indispensable building stone for any pervasive healthcare system. Although suitable wireless technologies are available and standardization dedicated to BSN communication has been initiated, the authors identify key challenges in the areas of easy-of-use, safety,

and security that hinder a quick adoption of BSNs. To address the identified issues we propose using Body-Coupled Communication (BCC) for the automatic formation of BSNs and for user identification. They also present a lightweight mechanism that enables a transparent security setup for BSNs used in pervasive healthcare systems. Chapter X Sensing of Vital Signs and Transmission Using Wireless Networks................................................... 180 Yousef Jasemian, Engineering College of Aarhus, Denmark This chapter deals with a comprehensive investigation of feasibility of wireless and cellular telecommunication technologies and services in a real-time M-Health system. The chapter bases its investigation, results, discussion and argumentation on an already developed remote patient monitoring system by the author. Chapter XI Towards Wearable Physiological Monitoring on a Mobile Phone....................................................... 208 Nuria Oliver, Telefonica Research, Spain Fernando Flores-Mangas, University of Toronto, Canada Rodrigo de Oliveira, State University of Campinas, Brazil In this chapter, we present our experience in using mobile phones as a platform for real-time physiological monitoring and analysis. In particular, we describe in detail the TripleBeat system, a research prototype that assists runners in achieving predefined exercise goals via musical feedback, a glanceable interface for increased personal awareness and a virtual competition. We believe that systems like TripleBeat will play an important role in assisting users towards healthier and more active lifestyles.

Section III Context Aware Systems

Chapter XII A Framework for Capturing Patient Consent in Pervasive Healthcare Applications.......................... 245 Giovanni Russello, Imperial College London, UK Changyu Dong, Imperial College London, UK Naranker Dualy, Imperial College London, UK In this chapter, the authors describe a new framework for pervasive healthcare applications where the patient’s consent has a pivotal role. In their framework, patients are able to control the disclosure of their medical data. The patient’s consent is implicitly captured by the context in which his or her medical data is being accessed. Context is expressed in terms of workflows. The execution of a task in a workflow carries information that the system uses for providing access rights accordingly to the patient’s consent. Ultimately, the patient is in charge of withdrawing consent if necessary. Moreover, the use of workflow enables the enforcement of the need-to-kwon principle. This means that a subject is authorised to access sensitive data only when required by the actual situation.

Chapter XIII Technology Enablers for Context-Aware Healthcare Applications..................................................... 260 Filipe Meneses, Universidade do Minho, Portugal Adriano Moreira, Universidade do Minho, Portugal This chapter focuses on how context and location can be used in innovative applications and how to use a set of solutions and technologies that enable the development of innovative context and locationaware solutions for healthcare area. It shows how a mobile phone can be used to compute the level of familiarity of the user with the surrounding environment and how the familiarity level can be used in a number of situations. Chapter XIV Modeling Spatiotemporal Developments in Spatial Health Systems.................................................. 270 Bjorn Gottfried, University of Bremen, Germany This chapter introduces spatial health systems, identifies fun¬damental properties of these systems, and details for specific applications the methods to be applied in order to show how problems are solved in this field. On the one hand, this chapter gives an overview of this area, on the other hand, it is written for those who are interested in designing spatial health systems. The result is that different spatial scales and pur¬poses require different representations for describing the spatiotemporal change of objects, that is their spatiotemporal development, showing how fundamental aspects of spatial health systems are dealt with. Chapter XV Context-Aware Task Distribution for Enhanced M-health Application Performance......................... 285 Hailiang Mei, University of Twente, The Netherlands Bert-Jan van Beijnum, University of Twente, The Netherlands Ing Widya, University of Twente, The Netherlands Val Jones, University of Twente, The Netherlands Hermie Hermens, , University of Twente, The Netherlands As well as applying the traditional adaptation methods such as protocol adaptation and data prioritization, the authors investigate the possibility of adaptation based on dynamic task redistribution. In this chapter, the authors propose an adaptation middleware that consists of a task assignment decision mechanism and a task redistribution infrastructure. The decision mechanism represents task assignment as a graph mapping problem and searches for the optimal assignment given the latest context information. Once a new assignment is identified, the member tasks are distributed accordingly by the distribution infrastructure. A prototype implementation based on the OSGi framework is reported to validate the task redistribution infrastructure. Compilation of References................................................................................................................ 308 About the Contributors..................................................................................................................... 332 Index.................................................................................................................................................... 341

xiii

Preface

Pervasive healthcare environment, focusing on the integration of mobile and ubiquitous technology to reform working and living conditions for individuals and organizations in the healthcare sector, sets the stage for an innovative emerging research discipline. Healthcare systems are experiencing a variety of challenges including the prevalence of life-style related conditions, growing consumerism in healthcare, the need to empower patients with information for better decision making, requests for better tools for self-care and management of deteriorating health conditions, the need for seamless access for healthcare services via the Internet and mobile devices, and the growing costs of providing healthcare. Mobile health (m-health) is an integral and significant part of the emerging pervasive healthcare field. M-Health contains three core components integrated into the healthcare environment. The first component is the availability of a reliable wireless architecture; the second component is the integration of medical sensor or wearable devices for monitoring; and the final component is a robust application and services infrastructure. M-Health relates to applications and systems such as telemedicine, telehealth, e-health, and biomedical sensing system. The rapid advances in information communication technology (ICT), nanotechnology, bio-monitoring, mobile networks, pervasive computing, wearable systems, and drug delivery approaches are transforming the healthcare sector and fueling the m-health phenomenon. MHealth aims to make healthcare accessible to anyone, anytime, and anywhere by elimination constraints such as time and location in addition to increasing both the coverage and quality of healthcare. Mobile and wireless concepts in healthcare are typically related to bio-monitoring and home monitoring; however, more recently the trend to incorporate mobile technology has become more prevalent across almost the entire healthcare data acquisition task domains. Bio monitoring using mobile networks includes physiological monitoring of parameters such as heart rate, electrocardiogram (ECG), electroencephalogram (EEG) monitoring, blood pressure, blood oximetry, and other physiological signals. Alternative uses include physical activity monitoring of parameters such as movement, gastrointestinal telemetry fall detection, and location tracking. Using mobile technology, patient records can be accessed by healthcare professionals from any given location by connecting the institution’s internal network. Physicians now have ubiquitous access to patient history, laboratory results, pharmaceutical data, insurance information, and medical resources. These mobile healthcare applications improve the quality of patient care. Handheld devices can also be used in home healthcare, for example, to fight diabetes through effective monitoring. A comprehensive overview of some of these mobile health applications and research has been presented in this book. This book provides an international perspective on the benefits of mobile health technology to illustrate different examples and applications implemented in the global healthcare sector. The work features 32 contributing authors representing six countries including the United States, United Kingdom, Spain, Portugal, Italy, and Denmark. Even though the healthcare policies and governance of healthcare systems

xiv

in these countries differ, the benefits to be realized from a future of implementations of mobile health technology are not inconsistent among the countries. The book may be divided into three major sections: 1. 2. 3.

Mobile Health Applications and Technologies Patient Monitoring and Wearable Devices Context Aware Systems in Healthcare

The first section “Mobile Health Applications and Technologies” provides an analysis of the technology. Case studies highlighting the successes and challenges of mobile health projects offer real-world illustrations of applications and uses of mobile technologies in the healthcare sector. M-Health is a broad area transcending multiple disciplines and utilizing a broad range of technologies. “Evaluation of Two Mobile Nutrition Tracking Applications for Chronically Ill Populations with Low Literacy Skills,” authored by Katie A. Siek, Kay H. Connelly, Beenish Chaudry, Desiree Lambert, and Janet L. Welch, discusses two case studies that compare and contrast the use of barcode scanning, voice recording, and patient self reporting as a means to monitor the nutritional intake of a chronically ill population. Chapter II “Accessing an Existing Virtual Electronic Patient Record with a Secure Wireless Architecture” by Ana Ferreira, Luís Barreto, Pedro Brandão, Ricardo Correia, Susana Sargento, and Luís Antunes presents the concept of a virtual electronic patient records system that enables the integration and sharing of healthcare information within heterogeneous organizations. The VEPR system aims to alleviate the constraints in terms of physical location as well as technology in order to access vital patient records. The use of wireless technology attempts to allow access to patient data and processing of clinical records closer to the point of care. The ubiquitous access to information can minimize physical as well as time constraints for healthcare, enhancing users’ mobility within the institution. The next chapter in this section entitled “Personal Health Records Systems Go Mobile: Defining Evaluation Components” is authored by Phillip Olla and Joseph Tan. It provides an overview of Mobile Personal Health Record (MPHR) systems. A Mobile personal health record is an eclectic application through which patients can access, manage and share their health information from a mobile device in a private, confidential, and secure environment. Chapter IV focusing on “Medical Information Representation Framework for Mobile Healthcare” was written by Ing Widya, HaiLiang Mei, Bert-Jan van Beijnum, Jacqueline Wijsman, and Hermie Hermens. This chapter describes a framework which enables medical information such as clinical, vital signs and professional annotations to be manipulated in a mobile, distributed and heterogeneous environment despite the diversity of the formats used to represent the information. It further proposes the use of techniques and constructs similar to the internet to deal with medical information represented in multiple formats. Chapter V is “A Distributed Approach of a Clinical Decision Support System Based on Cooperation,” authored by Daniel Ruiz-Fernández and Antonio Soriano-Payá. This chapter discusses an architecture that supports diagnosis based on the collaboration among different diagnosis-support artificial entities or agents and the physicians themselves. The proposed systems architecture, which was tested in a melanoma and urological dysfunctions diagnosis, combines availability, cooperation and harmonization of all contributions in a diagnosis process. Chapter VI, the final chapter in this section, “Managing Mobile Healthcare Knowledge: Physicians’ Perceptions on Knowledge Creation and Reuse” was authored by Teppo Räisänen, Harri Oinas-Kukkonen, Katja Leiviskä, Matti Seppänen, and Markku Kallio. This chapter focuses on mobile access to medical literature and electronic pharmacopoeias, aiming to demonstrate that using these recourses effectively may help physicians to communicate and col-

xv

laborate as well as learn and share their experiences within their user community. The chapter presents a case study of the users of Duodecim mobile healthcare information system. The second section presents research on Patient Monitoring and Wearable Devices. Chapter VII, the first chapter in this section, is titled “Patient Monitoring in Diverse Environments” and is authored by Yousef Jasemian. This chapter discusses the benefits of recording of physiological vital signs in patients’ real-life environment by a mobile health system. This approach is useful in the management of chronic disorders such as hypertension, diabetes, anorexia nervosa, chronic pain, or severe obesity. The author explored the issues and limitations concerning the application of mobile health system in diverse environments, emphasizing the advantages and drawbacks, data security and integrity while also suggesting approaches for enhancements. The following chapter, Chapter VIII, is titled “Monitoring Hospital Patients using Ambient Displays” authored by Monica Tentori, Daniela Segura, and Jesus Favela. This chapter explores the use of ambient displays to promptly notify hospital workers of relevant events related to their patients. To highlight the feasibility and applicability of ambient displays in hospitals, this chapter presents two ambient displays aimed at creating a wearable connection between patients and healthcare providers. The authors also discuss issues and opportunities for the deployment of ambient displays for patient monitoring. Chapter IX is titled “Towards Easy-to-uUse, Safe, and Secure Wireless Medical Body Sensor Networks” and is authored by Javier Espina, Heribert Baldus, Thomas Falck, Oscar Garcia, and Karin Klabunde. This chapter discusses the use of wireless body sensor networks (BSNs), which are an integral part of any pervasive healthcare system. It discusses suitable wireless technologies and standardization dedicated to BSN communication and highlights key challenges in the areas of easyof-use, safety, and security that hinder a quick adoption of BSNs. To address the identified challenges, the authors proposed the use of body-coupled communication (BCC) for the automatic formation of BSNs and for user identification and presented a lightweight mechanism that would enable a transparent security setup for BSNs used in pervasive healthcare systems. Chapter X is titled “Sensing of Vital Signs and Transmission Using Wireless Networks” and is authored by Yousef Jasemian. This chapter investigated the feasibility using wireless and cellular telecommunication technologies and services in a real-time m-health system. He based his investigation, results, discussion and argumentation on an existing remote patient monitoring system. His results indicated that the system functioned with a clinically acceptable performance, and transferred medical data with a reasonable quality, even though the system was tested under totally uncontrolled circumstances during the patients’ daily activities. Both the patients and the healthcare personnel who participated expressed their confidence in using the technology. The author also suggested enhancing features for more reliable, more secure, more user-friendly and higher performing M-Health system in future implementations. Chapter XI, “Towards Wearable Physiological Monitoring on a Mobile Phone” by Nuria Oliver, Fernando Flores-Mangas, and Rodrigo de Oliveira discusses the experience gained from using mobile phones as a platform for real-time physiological monitoring and analysis. The authors presented two mobile phone-based prototypes that explore the impact of real-time physiological monitoring in the daily life of users. The first prototype is called HealthGear; this is a system to monitor users while they are sleeping and automatically detect sleep apnea events; the second is TripleBeat, a prototype that assists runners in achieving predefined exercise goals via musical feedback and two persuasive techniques: a glanceable interface for increased personal awareness and a virtual competition. The third and last section focuses on research and on the theme of Context Aware Systems in the healthcare arena. Chapter XII, the first chapter in this section, is titled “A Framework for Capturing Patient Consent in Pervasive Healthcare Applications.” It is authored by Giovanni Russello, Changyu Dong, and Naranker Dualy and describes a new framework for pervasive healthcare applications where the patient’s consent plays a pivotal role. In the framework presented, patients are able to control the

xvi

disclosure of their medical data. The patient’s consent is implicitly captured by the context in which his or her medical data is being accessed. Context is expressed in terms of workflows. The execution of a task in a workflow carries information that the system uses for providing access rights accordingly to the patient’s consent. Ultimately, the patient is in charge of withdrawing consent if necessary. Chapter XIII is titled “Technology Enablers for Context-Aware Healthcare Applications” authored by Filipe Meneses and Adriano Moreira. This chapter discusses how context and location can be used in innovative applications and how to use a set of solutions and technologies that enable the development of innovative context and location-aware solutions for healthcare area. The chapter highlights how a mobile phone can be used to compute the level of familiarity of the user with the surrounding environment and how the familiarity level can be used in a number of situations. The increasing availability of mobile devices and wireless networks, and the tendency for them to become ubiquitous in our dally lives, creates a favourable technological environment for the emergence of new, simple, and added-value applications for healthcare. Chapter XIV is titled “Modeling Spatiotemporal Developments in Spatial Health Systems” is authored by Bjorn Gottfried and discusses Spatial health systems and the support these systems can provide to disabled people and the elderly in dealing with everyday life problems. The author also addresses every kinds of health related issues that can develop in space and time. The work focuses on how spatial health systems monitor the physical activity of people in order to determine how to support the monitored individuals. Chapter XV, the final chapter in this section, titled, “ContextAware Task Distribution for Enhanced M-Health Application Performance” authored by Hailiang Mei, Bert-Jan van Beijnum, Ing Widya, Val Jones, Hermie Hermens. This chapter describes the importance of context-aware mobile healthcare systems. Due to the emergence of new medical sensor technologies, the fast adoption of advanced mobile systems to improve the quality of care required by today’s patients context aware healthcare systems is clearly needed . The authors propose an adaptation middleware that consists of a task assignment decision mechanism and a task (re-) distribution infrastructure. The decision mechanism represents task assignment as a graph mapping problem and searches for the optimal assignment given the latest context information. The research presented in this book is important due to the emergence of pervasive computing and health care systems that provide quality patient care services. By reviewing the diverse chapters presented a healthcare provider or practitioner will learn about the potential applications that will become the norm in the future.

Section I

Mobile Health Applications and Technologies



Chapter I

Evaluation of Two Mobile Nutrition Tracking Applications for Chronically Ill Populations with Low Literacy Skills Katie A. Siek University of Colorado at Boulder, USA Kay H. Connelly Indiana University, USA Beenish Chaudry Indiana University, USA Desiree Lambert Trilogy Health Services, USA Janet L. Welch Indiana University School of Nursing, USA

ABSTRACT In this chapter, the authors discuss two case studies that compare and contrast the use of barcode scanning, voice recording, and patient self reporting as a means to monitor the nutritional intake of a chronically ill population. In the first study, they found that participants preferred unstructured voice recordings rather than barcode scanning. Since unstructured voice recordings require costly transcription and analysis, they conducted a second case study where participants used barcode scanning or an integrated voice response system to record nutritional intake. The authors found that although the latter input method provided participants with a faster method to input food items, participants had difficulty using the system despite training. Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Evaluation of Two Mobile Nutrition Tracking Applications

INTRODUCTION Chronic diseases, such as chronic kidney disease (CKD) and heart disease, are among the leading causes of death and disability in the world. At least half of the chronic disease related deaths could be prevented by adopting a healthy lifestyle, such as good nutrition, increased physical activity, and cessation of tobacco use. Researchers believe that the world must put a higher priority on interventions to help prevent and successfully manage chronic illness (Preventing Chronic Diseases: A Vital Investment, 2005). Current interventions to help chronically ill populations improve their nutritional health and self-manage therapeutic diets include paperbased food diaries, 24 hour recalls, and food frequency questionnaires (Dwyer, Picciano, & Raiten, 2003; Resnicow et al., 2000). Patients who use these interventions must have high literacy and memory recall skills. Unfortunately, over a quarter of the United States population do not have the necessary literacy or numeracy skills needed to successfully self-monitor themselves (Kirsch et al., 1993). If people cannot self-monitor themselves, they cannot manage their chronic conditions (HRSA Literacy) and may lead them to worse health outcomes (Schillinger et al., 2002). In addition, to administer current interventions medical professionals must spend a significant amount of time evaluating the data from paperbased forms. We are currently developing a mobile handheld application to assist CKD patients on hemodialysis monitor and maintain their nutritional intake. Initially, we thought a personal digital assistant (PDA) would be the best solution for health professionals and patients (Connelly, Faber, Rogers, Siek, & Toscos, 2006). Participants could scan barcodes on food items for their primary input or select items from an interface as a secondary input. These input mechanisms are ideal for low literacy populations because there is no reading required – participants only have to identify a barcode or



select a picture. Health professionals could easily administer the intervention and evaluate data without intermediate steps of electronic transcription. The low literacy chronically ill participants benefit from using the application because they can use the application anytime they consumed a food item, receive immediate visual feedback on their nutritional intake, and make decisions on a prospective basis. In addition, the interface and content could be customized for populations with varying literacy and computing skills. In this chapter, as part of a larger study, we will compare and contrast the use of barcode scanning, integrated voice response system (IVRS), and patient self reporting as a means to monitor their nutritional intake relative to their dietary prescription of CKD patients. In the first case study we found that participants preferred unstructured voice recordings rather than barcode scanning. Unstructured voice recordings are difficult to automatically parse and require transcription. We had to find out if patients would use a menu-based structured voice input system, such as IVRSs for automated recognition. In the second case study, we explored participant use of an IVRS and found although the system provided participants with a quicker way to input food items, participants had difficulty using the system and some could not use the system despite training. We will discuss the methodology and findings from these two case studies. We will conclude the chapter with lessons learned during the user study and provide considerations for future areas of research.

RELATED WORK PDAs with scanner input and mobile phones used for IVRS input gather information in many domains. PDAs and scanners have been used to show clinicians videos about specific unit appliances (Brandt, Björgvinsson, Hillgren, Bergqvist, & Emilson, 2002), save and search for information about food products, music, and

Evaluation of Two Mobile Nutrition Tracking Applications

books (Bernheim, Combs, Smith, & Gupta, 2005), and obtain information about an environment from embedded barcodes (Fitzmaurice, Khan, Buxton, Kurtenback, & Balakrishnan, 2003). Mobile phones used for IVRSs have been used for patient counseling to enhance time spent with health professionals (Glasgow, Bull, Piette, & Steiner, 2004) and assess patient status with chronic illnesses such as depression, cancer, heart failure, and diabetes (Piette, 2000). In this section, we discuss specifically how PDAs and mobile phones have been used for interventions and nutritional monitoring.

PDA Nutrition Monitoring Interventions Currently, there are many PDA applications that can assist with the self-monitoring of nutritional intake. The United States Department of Agriculture (USDA) has a PDA nutrient database that provides people with a mechanism for looking up the nutritional information of foods. Users must correctly type the first few letters of a food item they are looking for into a search box and then click through a series of menus to find the appropriate food item based on portion size and preparation (“USDA Palm OS Search,” 2008). DietMatePro ( http://www.dietmatepro.com) and BalanceLog (http://www.healthetech.com/) use the USDA database along with other fast food nutritional information to create a PDA program that provides users with a way to save consumption information for a set of specific nutrients. CalorieKing (http://www.calorieking.com/) uses its own nutritional database and provides users the ability to save consumption information. In addition, it has a nutritional tracking application specific to diabetic populations. The applications are similar to the USDA database in that users must be able to spell the first few letters of food items. Unlike the USDA database, users must type in portion size. Food items are also broken up into three subsections - breakfast, lunch, and

dinner. The nutritional analysis is given on a separate screen. Researchers at Indiana University studied how three people with CKD used DietMatePro to monitor nutritional consumption over a three-month period. They found participants had difficulty navigating standard PDA menu navigation and preferred using a large PDA screen with touch sensitive icons (Dowell & Welch, 2006). Sevick and colleagues evaluated how five CKD participants used BalanceLog over a four-month period. They found that participants improved their dietary intake using the electronic nutrition monitoring system (Sevick et al., 2005). Both applications evaluated in these studies required significant literacy and cognitive skills. Stephen Intille et al. created a proof-of-concept PDA application that provides users with a way to scan food items and obtain nutritional information to assist users in making healthy choices (Intille, Kukla, Farzanfar, & Bakr, 2003). The application did not have an extensive UPC/nutrition database because none are freely available. Although the application does not allow users to save intake information, the application shows that integration of scanners and nutrition information is possible given enough resources. Researchers at Microsoft created a generic barcode look-up system that gave participants the opportunity to look up product information available online about specific food items. During their five-week study with twenty participants familiar with PDA technology, they found participants had mixed reactions to the system in terms of enjoyment and usefulness. Similar to a recent mobile phone study at Georgia Tech (Patel, Kientz, Hayes, Bhat, & Abowd, 2006), participants in the Microsoft study did not always bring the PDA with them despite being enthusiastic PDA owners (Bernheim et al., 2005). In addition to PDA monitoring of nutrition, there have been great strides in mobile phone nutrition monitoring applications. Those who use the commercial application myFoodPhone take pictures of foods they are consuming with



Evaluation of Two Mobile Nutrition Tracking Applications

their mobile phone and post the pictures to an online food journal to receive feedback from a nutritionist (http://www.myfoodphone.com/). However, users must have access to a computer and be able to properly upload the information. Tsai and colleagues developed a mobile phone application where participants input food items via the keypad and immediately receive feedback on caloric balance on the phone screen. During the month-long feasibility study with 15 collegeeducated participants, they found participants preferred the mobile phone input system to traditional paper and pen journaling methods (Tsai et al., 2006). These applications use mobile phone input via pictures or key presses, but a more natural input interaction would be voice recognition software. In the next subsection, we discuss the use of IVRSs in health interventions.

Integrated Voice Response Systems in Interventions IVRSs in healthcare have been used for reminders, surveys, screening and assessments, and disease management (Lavigne, 1998). A review of IVRS feasibility studies in populations with chronic illnesses such as depression, cancer, heart failure, and diabetes led Piette to conclude that IVRSs are feasible for chronically ill populations, including populations that have mental health problems or low-income (Piette, Weinberger, & McPhee, 2000). According to Mundt et al. (2002), IVRSs benefit healthcare because they ensure procedural standardization, automatic data scoring, direct electronic storage, and remote accessibility from multiple locations. Long-term alcoholism and coital studies have supported the feasibility of interventions (Aharonovich et al., 2006; Helzer, Badger, Searles, Rose, & Mongeon, 2006; Mundt et al., 2002; Hays, Irsula, McMullen, & Feldblum, 2001; Schroder et al., 2007), though the populations are well educated and technically savvy. Notably Aiemagno et al. (1996) assessed substance abuse treatment



needs among 207 homeless adults, finding some evidence of greater disclosure of risky behaviors with IVRS. Long-term IVRS usage has had mixed reporting rates and health-related quality of life benefits. A 91 day coital study by Schroder et al. (2007) found a significant decrease in self-reports over time, while a two-year study with daily reports of alcohol consumption by Helzer et al. (2006) had a 91.7% reporting rate, but compensated participants per call. Daily alcoholism reports among HIV patients found a decrease in drinking over time (Aharonovich et al., 2006). In contrast, an IVRS intervention with diabetes patients found no measurable effects on anxiety or health-related quality of life (Piette et al., 2000). Disease management IVRSs that act as diaries have improved participant satisfaction over paper diaries (Hays et al., 2001). Two recent studies have challenged this result (Weiler, Christ, Woodworth, Weiler, & Weiler, 2004; Stuart, Laraia, Ornstein, & Nietert, 2003). Weiler et al. (2004) conducted a 3-week, 3-way, cross-over trial including 87 adults with allergic rhinitis recording daily through an IVRS or paper diary. A majority (85%) of the participants preferred the paper instrument, whereas only 4% preferred the IVRS. Stuart et al. (2003) conducted a year-long study with 642 patients to enhance antidepressant medication compliance. One of three different treatment strategies included a 12-week IVRS component, yet no significant differences in patient compliance were found and 50% of the 232 patients assigned to the IVRS component either never used the system or stopped before the 12 weeks were completed. IVRSs in healthcare typically limit response input to yes/no or numeric responses (Levin & Levin, 2006). Recent work exploring how IVRS vocabulary is expanded in a two week pain monitoring study by Levin et al. found that number of sessions per subject ranged from 1 to 20, accumulating 171 complete sessions and 2,437 dialogue turns. Only 2% of responses recorded

Evaluation of Two Mobile Nutrition Tracking Applications

Table 1. Overview of case study 1 Study Phase #

Length of Phase

Phase 1

1 week

Break

3 weeks

Phase 2

2 weeks

Motivating Research Question(s) 1. Can participants find, identify, and successfully scan barcodes on food items? 1. Will participants remember how to use this application after a 3 week break? 2. Will participants actively participate without meeting with researchers every other day?

were out-of-vocabulary. Though volunteers in the evaluation were not trained, the results suggested that training sessions could have significant value and that IVR-based data collection is not a replacement for existing data collection, but simply another option for healthcare providers and researchers. Whereas the research discussed in this section primarily focuses on how well educated, technically savvy users interact with various technology interventions for monitoring in their everyday lives, our work deals with how non-technical users with varying literacy skills use two different types of input mechanisms. The IVRS literature especially shows how compliance is studied with this technology, but it does not research if participants could use the system and how the system can be improved. We are iteratively studying input mechanisms because our target population will depend on the application for their personal health and thus will have to find using the application efficient and enjoyable for long-term adoption. This chapter details two case studies that provided insight into finding the ideal input mechanism for nutrition monitoring.

C STUDY 1: BARCODE AND UNSTRUCTURED VOICE RING In this section we present our initial formative study that examines what, when, and how CKD

participants input food items into an electronic intake monitoring application. The study required that participants complete PDA application training exercises, meet with researchers during dialysis sessions three times per week, and use the Barcode Ed application during two study phases for a total of three weeks. Table 1 shows that there was a three week break between the two phases that allowed researchers to evaluate the data and decide on future directions for the application. All interactions with participants were done during dialysis treatment in an urban, hospital-based, outpatient dialysis unit. We documented how we conducted user studies in a dialysis ward in previous work (Siek & Connelly, 2006).

Methodology In this section, we discuss why we selected the hardware and application used for this case study.

Hardware We chose an off-the-shelf Palm OS Tungsten T3 PDA for our study. The Tungsten T3 has an expandable screen, large buttons, voice recorder, SDIO slot, 52 MB of memory, and Bluetooth. We chose an off-the-shelf PDA so the results could be useful to the consumer health informatics community for future studies. The Socket In-Hand SDIO card scanner (Socket Scanner) was chosen as the barcode scan-



Evaluation of Two Mobile Nutrition Tracking Applications

ner because it was small, easy to use, and gave visual and audio feedback to users. Participants must press the predefined scanning button, line up the scanning light perpendicular to the barcode, and hold the PDA and object steady. The

PDA beeps and shows appropriate feedback when participants have successfully scanned a barcode. Previous studies have shown that CKD patients can use the Tungsten T3 and Socket Scanner (Moor, Connelly, & Rogers, 2004)

Figure 1. Screen shots from Barcode Ed. (a) Home Screen; (b-c) Voice recording and playback screens; (d-e) Barcode Scanning feedback screens



Evaluation of Two Mobile Nutrition Tracking Applications

Application Design We created a simple application, Barcode Ed, because we wanted to isolate participants’ ability to scan and yet have an alternative input mechanism (e.g., voice input) to record all food items consumed. In initial interviews, half of the CKD patients said they did not eat any foods with barcodes. However, once they were prompted, we found they primarily ate frozen, canned, and prepared foods. Thus, for participants to use an easy input mechanism like scanning, they would have to learn how to identify barcodes and use the scanner. We only used scanning and voice recording in this study because we did not want to overburden novice computer users with a complex interface because they may have decreased cognitive function during treatment (Martin-Lester, 1997). Barcode Ed consists of five screens as shown in Figure 1. Since our user group had low literacy skills, we relied on icons 11mm large with some text for navigation. We found these CKD patients could view icons 10mm or larger (Moor et al., 2004). When participants turned on the PDA, they would view the Home screen. Participants could choose to voice record by pressing the Voice button or scan a barcode by pressing the Scan button. As soon as participants pressed the Voice button, the application would begin voice recording and show participants how many minutes and seconds they recorded on the Voice recording screen. When participants were finished recording, they could press the Stop button and play back their recording on the Voice recording play back screen. When participants were satisfied with their recording, they could return to the Home screen. When participants pressed the Scan button, participants could see a red laser line emitted by the scanner. Participants lined the scanner line perpendicularly across the barcode they were attempting to scan. If the food item was successfully scanned, a green check mark would appear on the Barcode scanning success screen.

If the food item was not successfully scanned, a red “X” would appear on the Barcode scanning unsuccessful page and participants could decide whether to scan again or return to the home screen and voice record the item instead. The application recorded the time the participant first pressed a Scan or Voice button, the barcode number or voice recording, and the time the recording was saved. We also recorded how many times participants played back their voice recordings. We did not record how many failed barcode scans were attempted because it was difficult to differentiate when a participant was scanning the same object or gave up and attempted to scan a new object during the same period of time. Also, participants sometimes did not use the scan button on the Barcode scanning unsuccessful page - instead they went to the Home screen and then pressed the scan button again. The times recorded assisted us in determining when participants recorded what they consumed. Recording the number of voice recording playbacks gave us insight into how participants used the application.

Participants Participants were asked to participate in the study during their dialysis session. They had to be (1) over 21 years of age, (2) able to make their own food or have the ability to go out and purchase food, (3) willing to meet with researchers during each dialysis session during the week, and (4) willing to carry the PDA and scanner with them and input food items consumed. Ten participants volunteered for the study. During the first phase, one participant could not participate anymore because of a medical emergency and another participant dropped out because he did not want to record what he was eating (n = 8). We lost two participants during phase two for similar reasons (n = 6). The average age of participants was 52 years old (s.d. = 16.28). Half of the participants were



Evaluation of Two Mobile Nutrition Tracking Applications

male; all of the participants were black. One participant completed an associate degree, four participants graduated from high school, and one participant completed 10th grade. Participants had been receiving dialysis treatments on average of five years (s.d. = 3.5 years). Only four participants reported using a computer. Usage frequency ranged from every couple of months to once a week for a half hour. Participants primarily played games and surfed the Internet. Only two of the participants owned a mobile phone that they used for emergencies only. The participants were equally divided about how many food items they consumed had barcodes - some thought all and some did not think any food items had barcodes. Five patients said they did not have to monitor any nutrients or fluid. However, by the end of the first phase, the researcher had established a trusting relationship with the participants and found that all of them had to monitor fluid and nutrients such as sodium, potassium, phosphorus, and protein. None of the patients recorded their fluid or nutrient consumption prior to the study.

Design and Procedure We met with participants during dialysis sessions four times during each phase of the study for approximately 30 minutes. During the first session, we collected background information and taught participants how to turn the PDA on, insert the scanner, and use the application. Participants practiced scanning various food items and voice recording messages. Researchers met with participants during the study sessions to discuss any problems participants may have had with the PDA, retrain participants how to do certain tasks (e.g., barcode scanning), and collect recordings and barcodes from the PDAs via Bluetooth. The researchers played back the voice recordings to ensure the correct information was transcribed and informed participants if they voice recorded



a food item that could have had a barcode. Participants returned the PDAs at the end of each phase of the study, talked to researchers about their experience, and verbally completed a modified Questionnaire for User Interface Satisfaction (QUIS) (Chin, Diehl, & Norman, 1988) survey. Participants received ten dollars (U.S.) for every time they met with researchers for a total of thirty dollars during phase 1. For phase 2, participants received five dollars each time they met with the researcher for a total of fifteen dollars. Competency skills tests were administered at the end of the second and fourth meeting of the first phase and during the first and last meeting of the second phase to test basic Barcode Ed skills - turning the PDA on; inserting the scanner; scanning three to five objects with different physical qualities; voice recording with play back; and do a combined barcode scanning and voice recording sequence. The items participants had to scan ranged from a cardboard soup mix box that is easy to scan because of the material; a can of chips that is somewhat difficult to scan because of material and barcode orientation; and a bag of candy that is difficult to scan because it is amorphous and made of shiny material. Researchers measured how many times it took participants to successfully complete each task. We measured the time it took to complete each competency skill with the Barcode Ed application. Participants were instructed to scan or voice record food items when they consumed the items. Participants were instructed to scan the barcodes on food items first and voice recording items only if they could not scan the barcode or if a food item did not have a barcode. When participants mastered scanning and voice recording, researchers encouraged participants to note via voice recording how much they were consuming and the portion size. Each participant was given a phone number of a researcher to contact if they had any questions during the study. Participants were given a visual state diagram of the application to assist them with any questions regarding

Evaluation of Two Mobile Nutrition Tracking Applications

use of the application that had images similar to those shown in Figure 1.

Barcode Scanning and Voice Recording Frequency

Findings

One of the motivating factors for the first phase of the Barcode Education study was to teach participants how to identify and scan barcodes. In Figure 2, we see that there was a learning curve associated with identifying and scanning barcodes during the first study phase. Participants voice recorded more individual food items during the first few days of the study because they were either unsure of where the barcode was located on the food item or were unable to scan the barcode. Gradually during the week, we noticed an increase of barcode scans up until the last day of the first study phase when participants barcode scanned more than they voice recorded. A goal of the second study phase was to see if this trend of increased barcode scans would persist and if participants would continue actively participating in the study without meeting with

The key findings of our study were: • •

•

•

Participants preferred voice recording once they mastered the application Participants with low literacy skills needed extra instruction on how to sufficiently describe food items for voice recordings Participants reported more individual food items with the Barcode Ed application than what they thought they consumed Electronic monitoring provides researchers with ways to identify participant compliance

In this section, we present the results in more detail.

Figure 2. Graph of the number of voice recordings and barcode scans participants input over the two barcode education study phases (dotted line denotes study break). Faces underneath each day denote when researchers met with participants



Evaluation of Two Mobile Nutrition Tracking Applications

researchers every other day. The first two days of the second study phase were promising because participants were scanning everything they consumed and only voice recorded items without barcodes (e.g., fresh produce). However, after the second day, participants realized everything had barcodes and were overwhelmed with the amount of time it took to scan each individual food item. Thus, during the third and fourth day of the study, participants began voice recording food items they had previously scanned to save time. The lack of items input at the end of phase one shown in Figure 2 can be attributed to not seeing a study researcher to encourage them to participate at the end of the week. Indeed, three participants acknowledged that they had forgotten to input foods on more than one occasion because they had not been visited by a researcher. Participants were more likely to forget to input foods on weekends (days six, seven, thirteen, and fourteen). During the second week of the second study phase, participants rarely scanned barcodes and typically voice recorded what they consumed. The voice recordings listed multiple food items in an unstructured manner. For example, one participant recorded, “I ate a small apple, a lunch meat sandwich, and a boost for lunch. I ate … eggs, and bacon for breakfast. Tonight for dinner I am planning on eating…” When we asked participants why they scanned more on the 13th day of the study, they told us that they had remembered they would see a researcher on the following day to finish the study. Of course, the researchers called the participants to remind them to bring the PDAs to the last day of the study.

Voice Recording Food Items We thought voice recording food items was an easy alternative input method when participants could not scan. However, participants with low literacy skills were initially unable to give sufficient identifying information in their voice

10

recordings. Since the participants were unable to read the name on the food item, they were not able to say what they were eating (e.g., Lucky Charms cereal). Instead, participants said, “I had cereal for breakfast.” When we met with participants and played the recordings for transcription, we were able to suggest ways to be more descriptive (e.g., describe what is on the box) to help us identify the food items. After two to three sessions, the low literacy participants recorded more descriptive input (e.g., I ate the cereal with the leprechaun and rainbow on the box) and it was easier to identify what they were eating. However, even with descriptive input, we were unable to identify three of the items mentioned in the 195 recordings.

Barcode Ed vs. Self Reported Food Items In pre-study interviews, participants told us they had good and bad days that affected how much they consumed and discussed how many meals they typically consumed on each of these days. The participants usually had a good and bad day fairly recently and could easily describe to us the exact number of items they consumed. We asked participants if they had a good or bad day each time we met during the first study phase. We then compared how many items they electronically input to how many items they said they would consume, including the type of day they were having in the calculation. Participants ate more than they estimated for an average of three days (s.d. = 2.875) during the seven day period. When participants did consume more than they estimated, they typically consumed on average 3.5 more items than estimated – nearly doubling their normally recorded intake of 4.4 items (s.d. = 3.27)1.

Participant Compliance For this study, we loosely defined compliance as inputting at least one food item a day. Similar

Evaluation of Two Mobile Nutrition Tracking Applications

Figure 3. Example of voice recordings, barcode scans, and voice recordings that should have been barcode scans (wrong record) a participant made during the first phase. The participant did back filling as shown by the green circle and increased input during the end of the study. The dotted lines denote the next day. Faces denote when researchers met with participants

to traditional monitoring methods, participants could back fill and modify their compliance record. However, unlike traditional methods, with electronic nutrition monitoring, researchers can identify this behavior more quickly. For example, a participant back filled entries in Figure 3 (green circle) by recording what he had consumed for the last two days since he had not actively participated. Another indicator of back filling is the number of times a participant recorded a food item that could be scanned during a short time interval since participants cannot scan items that have been consumed and discarded. Participants were unaware that we were recording the date and time of inputs and thus assumed if they said, “Today, on February 11, I ate…” the researcher would not know that it was recorded on February 12. When we showed participants similar graphs as shown here, participants attempted to decrease backfilling or were more truthful in disclosing lack of participation. In addition to backfilling, we see in Figure 3 an example of End-Of-Study compliance where the participant realizes the end of the study is near

and increases participation in hopes the researcher will not notice. We discussed earlier that once participants realized everything had a barcode on it, participants began to voice record more. We see this behavior in Figure 3– the participant starts to scan items, but then starts to hoard consumption information in one voice recording a day. The participant told us in a post-study interview that reporting everything he ate in one voice recording was more time efficient.

CASE STUDY 2: BARCODE AND IVR In this section we present our follow-up study that examines what, when, and how CKD participants input food items into an electronic intake monitoring application and an IVRS with a borrowed mobile phone. Similar to the first case study, participants complete PDA application and mobile phone training exercises, meet with researchers during dialysis sessions, and use either the PDA

11

Evaluation of Two Mobile Nutrition Tracking Applications

barcode monitoring application or the mobile phone IVRS over a two week period. Participants were recruited and trained at the same dialysis unit from the first case study.

Methodology In this section, we discuss the hardware selected for the study and design of the applications used for capturing participant input.

Hardware We designed an application to run on a PDA with an attached barcode scanner to test participants’ ability to scan barcodes of food items. For the PDA, we chose an off-the-shelf Pocket PC from Hewlett Packard: the iPAQ hx2495b. We decided to use an iPAQ for the second case study because the Windows CE operating system provides a better rapid prototyping environment with Visual Studio .NET CF. The iPAQ hardware includes a large, color, touch screen, stylus and large buttons. We used the same SDIO In-Hand Scan Cards (SDSC Series 3E).

Figure 4. Integrated voice response system overview

12

We provided participants with a Nokia 6682 mobile phone to provide participants the ability to record food at any time. The phone has a highresolution color screen and large buttons. As with the PDAs, we provided soft leather cases with belt clips to the participants. We programmed the phone so that pressing any button would dial the number for recording their food items.

Application Design The scanning application was similar to the Barcode Ed application used in the first case study. The only difference in the application was that participants did not have the ability to record unstructured voice recordings. If the food item did not have a barcode, the participant could not record the food item. We implemented an IVRS that could be accessed with any phone to test participants’ ability to use structured voice input. As Figure 4 shows, we implemented the IVRS by transferring a call through a Session Initiation Protocol (SIP) gateway to Voxeo, an IVRS platform provider. The caller identifier was then submitted to our web

Evaluation of Two Mobile Nutrition Tracking Applications

server where a CGI script selected participant grammar files (Nuance GSL Grammar Format), returning a VoiceXML form to collect items. The initial grammar included 152 food items and 2 command operators, ‘done’ and ‘wrong.’ The same grammar was available at every prompt. ‘Done’ submitted the results and terminated the call. ‘Wrong’ incremented a counter, such that if said twice without an intervening positive recognition, the participant was prompted to voice record the item for addition to the grammar. With food items, 45 were single words (e.g., bagel), 12 were compound words (e.g., fish sticks), 27 used optional phrase operators where a portion need not be uttered (e.g., French fries; French is conditional) and 50 optional phrase operators initially existed. There were 4 subset uses of the disjunction operator [] (e.g., ([green baked] beans) is valid for ‘green beans’ or ‘baked beans’). We updated the grammar throughout the study based on participant interviews and the items voice recorded through IVRS interaction. The Voxeo platform also provided detailed logs of each call, identifying the caller and the interaction sequence between the participant and VoiceXML prompts. The interaction sequence logs included timeouts, grammar recognition errors labeled No Match, prompts, and recognitions. With a completed call, two lists of items and counter variables were submitted to a MySQL Database—a list for food items misinterpreted by the IVRS when identified as wrong by the participant and a list of identified food items. When a participant recorded an item for addition to their grammar, the WAV file was submitted to our web server, written to disk, and a VoiceXML file returned to continue prompting for additional food items.

Participants We used the same criteria for selecting participants as we described in case study one. Nine people volunteered for the study, but three dropped out

before completion. Two people dropped out after the second day due to lack of interest and one person was forced to drop out at the end of the first week because she had to undergo emergency surgery and remained in the hospital during the second week of the study. This high dropout rate is consistent with our previous studies and is a result of working with this type of chronically ill population. Here, we report on the six participants who completed the study (n=6). The participants’ average age was 55 years, with a standard deviation of 10.9 years. The youngest participant was 36 and the oldest was 65. Four of the participants were female. Five participants identified themselves as Black or African American, and one as White. One participant had a ninth grade education, two had completed high school and three had some community college. One participant had undergone dialysis for 23 years. The remaining participants ranged from 2-5 years of dialysis treatment. Two participants said they did not try to keep track of their nutrient or fluid consumption. Two participants did not keep track of nutrients, but attempted to limit their fluid intake by either not drinking liquids over the weekend or “staying conscious” of how much they drank. Two participants claimed to keep track of both nutrients and fluid. One used a journal and was conscious of portion sizes; the other could not describe their method of monitoring but said they carefully monitored sodium and potassium intake. We have found in previous studies that participants in this population often tell researchers what they think they want to hear in regards to their nutrient and fluid consumption, regardless of the reality. Two participants were very familiar with computers. One took surveys on the Internet, while the other used his laptop daily, including bringing it to the dialysis sessions. One participant had some familiarity with computers. This participant had a computer at home, but did not use it very often. The final three participants said they

13

Evaluation of Two Mobile Nutrition Tracking Applications

were not familiar with computers, although one had three years of typing experience and said she could use a keyboard. Three participants owned mobile phones.

Participants were paid ten dollars (US) at the end of each week of the study, for a total of twenty dollars. Payment did not depend on the number of times they recorded food items

Design and Procedure

Findings

For most participants, the study lasted a total of two weeks. However some participants had extra time with one of the applications because bad weather caused them to miss the dialysis session in which they were supposed to change technology. For these participants, we extended the total length of the study to ensure they had a minimum of one week with each technology. We primarily used the same methods described in the first study. In this section, we describe additions we made to the methods. For the phone application, we taught participants how to turn the phone on and off, how to dial the number to record their meals and how to record food items with the voice recognition application, making sure to speak one food item at a time very clearly. During each session, the researcher asked participants about any problems they were having with the application, if there were any food items they did not record, why they did not record a food item, when and how they used the application and their general opinions about its usefulness. In addition, we asked participants to list the foods they had eaten in the last 24 hours so that we could compare their recall with what they recorded with the applications. Similar to the first study, competency tests were given to participants during all but the final day of the study. For the mobile phone, participants were asked to record their last meal, which required them to turn the mobile phone on, dial the number, and follow the prompts to record the meal. We recorded the number of times participants attempted to complete each task and noted any difficulties they were having. If necessary, we retrained and retested the participant.

The key findings of our second case study were:

14

• •

•

•

Participants spent less time recording input with the IVRS Participants performed better with the scanner application on non-dialysis days and better with the IVRS on dialysis days Participants can record more items consumed with the IVRS, but the scanner application is more usable for a larger audience Input mechanism preference is not always linked with the participants’ performance with the technology

Barcode Scanning and IVRS Frequency of Use Despite participants using each technology for at least seven days, we found that in reality participants used the PDA to scan items on average only five days (s.d. = 1.4 days) and the mobile phone to input items with the IVRS on average of 4.5 days (s.d. = 2.95 days). We found that participants who used the technologies on most of the study days did so because they enjoyed using the application systems and wanted to tinker with the technology to identify breaking points. In addition, participants mentioned a desire to help advance medical research to help themselves and their peers. Participants also mentioned the compensation rewards, although the compensation was not dependent on frequency of use. Participants who did not use the technologies regularly in the study sometimes forgot the PDA in their homes and expressed a reluctance to integrate technologies

Evaluation of Two Mobile Nutrition Tracking Applications

Table 2. Number and length of time (minutes:seconds) of sessions for each device. Averages are calculated per week PDA #sessions (avg.)

PDA

CP

CP length (avg.)

#session (avg.)

length (avg.)

1

18 (2.57)

72:23 (4:01)

10 (1.43)

24:10 (2:25)

2

16 (2.29)

29:07 (1:49)

25 (3.57)

28:19 (1:08)

3

4 (0.57)

5:27 (1:22)

4 (0.57)

0:04 (0:01)

4

19 (2.71)

48:48 (2:34)

22 (3.14)

15:26 (0:42)

5

6 (0.86)

9:17 (1:33)

13 (1.86)

17:41 (1:28)

6

7 (1.00)

16:14 (2:19)

8 (1.14)

0:52 (0:07)

into their daily routines. We found no correlations between personal computer and mobile phone usage outside of the study and their willingness to incorporate the technology into their lives. We examined usage patterns more closely by looking at participant input sessions. We defined an input session for the PDA scanner application as events that occurred within 10 minutes of each other because we found participants took longer to scan items in realistic situations (e.g., cooking meals). We defined an input session for the IVRS as any time a participant called into the system. When we analyzed usage of each technology on a per input session basis, we found participants overall had more input sessions with the IVRS than with the PDA (13.67 input sessions versus 11.67 input sessions), but they had similar amount of input sessions when averaged over the week (1.95 input sessions versus 1.67 input sessions). In Table 2, we show the total and average number of sessions each participant had with each device, and the total and average time spent in each session. Participants 1-3 had the PDA the first week of the study, while participants 4-6 had the mobile phone. Looking at the time participants spent on input gives us insight into how realistic it would

be to use these systems in their everyday lives. If technology is going to take too much time, then individuals will not be willing to use it. We see in Table 2 that participants spent less time on input sessions when using the IVRS in comparison to the PDA scanning application. Scanning took more time because (1) occasionally the scanner popped out of the SDIO card holder and had to be replaced multiple times and (2) participants were multitasking during scanning sessions and input food items as they were doing an activity (e.g., cooking a meal) instead of input all at once later on (e.g., right after eating). Participants’ who multi-tasked with the PDA application showed that they are willing to integrate the technology into their lives. However, it also shows that raw input times may not be the best measure of efficient usage of the PDA application.

Performance Besides the actual usage of the technologies in this study, we wanted to study the participant performance with each input mechanism. For this study, we defined performance as the ratio of unsuccessful to successful attempts at recording food items. We observed that performance was

15

Evaluation of Two Mobile Nutrition Tracking Applications

not consistent on all days. The ratio of unsuccessful to successful barcode scans on dialysis days was two times higher than on non-dialysis days (2.43 to 1.11). Conversely, we found participants performed better with voice recording on dialysis days – they had better performance on three out of the four non-dialysis days. Thus, on non-dialysis days participants performed better with the scanner application and on dialysis days, participants performed better using the IVRS. We also studied how participants interacted with the IVRS. Unlike the first study, participants would have to say items one at a time and use command operators to record food items. We found on average that 53% of the time participants did not use command operators correctly during IVRS sessions. Participants did not say, “Wrong,” when items were not recognized by the IVRS for 27% of the total calls. Participants did not say, “Done,” when they finished their calls 26% of the total calls. These errors effect how the IVRS interprets the input and thus could affect giving participants feedback on their food consumption in future implementations.

Electronic Input vs. Self Reported Food Items We asked participants to recall all of the food they ate in the last 24 hours each time we met with them. We then compared their 24 hour recall to the foods they electronically input into either the scanning program or IVRS with Venn diagrams shown in Figures 5 and 6 . The relative ratios between these three numbers provide us insight into how participants used the electronic application. The Venn diagrams for voice and scanning show that participants did not record everything they ate. Indeed, participants were somewhat limited with their ability to electronically record because the scanning application required all recorded items to have barcodes and the IVRS required the items be in the database to be recognized. We found that sometimes participants electronically recorded items they did not eat. One participant in particular recorded non-food items. Overall, it appears that participants can capture more items they consume with the IVRS.

Figure 5. Venn diagram of food items in 24 hour recall and items scanned

16

Evaluation of Two Mobile Nutrition Tracking Applications

Figure 6. Venn diagram of food items in 24 hour recall and items reported to IVRS

However, more participants with varying abilities can capture items they consume with the scanning applications as shown by only one participant not using the scanning application as opposed to two participants not using the IVRS successfully. We also see that providing alternative input mechanisms, scanning or IVRS, did not motivate participants 4, 5, and 6 to input a majority of the food items they consumed during the study.

Electronic Input Preference At the end of the study, we asked participants which device they preferred. Overall, two participants preferred scanning and four preferred voice. Once we identified their preferred device, we looked at their performance with each input mechanism as described in previous sections and pictorially compared preference with performance as shown in Figure 7. We found that performance influenced preference in only 3 participants. Participants 4 and 6 chose the IVRS input despite not being able to successfully use the system. They told us that they still preferred the mobile phone despite moderate success with the scanning

application because they were comfortable with using phones and with practice, could improve using the IVRS.

DISCON Even though barcode scanning is a quick method for inputting individual food items, our results show that it may not be usable over an extended period of time when participants do not receive immediate feedback about their nutritional intake. Participants were overwhelmed with the amount of work associated with scanning every food item they consumed. However, participants did think that this application would be helpful for CKD patients who have recently been diagnosed with the chronic illness to assist them in learning about the restrictive diet. Participants thought CKD patients in their first year of dialysis treatment would be more likely to spend extra time scanning barcodes if it meant clinicians could give them better feedback about their diet and health. Another possibility for an electronic self monitoring application would be to have people

17

Evaluation of Two Mobile Nutrition Tracking Applications

Figure 7. Participant preference of electronic input mechanism and overall performance with each input mechanism

use it periodically (e.g., quarterly when dietitians are conducting nutritional assessments with patients) to raise awareness and help them stabilize their diet. We did not anticipate the amount of training participants needed to create descriptive voice recordings. In retrospect, it made sense that people with low literacy skills would not be able to gather enough data from the food item to identify it. Transcribing the data was time consuming, but was easier as the study continued because the participants typically consumed the same food items. Researchers need a better understanding of their user group so they can accurately identify food items that may be culturally or economically influenced. Since our user group has a restrictive diet, not being able to identify food items is unacceptable since it can have such a drastic change in participants’ overall health. Participants’ underestimation of what they thought they would consume in comparison with what they actually consumed has been documented by other nutrition researchers (Dwyer et al., 2003; Resnicow et al., 2000). However, electronic self monitoring gives more detailed information (e.g., date, time, food item) than 24 hour recalls and food frequency questionnaires as had been

18

used in the previous studies. Indeed, the standard deviation for days participants ate more than they estimated is large for our small sample. This is significant because of the participants’ restrictive diet – overconsumption of the restricted nutrients is dangerous and can result in death. Backfilling and hoarding are subject to retrospective biases and may not completely be accurate. In addition, researchers have shown that memory recall is undependable – thus participants may not be able to accurately describe what they had consumed during the past days even if they are attempting to be accurate (Stone, Shiffman, Schwartz, Broderick, & Hufford, 2003). The end of study compliance we discussed is similar to Rand’s parking lot compliance where participants attempt to be compliant by complying with the study procedure in the parking lot of the research facility. Since it is difficult to scan food items once they are consumed (or disposed of), participants increased participation before the end of each study phase with voice recording or wrong records. It is difficult to determine if patients were increasing participation before dialysis sessions where they met with researchers because participants may have been having a bad day (e.g., not feeling well due to dialysis session recovery).

Evaluation of Two Mobile Nutrition Tracking Applications

We occasionally had difficulties with participants forgetting the devices, especially the PDAs, at home when we met with them. Since the participants were not use to having these devices in their lives, it is not surprising that they forgot them sometimes. In a recent study with “enthusiastic” PDA owners, three out of the eight participants forgot their PDA during a scheduled observation time (Bernheim et al., 2005). In addition, we had a number of participants who had to stop the study early because of medical concerns or a lack of motivation to complete the study. Losing participants is not localized to chronically ill populations - in the enthusiastic PDA owner study, out of 20 total participants, only 5 participants finished all the tasks in the study (Bernheim et al., 2005)! In case study two, the IVRS we used had difficulties recognizing inputs when the vocabulary became too large. Participants became increasingly frustrated when the system could not recognize even the simplest word, such as “egg” during the second week of the study. Participants voiced their frustrations by attributing human traits to the hardware (e.g., “It [IVRS] was dragging last night.”). IVRSs that use large vocabularies must be robust and able to handle slight variations between words. Despite updating the vocabulary each night and thereby increasing it by 30% by the end of the study, participants continued to voice record new food items not in the vocabulary showing that although participants typically eat the same foods, there is some variation that must be considered when designing a nutrition monitoring system. Another difficulty we encountered with the IVRS was that participants did not use the command operators correctly. It would be difficult to create an IVRS without some command operators to provide the system information about correctness and when to store the information. We attempted to use a minimal amount of command operators, but participants did not use them half of the time. We would encourage researchers to conduct more thorough training sessions with a

speaker phone so they can hear participants’ utterings and the system response. One weakness that all monitoring methods have is that we are not sure if participants are truthfully recording what they consume. Without subjecting participants to costly blood work or requiring participants to wear an invasive device that could detect what a person is eating, we can only assume participants are being truthful. As we discuss above, electronic self monitoring can help researchers identify noncompliant, untruthful trends more quickly and discuss non-compliance with participants, but this is not a fault proof method. We recognize that the case studies presented in this chapter are relatively small. Although researchers have shown that conducting usability studies with 4-6 participants will sufficiently provide enough data to determine the effectiveness and usability of a system (Nielsen, 2002; Virzi, 1992), we are currently conducting a larger scale study with a fully functioning version of the system. We recommend researchers who work with chronically ill populations conduct smaller studies to better understand their target user group better before conducting a larger study.

FUTURE WORK The research discussed in this chapter provides many avenues for future research projects. Interface designers must find a way to visually display portion sizes that low literacy populations understand. Visualizing portion sizes is fairly complicated because the type of visualization must be customized based on the type of food. For example, water would have a different portion visualization than bread or meat. In addition, the portion size visualization has to be informed by current methods dietitians use to educate CKD patients about portion sizes. We must find a way to verify consumption to ensure self monitoring assistive applications

19

Evaluation of Two Mobile Nutrition Tracking Applications

can provide participants with accurate measures of their dietary intake. Consumption verification could provide participants with reminders to record what they consume instead of estimate time reminders not based on actual context. Indeed, there is already work being done in this area (Amft & Troster, 2006), but we need to continue development to make less obtrusive or invasive devices for everyday use. In the second case study, one team member spent a significant amount of time updating the IVRS vocabulary each night. We could decrease the update time and distribute the work load if we better utilize all research members’ time to help listen to and decipher unrecognized phrases throughout the day. This idea builds on the human solver attack for Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). Websites, such as web mail and blogs, make users who want an account or post a comment identify the wavy characters in a picture – this challenge-response is known as a CAPTCHA. In the CAPTCHA human solver attach, a computer script would automatically fill out an online form, identify a CAPTCHA, and then pass the CAPTCHA to a high traffic website and promise the Internet surfer something in return (e.g., free porn) for identifying the characters in the CAPTCHA. The computer script would then take this response, enter it in the form, and create a malicious third party account (Doctorow, 2004). In an IVRS update setting, team members would be prompted throughout the day to identify phrases. Depending on ethics board approval, this method could be distributed among a broader Internet community for faster turn-around time.

CONCLUSION In this chapter, we highlighted results from two case studies that compared and contrasted the use of barcode scanning, IVRS, and patient self reporting as a means to monitor the nutritional

20

intake relative to their dietary prescription of CKD patients. When we found that participants preferred unstructured voice recordings rather than barcode scanning in the first case study, we decided to study structured voice recording in a follow-up study. We found in the second case study that although the system provided participants with a faster method to input food items, participants had difficulty using the system despite training. We are continuing to study if patients will increase their usage of nutrition monitoring systems if they receive immediate feedback.

ACKNOWLEDGMENT Katie A. Siek was supported in part by the National Physical Science Consortium and Sandia National Laboratories/CA during case study 1. This work was supported by NSF grant EIA0202048, a grant from the Lilly Endowment, and Grant R21 EB007083 from the National Institute of Biomedical Imaging and Bioengineering to J.L. Welch.

LIST OF MAIN ACRONYMS PDA – Personal Digital Assistant CKD – Chronic Kidney Disease IVRS – Integrated Voice Recognition System CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart

REFERENCES Aharonovich, E., Hatzenbuehler, M., Johnston, B., O’Leary, A., Morgenstern, J., Wainberg, M., Yao, P., Helzer, J., & Hasin, D. (2006). A low-cost, sustainable intervention for drinking reduction in the HIV primary care setting. AIDS Care, 18(6), 561-568.

Evaluation of Two Mobile Nutrition Tracking Applications

Aiemagno, S. A., Cochran, D., Feucht, T. E., Stephens, R. C., Butts, J. M., & Wolfe, S. A. (1996). Assessing substance abuse treatment needs among the homeless: a telephone-based interactive voice response system. Am J Public Health, 86(11), 1626-1628. Amft, O., & Troster, G. (2006). Methods for detection and classification of normal swallowing from muscle activation and sound. In Pervasive Health Conference and Workshops, 2006, (pp. 1-10). Brush, B. A. J., Turner, C. T., Smith, M. A., & Gupta, N. (2005). Scanning objects in the wild: Assessing an object triggered information system. In UbiComp 2005: Ubiquitous Computing, 3660/2005, 305-322. Springer Berlin / Heidelberg. Brandt, E., Björgvinsson, E., Hillgren, P.-A., Bergqvist, V., & Emilson, M. (2002). PDA’s, barcodes and video-films for continuous learning at an intensive care unit. Paper presented at the NordiCHI ‘02: Proceedings of the second Nordic conference on Human-computer interaction. Chin, J., Diehl, V., & Norman, K. (1988). Development of an instrument measuring user satisfaction of the human-computer interface. Paper presented at the CHI ‘88: Proceedings of the SIGCHI conference on Human factors in computing systems.

Dwyer, J., Picciano, M., & Raiten, D. (2003). Estimation of Usual Intakes: What We Eat in America-NHANES. J. Nutr., 133(2), 609S-623. Fitzmaurice, G., Khan, A., Buxton, W., Kurtenback, G., & Balakrishnan, R. (2003). Sentient Data. Queue, 1(8), 52-62. Glasgow, R., Bull, S., Piette, J., & Steiner, J. (2004). Interactive behavior change technology: A partial solution to the competing demands of primary care. American Journal of Preventive Medicine, 27(2, Supplement 1), 80-87. Hays, M., Irsula, B., McMullen, S., & Feldblum, P. (2001). A comparison of three daily coital diary designs and a phone-in regimen. Contraception, 63(3), 159-166. Health Resources and Services Administration. Health literacy. Available at www. hrsa. gov/healthliteracy/ Helzer, J., Badger, G., Searles, J., Rose, G., & Mongeon, J. (2006). Stress and Alcohol Consumption in Heavily Drinking Men: 2 Years of Daily Data Using Interactive Voice Response. Alcoholism Clinical and Experimental Research, 30(5), 802-811. Intille, S., Kukla, C., Farzanfar, R., & Bakr, W. (2003). Just-in-time technology to encourage incremental.

Connelly, K. H., Faber, A. M., Rogers, Y., Siek, K. A., & Toscos, T. (2006). Mobile applications that empower people to monitor their personal health. e & i Elektrotechnik und Informationstechnik, 123(4), 124-128.

Kirsh, I. S., Jungeblut, A., Jenkins, L., et al. (1993). Adult literacy in America: A first look at the results of the National Adult Literacy Survey. Washington DC: National Center for Education Statistics, United States Department of Education.

Doctorow, C. (2004). Solving and Creating CAPTCHAs with free porn. Boing Boing. http://www. boingboing.net/2004/01/27/solving-and-creating. html

Lavigne, M. (1998). Interactive Voice Response in Disease Management: Providing Patient Outreach and Improving Outcomes (pp. 1-16).

Dowell, S., & Welch, J. (2006). Piloting the Use of Electronic Self Monitoring for Food and Fluid Intake. Nephrology Nursing Journal, 33(3), 271277.

Levin, E., & Levin, A. (2006). Evaluation of spoken dialogue technology for real-time health data collection. J Med Internet Res, 8(4).

21

Evaluation of Two Mobile Nutrition Tracking Applications

Martin-Lester, M. (1997). Cognitive function in dialysis patients. Case study of the anemic patient. ANNA J, 24(3).

to Sexual Behavior Self-reports: A Comparison of Three Methods. AIDS and Behavior, 11(2), 313-323.

Moor, K. A., Connelly, K. H., & Rogers, Y. (2004). A Comparative Study of Elderly, Younger, and Chronically Ill Novice PDA Users (No. TR595).

Schillinger, D., Grumbach, K., Piette, J. et al. (2002). Association of health literacy with diabetes outcomes, JAMA, 288, 475-482.

Mundt, J., Bohn, M., King, M., & Hartley, M. (2002). Automating Standard Alcohol Use Assessment Instruments Via Interactive Voice Response Technology. Alcoholism: Clinical and Experimental Research, 26(2), 207-211. Nielsen, J. (2002). Why you only need to test with 5 users. From http://www.useit.com/alertbox/20000319.html Patel, S., Kientz, J., Hayes, G., Bhat, S., & Abowd, G. (2006). Farther Than You May Think: An Empirical Investigation of the Proximity of Users to Their Mobile Phones. In UbiComp 2006: Ubiquitous Computing (pp. 123-140). Piette, J. D. (2000). Interactive voice response systems in the diagnosis and management of chronic disease. Am J Manag Care, 6(7), 817-827. Piette, J. D., Weinberger, M., & McPhee, S. J. (2000). The effect of automated calls with telephone nurse follow-up on patient-centered outcomes of diabetes care: a randomized, controlled trial. Med Care, 38(2), 218-230. Preventing Chronic Diseases: A Vital Investment (2005). World Health Organization. Resnicow, K., Odom, E., Wang, T., Dudley, W., Mitchell, D., Vaughan, R., et al. (2000). Validation of Three Food Frequency Questionnaires and 24-Hour Recalls with Serum Carotenoid Levels in a Sample of African-American Adults. Am. J. Epidemiol., 152(11), 1072-1080. Schroder, K., Johnson, C., & Wiebe, J. (2007). Interactive Voice Response Technology Applied

22

Sevick, M. A., Piraino, B., Sereika, S., Starrett, T., Bender, C., Bernardini, J., et al. (2005). A preliminary study of PDA-based dietary selfmonitoring in hemodialysis patients. J Ren Nutr, 15(3), 304-311. Siek, K. A., & Connelly, K. H. (2006). Lessons Learned Conducting User Studies in a Dialysis Ward. Paper presented at the Extended Abstracts of CHI 2006: Workshops - Reality Testing. Stone, A. A., Shiffman, S., Schwartz, J. E., Broderick, J. E., & Hufford, M. R. (2003). Patient compliance with paper and electronic diaries. Control Clin Trials, 24(2), 182-199. Stuart, G. W., Laraia, M. T., Ornstein, S. M., & Nietert, P. J. (2003). An interactive voice response system to enhance antidepressant medication compliance. Top Health Inf Manage, 24(1), 15-20. Tsai, C., Lee, G., Raab, F., Norman, G., Sohn, T., Griswold, W., et al. (2006). Usability and Feasibility of PmEB: A Mobile Phone Application for Monitoring Real Time Caloric Balance. Paper presented at the Pervasive Health Conference and Workshops, 2006. USDA Palm OS Search: Health Tech (2008). ht t p://w w w.a r s.u sd a .gov/Se r v ice s /do cs. htm?docid=5720 Virzi, R. A. (1992). Refining the test phase of usability evaluation: how many subjects is enough? Human Factors, 34(4), 457-468. Weiler, K., Christ, A., Woodworth, G., Weiler, R., & Weiler, J. M. (2004). Quality of patient reported outcome data captured using paper and

Evaluation of Two Mobile Nutrition Tracking Applications

interactive voice response diaries in an allergic rhinitis study; is electronic data capture really better? Program and Abstracts of papers presented during Scientific Sessions - AAAAI 60th Annual Meeting, 113(2, Supplement 1), S78.

Endno

1

The standard deviation is large because it depends if participants were having a good or bad day in terms of consumption and physical health.

23

24

Chapter II

Accessing an Existing Virtual Electronic Patient Record with a Secure Wireless Architecture Ana Ferreira Center for Informatics, Faculty of Medicine in Porto, Portugal

Ricardo Correia Center for Informatics, Faculty of Medicine in Porto, Portugal

Luís Barreto Instituto Politécnico de Viana do Castelo, Portugal

Susana Sargento Universidade de Aveiro, Portugal

Pedro Brandão LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal

Luís Antune LIACC at Faculty of Science in Porto, R. Campo Alegre, Portugal

ABSTRACT Virtual electronic patient records (VEPR) enable the integration and sharing of healthcare information within large and heterogeneous organizations by aggregating known data elements about patients from different information systems in real-time. However, healthcare professionals need to access a terminal every time they treat a patient. This may not be trivial as computers are not available around every corner of big healthcare institutions. The use of wireless technology can improve and fasten healthcare treatment because it can bring information and decision to the point of care allowing also for healthcare professionals’ mobility. However, as healthcare information is of a very sensitive nature, it has to comply with important security requirements. The wireless technology makes it more difficult for these requirements to be achieved as it is harder to control disruptions and attempts to access information can be more common and less simple to detect. The main objective of this chapter is to model, develop Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Accessing an Existing Virtual Electronic Patient Record

and evaluate (e.g. in terms of efficiency, complexity, impact and against network attacks) a proposal for a secure wireless architecture in order to access a VEPR. This VEPR is being used within a university hospital by more than 1,000 doctors, on a daily basis. Its users would greatly benefit if this service would be extended to a wider part of the hospital and not only to their workstation, achieving this way faster and greater mobility in the treatment of their patients.

INTRUCTION Virtual electronic patient records (VEPR) enable the integration and sharing of healthcare information within heterogeneous organizations (Blobel, 2004). Hospitals are an example of such healthcare institutions with great turnover in terms of healthcare professionals. However, there are usually some constraints in terms of physical location as well as technology in order to access it. Healthcare professionals need to access a terminal in order to get information about the patients they are treating. This may not be easy to attain within a big and complex healthcare institution where computers are not available around every corner. The use of wireless technology tries to take this integration further. It allows access to patient data and processing of clinical records closer to the point of care. The ubiquitous access to information can minimize physical as well as time constraints for healthcare, enhancing users’ mobility within the institution. There have been some experiences with the use of wireless technology in the healthcare environment. These have shown that healthcare professionals were usually satisfied with the use of portable devices to access patient information. They save time and are bound to improve patient care (McAlearney, Schweikhart, & Medow, 2004). The most common devices include mobile wireless patients’ health monitoring systems. These equipments add more security concerns (Ramon Marti & Jaime Delgado, 2003) but are out of the purpose of this research. Among other problems, the lack of security processes is one of the main reasons for the dif-

ficult integration of VEPRs into medical processes, within large environments such as hospitals (Benson, 2002). The lack of security increases users’ reluctance for VEPRs’ acceptance. Both patient and healthcare organization trust can be seriously damaged if no proper security is provided (Denley & S. W. Smith, 1999) Furthermore, wireless technology adds a higher level of security issues. Disruptions and attempts to access information can be more common and easier to try, and less simple to detect and control; so security needs to be studied and analysed thoroughly before wireless networks are implemented in a larger scale within a hospital (Dixie B. Baker, 2003). Security requirements need to be considered and applied from the beginning to the end of a system’s development and implementation (Ana Ferreira, Ricardo Correia, & A. Costa-Pereira, 2004; Ana Ferreira et al., 2005; Ana Ferreira et al., 2004). This chapter proposes a wireless architecture in order to model access to an existing VEPR within a university hospital that can provide an extra security layer to the wired system. The next section describes the VEPR architecture along with the security requirements for the wireless version. The third section presents the wireless architecture that uses the latest wireless standards and security protocols and takes into account the security services that were implemented within the wired version of the system. Section four describes an evaluation of the proposed solutions against network attacks and its efficiency in terms of complexity and impact on the network. The last section discusses the results and shows some of the challenges where to focus future research.

25

Accessing an Existing Virtual Electronic Patient Record

THE VIRTUAL ELECTRONIC PATIENT RECORD With the objective to face one of the major problems within large and complex health organizations - data retrieval and integration - a VEPR was built within a University Hospital with over 1350 beds, by the Biostatistics and Medical Informatics Department, at the Faculty of Medicine in Porto. This system provides a cost-effective solution for most clinical information needs (Ricardo CruzCorreia et al., 2005). Currently, more than 1000 doctors use the system on a daily basis. Other healthcare professionals (namely nurses) are expected to start using it soon.

Architecture This VEPR allows the collection, integration and availability of clinical reports providing an upto-date overview of a patient medical history at all points of care. The system uses a traditional three layered approach composed by presentation, business and data layers. The presentation layer is composed by a web application (VIZ) and a package of graphical user interface components to be used by third party applications. The web-interface was designed to include graphical components and layouts to summarise past patient data (patient chronological bars), and folders that reproduce the traditional types of patient record organisations (source, chronological and problems views). The application layer is composed by an integration engine (Multi-Agent system for Integration of Data – MAID), and a set of web-services that allow access to the data layer. The data layer includes all repositories, namely the CRep that comprises the VEPR database and clinical documents file system, the central patient system (SONHO) and the hospital statistics system (IEG) (Figure 1).

26

MAID collects clinical reports from various hospital Departmental Information Systems (DIS), and stores them on the central repository (CRep) consisting of a database holding references to these clinical reports and a file system where reports are stored. After searching the database, VEPR users can access the integrated data of a particular patient through the web-based interface (VIZ). When selecting a specific report, its content is downloaded from the central repository file system to the browser. MAID (the agents’ server) communicates with the DIS using XML. MAID connects to the database server through JDBC1 and operates the files using NFS protocol2. The application in the Web Server (VIZ) communicates with the CRep database server using OCI/ PHP (Oracle Call Interface with PHP: Hypertext Preprocessor Language) functions and operates the files using NFS protocol. The Web browser client accesses the Web Server using HTTPS protocol. The Web services connect to the CRep database server, SONHO server and IEG server using JDBC, and use SOAP messages to deliver information to the GUI Components. The VEPR has been working for 4 years, regularly scanning eleven DIS and collecting a mean of 3000 new reports each day (currently holds about 3 million documents). A viewing module for the VEPR was made available in October 2004. Integrated DISs have evolved to send different documents to the VEPR without the need of any type of adaptation.

Integration and Communication The integration of hospital data in VEPR is accomplished with the use of different agents assigned to different tasks. Some collect reports’ references and others the actual reports from the DISs. When a user requests a report whose file is not in CRep, there is an explicit report request made directly to MAID, by the VIZ module. This request activates the express agent from the agent

Accessing an Existing Virtual Electronic Patient Record

Figure 1. VEPR generic architecture

platform in order to get the report requested by the user, from the right department (Figure 2). Several integration models had to be used to achieve the necessary integration level. The selection of appropriate integration model was often conditioned by the maturity of the IS being integrated, and by the resources available at that time. It should be noted that the development of communication interfaces was simpler for the eight applications that had Web interfaces because they were already using standard communication protocols such as HTTP. Web-services and shared graphical components were very useful in delivering an integrated view to other ISs. The process of integration of heterogeneous clinical information systems has shown the existence of organisational or technical problems and, indirectly, contributed to their solution. While some reports cannot be associated with identified hospital patients (e.g. outpatients who are not administratively considered as Hospital patients), some patients had multiple, rather than unique, identification numbers, making their correct identification difficult. A similar problem was found

with staff identification numbers, which were reused after staff members left the hospital.

Statistics VIZ was made available for testing in October 2004 but has only been known and routinely used since December 2004. The number of sessions and report views has been growing steadily since. The number of sessions increased 147% in 2006, and 70% in 2007. The number of distinct users using the VEPR has also grown in the same period, representing an annual growth of 29% users in the 4th quarter of 2006 and 41% in the 4th quarter of 2007. Currently, 4th quarter of 2007, 1.24 reports are viewed per session, 0.4 reports are viewed per patient encounter and 82.4 reports are viewed per user. Also the use of the VEPR is more widespread by the hospital computers (975 computers in 4th quarter of 2007). The number of report views per user per patient encounter has stabilized around 3.8 views per user per 10 000 encounters since the first quarter of 2006.

27

Accessing an Existing Virtual Electronic Patient Record

Figure 2. UML sequence diagram of the VEPR

The number of direct access to the VEPR from the computer desktop hyperlink has been diminishing since the first quarter of 2006, whilst the number of accesses that originate in the Hospital Patient Record (SAM) as been growing. The number of report views from other referrals is small when compared with direct access and hospital patient record. The number of views per session for direct access is 1.81, for the DISs is 1.20, for the Hospital Patient Record is 1.18 and for the Emergency Department IS is 1.05. The introduction of wireless technology will allow the access to this VEPR system to a wider number of people and locations. The healthcare professionals will be able to access patient information whenever they need without having

28

to return to their workstation. This allows overcoming most physical and logical obstacles that the hospital offers, therefore increasing VEPR availability.

Security and Monitoring VEPR present many security challenges namely the need to provide protection to patient’s sensitive information. The implementation of security mechanisms was thought from the beginning of the project’s development and implementation, allowing for its better integration and acceptability (Ana Ferreira et al., 2004). This subject was tackled according to the three main security characteristics: integrity, confidentiality and availability. One of

Accessing an Existing Virtual Electronic Patient Record

the main security issues relies in the information collected in the stored patient reports. Digital signatures are security mechanisms that provide the integrity of a report by enabling the detection of unauthorized modifications. If the digital signature does not match the report contents then this report is marked as not valid (Ana Ferreira et al., 2004). Confidentiality relates mainly to the access to sensitive information by authorized individuals. It is obtained by controlling access to information and by protecting it while in transit along network communications. Access control policies were defined by the hospital administration after a proposal from a specifically assigned committee defining roles and levels of access to VIZ. These policies were implemented using rolebased access control (RBAC) (Ferraiolo, Sandhu, Gavrila, Kuhn, & Chandramouli, 2001), an access control model used for large organizations (Ana Ferreira et al., 2005). In order to provide for an efficient way for user identification and authentication, development of access control tools was based on ENV 12251 European prestandard (CEN, 1999). As the network wiring and equipment is spread all over the hospital, it is necessary to protect the network infrastructure from eavesdropping. This was accomplished using TLS authentication protocol (B. Aboba & D. Simon, 1999) which provides encryption of all information whilst in transit. Availability focuses on means to provide for the continuous access to information by authorized users. Equipment and power redundancy, backups and system monitoring were all put in place to guarantee availability of the system at all times. The number of reports daily retrieved from each DIS is compared to what is expected and the number of sessions of different users is monitored. Any deviation from expected values triggers an alert message to the system administrator. Monitoring sensors have also been developed within the VEPR in order to detect problems in any of the three security characteristics, as well as for instance systems’ malfunctions, errors,

services that are not working and even improper behaviour. As an example, to detect users that share their logins and passwords the logs of sessions from October 2004 until December of 2007 were analysed. The suspicious behaviour that was searched for was users working for more than 24 hours (in some cases doctors work for 24 hours consecutively). All user sessions that started less than 10 hours from the last session were considered to be referring to the same working day. The number of suspicious cases found was 508; the calculated working days ranged from 24 to 63 hours (average = 29 hours). These working days referred to 139 of 1434 logins (rVPR=9.7%). The 10 logins that more frequently have suspicious behaviour referred to the following medical specialties: Anaesthesiology (4 logins), Emergency (2 logins), Infectious Diseases (2 login), Cardiothoracic Surgery (1 login), Gastroenterology (1 login). Although technical solutions exist to provide secure access control, they demand a clear definition of permissions for each group of actors. Healthcare organisations must comply with current legislation, ethical rules and internal processes which are very difficult to be objectively defined into access control rules. The number of shared logins found may probably just represent the tip of the iceberg. However, it is high enough to raise concern.

Scurity Requirements All the security services implemented for the wired VEPR mentioned in the previous section are obviously valid for the wireless architecture. The wireless technology stresses however the need for extra layers of security. In order for a healthcare professional to access the VEPR with a wireless device, there are 3 main security issues to address: 1.

Authentication and authorization from the wireless to the wired network;

29

Accessing an Existing Virtual Electronic Patient Record

2. 3.

Secure communications of information in transit; Integrity & trust in the information that is requested and visualized by the users.

For (1) there is the need to create an access control infrastructure that will prevent problems of confidentiality such as masquerading and password sniffing. Also, policy rules need to be set so that access from the wireless to the wired network is properly controlled. Still, the process of access control must be transparent to the users and simple to use and manage. Point (2) requires that information in transit must travel encrypted at all times to avoid eavesdropping. It should always be available in a certified and trusted manner. For (3) there is the need for the means to guarantee that the information in transit within the wireless network is protected from unauthorized or accidental modifications. Healthcare professionals must trust the information they use to treat patients. The most accurate and correct it is the better and adequate the treatment will be.

PROPOSED WIRELESS ARCHITECTURE As previously mentioned, users of healthcare environments would greatly benefit with the availability of information anywhere through a wireless local area network (WLAN). Usually, the healthcare institution where the WLAN is going to be deployed has already a LAN in use. Setting a WLAN on top of this one is seldom trivial. Building dimensions, user locations, connectivity and the security requirements previously mentioned account for the stringent issues. The need for a good location map and distribution is essential for tackling the first two issues. The last two will be the focus of this section. Healthcare professionals must trust not only the technology they use (e.g. robust, usable) but also the information they ac-

30

cess. They need quick and reliable access to carry out their job, or the system will be circumvented (Lehoux, Sicotte, & Denis, 1999). Another important concept is the requirement to access the VEPR infrastructure from outside the local network (eg. from the internet) (Yu & Jothiram, 2007). Also the security in pervasive sensor networks for healthcare monitoring (Ng, Sim, & Tan, 2006) is another relevant trend. These subjects are however outside the scope of this discussion. This section describes some possible solutions to support security in WLANs. These include a general framework to communicate authentication details (EAP) to allow or deny network access and exchange cryptographic material (802.1X). Building on these, WPA and 802.11i (WPA2) are able to control the access to the network and provide encryption of the communications. IPsec addresses authentication and encryption at the network (IP) layer whereas the previous technologies lie on the data link (medium) layer. The next sub-sections describe all these technologies in more detail.

Extensible Authentication Protocol The Extensible Authentication Protocol (EAP) (B. Aboba, L.Blunk, J. Vollbrecht, J. Carlson, & H. Levkowetz, 2004) is a general authentication protocol defined by the IETF. It was originally developed to be used with a point-to-point protocol. EAP provides an interface to several authentication mechanisms, as Kerberos, public key ciphering or one time passwords. EAP cannot be used independently as an authentication protocol. It is just a set of rules of how an authentication server and a client can exchange messages and provides a pluggable architecture for different security protocols. EAP uses the data link layer for message exchange, and so does not require IP addresses for communication. A network with EAP capabilities has three independent identities: the client (also known as

Accessing an Existing Virtual Electronic Patient Record

supplicant), the authenticator and the authentication server. The client has to deliver the authentication credentials (a certificate or a username and a password). The authenticator is the equipment that implements security at the port level and does also network access control. According to the EAP authentication protocol used, the authenticator re-transmits the necessary messages, between the client and the authentication server, acting as an intermediary and enforcer in the authentication request. The authentication server specifies the authentication protocol to be used and validates the credentials delivered by the client. EAP enables the support of multiple authentication protocols without the need to configure the authenticator with each specific authentication mechanisms. EAP allows also the authentication server to control which authentication protocols should be supported. These features increase flexibility to the process and allow greater interaction.

802.1X IEEE 802.1X (IEEE 802.1X, 2004) is a network security specification initially developed for wired networks, with its concepts and utilization extended afterwards to wireless networks. 802.1X defines a network access control based in ports. It was developed to deny or accept requests based on user authentication information (credentials). 802.1X uses EAP for authentication. The access control is performed at the Medium Access Control (MAC) level and is independent from the physical layer. A port in 802.1X is any type of controlled access element (i.e. switch, router, AP). In this context, the association between one client and one AP is called a virtual port and the access to the network is seen as another virtual port. The client associates first if the port is available and uses this connection to authenticate. If the authentication is successful the AP gives access to the network (thus granting access to the network virtual port). 802.1X provides keys for

each client and session. This means that keys have to be regularly changed, thus reducing repetition problems. The 802.1X three main processes are the mutual authentication between the client and the server, the cryptographic keys dynamically generated after authentication and the centralized policy control. 802.1X is not a protocol; it is an authentication and key management process. In a wireless network it defines authentication and the dynamic generation of cryptographic keys. The ciphering is accomplished using any of the wireless security protocols.

WPA – Security and Architecture WPA (“(Wi-Fi Protected Access)”) was developed with the aim of decreasing the problems associated to Wired Equivalent Protocol (WEP)3 (Walker, 2003). WPA is based on the principles of the IEEE802.11i standard (IEEE 802.11i, 2004) with some simplifications to be compatible with the equipments at the time WPA was released. WPA uses a robust cipher algorithm and introduces user authentication, one of the WEP missing characteristics. WPA is intended to be implemented in a home/office environment and is available in all Access Points (APs) and Network Interface Cards (NICs) currently available4. To improve data codification, WPA uses the Temporal Key Integrity Protocol (TKIP) (IEEE 802.11i, 2004) which, when compared to WEP, improves data level ciphering by using temporal and per packet keys. WPA also has a key mixing function for each packet, a Message Integrity Check (MIC), extended initialization vectors (IV) with sequential rules and a key renewal mechanism. WPA makes use of 802.1X for user authentication, making it possible to use one of the EAP methods. For security matters in these environments, the EAP- Transport Layer Security (TLS)

31

Accessing an Existing Virtual Electronic Patient Record

(B. Aboba & D. Simon, 1999) method is used. This method uses digital certificates for each user authentication. A central authentication server is used to manage mutual authentication, which apart from authenticating the user, it eliminates the danger of rogue APs. The authentication server usually employed is the Remote Access Dial-In User Service (RADIUS) (C. Rigney, A. Rubens , W. Simpson , & S. Willens, 1997). The RADIUS server authenticates the WLAN user and determines the session key to be used. RADIUS is only used to communicate between the AP and the authentication server; in the WLAN, EAP is used between the user and the AP (Figure 3). Notice that other Authentication, Authorization and Accounting (AAA) protocols (Kim & Afifi, 2003) could be used such as Diameter (Ventura, 2002), COPS (Durham, Boyle, Cohen, Rajan, & Sastry, 2000) or TACACS (Finseth, 1993) server. However, RADIUS is used for WPA. A Lightweight Directory Access Protocol (LDAP) (J. Hodges & R. Morgan, 2002) server can also be used for a centralized user authentication. All RADIUS implementations can interact with an LDAP server, making it possible to use a central point of administration of all users, thus creating a strong security policy. Other centralized user authentication implementations that can use LDAP are Active Directory (Microsoft, 2004) and Novell eDirectory (Novell, 2004).

Figure 3. Authentication architecture

32

For connectivity between the different networks a layer 2 or 3 switch is used. This type of switch adds a new layer of filter/protection to the system with the use of Virtual LANs (VLANs) and, if needed, allows to route data between the different networks. This solution provides an access level linked to the security standard used by the clients. The proposed architecture uses two security VLANs. These VLANs are configured in such a way that only WPA and 802.11i clients are able to access all network services. The VLANs distinguish, transparently to the user, the security protocol used by the client and trigger all the necessary and specific procedures needed for authentication and authorization. The implementation of a WPA system requires the development of an 802.1X infrastructure. All the necessary elements for building a WPA network are shown in Figure 4. It is worth noting that there is a possibility of using a password based user authentication (for either WPA or 802.11i). However, this approach is not recommended in high security infrastructures (Moskowitz, 2003).

802.11i Security and Architecture In June 2004, the Institute of Electrical and Electronics Engineers (IEEE) ratified the 802.11i standard, also called Robust Security Network (RSN)5 (IEEE 802.11i, 2004). This security stan-

Accessing an Existing Virtual Electronic Patient Record

Figure 4. WPA and RSN/IEEE802.11i architecture

dard includes the following functionalities: uses the Advanced Encryption Standard (AES) (NIST, 2001) block cipher to encrypt the data packets, 802.1X for user authentication and TKIP for the management of the cipher keys. The standard also recommends a set of new improvements to WEP in 802.11b NICs. Some NICs, due to design limitations, cannot support AES but are able to support TKIP with a small update. 802.11i requires that all clients announce their cipher capabilities in their AP association requests. The AP and the wireless client then establish the appropriate channel for data ciphering. This key agreement is based on their mutual cryptographic capabilities and configured in one of the security policies (eg.: “allowing only associations with AES clients”). Moreover, 802.1X authentication assures key renewal during a session. AES is currently widely recommended for confidentially. However, AES entails more demanding cryptographic functions. This means that older devices do not have processing capacity to handle AES and keep a normal network performance. To circumvent the problem 802.11i enables the use of TKIP as the cipher protocol. This method is more feasible for less capable devices. Nonetheless, there is already a wide selection of products

compliant to 802.11i and WPA2 (including some PDAs)6. 802.11i actually defines three protocols for data protection: the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) (Whiting, Housley, & Ferguson, 2003), the Wireless Robust Authenticated Protocol (IEEE 802.11i, 2004) and TKIP. CCMP will be the ‘de facto’ IEEE802.11i cipher protocol. It is based in AES counter mode. This protocol derives from lessons learned with 802.10 (IEEE 802.10, 1998) and IPsec protocols. It uses strong cipher primitives, which makes it reliable against all (currently) known attacks. As with WPA, for implementing an 802.11i solution it is necessary to deploy an 802.1X infrastructure. Figure 4 shows the required elements to support an 802.11i architecture.

IPSec – Security and Architecture The two previous solutions are specially designed for wireless networks. However, it is also possible to protect these networks with a network layer protocol originally developed for wired networks, like IP Security (IPSec) (B. Aboba et al., 2004).

33

Accessing an Existing Virtual Electronic Patient Record

This protocol, though intended to protect Internet communications and wired networks, has some characteristics that make it suitable to protect wireless communications. While the previously mentioned solutions protect the information at the data link layer, IPsec protects the information at the network layer. This functionality makes it a versatile protocol, which can be used to protect any kind of IP network, and is independent of the application and type of data flow. It comprises a set of protocols for the development of Virtual Private Networks (VPNs). IPsec VPNs are a very common method for protecting data that traverses public networks (or non-protected networks). IPsec adds security through a set of tunnelling and ciphering mechanisms: it implements network layer authentication and ciphering; keeping end-to-end security within the network architecture. Its main advantage is that it can protect any kind of data packet routed through the network independently of the source application7. Its main disadvantage is its complexity. IPsec has two modes of operation: tunnel and transport. In tunnel mode IPsec protects a completely normal IP packet, thus its payload is an IP packet. This mode is used when the IP packet needs to be sent unchanged to the destination. Transport mode IPsec is integrated with IP and thus transports an UDP/TCP packet from the transport layer.

Figure 5. Wireless network IPsec VPN

34

The IPsec standard includes two security protocols: the Authentication Header (AH) (Kent & Atkinson, 1998a) that provides data integrity and the Encapsulating Security Payload (ESP) (Kent & Atkinson, 1998b) that adds confidentiality. All IPsec parameters are negotiated using the Internet Key Exchange (IKE) (Harkins & Carrel, 1998) protocol. IKE uses digital certificates for end points authentication. ESP makes use of cipher techniques for data confidentiality, and digital signatures for source authentication, while AH only uses digital signatures for source authentication (AH does not cipher data). Thus ESP should be used when confidentially is an issue. Figure 5 shows an IPsec VPN adapted to a wireless network and the elements required for an IPsec protected wireless network. The network has wireless terminals with VPN client software. This software should be able to start protected tunnels between the terminals and the gateway. The firewall assures the right establishment of a tunnel and also guarantees that only specified devices can establish that tunnel. Recent Windows OS have a native VPN client. The wireless terminal connects to the AP that offers, between the wireless and the wired networks, initial filters to the IP protocol. Between the AP and the wired networks there is a layer 2 switch responsible for the connectivity. Recent models of this kind of switch allow Virtual LAN Access Control Lists (VACL), which adds a new

Accessing an Existing Virtual Electronic Patient Record

filter/protection layer to the system (as discussed previously). As in the previous architectures, LDAP and RADIUS servers are used for centralized user authentication.

Wireless Architecture Proposal This section discusses a secure wireless architecture for accessing the VEPR taking into account the specific characteristics of a health care institution (importance of security) and the characteristics of the available solutions. This architecture uses the WPA-TLS protocol and also considers the use of the new 802.11i standard. All existing equipments can, with a small firmware upgrade, support WPA-TLS and therefore, be reused reducing implementation costs. WPA-TLS should only be considered a transition solution until all devices support 802.11i. As such, the aim is to support WPA and 802.11i into a single network. The way to accomplish this is by dividing the physical network into separate logical security networks. Most of the last generation APs support WPA and 802.11i protocols, as well as the ability to create separate service set identifiers (SSIDs)8. Therefore, in the proposed architecture, each AP is configured with two different SSIDs (SSID=802.11i-VEPR and SSID=WPA-VEPR)

and two different security protocols. The APs are enabled with both 802.11i and WPA. This configuration creates a secure logical network, allowing healthcare professionals to have a secure and controlled access to the VEPR. A RADIUS server acts as the policy enforcement point (PEP), configured with different access control policies for each SSID9. These policies define the data protection protocol, the key management protocol and the key length used with a specific SSID. The RADIUS server is coupled with the actual VEPR solution in terms of user management. The previous sections discussed the use of LDAP for the VEPR. For this case, the RADIUS authentication should use the LDAP of the VEPR. This is very important as it will enable the use of the current VEPR access control in the new wireless architecture. As expected, all terminal/client equipments should support either WPA-TLS or 802.11i. Figure 6 shows the proposed architecture, where the two logical secure access networks are presented.

EVALUATION AND INSIGHTS This section presents an evaluation of the security and performance capabilities of WPA EAP-TLS.

Figure 6. VEPR secure wireless architecture

35

Accessing an Existing Virtual Electronic Patient Record

IPsec. 802.11i is not addressed due to the unavailability of 802.11i compliant devices at the time the experiments where undertaken. The discussion comprises the evaluation of the proposed solutions against network attacks and its efficiency in terms of performance and impact on the network.

General Testbed The testbed built to perform the experiments is depicted in Figure 7. Unless otherwise mentioned, all the experiments hereby described were built upon open source operating systems and tools. The FreeRADIUS (FreeRADIUS , 2008) implementation was used as the RADIUS server. For the public key infra-structure the OpenSSL (OpenSSL, 2007) suite was used. The IPSec infrastructure was implemented on FreeSwan (FreeS/WAN Project, 2004). The software was installed in computers running the Linux Operating System. In the IPsec tests, open source software was also used to implement Access Points: HostAP (HostAP team, 2007). This software allows building a fully functional AP. In the WPA infrastructure, the wpa_supplicant software (HostAP team, 2007) was employed. The ettercap tool (Ettercap Team, 2005) was used to perform the tests/security attacks.

Security Experiments The network reaction to network attacks was observed in order to evaluate the security of the proposed solutions. These attacks comprise manin-the-middle (MITM), impersonation, Denial of Service (DoS) and session hijacking. In the MITM attack an intruder tries to see (“sniff”) the information exchanged between the active hosts and insert itself in the middle. This allows the intruder to eavesdrop the communications and even alter the data exchanged. A basic approach for this attack, when no security is used, is a technique called arp spoofing (Whalen, 2001). In the impersonation attack an intruder tries to use the same IP address and the same hostname, as one of the valid clients of the network, to get access to network resources. It differs from the MITM attack in that the attacker’s objective is only to access the network. So the intention is not to eavesdrop or alter the data exchanged by the valid host. The session hijacking consists in an intruder trying to obtain full control of a client successful session. It is an extension of the impersonation attack, where the attacker needs to use the session credentials/identifiers from the valid host to steal

Figure 7. Wireless architecture used for testing procedures

36

Accessing an Existing Virtual Electronic Patient Record

its current session. It may use a MITM attack to acquire such information. The Denial of Service (DoS) attack consists of disabling some (or all) of the network services (for example denying authentication) by overwhelming the targeted service. The ultimate objective is to deny network access.

IPSec Results In the IPsec solution, the DoS attack was only successful before the establishment of the IPsec tunnel; after the establishment of the tunnel the attack did not succeed. For the MITM attack, the arp spoofing option was used. We observed that, with the IPsec tunnel established, the MITM attack did not succeed (it was not possible to see or detect any kind of data flow). The impersonation attack also did not produce any result. For this attack an intruder used the same network address and hostname of a recognized client and then tried to establish an IPsec tunnel. As IPsec uses digital certificates for client authentication, the intruder is not authenticated and the tunnel is not established as was expected. Finally, the same negative results were achieved with session hijacking.

WPA/EAP-Tsults The same tests were performed to the WPA EAPTLS implementation. One advantage of the WPA solution is that it is a link layer security protocol. As ettercap is a tool that relies on the network layer, it was not possible to do MITM, impersonation and session hijack attacks. Other tools were also used to try to break the security of WPA such as Cain e Abel (Oxid IT Team, 2005) and Kismet (Kismet Team, 2004). However, none of them was able to achieve a successful result. On the other hand, DoS attacks were performed with a high percentage of success. WPA disconnects the network for 1 minute if it detects an attack against the MIC, this is done as part of a protection against brute force attacks. Although difficult,

it is possible with a WPA client to trigger this behaviour with fake network access messages. This issue makes it possible to do a DoS attack against WPA, since it is just necessary to activate a WPA client and ask an AP for network access. The AP verifies the message and, if it detects a fake message, it blocks all network access, and stops all communications, including the access of valid clients. It is important to refer that, with the new 802.11i standard, this vulnerability has not been solved (Wullems, Tham, J. Smith, & Looi, 2004).

Comments From the above experiments we can conclude that the IPsec and WPA EAP-TLS solutions are very efficient against MITM, impersonation and session hijacking attacks. Both solutions are not efficient against DoS attacks. It is possible to successfully perform DoS attacks using freely available tools. For systems where availability is essential, it is necessary to complement those solutions with mechanisms that reduce the risk of such attack. It is thus necessary to use tools like Intrusion Detection Systems (IDS) and vulnerability scanners.

Complexity Experiments The system performance was measured in order to evaluate the complexity introduced in the network elements. For this purpose the sysstat (Systat Team, 2008) and vmstat (“vmstat Man page”) tools were used. These tools allow evaluating CPU utilization, memory and interrupts. The results given by those tools are shown in Figure 8 and Figure 9. The WPA experiment impacts on the WPA client and RADIUS server; in the IPsec experiment, the impact is on the VPN components10 (see Figure 4 and Figure 5 for the architectures). The scale is the percentage of resource utilization except for the processes and interrupts that are absolute values. The pictures only show

37

Accessing an Existing Virtual Electronic Patient Record

Figure 8. System performance – sysstat results

Figure 9. System performance – vmstat results

the RADIUS impact results for the WPA-TLS experiment, as they were negligible in the IPsec experiment. The presented results represent the average values obtained by 35 simulations, with a stochastic confidence interval of 90%. An UDP flow of 54Mbps was used to represent a fully loaded network. These results show that the IPsec system requires more: CPU utilization, memory, interrupts and processes, therefore, its impact on devices’ performance is not negligible.

38

The results of WPA are similar to the ones of the plain system, introducing low impact in the network elements. From Figure 8 and Figure 9 we can observe that different absolute results are obtained by each tool. This is due to the specific requirements of each tool and its design, i.e. the number of processes, memory usage and number of interrupts is influenced by the specific characteristics of each tool.

Accessing an Existing Virtual Electronic Patient Record

Note that the processing of the WPA packets is done in the WPA client and the AP. Thus, the encryption/decryption occurs at these two elements. In the IPsec case the secure tunnel is between the VPN client and the VPN Gateway, thus not impacting the AP (Figure 5).

Impact on Data Flows To evaluate the impact on data flow when the security mechanisms are in place, we performed experiments using TCP and UDP traffic, and considering a network with and without security implemented. For traffic generation, IPERF (Iperf Team, 2005) and Crude (Crude team, 2002) tools were used. All traffic was generated after the negotiation of the specific security protocol (IPsec and WPA-TLS). Figure 9 shows the results of throughput and transferred bytes of a TCP flow with a duration of 120 seconds and a default window size of 85.3 Kbytes, when no security, WPA and IPsec are in place. The presented results represent the average values obtained by 48 simulations, with a stochastic confidence interval of 92%. As can be seen, IPsec is the mechanism that achieves lower

throughput; it also adds more overhead, since it conveys less information per bytes transferred (total amount of data transferred for each TCP window) than the WPA solution. The throughput and transferred bytes of WPA is larger than IPsec, but obviously lower than the plain network (without security). These results are due to the larger complexity introduced by IPsec (ESP with tunnel mode was used, which adds a new header and new authentication field). WPA does not make significant changes to a packet, just ciphers it and adds an IV field. The same experiment was done for different TCP window sizes11, which also confirmed the fact that IPsec is the solution with less throughput and bytes transferred. To evaluate the jitter12 and the number of lost packets, IPERF was used with UDP flows in networks with bandwidths of 10 Mbits/s and 54 Mbits/s. These consisted of 5 flows with duration of 60 seconds, simulating a voice communication. The obtained results represent the average results of 20 simulations with a stochastic confidence interval of 95%. Figure 11 and Figure 12 show the results for a network bandwidth of 10 Mbits/s. The results demonstrate that, due to its complexity and packet processing, IPsec has worse

Figure 10. Throughput and bytes transferred

39

Accessing an Existing Virtual Electronic Patient Record

Figure 11. Jitter of UDP flows in a 10 Mbits/s network

Figure 12. Lost packets of UDP flows in a 10 Mbits/s network

jitter results. Regarding the number of lost packets, IPsec is the security solution that has better results. This is due to the fact that the process of packet protection happens between the VPN gateway and the client, while in the WPA solution this is done between the AP and the client. As the gateway has more capacity for processing the packets, it can keep its buffer available and the number of lost packets is reduced. The results obtained with 54 Mbits/s and with CRUDE confirm the ones of IPERF with 10 Mbits/s.

40

These data flow results led to the natural conclusion that for TCP communications (e.g. with file transfers), the WPA implementation has more advantages. For UDP communications the IPsec protocol achieves lower loss rates.

Deployment Discussion The deployment of the infrastructure requires studies regarding the location of access points for the intended coverage, as mentioned in the

Accessing an Existing Virtual Electronic Patient Record

introduction. The costs associated with the hardware (APs, wireless cards, Ethernet switches and servers) would depend on the required coverage and the number of users enabled with this access. However, notice that current laptops and PDAs have already wireless capabilities supporting 802.11i. The software associated with the framework is already available with the hardware except for the servers (LDAP, RADIUS). Nevertheless, they are readily available in reliable free open source packages (with support available separately) and also in commercial products. In terms of user impact, the access to the network could be coupled with the existing credential system, thus easing the needed user interaction. However, as a first approach these two authentication points in the network and in the VEPR should be done separately. The final purpose is to build a single-sign-on system that would provide only one authentication control.

believed to be very similar to the WPA solution. The impact of the WPA security is negligible in terms of the performance of the system. The throughput achieved was slightly worse in WPA than in a plain system. However, the difference should not be noticeable to users. As discussed, the existing VEPR wired solution was designed and implemented with all the security requirements; adding this extra layer of security results in an easier process, as long as it respects the security goals of the VEPR. With the proposed architecture, secure access to the current system is increased due to the wireless connectivity advantages (e.g. mobility, everywhere access and access to wider range of devices). This access provides secure authentication and authorization, secure communications and also maintains the integrity of the retrieved information, thus preserving the security goals of the VEPR. This is very important and justifies the need for similar studies when implementing wireless solutions.

CUSiON

Open Challenges

Discussion

As future work, a prototype will be implemented within the real scenario so that the wireless solution can be evaluated. Several issues need to be tested and enhanced. These include performance, access control, availability issues (such as DoS), access point correct distribution and usability. Further issues are related to the presentation of the VEPR within wireless devices. This needs proper study as its usefulness and success may depend upon it.

The wireless architecture discussed above is able to provide wide as well as mobile and flexible access to the VEPR implemented within a healthcare institution. The architecture is modular and flexible in order to adapt itself to the existing features so that it can be incorporated when a LAN is already in place. In particular, the proposed architecture takes into account the fact that the existing devices can be reused with WPA/EAPTLS; it also integrates the recent 802.11i standard, making it versatile and upgradeable. To account for the security and performance of the system, several studies and tests were made with the presented technologies. The only exception is the recent 802.11i because no compliant devices were available at the time of testing. Nevertheless, its overall observed performance is

ACKknowledgmen This VEPR has already won 2 prizes for its innovation and results from Portuguese Government Institutions. As such, the first author would like to thank all the parties that collaborated in its implementation, specially the Security Commis-

41

Accessing an Existing Virtual Electronic Patient Record

sion of Hospital S. João, LIACC and CINTESIS for their interest and support.

Refeen Aboba, B., & Simon, D. (1999). Rfc 2716 ppp eap tls authentication protocol. IETF. Retrieved from http://tools.ietf.org/html/rfc2716. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Rfc 3748 extensible authentication protocol (eap). IETF. Retrieved February 8, 2008, from http://tools.ietf.org/html/rfc3748. Baker, D. B. (2003). Wireless (in) security for healthcare. In Advocacy White Paper. Science Applications International. Benson, T. (2002). Why general practitioners use computers and hospital doctors do not---part 2: scalability, BMJ, 325(7372), 1090-1093. doi: 10.1136/bmj.325.7372.1090. Blobel, B. (2004). Authorisation and access control for electronic health record systems. International Journal of Medical Informatics, 73(3), 251-257. CEN. (1999). Health informatics - secure user identification for healthcare - management and security of passwords. CEN. Crude team. (2002, September 13). (c)rude - rude & crude. Retrieved February 12, 2008, from http://rude.sourceforge.net/. Cruz-Correia, R., Vieira-Marques, P., Costa, P., Ferreira, A., Palhares, E., Araújo, F. et al. (2005). Integration of hospital data using agent technologies - a case study. AICommunications special issue of ECAI, 18(3), 191-200. Denley, I., & Smith, S. W. (1999). Privacy in clinical information systems in secondary care. BMJ: British Medical Journal, 318(7194). Retrieved March 10, 2008, from http://www.pubmedcentral. nih.gov/articlerender.fcgi?artid=1115718.

42

Durham, D., Boyle, J., Cohen, R., Rajan, R., & Sastry, A. (2000, January). The cops protocol. Retrieved February 14, 2008, from http://www. rfc-editor.org/rfc/rfc2748.txt. Ettercap Team. (2005, May 29). Ettercap ng. Retrieved February 12, 2008, from http://ettercap. sourceforge.net/. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3), 224-274. Ferreira, A., Correia, R., & Costa-Pereira, A. (2004). Securing a web based epr: an approach to secure a centralized epr within hospital. In 6th International on Enterprise Information Systems, 3(pp. 54-59). Ferreira, A., Correia, R., Antunes, L., Palhares, E., Farinha, P., & Costa-Pereira, A. (2005). How to start modelling access control in a healthcare organization. In 10th International Symposium for Health Information Management Research. Ferreira, A., Cruz-Correia, R., Antunes, L., Palhares, E., Marques, P., Costa, P. et al. (2004). Integrity for electronic patient record reports. In 17th IEEE Symposium on Computer-Based Medical Systems (pp. 4-9). Finseth, C. (1993, July). Rfc 1492 - an access control protocol, sometimes called tacacs. Retrieved February 14, 2008, from http://www.faqs. org/rfcs/rfc1492.html. FreeRADIUS . (2008, January 22). Freeradius server. Retrieved February 12, 2008, from http:// www.freeradius.org/. FreeS/WAN Project. (2004, April 22). Frees/wan. Retrieved February 12, 2008, from http://www. freeswan.org/. Harkins, D., & Carrel, D. (1998). Rfc 2409 the internet key exchange (ike). IETF. Retrieved from http://tools.ietf.org/html/rfc2409.

Accessing an Existing Virtual Electronic Patient Record

Hodges, J., & Morgan, R. (2002). Rfc 3377: lightweight directory access protocol (v3): technical specification. IETF. Retrieved from http://tools. ietf.org/html/rfc3377.

Lehoux, P., Sicotte, C., & Denis, J. (1999). Assessment of a computerized medical record system: disclosing scripts of use, Evaluation and Program Planning, 22(4), 439-453. doi: 10.1016/S01497189(99)00034-8.

HostAP team. (2007, December 2). Host ap linux driver for intersil prism2/2.5/3 wireless lan cards and wpa supplicant. Retrieved February 12, 2008, from http://hostap.epitest.fi/.

Marti, R., & Delgado, J. (2003). Security in a wireless mobile health care system. In Universitat Pompeu Fabra.

IEEE 802.10. (1998). Ieee standards for local and metropolitan area net works: standard for interoperable lan/man security (sils). Retrieved from http://standards.ieee.org/ getieee802/download/802.10-1998.pdf.

McAlearney, A. S., Schweikhart, S. B., & Medow, M. A. (2004). Doctors’ experience with handheld computers in clinical practice: qualitative study. BMJ, 328(7449), 1162. doi: 10.1136/ bmj.328.7449.1162.

IEEE 802.11i. (2004). Part11: wireless lan medium access control (mac) and physical layer (phy) specifications amendment 6: medium access control (mac) security enhancements . Retrieved from http://standards.ieee.org/getieee802/download/ 802.11i-2004.pdf.

Microsoft. (2004). Windows server 2003 active directory. Retrieved February 15, 2008, from http://www.microsoft.com/windowsserver2003/ technologies/directory/activedirectory/default. mspx.

IEEE 802.1X. (2004). Ieee standards for local and metropolitan area networks—port-based network access control. Retrieved from http://standards. ieee.org/getieee802/download/802.1X-2004.pdf. Iperf Team. (2005, May 3). Nlanr/dast : iperf - the tcp/udp bandwidth measurement tool. Retrieved February 12, 2008, from http://dast.nlanr. net/Projects/Iperf/. Kent, S., & Atkinson, R. (1998a). Rfc 2402 ip authentication header. IETF. Retrieved from http://tools.ietf.org/html/rfc2402. Kent, S., & Atkinson, R. (1998b). Rfc 2406 ip encapsulating security payload (esp). IETF. Retrieved from http://tools.ietf.org/html/rfc2406. Kim, H., & Afifi, H. (2003). Improving mobile authentication with new aaa protocols. Retrieved February 15, 2008, from http://citeseer.ist.psu. edu/article/kim03improving.html. Kismet Team. (2004). Kismet. Retrieved February 18, 2008, from http://www.kismetwireless.net/.

Moskowitz, R. (2003, November 4). Weakness in passphrase choice in wpa interface. Wi-Fi Net News. Retrieved from http://wifinetnews. com/archives/002452.html. Ng, S., & Tan. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 138-144. doi: 10.1007/ s10550-006-0051-8. NIST. (2001). Fips-197: advanced encryption standard. Natioanl Institute of Standards (NIST). Novell. (2004). Novell edirectory vs. microsoft active directory. Retrieved February 15, 2008, from http://www.novell.com/collateral/4621396/4621396.pdf. OpenSSL. (2007, October 19). Openssl: the open source toolkit for ssl/tls. Retrieved February 12, 2008, from http://openssl.org/. Oxid IT Team. (2005). Cain & abel. Retrieved February 15, 2008, from http://www.oxid.it/cain. html.

43

Accessing an Existing Virtual Electronic Patient Record

Rigney, C., Rubens, A., Simpson, W. & Willens, S. (1997). Rfc 2138 remote authentication dial in user service (radius). IETF. Retrieved from http://tools.ietf.org/html/rfc2138. Systat Team. (2008, January 6). Sysstat. Retrieved February 12, 2008, from http://pagesperso-orange. fr/sebastien.godard/. Ventura, H. (2002). Diameter next generation’s aaa protocol. Vmstat man page. Retrieved December 17, 2007, from http://linuxcommand.org/man_pages/vmstat8.html. Walker, J. (2003). 802.11 security séries part ii: the temporal key integrity protocol. Intel Corporation. Retrieved from http://softwarecommunity. intel.com/articles/eng/1905.htm. Whalen, S. (2001, April). An introduction to arp spoofing. Retrieved February 15, 2008, from http://www.node99.org/projects/arpspoof/. Whiting, D., Housley, R., & Ferguson, N. (2003, September). Rfc 3610 - counter with cbc-mac (ccm). Retrieved March 8, 2008, from http://www. faqs.org/rfcs/rfc3610.html. Wpa . Retrieved February 8, 2008, from http:// www.wi-fi.org/knowledge_center/wpa/. Wullems, C., Tham, K., Smith, J., & Looi, M. (2004). A trivial denial of service attack on ieee 802.11 direct sequence spread spectrum wireless lans. Wireless Telecommunications Symposium, 129-136. Yu, W. D., & Jothiram, V. (2007). Security in wireless mobile technology for healthcare systems In , e-Health Networking, Application and Services, 2007 9th International Conference on (pp. 308311). doi: 10.1109/HEALTH.2007.381659.

44

EndNoTES

1



2



3



4



5



6



7



8



9

10





11

12



Java version of the Open DataBase Connectivity (ODBC) designed by Microsoft to provide a common API for accessing databases. Network File System is an IETF protocol to allow client systems to access remote storage as if it were locally available. WEP is part of the original 802.11 standard. Some older products that do not support directly WPA can (most likely) be software upgradable. The Wi-Fi Alliance certifies products compliant to 802.11i as WPA2. See http://certifications.wi-fi.org/wbcs_certified_products.php?advanced=1. Note that WPA and 802.11i also are independent of the source application. SSIDs identify the network that a device is connecting to. For technical reasons the AP needs to map SSIDs with VLANs. The AP marks all IP packets with the VLAN associated with the corresponding SSID. For interconnecting the AP and the RADIUS server, a layer 2 or 3 switch is used. It was not technically possible to evaluate the impact on the Access Point. The TCP window size controls the number of packets that can be sent without being acknowledged. Increasing its size will mean that a higher number of packets can be sent but if the receiver’s buffer can not cope with the amount it will mean that the sender will have to re-send more packets. Jitter pertains to the variation of packet delay; the delay is composed by sender delay, travelling in the network delay and receiver delay. The variability of this total delay is measured by jitter.

45

Chapter III

Personal Health Records Systems Go Mobile:

DeILning Evaluation ComSonents Phillip Olla Madonna University, USA Joseph Tan Wayne State University, USA

ABSTRACT This chapter provides an overview of mobile personal health record (MPHR) systems. A Mobile personal health record is an eclectic application through which patients can access, manage, and share their health information from a mobile device in a private, confidential, and secure environment. Personal health records have evolved over the past three decades from a small card or booklet with immunizations recorded into fully functional mobile accessible portals, and it is the PHR evolution outside of the secure healthcare environment that is causing some concerns regarding privacy. Specifically, the chapter reviews the extant literature on critical evaluative components to be considered when assessing MPHR systems.

Inoduion Information technology (IT) is dramatically transforming the delivery of healthcare services. This can be seen through the increased activity in Mobile Health (M-Health) and promotion of the Electronic Health Record (EHR) systems in

the healthcare industry and the recent attention and increased activity in the adoption of Personal Health Record (PHR) systems. By distinction, PHR systems have not established a similar height of interest as the EHR (Tang, 2006), but this is changing as more government bodies such as the U.S. Secretary of Health and Human Services,

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Personal Health Records Systems Go Mobile

the National Coordinator for Health Information Technology, and the Administrator of the Centres for Medicare and Medicaid Services (CMS) have all identified PHRs as a top priority. In addition to the government organizations involvement, standards organization such as Health Level Seven (HL7) have began the standard definition process to formalize a system model for PHRs. PHR aims to allow individual health consumers the ability to monitor and manage their personal health information from multiple sources in a single repository. Research shows that maintaining a PHR encourages personal participation in healthcare and cultivates an increased emphasis on communication between the individual and the healthcare provider (Kupchunas, 2007). The use of a PHR provides the opportunity for healthcare providers to monitor and educate patients on health matters and lifestyle changes, and it also acts as a tool for enhancing health literacy. The PHR will eventually improve the decision making capabilities as the patients become more proficient at recording and monitoring vital health information (Lee, Delaney, & Moorhead, 2007). The goal of utilizing personal health records would be to enhance and optimize the healthcare practices while allowing patients to manage their own health care decision-making. For the caregivers, PHR technology can improve efficiency, costeffectiveness, timeliness, safety, and efficacy of the care processes, whereas for the individual consumers, it can help improve their quality of life. Large organizations and government bodies have recently gained an interest in the PHR phenomenon; for example, Intel, Wal-Mart and BP have formed a consortium, called Dossia, to supply PHRs for their employees; Medicare and Medicaid Services are trialing PHR with Medicare claims; and Google and Microsoft have also entered this market with new products such as Microsoft Health Vault and Google Health. In addition, Verizon Communications in combination with WebMD now offers a password-protected site for PHR (Reese, 2007).

46

The PHR migration to the mobile platform offers immense benefits such as portability and convenience in the accessing and transmitting of personal health records from a single location, the empowerment of the health consumers to control, verify, and manage their own health information, and the potential enhancement of patient-caregiver relations. Unfortunately these benefits can be overshadowed by the concerns regarding security, privacy, mobile technology choice, and validity of information. This chapter will highlight the important evaluation components that need to be considered when the PHR is modified to support mobility. The discussion is structured as follows. Following the introduction, the next section describes the history and background of PHRs. Against this backdrop, an overview of the literature and progress being made on PHR research will be highlighted. This will be followed by a discussion on the four categories of PHR systems, namely “individually maintained”, “tethered” to a health plan or employer, “comprehensive” or “Health 2.0”. Once the advantages and disadvantages of the various types of PHR systems have been presented, the discussion will converge on a framework for Mobile PHR systems evaluation, which is then followed by the review of three commercial Mobile PHR systems using components from the framework. The chapter will then conclude with a summary of thoughts on future growth and development in this area.

Ba and HISTORY of PHR The Personal Heath Record (PHR) is not a completely new phenomenon; accordingly, one of the earliest references to a PHR can be found in an article by Okawa (1973) entitled, “A personal health record for young female students.” Several references to personal health records surfaced prominently as “paper records” up until the mid

Personal Health Records Systems Go Mobile

1990’s, when the computerized version of the PHR appeared. With the diffusion and general use of computers, individuals became interested in maintaining an electric copy of their personal health information. Sittig (2002) conducted a search of available Internet-based PHR’s and came up with 27 identified programs or usable tools; by April of 2003, only 7 of these tools were relevant and still accessible (Sittig, 2002). The demise of these Internet-based companies occurred with the meltdown of the dotcoms, poor business plans, inefficiency, and decreased value to the individual. (Personal Health Working Group, 2005). Even though the early PHR’s were ultimately unsuccessful, they provided valuable insight into the next generation of PHR’s by supporting the fact that by “adopting EMRs, providers and health care delivery systems can facilitate the development and implementation of PHR tools and PHR’s should offer clear benefits to users and critical stakeholders.” (Personal Health Working Group). In summary, PHRs have evolved over the past three decades from a small card or booklet with immunizations recorded on it to a computerized application that stores an individual’s personal health information. A report by the Markle Foundation, Connecting for Health (2003), defines PHR’s specifically as “An electric application through which individuals can access, manage and share their health information, and that of others for whom they are authorized, in a private secure, and confidential environment.” Page 4 Imperative to the usefulness and functioning of the PHR is the establishment of a common data set. At the very least, it should contain information regarding items such as: allergies and adverse drug reactions, illness and hospitalizations, surgeries and procedures, vaccinations, lab test results, and family history. The National Committee on Vital and Health Statistics (NCVHS) reported in 2005

that it is not possible or even desirable to attempt a unitary definition of a PHR. The NCVHS did however state that it is possible and useful to characterize PHRs by their attributes. Attributes associated with PHRs are elements such as the nature of the PHR’s content, the source or sources of information, and the functions that they offer (Sprague, 2006). In retrospect, the consumer and health care provider will be able to maintain this health care information in a way that is assessable to both parties. More recently, President Bush and Secretary Leavitt brokered a plan that would allow patients and their health care providers the ability to access their personal health records through the use of technology (Gellman, 2008). Having this technological capability ensures that patient and health care provider can access healthcare information at any time when seeking medical care. As a result, in 2001, the National Committee on Vital and Health Statistics identified areas in deliverance of healthcare services that required improvements in systems in order to promote quality patient care services, continuity of care and beneficial treatment modalities. Technological systems were further explored in order to change the way personal health information was maintained by the patient and the health care provider. The Hurricane Katrina saga in the USA has caused the healthcare industry to recognize the importance of seeking ways to secure personal health records. For years, people had collected, maintained and stored their health information on paper, in memory, and other manual means. During such disaster, all of the information kept by patients and health care providers became inaccessible. But with the advances in technology, consumers are provided with tools and mechanisms to maintain their own health records through the capability of computer-based applications. The consumer then has the ultimate responsibility of keeping track and updating their personal information so that their medical care is effective and efficient. Additional benefits of a

47

Personal Health Records Systems Go Mobile

PHR include access to health information, data collection, improved health, disease management and tracking, improved communication with health care providers, and although not well documented, it is also believed to lower costs related to chronic disease management and wellness programs (Tang, Ash, Bates, Overhage, & Sands, 2006) According to Kupchunas, “maintaining a PHR encourages increased personal participation in healthcare and fosters a greater emphasis on communication between the individual and the caregivers” (Kupchunas, 2007: pg 185).

PHRLiterature Review PHRs aim to enhance and optimize the healthcare practices while allowing patients to manage their own health care decision-making. On the side of healthcare practices, this would improve efficiency, effectiveness, timeliness, safety; on the side of the patients, it would help them to improve their quality of life. A comprehensive review of the extant literature published on issues related to PHRs using scropus tools (www.scropus.com) is now presented. Scopus is the largest abstract and citation database of research literature and Web sources. Scropus contains over 33 million abstract and provides access to publications in 15,000 peerreviewed journals and 200 book series from more than 4,000 publishers. The system also has access to over 1200 Open Access journals, 500 conference proceedings and 600 trade publications. The literature search undertaken not only investigated the bulk of the academic literature but also reviewed data from 386 million scientific Web pages and 22 million patent records from 5 patent offices. Even though our search criteria covered a period of 20 years, we have chosen to present data that are only from the last decade. The search excluded medical health records, electronic health records, and electronic medical records. This essentially directs the review to focus

48

on system functionality of PHRs along with the unique elements associated with a PHR.

PHR Funionali and Componen There have been considerable research and investment into PHRs over the past decade. This is evident in the growing number of publications and patents registered in this area. Based on a review of the extant literature, the main areas of functionality are illustrated in figure 1. As shown in figure 2, the functionality can be broken down into various aspects of consumer functionality (Denton, 2001). Two major aspects, which are considered to be among the most promising uses for PHR system, are the use of PHR for health education and for managing specific patients conditions(Arbogast & Dodrill, 1984; Bent, Bolsin, Creati, Patrick, & Colson, 2002; Bhuyan, 2004). Another aspect is linking the PHR to decision support. This is also a key research component with obvious benefits to the patients choosing and understanding a suitable treatment plan (Abidi & Goh, 2000; Ackerman, 2007). Other important aspects include consumer information (managing clinical and personal data) and the growing use of PHR systems to support and improve administrative support functions. As issues relating to the area of privacy and security (Agrawal & C. Johnson, 2007; Alban, Feldmar, Gabbay, & Lefor, 2005; Albright, 2007; Alhaqbani & Fidge, 2008; Al-Salqan, Jagannathan, Davis, Zhang, & Reddy, 1995; Anderson, 1996; Armitage et al., 2008; Blobel, Pharow, Spiegel, Engel, & Engelbrecht, 2001) have now become more important than ever given the nature of the new generations of PHR systems, we will examine them separately and more closely in a later section of this chapter. . Although there seems to be a peak in academic research around 2006 (see Figure 1), this has not

Personal Health Records Systems Go Mobile

Figure 1. Personal health records publications

slowed down the commercial field. There is an increase in Web based activities and patent applications. This shows that as the research matures more commercial offerings are being launched. The industry-based publications are focusing on issues such as standards, interoperability, security and integration (Ball & Gold, 2006). Personal health records are maturing rapidly and several diverse actors’ have full-scale implementation of PHR systems - these actors include employer groups such as DOSSIA, and commercial vendors such as Google and Microsoft. The emergence of large organizations such as Google who already hold significant volumes of data about individuals is creating serious concerns. The concept map below provides a snapshot of the current work being undertaken in the field, the research covers a broad spectrum, which highlights the multidisciplinary approach to research in this field.

Business Models A study by Adler, highlighted the fact that 74.6% of patients surveyed were willing to pay a small annual fee for one or more of the following online services: viewing parts of their medical record, messaging with their physician, medication refills, appointment requests, and billing inquiries (Adler, 2006). A variety of sources, such as healthcare providers, insurers, employer or commercial suppliers offer a wide range of products that are available to help you create your own PHR. Some PHRs include products that have free tools, others offer products for purchase, Figure 3 summarizes the various existing business models. An array of complex business models exists in the PHR domain. However, from a general marketing perspective, these can be grouped into three commercial types – consumer purchase, consumer subscription, and a combination of the two (Gellman, R. 2008). For the purpose of this

49

Personal Health Records Systems Go Mobile

Figure 2. Concept map of personal health records research from literature

review, the business models have been classified into five categories:

3.

Consumer subscription model: The consumer is responsible for an ongoing service fee to access the data and related systems. Consumer purchase model: With this approach the consumer pays a fixed fee to purchase the software that provides the core functionality of the PHR outright. This type is typically a desktop application. The subscriber may also have the option to purchase a support contact.

4.

1.

2.

50

5.

Free model: With this model the PHR is free to consumers because the service is supported by advertising. Employee support model: With this model, an employer or health plan will contribute part or all the fees to run the service. This is seen as preventative medicine as there is strong evidence that they could save money on health care costs in the long run. Combination: There is also the possibility that a combination of these various models could be in effect. For example a PHR service paid for by an employer or health plan may allow advertising.

Personal Health Records Systems Go Mobile

Figure 3. Business model for personal health records

Although these models may be the obvious source of revenues, there may be other elements in play such as affiliation models with informational Web sites, niche search engines, articles, surveys, software downloads, and a variety of products that are not directly associated with the PHR system. Prices and formats vary widely, with diverse levels of technical abilities and functionality among the different product lines. From the perspective of Health Insurance Portability and Accountability Act (HIPPA), many of the PHR sites state in their guidelines that they ‘comply with’, or ‘we voluntarily operate within the guidelines’, but most mentioned nothing about HIPPA

certification. Most sites stated they protect the privacy of personal health information (PHI) and will not share your PHI. A PHR privacy policy study in 2007 conducted by the Department of Health and Human Services (DHHS) stated that “only 3 percent, or one in 30, of PHR privacy policies stated that explicit consumer consent was necessary prior to the vendor sharing any of the data in the PHR” (Gellman, 2008, p. 7). Even though numerous PHRs are free to consumers, a PHR vendor is operating a business, in which revenues are generated primarily through advertising and marketing. Therefore, it is imperative that consumers educate themselves when sharing their information with PHR vendors.

51

Personal Health Records Systems Go Mobile

Categorization of PHR Systems Based on Ownership There are many ways to categorize PHR systems, but for the purpose of this chapter, the concept of ownership is used. This approach was taken to highlight the potential issues that arise from transferring ownership. Most of the existing applications fall into three main categories: individually maintained, “tethered” to a health plan or employer, or comprehensive (Sprague, 2006). A new category, which has also emerged recently and has been added for the purpose of this review, is called health 2.0. It is this new category of PHR applications that is providing serious concerns from a security and ethics perspective. In order to assist readers attempting to compare and contrast among the different categories, we will also highlight the respective advantages and disadvantages associated with each category.

MoBIile HEALTH 2.0 PHRS This category refers to the new generation of Web 2.0 healthcare applications that support mobility. Health 2.0 is just as difficult to define as the Web 2.0 concepts. The Health 2.0 conference definition focuses on user-generated aspects of Web2.0 within health care but not directly interacting with the mainstream health care system. The problem with this definition is that it is very difficult to separate the user generated and mainstream healthcare systems without generating duplication and redundancy. Given that there are several definitions, we have decided to share the approach taken by Scott Shreeve from CrossOver Healthcare due to the pragmatic nature of his definition of a Health 2.0 Company: “Next generation health companies that leverage the principles of openness, standards, and transparency; utilize the technology tools

52

of collaboration, information exchange, and knowledge transfer; and focus on delivering value added services that empower health participants (patients, physicians, providers, and payers) with freedom, choice, and accountability for health outcomes. There is currently a lot of debate regarding this new concept. Some believe that the these companies are providing a wider movement to reform the entire US health care system, while others believe that these are merely tools and technologies to support the current system. There are considerable concerns when companies that are not within the health care industry take active roles in storing and maintaining personal health data. Most of the companies that operate in this domain are strong advocates for mobility and are keen to integrate mobile technology into their Web portal solutions. Google is implementing a pilot at Cleveland Clinic hospital in Cleveland as the pilot site for a new personal health records initiative. Between 1,500 and 10,000 patients will partake in the project. Patients will have their current MyChart electronic health records migrated to their Google accounts. Once the PHRs, are shared with Google, patients will have the capability to access them outside of the Cleveland Clinic. Google is not the only technology giant looking to change the healthcare industry. AOL founder, Steve Case, has recently launched a new organization called Revolution Health (http://www.revolutionhealth. com/); InterActiveCorp has also invested in several health-related start-ups (http://www. healthcentral.com/); and Microsoft has been very active with a medical record service called HealthVault. One of the ways that companies are providing customers with additional benefits is by providing secure access to the health records stored on the portals via a mobile device. At this point, we will highlight the respective advantages and disadvantages associated with the Health 2.0 category.

Personal Health Records Systems Go Mobile

Advantages

Individually Main PHR

• •

The simplest form of a PHR is one that is maintained by the individual. This sort of PHR is created, updated, and controlled strictly by the individual (Sprague, 2006). Such a PHR allows the individual to organize and retrieve their own health information and it captures the patient’s concerns, symptoms, emergency contacts, and other relevant information (Endsley et al., 2006). This type of PHR can be software driven and may reside on a person’s computer or be Web-based. The Wed-based format is maintained by a thirdparty. Other devices such as “smart cards,” USB drives, and CDs can also be utilized for this type of PHR (Endsley et al., 2006).

The data is available from anywhere Interoperability and the use of open interfaces mean that data can be imported directly from the healthcare provider in some cases.

Disadvantages •

•

• •

This approach has already raised serious privacy concerns due to the migration of private data into the commercial domain, and critics of such projects have already begun to make themselves heard. These third-party PHR systems are not covered by the HIPPA, which has been in effect since 1996 and requires individuals to be notified when a party other than a patient's doctor wants to access confidential medical information. There will be some costs associated with the business model. Access to the Internet is required to access data via the mobile device.

Advantages The individually maintained PHR has a limited number of advantages, aside from it being controlled by the individual; the security may be the biggest advantage of this type of PHR. The individual PHR provides more control over access to the data contained within the PHR (Tang et al., 2006).

Figure 4. Personal health records categories

53

Personal Health Records Systems Go Mobile

Disadvantages The question regarding the individual PHR is how often will the individual update their PHR? The individual PHR, as maintained by the individual, may not be updated as often as they should. Another disadvantage is that it may not be considered a trusted conduit for transmission of medical information among clinical offices or health care institutions. Another aspect is the fact that the individual PHR may not have enough back-up systems in place in case of any technical malfunction (Tang et al., 2006). As we discussed the back-up system, we need to also take into consideration the literacy of the individual. How well versed is the individual with regards to medical and technical information? Does the individual understand and comprehend the information and can they relay the information technically (Tang et al., 2006).

who changes jobs or insurance companies may lose access to the personal health information (Sprague et al., 2006). Other disadvantages include security and privacy issues and the question of standardized language (Tang et al., 2006).

Compehen PHR

The “tethered” PHR, populated with claims data and typically available to the consumer through a secure Web portal, is created by a health plan or an employer Web.

A more sophisticated PHR is made available through the electronic health record (EHR). A care provider or organization, such as a hospital, physician, or an integrated delivery system, usually maintains the EHR. The EHR is designed to be a repository of clinical information on a patient and to accept information from a variety of sources. The sources of information may include physicians, laboratories, and consumers. The capability of this type of PHR allows the consumer access to some portion of his or her clinical data, under rules set by the provider; it may also allow secure e-mail messaging, access to condition-specific information, appointment scheduling, and many other functions (Sprague, 2006). Different organizations will maintain a range of somewhat differing policies and procedures with respect to availability, accessibility, portability, release and use of personal health information captured in the PHR.

Advantages

Advantages

The main advantage of the “tethered” PHR is the fact that this type of integrated PHR can provide the patient with much more relevant data. It may also provide the patient with a better back-up system, due to the fact that the integrated PHRs have a larger back-up system (Sprague, 2006).

The biggest advantage is the access that patients will have to a wide array of credible health information, data, and knowledge (Tang et al., 2006). A secondary but still very important advantage is the potential to lower communication barriers between the patient and health care provider (Tang et al., 2006). Integrated or comprehensive PHRs provide an ongoing connection between patient and physician (Tang et al., 2006).

“Teed a HEALTH Plan omploye

Disadvantages A major disadvantage to the “tethered” PHR is the lack of portability; for example, the individual

54

Personal Health Records Systems Go Mobile

Disadvantages Many of the disadvantages are the same for the comprehensive as for the “tethered” PHR. The issues of security and privacy and the use of standardized language are being raised with regards to the comprehensive PHR. The World Privacy Forum recently issues a report on why many PHRs can actually threaten security. The next section will discuss some of the important issues surrounding privacy and security of PHR systems

Categorization Based on Storage Medium There are now organizations that collected, organized, summarized, and then make available electronically copies of all of the medical information. In some cases, the information is provided to user in a wallet or regular CD, or it could be accessed through the Internet. Typically an electronic PHR can be maintained in various formats including paper-based, PC, Internet or

portable (flash drive, CDROM, DVD or smart card) or on mobile devices.

PHRon Peonal Compu PHR products that involved health information residing on one’s own computer is one of the most common types of PHR service. . The user typically uses a CD or downloads the PHR template from the Internet to the personal computer. Information about one’s health would then be entered and maintained by the user on his or her computer.

PHR on UNIVERSAal SERIial BUS (USB) DRIVES A USB, (Universal Serial Bus), also known as thumb drive or jump drive, is an inexpensive, portable, electronic device used to store information. The USB is a NAND flash device, with memory stored in chips. This architecture allows for low

Figure 5. Categorization of PHRs based on storage medium

55

Personal Health Records Systems Go Mobile

power consumption, fast speed of use, and high density, allowing for storage of large amounts of information (Axelson, 2006). Device memory is “nonvolatile”, easily allowing the user to write and erase information. Moreover, these devices are designed to spread the write-erase cycles evenly across the components of the device in order to prolong the device life.

Advantages Utilization of a USB device for storage of the PHR promotes an important goal, which is, encouraging individuals to become actively involved in their healthcare. With a USB device, the individual manages health information data input and storage (Ball, Smith, & Bakalar, 2007). Once health information is stored on a portable USB device, this information can be quickly accessed anywhere, a factor especially important during emergencies (Shetty, 2007). USB access is a standard feature on all computer systems, and the USB devices allow easy insertion and disconnection without interruption of the system (www.intel.com). Individuals who advocate for development and utilization of PHRs stress that portability of the PHR is important as individuals move through the healthcare system. A USB would allow individuals to input and integrate data from many different sources, such as electronic health records, laboratories, radiology departments, and pharmacies. With increased consumer awareness of the importance of privacy, confidentiality and information security, a USB device that is individually carried and controlled can be an ideal solution (Ball et al., 2007). One design characteristic of USB devices that makes them desirable for information storage is durability, as the devices have no moving parts with the casing protecting the components (Axelson, 2006). Research of various USB vendors provided information on features available, including continuously increasing storage capacity, overwrite/modification prevention, display of remaining storage capacity, display of owner

56

identity, and ability to perform on-line back up support. Security technology available includes encryption, password protection, requirements for complex passwords, password reset capability, biometric identification verification, and “lost and found” features.

Disadvantages USB device issues that can be problematic for PHR utilization include potential for device damage and data corruption. In addition, the costs of USB devices increase as the technological and security features become more advanced and complex. Healthcare information is secure on the USB device when in possession of the owner, however, if the device is lost and data on the device is not encrypted or password protected, privacy can become jeopardized (Tang et al., 2006). While the goal of a PHR is to increase an individual’s engagement in their own healthcare, those involved in the evaluation and promotion of PHRs question whether consumers are capable and willing to assume the tasks and costs involved in maintaining a stand-alone/USB PHR (National Committee on Vital and Health Statistics, 2006). The ongoing work involved in keeping the USB PHR up to date will most likely be seen as a burden to many consumers. Many providers would not likely see a PHR that contains information stored and maintained solely by individual consumers as a trusted or valid source. Similarly, providers may deem the information stored by consumers as “clinically irrelevant”, and if the information were excessive, it would be overwhelming for providers to review (Tang et al., 2006). If providers decide that information contained in the PHR is unimportant, the value of the PHR is adversely affected (Ball et al., 2007). Finally, providers may be concerned with the legal issues involved in the utilization of PHR data, that is, when the treatment decisions they made are based on inaccurate or invalid patient-entered information (Tang et al., 2006).

Personal Health Records Systems Go Mobile

While utilization of USB devices for PHRs promotes individual’s engagement in their healthcare, the ability to interface and integrate healthcare information over time is a priority that an USB/stand-alone record cannot provide as the sole PHR source.

PHRon WORLld WIDE WEB Personal health records on the Internet are a growing phenomenon. These systems typically consist of a patient’s personal health information on the Internet, entered by them and/or possibly by their caregivers. Patients can record their personal information, demographic information, emergency contacts, insurance, medications, allergies, immunizations, tests, hospitalizations, surgeries, advance directive, spiritual affiliation, and even their care plan (Colorafi, 2006). There are several Web sites on the Internet promoting personal health records. In 2001, if you performed a general search on the Internet for personal health records revealed over 19 sites, some of the examples found included Dr. I-Net, HealthCompass, MedicalEdge, MedicalRecord. com, MedicData, Medscape, AboutMyHealth, and many more (Kim, & Johnson, 2001), this number has grown significantly. The Web services begin with a registration process that involves the user choosing a username and password. Through a Web interface, users then complete information about their (or a family member’s) health that is stored in a secure server maintained by the PHR company. Users can then access that information (and/or authorize access to others such as emergency contacts, physicians, or ER departments) by logging-in and providing their password. At this point not too many patients are aware of personal health records. First, many of them are not computer savvy; or since some of the Web sites are subscription based. However, there are some companies that are willing to help out their employees, and are encouraging the use of a PHR.

A number of U.S. companies are working together to develop “Dossia”, a Web-based framework to assist employees and retirees to create and maintain lifelong personal health records, of themselves and their dependents.

Advantages There are many advantages to having PHR on the Web for patients, physicians, employers, and pharmaceutical companies. “Technology can allow the use of personal health records that patients themselves can maintain, can allow and promote telehealth systems, and can actually enhance consumer choice” (Colorafi, 2006) Page 3. Several of these sites “allow patients and physicians to share patient-charted information and diagnostic test results. The benefit to the physician and office staff is that it enhances the physician’s teaching efficiency and reduces communication bottlenecks when the telephone is the sole communication tool” (Smithline & Christenson, 2001). Another push towards the Internet for physicians is the ease of use with their handheld devices. They are able to research medications, diseases, treatments, as well as patient labs, test results, and even billing, coding, and dictation abilities. Electronic prescribing systems are also on the rise and a great advantage to the physician and patient. These systems increase patient safety and physician efficiency (Smithline & Christenson, 2001). There are many benefits to the use of the Internet and personal health record. “The most important benefit the Internet will bring to health care will be the integration of information” (Smithline & Christenson, 2001).

Disadvantages 1.

With all the positive aspects of PHR and the Internet, some major disadvantages includecost and training. In addition, with the increased use of computers and the Internet,

57

Personal Health Records Systems Go Mobile

2.

3.

there is an increase of technical issues and system downtime. Training staff can be tricky, especially since a large number of health care providers did not grow up with the internet or e-mail. There will be a large cost for training staff in addition to hardware costs, software costs, implementation, maintenance, and productivity improvements (Colorafi, 2006).

Advantages 1.

2.

3.

Patients can create and maintain comprehensive online PHR accounts via the mobile devices. The mobile devices provide the capability to easily update and manage that PHR at any time, and from any location. Easy and convenient to use for wellness and health monitoring.

PHRS on Mo devi

Disadvantages

There is a new trend that is enabling patients to use their mobile devices to access details from their PHR. Patients can use the mobile device for a variety of functions including: maintaining a real-time health diary, and tracking vital health measures such as blood glucose levels, blood pressure, carbohydrate intake, height, weight. This approach can also be used to record and monitor physical activity such as diet, calorie intake or exercise. As people are becoming more reliant on mobile technology to organize and manage day to day routines, accessing and maintaining personal health information on wireless devices is a natural progression. One approach taken by system developers is to provide functionality that will allow emergency details along with important data such as immunization records, insurance details, and allergy information from a PHR portal to be downloaded to a secure module within a mobile devices operating system. Another approach is to provide access to the PHR via Smartphones / mobile device using the Internet and the mobile network to view and update the records held in the PHR portal. The benefit of the latter approach is the ability to gain access to more detailed information such as clinical records, medical history and interventions.

1.

58

2.

3.

If the device is lost and the health data is stored on the mobile device, there could be serious security implications for the patient. The screen for the mobile device may not display all the information clearly due to the size and those users who are not used to mobile displays may find it difficult to navigate and access information. Only limited information can be viewed, while images and notes may be difficult to understand. The mobile version is not a replacement for the Web portal, and the role is to provide an interface to the portal.

Creating a Framework for Mobile PHR Systems Evaluation The Mobile PHRS framework presented here has been inspired by the Personal Health Record System Functional Model (PHR-S FM), a model proposed by the Health Level Seven (HL7), along with the Evaluation model proposed by (Kim & K. Johnson, 2002). The approach by Kim (2002) provides a comprehensive view of the PHR functions, and identified five prospective functions of PHRs. The model outlined requirements for accurate entry of information and verification of reported test and study results. The criteria also outlined requirements for the provision of different

Personal Health Records Systems Go Mobile

routes of access, links to consumer health care information, functions to process and interpret information, and functions to provide secure communication between patients and providers. This evaluation was constrained by Web based criteria and does not take mobility into consideration. Another important element omitted from the Kim model is the data storage medium. HL7 is a premier health care information technology standards development organization boasting an extensive national and international representation. The main purpose of the PHR-S FM is to define the set of functions that may be present in PHR systems. The PHR-S also presents a set of guidelines that “facilitate health information exchange among different PHR systems and between PHR and EHR (electronic health records) systems,” The HL7 group advocates that “The PHR-S FM can be applied to specific PHR models (stand-alone, Internet-based, providerbased, payer-based, or employer-based models). At the same time, the Functional Model is flexible enough to encourage product innovation.” The mobile model presented here also takes into consideration the mobility aspects. The model is currently not an American National Standards Institute (ANSI)-accredited standard. The ANSI accreditation process will take 2 years. This means that the PHR-S FM will become a U.S. standard for PHRs at around 2010. Once the PHR-S FM is finalized by HL7, it will ensure that standards are available to the health care industry and the general public for use in PHR development. There is currently a profusion of PHR systems in existence but there is a lack of a functional standard to which these systems should conform. HL7’s PHR-S FM will be the first major industry standard to specify functionality for PHR systems. HL7 proclaims that the development of standardized, interoperable PHRs is a major component in the U.S1. DHHS plans, which is to make health information available electronically through a National Health Information Network (NHIN) by the year 2014.

Portability of Records: The HL7 EHR Technical Committee was created in 2005 by the PHR Working Group - the group has members from heathcare providers, consumers, vendors, and payers. The group recently announced that it had entered into a memorandum of understanding (MOU) with America’s Health Insurance Plans (AHIP) and the Blue Cross and Blue Shield Association (BCBSA) to create a collaborative process for the maintenance of portability standards for PHRs. AHIP and the BCBSA have already developed an implementation guide (Implementation Guide for the Personal Health Record Data Transfer Between Health Plans) containing technical standards, a data dictionary, and operating rules for the transfer of PHR data elements between health insurance plans. Under the MOU, AHIP and the BCBSA have agreed to turn over the maintenance of the technical standards components of the Implementation Guide to HL7 and ASC X12 to ensure long-term maintenance of the standards. With considerable research and investment into personal health records over the past decade, and the growing number of publications and patents registered in this areas, our review unveiled that the main areas of PHR functionality or concern can be grouped into four functional areas as illustrated in Figure 6 and Figure 7. Personal health records are maturing rapidly and several diverse actors’ have fullscale implementation of PHRs, - these groups include subscribers, employer groups such as DOSSIA, and commercial vendors such as Google. There are few Web based systems that are fully integrated into ambulatory or hospital-based EMR systems. There are considerable challenges to implement the ideal PHR system, and there are important lessons that can be learned from the early adopters. A study by Halmaka et al (2008) identified a set of unique implementation issues and concerns from three case studies MyChart at Palo Alto Medical Foundation, PatientSite at Beth Israel Deaconess Medical Center, and Indivo at

59

Personal Health Records Systems Go Mobile

Figure 6. Mobile personal health record functional overview

Children’s Hospital Boston. They identified the following implementation challenges from 1999 to 2007, postulating that further challenges are likely to evolve over the next five years. Current challenging questions facing implemented PHR systems include: • • • • • •

•

Should the entire problem list be shared? Should the entire medication list and allergy list be shared? Should all laboratory and diagnostic test results be shared with the patient? Should clinical notes be shared with the patient? How should patients be authenticated to access the PHR? Should minors be able to have their own private PHR and should patients be able to share access to their PHR via proxies? Should PHR include secure clinician/patient messaging?

Future challenging questions that may arise in 2008 and Beyond include:

60

•

• •

•

•

•

PHRs are institution-based and patients will want a single PHR that works with all their sites of care – how can this be achieved? Should PHRs support electronic data input from outside institutions? How do you allow patients to integrate knowledge sources on the Internet with their PHRs? How do you connect patients using social networking tools? Patients with specific diseases may want to connect to communities of others with similar diagnoses Patients may wish to participate in clinical trials, post market pharmaceutical vigilance, or public health surveillance via their PHR – how is this possible without compromising security? How do you securely incorporate the concept of mobility in a PHR system?

The next section will discuss the wireless and information management element of the evaluation framework, which are important evaluation components of a mobile PHR.

Personal Health Records Systems Go Mobile

Figure 7. Mobile personal health record functionality

Mobile PHR Information Infrastructure There are no clear guarantees that the use of any IT applications in healthcare is going to be effective due to the technical complexity of Health IT systems. In the past healthcare software and hardware markets were considered to be less mature than other Industries and for medical technologies (Chiasson & Davidson, 2004). This notion is changing due to the development of new innovative software applications and availability of hardware specifically targeted to the growing healthcare market. The key to the growth in this area has been the launch of software that improves effectiveness by providing functionality to manage the administrative and support functions of healthcare. It is important that any PHRS system should take into consideration Information Infrastructure from the following Dimensions.

1.

2.

3.

4.

Interoperability: Interconnectivity among systems is important and managing relationships with various healthcare providers in a seamless and efficient manner along with providing user-friendly processes and interfaces to perform administrative functions are key features that must be considered in the design of a PHR. Information management: Question about how the data is to be stored, how often will it be backed up, and what storage medium is in place are key to successful information management. Record security: A variety of options may be available such as password protection, biometrics, and encryption, but the challenge is to fit the best mechanism to the purpose and design of the PHRs. Audit capabilities: With growing security and privacy concerns, measures must be in place to provide detailed audit of access to the records.

61

Personal Health Records Systems Go Mobile

It is vital that any MPHRS is evaluated on the audit capabilities. Clear and comprehensive audit policies must be defined that describe the use of patient medical records within the system. The policies should not only aim to protect the confidentiality and integrity of data but also protect the patient. One of the important features of the new generation of PHR systems is their ability to interconnect electronically using predefined interfaces or XML based interfaces. All sub systems

Figure 8. Information infrastructure components

62

transferring data need to provide secure interconnection capabilities between the host systems and the PHR database. The data must be protected in terms of data integrity and patient privacy. Security policies for personal health information must be carefully designed in order to limit the number of people, clinical physicians, insurance companies, nurses, and others, that can access the patient record, and to control the operations that may be applied to the record itself (Anderson 2006).

Personal Health Records Systems Go Mobile

Jelena (2007) defines clear policies that are appropriate for wirless clinical information systems, these policies have been adapted to a PHR. These policies are discussed below as a number of security procedures: •

•

•

•

Each record must have an associated access control list - a list that restrict access to the records other than those individuals and groups identified on the access control list. There must be an individual on the access control list that must have administrator privileges and/or rights, i.e., the power to add other users to the access control list. It is critical that the administrator notifies the patient of any changes of names on the access control list to any part of the patient records. An audit log of usage activity must be presented to the user. Each time the record is accessed the following information must be presented - the name of the user performing the access, the date and time of access, and the manner of access (including records read, updated, stored, and/or deleted) - and has to be recorded. When the patient is incapacitated, the ownership of the records should belong with the legal guardian or another person with the appropriate power of attorney, not the person with the patients’ mobile device.

WieleETWORK Componen The adoption of mobile technologies in healthcare is on the increase and technologies such as Wireless Local Area Networks (WLAN) that use different protocols from the standard digital mobile technologies such as 2G, 2.5 and 3G technologies. A summary of these technologies are presented below along with the speeds and range covered.

It is important to understand how the device will connect to the Internet to access private health information as some networks are more secure than others. The ease of access that wireless networks offer is matched by the security and privacy challenges presented by the networks. One of the key concerns surrounding the implementation of Mobile PHRS is the issue of security. Moving a PHR into the mobile realm compounds these security fears. There are four types of security breaches that can occur. 1.

2.

3.

4.

Data duplication: PHRs raise the possibility of storing health data in multiple storage locations. For example in the EMR, Hospitals databases, and the PHR. In a mobile scenario this issue is compounded because the data may also exist on the mobile device. Data transmission issues: Using open unsecured networks such as wireless local area networks (wifi) to transmit personal health information will leave users open to security vulnerabilities. The system must detect when using an unsecured network and prevent the release of information in that scenario. Lost devices: If the device is lost, the data server must prevent that device from accessing medical information from that device. If the functionality is embedded within the SIM card the device must prevent the embedded functionality as well. Virus and malware: There is a growing trend of Viruses being targeted at mobile devices due to the proliferation of mobile devices.

MoBIile PHR SYSTEemReview There are a variety of configurations that can be employed for a mobile PHR system. Each of the approaches provides a variety of benefits along with potential security vulnerabilities. The section

63

Personal Health Records Systems Go Mobile

Figure 9. Wireless system components

will use the evaluation framework defined in the previous section to review three commercial PHR systems that support mobile phone access.

System 1: In Case of Emergency (IC) PHR Mobile This PHR product is a combination of CapMed products, icePHR and Microsoft HealthVault. The aim here is to make appropriate medical records freely available “In Case of Emergency (ICE)”.

64

The user has the capabilities to modify what pieces of their information will be accessible in an emergency situation by using a Web application. The full medical record resides within the HealthVault eco-system and is transferred into the icePHR. The icePHR emergency data are viewed by three methods. 1. 2.

displayed through a personalized icePHR Web site, wallet-size emergency card,

Personal Health Records Systems Go Mobile

Table 1. Wireless networks Networks 2nd Generation GSM

Speed 9.6 kilobits per second (KBPS)

Range and Coverage

Main Issues for M-Health

World wide coverage, dependent on network operators roaming agreements.

Bandwidth limitation, Interference.

High Speed Circuit Between 28.8 KBPS and 57.6 KBPS. Not global, only supported by Switched Data (HSCSD) service providers network.

Not widely available, scarcity of devices.

General Packet Radio Service (GPRS)

171.2 KBPS

Not global, only supported by service providers network.

Not widely available.

EDGE

384 KBPS

Not global, only supported by service providers network.

Not widely available, scarcity of devices

UMTS

144 KBPS - 2 MBPS depending on mobility

When fully implemented should offer interoperability between networks, global coverage.

Device battery life, operational costs.

Wireless Local Area

54 MBPS

30–50 m indoors and 100–500 m outdoors. Must be in the vicinity of hot spot.

Privacy, security.

Personal Area Networks 400 KBPS symmetrically – Bluetooth 150 -700 KBPS asymmetrically

10 – 100m

Privacy, security, low bandwidth.

Personal Area Networks 20 kb/s – 250 KBPS depending on – Zigbee band

30m

Security, privacy, low bandwidth.

WiMAX

Up to 70MBPS

Approx. 40m from base station.

Currently no devices and networks cards.

RFID

100 KBPS

1m Non line-of-sight and contact less transfer of data between a tag and Reader.

Security, privacy.

Satellite Networks

400 to 512 KBPS new satellites have potential of 155MBPS.

Global coverage.

Data costs, shortage of devices with roaming capabilities. Bandwidth limitations.

3.

Mobile client side wallet.

The Wallet is the client-side portion of the application and resides on the mobile phone or personal computer. The personal health information located externally or privilege information is accessed right to the wallet. The mobile device would need to receive a software installation which can be delivered over-the-air. Vault Server: the Wallet communicates with the MobiSecure Vault Server for data synchronization and management. The role of Server-based software is to securely host, manage and retrieve personal user data from external data sources. The Personal Health record

application must be hosted on the server side of the provider of the Vault Server software. The user has the capability to view, submit or send, via fax, email or SMS, the user’s selected data. icePHR Mobile is a mobile device accessible software application that provides the capability to store and manage emergency medical information and contact numbers in a mobile phone. This product requires that the user subscribes to icePHR subscription. Mobile devices must meet the requirements of installing and running the custom icePHR Mobile application to allow the data to be stored on the phone negating the need for a data link connection. The application will

65

Personal Health Records Systems Go Mobile

allow subscribers the editing capability to insert, update and delete medical information directly on the icePHR server when Internet access is available.  The icePHR application is only supported on specified networks and on a number of certified handsets, which includes smartphone, blackberries and standard mobile phone handsets that run java Midlet. The phones that do not incorporate the technology to install and run the icePHR Mobile™ application can use the WAP to view medical information stored on the server. To use WAP, the handset must have a built in Web browser such as Media Net. Unlike the Java icePHR Mobile

application where medical data are stored on the device, using the WAP access method no information is stored on the device nor can the user edit the records over WAP.    

System 2: No More Clipboard M-PHR NoMoreClipboard.com is an online, patient-controlled personal health record management system designed to consolidate medical information in one convenient and secure location for easy retrieval and updates. NoMoreClipboard.com provides Web-based solutions to maintain an online personal health record (PHR). The system

Table 2. Evaluting three commercial MPHR Systems Criteria

System 1

System 2

System 3

System Name

ICE PHR

No More Clipboard

allOne Mobile

System Description

software application that provides the capability to store and manage emergency medical information and contact numbers the a mobile phone.

Mobile Web based patientcontrolled personal health record management system designed to consolidate medical information

AllOne Mobile cell phone-based application. to manage personal health information. Patient information

Network

2G or 3G Cellular requires data plan and SMS Plan

Access via mobile Internet browser using WiFi

Access via mobile Internet browser using WiFi

Device - OS

RIM 3.6, J2ME 1.1, Windows mobile for Pocket PC and Smart phone 2003+

Any device with Internet access

Blackberry RIM Java, Windows mobile for Pocket PC and Smart phone 2003+

Devise - Type

Mobile Phone (singular, sprint devices), Smartphone or PC

Any mobile device with Internet capabilities

Any mobile device with Internet capabilities

Information management

Application is downloaded and stored on the device

Application is run from the server. The user accesses the information via navigating to the home page on the mobile device

Application is downloaded and stored on the device

Data Storage

Stored on Device. (There is also an option to store data on server for non supported handsets

All the data is stored on the server

Data is stored on both the server and device

PHR Capabilities

Provided by ICEPHR and Microsoft Health Vault

Provided by Nomoreclipboard. com. Can integrate with Microsoft health vault

Integrates with online PHRs via community of Care (CCR) standards

Business Model

Add on to the ICE PHR subscription

Subscription only

Subscription only

Access technology

Uses WAP for non supported devices

Via mobile browser. Future enhancement will allow cellphone technology to access sever

Via mobile browser.

66

Personal Health Records Systems Go Mobile

also provides cell phone integration capabilities. Patients with Internet-enabled Smartphones such as the Palm Treo or Apple iPhone can interact with a PHR if they have an account with NoMoreClipboard. This approach requires the user to be connected to the Internet as no data is downloaded to the device. To gain access to the Web portal from a mobile device the users points their Smartphone browser to the PHR portal address and a version of the PHR application optimized for mobile devices is presented. Future functionality will include the capability to send reminders, receive appointment alerts, medications reminders, or follow care plan directives. The Patients will also have the capability to capture pain levels or illness symptoms as they occur and insert this information directly into the PHR. Patients will also be able to capture and store images from their phone into their PHR. From a security perspective the site uses Secure Socket Layer (SSL) account security. Although the information is secured behind a firewall, accessing the information over non-secured network can lead to security vulnerabilities. An application under development that uses Binary Runtime Environment for Wireless (BREW)will allow patients with standard Code division multiple access (CDMA) based wireless devices to access their PHRs. A Short Messaging Service (SMS) interface is also being developed to enable communications between patients and the PHR system.

System 3: AllOne Mobile MPHR AllOne Mobile cell phone-based application was created by the AllOne Health Group Inc. to manage personal health information. Patient information is stored behind a password-protected, encrypted channel using Diversinet wireless security application. AllOne Mobile uses mobile technology to facilitate the exchange of critical health information between individuals, providers, and health plans. This application downloads wirelessly a small application to the mobile device, which

accesses the patients PHR stored securely on the Internet. The PHR system allows updates from the mobile device. The application supports all smartphones and the majority of non-business mobile consumer devices. The AllOne Mobile application supports the following features. •

• • •

Storage of confidential personal information, including provider and insurance information, allergies, immunizations, and medications Synchronize their mobile device with Web based PHR. Fax PHR information from a Mobile device Control access to receipt of relevant and timely communications on health care–related topics

AllOne Mobile integrates with existing health care information systems and applications, including existing online PHRs.

Conlu The goal of the MPHR system is to provide secure and controlled access to personal health informationat anytime via a mobile device to improve health outcomes. Mobile PHRs can provide patients with a variety of functions including: maintaining a real-time health diary, and tracking of vital health measures such as blood glucose levels, blood pressure, carbohydrate intake, height, weight. This chapter presented a framework adapted from the HL7 PHR functional model and PHR literature.The purpose of the framework is to define the set of functions that may be present in Mobile PHR systems and to highlight important components that must be taken into consideration when evaluating Mobile PHR systems. The growing number of large technology organizations entering the PHR landscape will

67

Personal Health Records Systems Go Mobile

eventually help the industry by driving standards forward, developing open interfaces and generating awareness of the products and implementing solutions that incorporate mobility on the one hand, and satisfying standards requirements and regulatory policies such as HIPAA privacy and security rulings on the other hand. The key challenge that is likely to evolve from the influx of non healthcare organization delivering PHR systems runs parallel with Electronic Medical Records (EMR) and EHRs prior to HIPPA rules and regulations, enacted by the USA congress in 1996. These problems included the denial of health care coverage to individuals with chronic and genetic predispositions to diseases and the release of personal health information. Ultimately consumers must exercise extreme caution when utilizing and implementing a mobile or Web based PHR.

Refeen Abidi, S., & Goh, A. (2000). A personalised Healthcare Information Delivery System: pushing customised healthcare information over the WWW. Studies in health technology and informatics, 77, 663-667. Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2s2.0-0034574134&partnerID=40&rel=R7.0.0. Ackerman, M. (2007). The personal health record. The Journal of medical practice management: MPM, 23(2), 84-85. Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2s2.0-38449122521&partnerID=40&rel=R7.0.0. Adler, K. (2006). Web portals in primary care: An evaluation of patient readiness and willingness to pay for online services. Journal of Medical Internet Research, 8(4). Agrawal, R., & Johnson, C. (2007). Securing electronic health records without impeding the flow of information. International Journal of Medical

68

Informatics, 76(5-6), 471-479. Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-33947621113&partnerID=40&re l=R7.0.0. Alban, R., Feldmar, D., Gabbay, J., & Lefor, A. (2005). Internet security and privacy protection for the health care professional. Current Surgery, 62(1), 106-110. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-13844 266517&partnerID=40&rel=R7.0.0. Albright, B. (2007). Prepping for PHRs. The growing trend of consumer empowerment includes the speedy rise of personal health records. Healthcare informatics: the business magazine for information and communication systems, 24(2). Retrieved from http://www.scopus.com/scopus/ inward/record.url?eid=2-s2.0-34247121143&par tnerID=40&rel=R7.0.0. Alhaqbani, B., & Fidge, C. (2008). Access control requirements for processing electronic health records, 4928, 371-382. Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2s2.0-40549129015&partnerID=40&rel=R7.0.0. Al-Salqan, Y. Y., Jagannathan, V., Davis, T., Zhang, N., & Reddy, Y. (1995). Security and confidentiality in health care informatics. In Proceedings of the ACM Workshop on Role-Based Access Control (pp. 47-51). Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2s2.0-0029427930&partnerID=40&rel=R7.0.0. Anderson, R. J. (1996). Security policy model for clinical information systems. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy (pp. 30-43). Retrieved from http://www.scopus.com/scopus/ inward/record.url?eid=2-s2.0-0029697680&part nerID=40&rel=R7.0.0. Arbogast, J., & Dodrill, W. (1984). Health maintenance and the personal computer. Journal of Family Practice, 18(6), 947-950. Retrieved from http://www.scopus.com/scopus/inward/record.

Personal Health Records Systems Go Mobile

url?eid=2-s2.0-0021234056&partnerID=40&re l=R7.0.0. Armitage, J., Souhami, R., Friedman, L., Hilbrich, L., Holland, J., Muhlbaier, L., et al. (2008). The impact of privacy and confidentiality laws on the conduct of clinical trials. Clinical Trials, 5(1), 70-74. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-4094 9122714&partnerID=40&rel=R7.0.0. Ball, M., & Gold, J. (2006). Banking on health: Personal records and information exchange. Journal of healthcare information management: JHIM, 20(2), 71-83. Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2s2.0-33744500251&partnerID=40&rel=R7.0.0. Bent, P., Bolsin, S., Creati, B., Patrick, A., & Colson, M. (2002). Professional monitoring and critical incident reporting using personal digital assistants. Medical Journal of Australia, 177(9), 496-499. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-0037 020972&partnerID=40&rel=R7.0.0. Bhuyan, K. (2004). Health promotion through selfcare and community participation: Elements of a proposed programme in the developing countries. BMC Public Health, 4, 1-31. Blobel, B., Pharow, P., Spiegel, V., Engel, K., & Engelbrecht, R. (2001). Securing interoperability between chip card based medical information systems and health networks. International Journal of Medical Informatics, 64(2-3), 401-415. Retrieved from http://www.scopus.com/scopus/ inward/record.url?eid=2-s2.0-0035188372&part nerID=40&rel=R7.0.0. Chiasson, M. W., & Davidson, E. (2004). Pushing the contextual envelope: developing and diffusing IS theory for health information systems research. Information and Organization, 14(3), 155-188. Retrieved from http://www.sciencedirect.com/science/article/B6W7M-4C40PF5-1/1/ bf7efac96eb75891f0f22febc1672ffd.

Denton, I. (2001). Will patients use electronic personal health records? Responses from a reallife experience. Journal of healthcare information management: JHIM, 15(3), 251-259. Retrieved from http://www.scopus.com/scopus/inward/ record.url?eid=2-s2.0-0035464326&partnerID= 40&rel=R7.0.0. Gellman, R. (2008). Personal Health Records and Personal Health Record Systems. The World Privacy Forum. Retrieved March 1, 2008, from http://www.worldprivacyforum. org/pdf/WPF_PHR_02_20_2008fs.pdf Halamka, J., Mandl K., & Tang, C. (2007). Early Experiences with Personal Health Records Journal of the American Medical Informatics Association, 15(1), 1-7. Jelena, M., Vojislav, B. M. (2007). Implementation of security policy for clinical information systems over wireless sensor networks Ad Hoc Networks, 5, 134–144. Kim, M., & Johnson, K. (2002). Personal health records: Evaluation of functionality and utility. Journal of the American Medical Informatics Association, 9(2), 171-180. Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-0036491265&partnerID=40&re l=R7.0.0. Kupchunas, W. (2007). Personal health record: New opportunity for patient education. Orthopaedic Nursing, 26(3), 185-191. Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-34249788684&partnerID=40&r el=R7.0.0. Lee, M., Delaney, C., & Moorhead, S. (2007). Building a personal health record from a nursing perspective. International Journal of Medical Informatics, 76(SUPPL. 2). Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-34548216363&partnerID=40&r el=R7.0.0.

69

Personal Health Records Systems Go Mobile

NoMoreClipboard.com (2008). PHR Launches Cell Phone Integration. Business Wire. Oct 29, 2007. FindArticles.com. 25 Jun. 2008. http:// findarticles.com/p/articles/mi_m0EIN/is_2007_ Oct_29/ai_n21068069 Okawa, T. (1973) A personal health record for young female students. Japanese Journal for Midwife, 27(11), 36-40. Sittig, D. (2002). Personal health records on the internet: A snapshot of the pioneers at the end of the 20th Century. International Journal of Medical Informatics, 65(1), 1-6. Sprague, L. (2006). Personal health records: the people’s choice? NHPF issue brief / National Health Policy Forum, George Washington University, (820), 1-13. Retrieved from http://www.

scopus.com/scopus/inward/record.url?eid=2s2.0-39049183450&partnerID=40&rel=R7.0.0. Tang, P., Ash, J., Bates, D., Overhage, J., & Sands, D. (2006). Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. Journal of the American Medical Informatics Association, 13(2), 121-126. Retrieved from http://www.scopus.com/scopus/inward/record.url?eid=2-s2.0-33644682163&partnerID=4 0&rel=R7.0.0. Thielst, C. B. (2007). The New Frontier of Electronic, Personal, and Virtual Health Records. Journal of Healthcare Management, 52(2), 75-78.

Endno

1

70

www.hl7.org/ehr.

71

Chapter IV

Medical Information Representation Framework for Mobile Healthcare Ing Widya University of Twente, The Netherlands

Jacqueline Wijsman University of Twente, The Netherlands

HaiLiang Mei University of Twente, The Netherlands

Hermie J. Hermens University of Twente, The Netherlands

Bert-Jan van Beijnum University of Twente, The Netherlands

ABSTRACT In mobile healthcare, medical information are often expressed in different formats due to the local policies and regulations and the heterogeneity of the applications, systems, and the adopted Information and communication technology. This chapter describes a framework which enables medical information, in particular clinical vital signs and professional annotations, be processed, exchanged, stored and managed modularly and flexibly in a mobile, distributed and heterogeneous environment despite the diversity of the formats used to represent the information. To deal with medical information represented in multiple formats the authors adopt techniques and constructs similar to the ones used on the Internet, in particular, the authors are inspired by the constructs used in multi-media e-mail and audio-visual data streaming standards. They additionally make a distinction of the syntax for data transfer and store from the syntax for expressing medical domain concepts. In this way, they separate the concerns of what to process, exchange and store from how the information can be encoded or transcoded for transfer over the internet. The authors use an object oriented information model to express the domain concepts and their relations while briefly illustrate how framework tools can be used to encode vital sign data for exchange and store in a distributed and heterogeneous environment. Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Medical Information Representation Framework for Mobile Healthcare

Inoduion Mobile healthcare applications receive more and more attention due to the ability to reshape healthcare delivery, for example, enabling selfmanagement of patients whilst they pursue their daily activity. Information and communication (ICT) technology and infrastructures which provide the necessary ubiquitous connectivity enable these applications. Competitive value-add ICT providers moreover facilitate these applications with alternatives to computation and communication services. Today’s environment for networked applications is therefore rich in ICT services which are accessible anywhere and anytime, for example by prepaid or subscription contracts between users and ICT service providers or by collaboration contracts between these providers. Such environment enables applications to select (wireless) connections of required quality and technology which are considered best for their purpose. A mobile application may for instance seamlessly switch over between GSM, UMTS or WiFi 802.11 (Schiller, 2003) connections that are offered by competing providers. These developments enable mobile healthcare applications in choosing the appropriate situations with adequate ICT support that permit healthcare to be delivered where previously it was difficult or impossible to do so (Wootton, 2006). Due to these ICT and business advancements, a travelling patient with a chronic disorder can be monitored continuously everywhere in the country of residence as well as abroad. If his health condition requires, he may be examined at a care centre abroad that uses equipment different than at his country of residence. This may further imply that the format of the processed healthcare data differs from the format used at his residential care centre. Local care centre’s policy or local governmental health regulations may also impose the use of a different healthcare data format standard. In (near) future mobile healthcare therefore, we typically need to deal

72

with healthcare data which are represented in multiple format standards due to the different policy or regulations and the heterogeneity of applications, systems and ICT technology. This chapter describes a framework which enables healthcare data, in particular (digitized) continuous-time patient’s vital signs and professional annotations, be processed, exchanged, stored and managed modularly and flexibly in a mobile, distributed and heterogeneous environment. A framework is often described as a basic conceptual structure to compose something from fitting parts. In the context of this chapter, a framework is an integrative (standardized) conceptual structure which brings together a set of components which themselves may be standards such as vital signs format & encoding standards (Blair & Stefani, 1998). It therefore addresses questions like: •

•

•

How to deal with healthcare data expressed in accordance with several data format standards and how to encode the data to fit to the characteristics of the provided connections to enable effective and efficient data transfers; How to deal with professional (textual, graphical or multimodal) annotations and derived (i.e. trend) signs in sync with the analyzed vital sign segments; How to manage vital sign data sets of a patient that originate from the same measurement session in a (distributed) study, which typically process data in several steps using processing tools with specific parameter settings. Similarly, how to manage vital sign data sets (of the same patient and the same measurement session) in different formats, e.g. if the returning traveling patient, who has been monitored and diagnosed in a care centre abroad, consults his general practitioner, who then inspects the annotations and the vital signs measured and processed using a locally certified system to confirm

Medical Information Representation Framework for Mobile Healthcare

the annotations, the diagnosis and treatment of his colleague abroad. The proposed framework should furthermore fit to the practices used in ICT to manage the use of multiple format and encoding standards, as discussed in the next sections. In the next section, we discuss some of the issues of information exchange using computer networks and illustrate the need for a framework which flexibly supports exchange of healthcare data, in particular digitized continuous-time vital signs and professional annotations, in a distributed and heterogeneous environment. Thereafter, we analyze the functional requirements of mobile healthcare stakeholders on the framework. We address only those stakeholders that influence the functional aspects of a framework for multiple formatted vital signs for use in a heterogeneous distributed environment. Stakeholders addressing financial aspects like insurance companies are therefore beyond the scope of this chapter. In the section thereafter, we address the representational model, which distinguishes between the syntax for data transfer and store from the syntax for expressing medical domain concepts. Then, we discuss the information model of the framework and some ECG standards. Thereafter, we address some other syntax notations and briefly discuss tool based translations of conceptual or abstract syntax to transfer syntax. The last section presents our conclusions.

Ba One of the issues of transferring information in an ICT environment is to preserve meaning despites the dynamic property of the data transfer characteristics of the connections and the different ways of representing information at the computer systems at the connection endpoints. A connection in this environment can be modeled by a bit or a character pipe (i.e. a model which supports

the transfers of sequences of bits or characters, respectively). For example, an echocardiogram needs to be formatted as a sequence of pictures, serialized, and encoded further to suit the pipe, transferred via the pipe, and at the receiving end reconstructed (i.e. decoded). This chain of data formatting and encoding steps requires a suitable end-to-end quality to preserve the clinical interpretations of the echocardiogram. Mechanisms and techniques for data formatting and encoding have been widely investigated and developed in the area of computer networking. In this chapter, we present the data representation model of the Open Systems Interconnections (OSI) of International Organization for Standardization (ISO) (MacKinnon, 1990). This model provides clarity to and better understanding in the structures of many format and encoding standards like MPEG, JPEG, H.261, or DICOM (Le Gall, 1991; NEMA, 2007a). This is due to the distinction between abstract syntax representation, which is suitable for the entities that exchange information, and transfer syntax representation, which is suitable for the pipe that transfers the serialized and encoded data. This distinction therefore separates the concerns of exchanging concepts of the domain ontology from the concerns of serializing and transferring the encoded concepts in a meaning preserving way. As in multimedia, several formats and encodings have been proposed or developed for vital signs, in particular for electrocardiograms (ECGs). We may identify de-jure standards developed by standardization bodies, such as the CEN/SCPECG (CEN/TC251 prEN 1064, 2002), which is developed by the European Committee for Standardization CEN (CEN/TC251, 2007) and defined specifically for ECGs, or HL7 (Hinchley, 2005), which is developed by an organization cooperating with standardization bodies and accredited by the accrediting organization for US national standards, but which has a larger scope than only addressing monitored healthcare data like ECGs. Another example of a de-jure standard that can be

73

Medical Information Representation Framework for Mobile Healthcare

used to represent ECGs, or vital signs in general, is VITAL (Weigand, 2005). We may also identify de-facto standards, i.e. standards that were developed by industrial or research consortia, or proprietary standards used by vendors of medical equipment or proposed by a research institute, e.g. ecgML (Wang, 2003). For our convenience, we denote ECG data format and encoding proposals found in the literature as (proprietary) standards. ECG data representation standards vary in their semantic expression levels. Some of these standards focus only on the waveform representation, some others additionally provide heart physiological or bioelectrical domain concepts like the notion of P or ST waves. These differences may imply loss of interpretation power when ECG data has to be converted from one onto another standard (lossy conversion). In this chapter, we show how the OSI data representation model (MacKinnon, 1990), in particular the abstract syntax, can be used to identify these differences in semantic expression level and how to associate equivalent ECG segments formatted in different standards. We also discuss how the abstract syntax can be used to specify professional annotations or derived (/trend) signs like heart-beats such that rendering tools are able to visualize these annotations or trend signs in sync with the associated data segment. We apply the Unified Modeling Language (UML) (Booch, 1999) as a (graphical) abstract syntax language to express the concepts of vital signs, in particular ECGs; this results in an information model of the framework. Some of the ECG standards format ECGs as sampled timedomain bio-signals (e.g. the format described in (Browns, 2002)), others include bio-electrical or heart physiological concepts like the notion of P-waves and QRS complexes (e.g. the standard described in (CEN/TC251 prEN 1064, 2002)). The specification of ECGs using UML, addressed in (Concalves, 2007), has elaborated several ECG ontological models from different perspectives like the heart physiological, bio-electrical, including the recording session perspectives. UML is

74

also used by other standards, for example HL7, to capture the association semantics between the healthcare domain concepts. In this chapter, however, we specify the vital signs information model from the perspective of the different format and encoding standards. This approach fits to our objective to develop a framework for processing, transferring and storing vital signs in a multiple formats environment. Our information model therefore includes multiple structures for (replicated) ECG data that are specified by the different standards and it includes structures to express their relations, for example the applied conversion tools, the settings of the tool and the actor in charge of the conversion, or the processing algorithm and settings that derive a trend sign. To deal with the exchange of medical information represented in multiple formats we adopt similar techniques and constructs as are used on the internet. In particular, we are inspired by MIME (Multipurpose Internet Mail Extensions) (Freed, 1996) which enables users to exchange text, pictures, video clips, excel sheets, etc. independently of the computing devices, software packages or the operating systems involved. For example, the MIME construct “multipart/alternative” can be used to express the relation between two or more ECG segments of the same measurements of a patient but formatted differently, e.g. one in the CEN/SCP-ECG format and the other in the DICOM waveform format (NEMA, 2007b). The latter can be a conversion of the first to match the format of the data to the software or the equipment of the professional, for example in the earlier illustrated case of the travelling patients. As this construct specifies that the multiple parts are alternatives of one another, an ECG viewer tool can select the part that is encoded in a preferred format as indicated by a profile of preferences. Moreover, a policy that regulates tools to ignore parts that are encoded in a format unknown to the tool provides flexibility when introducing new formats without influencing existing systems (upwards compatibility and open-endedness with respect to new features or new functionality).

Medical Information Representation Framework for Mobile Healthcare

Furthermore, to enable synchronization of care professional’s (textual or graphical) annotations with segments of analyzed vital signs, we adopt a construct similar to MIME “multipart/parallel” to inform a rendering tool that the annotations could better be visualized together with the corresponding vital sign segments. We additionally adopt a similar technique as is applied in MPEG (Le Gall, 1991) for joining and splitting types of media, e.g. synchronized under-titles with video, to merge professional annotations, trend signs or other auxiliary data on the fly. As in MPEG, the framework includes identifiers to distinct between the data types at abstract as well as at transfer syntax level. Besides the discussed facilities for healthcare data processing, transfer and store, this chapter also addresses the facilities to manage the dynamics experienced by mobile healthcare applications due to changes in patient’s health conditions or fluctuations of the ICT infrastructural resources due to environment data traffic or roaming patients. A framework for multiple formatted vital signs therefore needs to adopt the discussed techniques or constructs. In the next section, we justify these needs by analyzing the requirements of healthcare stakeholders that are relevant for the framework’s functionality.

SakeholdeConain and RReemen We analyze the needs of three mobile healthcare stakeholders to identify the functional needs that have to be accommodated by the framework. For this analysis we use our experiences collected during several mobile healthcare projects (MobiHealth, 2002; HealthService24, 2005; Myotel, 2008) and our study of several healthcare systems reported in the literature. Some of the identified needs were examined during the development of

Extensible Markup Language - XML (Bray, 2004) constructs for vital signs representations. These constructs were discussed in (Mei, 2006) and several simplified scenarios were used in (Mei, 2006) to illustrate the benefits of the framework which accommodates these constructs. We distinguish three mobile healthcare stakeholders who typically influence the vital sign representations and their use (Figure 1): •

•

•

End-users; stakeholders who use the services provided by the mobile healthcare systems. End-users include both patients and the healthcare professionals, for example the medical specialists, nurses, physiotherapists; Mobile healthcare system providers; stakeholders who are involved in the provisioning of mobile healthcare systems for clinical remote monitoring and treatment. In the context of this chapter, these providers are assumed to be aware of the applied information and communication technologies; Care centers, such as the primary care centers, healthcare call centers (also called healthcare portals), and the secondary care centre’s (e.g. corporate hospitals with their departments of different specialties). For our convenience, regulatory bodies as well as medical ethical committees are categorized as this stakeholder. That is, the care centers are assumed aware of the healthcare regulations that influence the way of handling patient’s vital signs.

Requirements from End-Users From the healthcare professional’s point of view, the vital sign representation should be suitable for effective clinical interpretation as required by the health condition of the patient and in accordance with the working practices of these professionals:

75

Medical Information Representation Framework for Mobile Healthcare

Figure 1. Stakeholders of vital sign representation framework

•

•

•

• •

76

Healthcare professionals typically access units of interpretable segments of vital signs in a quality appropriate for the purpose of the clinical task, e.g. patient’s ECG filtered from noise and movement artifacts and visualized in a resolution necessary to inspect ventricular contraction; Healthcare professionals may need to correlate signs that belong to a group of coherent vital signs, e.g. patient’s oxygen saturation, heart beat, blood pressure, and respiration that together form an indicator of the oxygenation of the patient’s brain in trauma care; Healthcare professionals may have priorities regarding the importance of vital signs, e.g. doctors may prefer to see trend signs and only in case of abnormalities, they need the underlying vital signs; Healthcare professionals may need to annotate vital sign segments; Healthcare professionals may need to know how vital sign data was measured and processed for evidence based treatment.

In some mobile healthcare applications, patients typically generate vital signs by attaching sensors on their body and initializing the sensing devices. These patients, especially mobile patients, may need to check and calibrate the sensors’ readings from time to time to ensure accurate (local) monitoring and treatment feedback. For example, patients may need to re-attach sensors in case of bad skin contacts. For this, vital signs visualization or other feedback modality has to have a resolution suitable for patient’s interpretation. Moreover, medical and sensor technologies are evolving and new vital signs or sensors may be developed for measuring patient’s health condition in mobile environments. Therefore, vital sign representations should be extensible to enable the introduction of new vital signs or the integration with new data like professional annotations.

Requirements from System Providers Mobile healthcare system providers have the mission to facilitate the computation and communication needs of the patient’s care process.

Medical Information Representation Framework for Mobile Healthcare

In a remote monitoring and supervised treatment session, the healthcare system regularly matches the computation and communication needs of the supported care process with the resource capability and capacity of the ICT infrastructure. These systems often apply a hunting strategy to collect the available ICT resources of the contracted ICT providers. They often apply an adaptation strategy to control the vital sign data processing and transmission. For example, by down-sampling, prioritizing or discarding some of the vital sign packets, a system may improve the utility of transferring vital signs in a meaning preserving and adequate way. Therefore, a vital sign framework should enable prioritized transfers of important signs and deferred transfers of remaining signs, which may traverse other delivery routes and at cheap data communication hours. Consequently, the framework should further support aggregation and resynchronization to reconstruct the set of vital signs.

Rquirements from Care Centers Care centers, especially corporate hospitals, often accommodate a diversity of specialized systems, each of which may apply specific vital sign formats. If furthermore, these centers also treat travelling patients, interoperability between these remote systems needs to be supported. In such cross-platform environments, vital sign representations require an open environment to facilitate multiple vital signs formats. Healthcare data is considered private and has to be subjected to privacy rules. Monitoring and treatment protocols described in the trial designs which were proposed to the Medical Ethical Committees in the earlier mentioned healthcare projects address healthcare data privacy, such as password protected and role based access to recorded and processed data, vital signs are also made anonymous. The framework should enable transferring, processing and storing of vital signs subjected to privacy rules.

InfoRMmaRepenion Model A model suitable for information transfer in a heterogeneous environment, which accommodates different (wireless) communication technologies and qualities and different computer systems, is the OSI Presentation Layer model (MacKinnon, 1990) (Figure 2). This model uses three kinds of syntaxes to represent information. The earlier described abstract syntax represents the domain ontological structure of the information in respect of the entities exchanging the information. It is therefore the vocabulary and the structuring rules used to represent the information. This syntax is considered useful in a meaningful meaning preserving transfer, in which the sending and the receiving entities share a common universe of discourse. An abstract syntax enables these entities to interpret the exchanged information in the same way. The earlier described transfer syntax is the syntax used to represent data in transfer. Information expressed in a transfer syntax is therefore represented as sequential groups of bits or characters sequences. Groups, in turn, associate to terms of the abstract syntax vocabulary. The third kind is the local syntax which is the syntax used to represent stored data at the involved computer systems. In a heterogeneous environment, the local syntaxes used by the communicating computer systems can be different, e.g. one uses a Java based local syntax and the other a C based syntax in a Unix system. An abstract syntax is therefore not a concrete syntax as are transfer and the local syntaxes. ECGs specified from a specific perspective in an abstract syntax result in a conceptual model of the ECGs. This model can be used to reason about the elements of the ECG, for instance the bio electrical properties of the heart or the heart condition if the model is defined from those perspectives. In the perspective of interoperability in an environment that uses multiple standards, the ECG model at abstract syntax level should en-

77

Medical Information Representation Framework for Mobile Healthcare

Figure 2. Information representational model

able the identification of the same ECG segments which are formatted using different standards and should further enable conversion from one format to another. An abstract syntax moreover enables the development of information exchange techniques and mechanisms for a heterogeneous environment. Information conceptually represented in an abstract syntax can be encoded to different transfer syntaxes. Information encoding from abstract syntax to a transfer syntax is virtual, because in reality the information is represented at a computer system in a local syntax. Information encoding in reality is therefore the conversion from a local syntax to a transfer syntax. The rules needed for the conversion can be derived from the encoding rules from abstract syntax to transfer syntax. As mentioned earlier, information represented in an abstract syntax can be encoded in several transfer syntaxes, each of them binary or character sequence oriented. Moreover, some transfer syntaxes are more suitable for efficient processing rather then generating compact codes; others generate compact codes but are not processing

78

efficient. In an e-mail application, a plain text message can be encoded amongst others as an ASCII characters sequence or a base64 character sequence (Freed, 1996). Base64 encodes 6 bits of the abstract syntax representation to one base64 transfer syntax character. Three (8 bits) characters of the plain text message will therefore be encoded to 4 base64 characters. However, binary data can be encoded using the base64 encoding to fit to a character pipe as used by internet e-mail. The benefit of binary data encoded in base64 is the availability of many internet protocols to convey the data using computer networks. On the other hand, conversions of digitized ECGs to base64 and back to a digital form at the receiving end point consume processing capacity and a lot of time, a bit oriented transfer syntax is much more efficient in such cases.

Vi-SIGNS INFORMmaion Model In this section, we discuss the information model of the conceptual structure that binds together the

Medical Information Representation Framework for Mobile Healthcare

abstract syntax level structures of vital signs, in particular ECGs, as defined in the various vital sign standards. In particular, the model specifies the different kinds of relations between the vital sign structures as identified in the stakeholder’s analysis section. As discussed in that section, several kinds of relations need to be addressed: •

Similarity relation: This relation expresses that the related segments of vital signs are similar to one another in respect of a defined context, such as the context of their use which reflects the purpose of the vital signs. Similarity is used here to associate vital signs that reflect the same (physiological) phenomena but are represented and structured in different ways in the different standards. For example, an ECG P-wave may be represented as sampled amplitude values of the wave and parameterized by a sample distant variable specified in another part of the ECG standard. This wave may similarly be represented in terms of the wave onset, duration and peak value. A converted ECG segment, which is formatted in a standard other than the original one but considered having the same interpretation and quality in the perspective of the addressed context, is defined here as being similar to the original source segment. This similarity relation therefore needs to contain the context of the similarity; it for example includes the identity of the conversion tool or algorithm, the parameter settings, the actor in charge of this conversion and the actor’s comments for example to further detail the context of similarity. This similarity relation originates from the need of the care center stakeholder to enable a multi standards environment and the policies of the regulatory bodies at the different points of care.

In many cases, this relation associates one source segment to one other converted segment.

In general, a many to many, many to one or a one to many association may exists, for example in the case of multiple vital signs types or in the case that the abstract syntax of the source vital sign segment standard is much richer than the abstract syntax of each of the destination standards, but together these destination abstract syntaxes span the source abstract syntax. This is for example useful in a case in which an annotated ECG segment which includes both a time based signal representation and the physiological phenomena like P-wave and QRS complexes is converted to standards that support time based signal representations, but only one of them is able to represent physiological phenomena but, on the other hand, does not support annotations. In this example, annotations but not physiological phenomena are supported by the other destination standards. Vital sign segments which are similar are also equivalent. That is, segments which are similar also have the reflexive, symmetry and transitivity property of an equivalency relation because the related vital signs are supposed to reflect the same (physiological) phenomena. As discussed earlier, these properties are defined in the sense of the applied conversion tools and settings. That is, similar ECG segments reflect the same heart condition in respect of the resolution of the applied tool. For example, an ECG formatted in the CEN/SCP-ECG standard, which is converted to the DICOM wave form standard and the latter converted again in ecgML (Wang, 2003), is considered equivalent and even similar to the ECG representation in ecgML in the context of the applied tools and parameter settings. Remark that one of the applied tools needs only to convert the wave form of the ECG and can be unaware of the physiological phenomena expressed by the data. Therefore, the resulting ECG formatted in ecgML is not necessarily completely identical to the CEN/SCP-ECP formatted ECG, but in the context of use, which is reflected by the applied tools and settings, they are considered equally useful for the clinical purpose because at the

79

Medical Information Representation Framework for Mobile Healthcare

resolution of the cascaded tools they both reflect the same heart condition. This cascade of conversions is usually called lossy if a CEN/SCP piece of data representing an abstract syntax concept is not represented in ecgML. •

•

80

Enhancing relation: This relation expresses that the enhanced segments of vital signs are better conditioned in respect of the context of use. For example, ECG segments filtered from undesirable noise or EMG movement artifacts are enhanced if compared against the source ECG segments. Although the enhanced segments are more appealing for use, the originating source segments essentially have the same effectiveness in respect of the context of use. This enhancing relation is meant to express vital sign segments which contain the same bio-electrical or physiological phenomena relevant for the medical purpose, but the enhanced segments are considered better conditioned for the medical purpose, for example more efficient for use. As in the case of the similarity relation, this relation needs to contain the specification of the context of use, for example it needs to include the identity of the vital sign enhancing tool or algorithm, the parameter settings, the actor in charge of this enhancement and the actor’s comments, for example, to further detail the intended context. In this perspective, the enhanced and the source segments are equivalent in the specified context, that is one may replace the other without influencing the interpretation of the clinical data in the addressed monitoring and treatment context. This enhancing relation originates from the need of the professional stakeholder to provide adequate vital sign units of interpretations. Priority relation: This relation expresses the inter vital signs degree of importance. It is a means for the mobile healthcare applications to ensure continuity of processing or

•

transfer of vital signs which are considered important for the diagnosis or treatment tasks. In case of severe bandwidth degradation, vital signs which are considered less important may for example be stalled; Aggregation and splitting relations: these relations express that the related segments of vital signs are aggregated or split, respectively, from the others. As discussed in the previous cases, especially the similarity relation, the aggregated segments are equivalent to the source segments in the sense of the aggregation tool resolution. This equivalence is therefore specified by the aggregation tool and parameter settings. We may apply the same justifications for the splitting relations. However, in the latter relation, we additionally may deal with the downscaling of vital signs, for example to fit the data onto an available transmission channel of a specific quality that otherwise is not able to transfer the vital signs. Although the quality may be reduced, the resulting vital signs are considered useful for the professional; otherwise the downscaling was meaningless, thus not executed. In this context of use, the related vital signs are also considered equivalent. As in the other cases, it is therefore necessary to specify the aggregation or splitting tool, tool settings, the actor in charge of the aggregation and the splitting or the splitting strategy and the actor’s comments. The tool that splits vital signs may use the priority of the vital sign discussed earlier to determine the splitting. Aggregation of vital signs, on the other hand, may also be used to concatenate (digitized continuous-time) vital signs which otherwise are located remotely; this improves availability or efficiency of the processing or the vital sign analysis by a professional. These aggregation and splitting relations come mainly from the system provider’s requirements analysis and partly from the professional needs.

Medical Information Representation Framework for Mobile Healthcare

Concepts of vital signs at abstract syntax level can be expressed by languages like ASN.1 (ASN.1, 2008; MacKinnon, 1990), XML schemas (Malik, 2008) or UML (Booch, 1999). Figure 3 describes the information model of the framework expressed in the Unified Modeling Language (UML) class diagram. A class is symbolized by a rectangular with a class name at the top, attributes in the cell in the middle, and operations at the bottom. In this chapter, we do not detail the operations of a class and only provide those attributes that are relevant to explain the framework. The associations between the classes are represented by the lines between the related classes.

Clinical Data of Patients Figure 3 shows that patient’s clinical data (represented by the UML class PatientClinicalData) is a collection of vital signs data (represented by the abstract class VitalSignData explained in the next section). In Figure 3, the set of vital sign data is represented as a (genuine) part of patient’s clinical data by the black diamond composition symbol. The clinical data is anonymous, because it is identified by some patient identification number. Via the patient’s electronic health record PatientEHR, however, a patient’s clinical data can be associated to the patient, but the other way around is not specified (in UML, this unidirectional association

Figure 3. Vital sign information model

81

Medical Information Representation Framework for Mobile Healthcare

is symbolized by the arrow, which arrow-head denotes the navigation direction between the involved classes). The 1 to 1 multiplicity of this association indicates further that patient’s clinical data represents the whole collection of measured, processed and stored vital signs of this anonymous patient. Alternatively, one may replace the left value “1” with “1 .. *”, which indicates a range of one or more collections of vital signs of the patient identified by patient_id. In the context of this chapter, we assume the availability of one set of clinical data per patient.

Vital Sign Data As mentioned earlier, the vital sign data is represented by the abstract class VitalSignData in Figure 3. The class is a UML abstract class, because the class is only conceptually defined, other (nonabstract) classes will refine (i.e. specialize) this class. In UML, an abstract class can be identified by the class name written in italics. For example, the abstract class ECG_Data is a specialization of the abstract class VitalSignData (specialization is an “is-a” relation and is symbolized by the open triangular symbol in UML). This abstract class ECG-Data may be specialized further for example by the classes DICOMStudy and SCPECG_Record. In this chapter, the class DICOMStudy represents ECG data formatted in accordance with the DICOM waveform standard and the class SCPECG_Record represents ECG segments formatted in accordance with the CEN/SCP ECG standard. The information model can be further extended with other ECG data formatted in other (de jure, de facto or proprietary) standards.

Vital Sign Relations Via the abstract class Equivalency, Figure 3 also shows that some source vital sign data can be related to some other destination vital sign data. In the figure, the similarity relation discussed earlier is represented by the class Similarity, which

82

is a specialization of the class Equivalency. As discussed earlier, the equivalence between vital sign data is defined in a specific contextual setting. In the model, this context for equivalence is specified by the attributes actor_id, which identifies the responsible actor for the relation between the vital sign data, actor_comment, which denotes the comments of the actor, and also the time and date information. As discussed earlier, the context is also defined by the applied tool and its settings, both are represented by the class Tool. An additional design choice is that we define the similarity relation only for vital signs that are encoded in different standardized formats. This constraint is not shown in the figure, however, it can be expressed by a UML note or specified in Object Constraint Language (OCL) (OMG, 2003). Analogous to the similarity relation, the enhancing relation, which is expressed by the class Enhancing (Figure 3), is a specialization of the class Equivalency. In this model, we define an enhancing relation only for vital signs that are formatted in the same standard. Aggregation and split relations are also specialization of the class Equivalency. Aggregation is a many to one relation between vital signs formatted in conformance with the same standard and the other way around, the split relation is a one to many relation.

Derived Vital Signs Trend signs or, in general, derived vital signs are frequently used in care programs as first indicators of the condition of the patients. Instead of a plethysmogram, care programs like emergency services or COPD programs use the derived oxygen saturation O2sat (or SpO2) parameter as a measure for the oxygenation of blood. Heart Rate and Heart Rate Variability are other examples of trend signs, typically derived from one of the ECG leads. In contrast to the similarity and the enhancing relations, we specify derived signs as specializations of the abstract class Extracted-

Medical Information Representation Framework for Mobile Healthcare

Feature, which in turn is specified as a component of the class VitalSignData (in UML symbolized by a black diamond (cf. Figure 3)). As the case for equivalence relations, the applied tool, tool setting, actor in charge of the trend data processing and the actor’s comments refines ExtractedFeature even further. We model trend or derived signs as a component of the original vital signs, rather than modeling them via the equivalence relation, because it better fits to the way vital sign standards deal with derived signs and because of the complexity of the required constraints due to the transitivity of equivalency relations. For example, Heart Rate and Heart Rate Variability are derived signs but they represent different concepts; therefore they are not equivalent. Other features which can be extracted from ECG leads are for instance the high and the low frequency components, including their ratio.

Care Program Dependent Priority of Vital Signs As discussed earlier, in mobile healthcare, data transfer bandwidth especially from wireless communication channels like GPRS may fluctuate. If available bandwidth drops below the required level, less important vital signs can be stored locally in favor of the transmission of the more important ones. The management modules of the mobile healthcare applications may (semi) automatically decide which type of vital signs to stall and which to transfer or process further if these vital signs are prioritized. Sophisticated prioritizing structures which are care program or clinical task dependent can be developed, but in this chapter we use a simple priority attribute. If necessary, this attribute can be extended with a reference to the professional actor in charge of prioritizing vital signs for the care program. We specify the attribute priority in the abstract class VitalSignData to enable priority based selec-

tion at the level of the types of vital signs rather than at a more detailed level, for example at the level of digitized vital sign samples. This choice has the additional benefit that vital sign sets formatted in a specific standard can be treated as a black box; an approach which intends to preserve the structures defined in standards as atomic units. This could be necessary in case of handling vital signs formatted in proprietary standards whose internal structures are unknown to the application developers of the mobile healthcare system provider stakeholder. In this kind of cases, third party tools that have knowledge of these structures are needed to enable processing, rendering or conversion of the vital sign sets. This black-box approach is for example supported by MIME via the “-x” constructs. In case of multi-valued or multi-channeled vital signs (e.g. the leads of ECGs) or in case of (multiple) trend signs, the earlier mentioned priority attribute can be refined further to priority of these values, channels or trends (e.g. represented by the attribute t_priority in the class TrendSign). Consequently, these intra vital sign priorities depend on the attribute priority of the class VitalSignData. This dependency is represented by the dashed arrow in Figure 3.

ECanda Several de-jure, proprietary and de-facto format and encoding standards are suitable for ECGs, amongst others CEN/SCP-ECG, DICOM waveform, ecgML, FDA-ECG, HL7 and VITAL. We express some of them in UML class diagrams to illustrate the use of the information model of the framework. It is not in the scope of this chapter to provide a complete list of ECG standards neither to provide detailed UML class diagrams of all these standards.

83

Medical Information Representation Framework for Mobile Healthcare

CEN SCP-ECG STAanda The Standard Communication Protocol for computer-assisted Electrocardiography (SCP-ECG) is a standard developed by CEN/Technical Committee (TC) 251 (CEN/TC251, 2007). Besides ECG data, SCP-ECG additionally defines ECG related data to enable the specification of patient’s demographic data, the measurement settings, the performed signal processing on the ECG data, the compression and manufacturer specific information. In SCP-ECG, the entire ECG data set is called a record. A record is further decomposed into “section” parts (indicated with section numbers from 0 to 11), each of which carrying a specific aspect like patient (demographic) information, compression tables, the ECG lead definitions, the ECG lead data, the reference ECG beat(s) of the leads, including the physiological complexes like QRS, and also interpretive annotations. Eleven types of sections are defined in SCPECG. Table 1 presents the eleven sections and a brief description. Some sections are mandatory (e.g. Section 0 or Section 1), others are optional

Figure 4. CEN/SCP-ECG model

84

(e.g. Section 11). Sections have a common header structure, in the figure represented by the generalized class CEN/SCP Section. A high level SCP-ECG structure, expressed in a UML class diagram, is given in Figure 4. Section_6 contains a black-box of ECG data. To render the individual ECG leads from Section_6, attributes of Section_3, which represent the metadata specifying the number of leads and the leads description, have to be accessed first. This dependency of Section_6 from Section_3 is represented in UML by the dashed arrow between these two classes.

DICOM ECG Wavefo Supplemen DICOM (Digital Imaging and Communications in Medicine) standards (NEMA, 2007a) are developed by a joint committee of the American College of Radiology (ACR) and the National Electrical Manufacturers Association (NEMA), often in liaison with other organisations like CEN TC251, JIRA in Japan, IEEE and the American

Medical Information Representation Framework for Mobile Healthcare

Table 1. CEN/SCP-ECG sections Section No.

Title

Description

0

Pointer

the sections and their locations in the data set record

1

Header Information

patient and acquisition related information

2

Huffman tables

the Huffman compression tables

3

ECG lead definition

the leads, the sample numbers and their relativity to a reference beat (cf. Section 4)

4

QRS location and Reference beat

the location of the QRS complexes and the position of the reference beat

5

Reference beat encodings

parameters like encoding flag, sample distance, gain.

6

Rhythm data

the ECG data

7

Global measurements

info pacemaker spikes and QRS complexes like the P-, QRS-, T- on-/offsets, QT intervals

8

Interpretive statements

text based (diagnostic) annotations

9

Manufacture specific statements

manufacturer specific diagnostic annotations

10

Lead measurement

leads information and fields reserved for manufacturer data

11

Universal ECG interpretive statements

universal statement codes (cf. SCP-ECG standard) and most recent annotations which have to be consistent with annotations in other sections

National Standards Institute (ANSI). Although the DICOM organisation originally addresses imaging standards, it also developed a standard to exchange waveforms. This latter is therefore suitable for ECGs. DICOM uses an object based model, therefore not only specifying the structure of the medical data content as information objects, but also the operations on the data (i.e. services). The functional units in DICOM define the classes of the information objects and the corresponding services, the so-called Service-Object Pair classes (SOP classes). One of the SOP classes is for instance meant for a waveform store. In DICOM, a waveform information object is decomposed into information entities, each of which stored in data modules. Examples of information entities are patient, (clinical or patient) study, clinical data series within a study, equipment which creates the series, and waveforms as part of the series. Figure 5 presents a simplified UML model of DICOM’s waveform related information entities.

The figure reflects the clinical procedure by using terms like studies (class DICOMStudy) and series of clinical data (class Series). Although not shown in the figure, these terms include the specification of the responsible professional, the clinical protocols, the waveform identifications (incl. the acquisition time), the annotations, the waveform data (which may be multiplexed bio signals, therefore also includes the multiplexing parameters, the sampling rate, etc.) and also the corresponding equipment used to generate the data. That is, the class Waveform may contain several multiplexed vital sign channels (represented by the classes MultiplexGroup and Channel in Figure 5)

FDA EC SPECIifiion As observed in the previous section, the DICOM waveform standard is to some extent based on clinical procedures and accordingly the data is represented in terms of studies, the FDA format for waveforms (Browns, 2002) is based on the 2D

85

Medical Information Representation Framework for Mobile Healthcare

Figure 5. DICOM waveform model

property of sampled waveforms; it emphasizes the viewing representation of waveforms. Figure 6 shows the FDA waveform information model. As in the earlier discussed standards, the FDA model also provides manufacturer information, patient (/subject) identification, and annotations. In the figure, the class PlotGroup models an ECG data set and aggregates data of the class XYPlot, each of which representing a piece of ECG data of a particular lead.

FRAamewo IMPLEMENTATIion ASPpe In this section, we discuss some of the implementation aspects that illustrate the use and the benefit of the framework. First we discuss refinements of the information models presented earlier. These refinements enable the translation and serialization of the abstract syntax to the transfer syntax.

Refinement of the Specialization Constructs In the earlier discussed information models, we apply the object oriented specialization construct, for 86

Medical Information Representation Framework for Mobile Healthcare

Figure 6. FDA Waveform model

example, to distinguish between vital signs that are formatted in accordance with different standards. This specialization can be refined by additional discriminating attributes, for example, an attribute identifying the vital sign type (i.e. vitalsign_type in Figure 7b) and an attribute identifying the format and encoding standard (i.e. standard_id in Figure 7b). The advantage of this refinement is that the encoded attributes in the transfer syntax can be used as header fields in the transfer syntax, for example to indicate that the subsequent payload block of data contains vital sign data formatted in the transfer syntax of the identified standard. This

code enables (de-)multiplexing of serialized pieces of vital signs, for example necessary for a 24/7 continuous monitoring of patients. Together with the attribute priority (Figure 7), these discriminating attributes can be used to split a vital sign set, for example necessary in case of severe bandwidth degradation along the healthcare delivery path. This (de-)multiplexing technique is proven useful in multimedia communication using MPEG, which analogously applies process identifiers to join or remove language channels and to merge and split television program channels on the fly.

87

Medical Information Representation Framework for Mobile Healthcare

Figure 7. Refinement with discriminating attributes

Refinement of Many to Many Relations

Abstract and Transfer Syntax Notations

The information model can cope with one to many or many to many associations between sets of vital sign data, for example the similarity between a source set of ECG data formatted in CEN/SCPECG and destination data sets formatted in FDAECG and in DICOM waveform standard. In this case, a cardiologist may want to visualize both FDA and DICOM sets simultaneously in case that the CEN/SCP-ECG data set is not available on the premises or a rendering tool for the latter format is not available either. As discussed earlier, the MIME type and subtype construct informs applications which tools to use and how tools should render the data. For example, in e-mail applications, the MIME value “multipart/parallel” indicates that the aggregated data sets have to be visualized simultaneously. Similar to MIME, we can refine the equivalency class with additional attributes that specify which vital sign sets need to be rendered simultaneously.

Other languages are available to express concepts at abstract syntax level, for example XML Schema and ASN.1. Using XML tools a character-based XML document can be derived that contains the vital sign data specified in accordance with the XML Schema. This document can then be serialized by reading it from left to right and from top to bottom, yielding a sequence of characters (transfer syntax) suitable for transfer using internet protocols. Tools are also available to visualize XML Schemas as XML Schema diagrams. However, tool based development kits are also available to develop XML Schemas from UML (Malik, 2008). Abstract Syntax Notation One (ASN.1) is defined by the International Organization for Standardization ISO (ISO 8824, 1994). It is a notation for specifying data at abstract syntax level. Associated with ASN.1 are encoding rules for generating binary transfer syntaxes from the abstract syntax (ISO 8825, 1994). ASN.1 and its encoding rules provide compact transfer syntax code.

88

Medical Information Representation Framework for Mobile Healthcare

A joint committee of ISO and International Telecommunication Union (ITU-T) has produced several standards on the mapping of XML Schema to ASN.1 and vice versa. A web accessible on-line tool which translates XML Schemas to ASN.1 is for example available (ASN.1, 2008). A framework that accommodates the collection of the previously described tools provides a development environment that enables the translation of vital signs specified via UML class diagrams to concise binary transfer syntax code.

Conlu We propose a framework for flexible and modular processing, storing and transferring (segments of) medical information in a mobile, distributed and heterogeneous environment. The framework adopts an ICT information representation model, which separates the concerns of information transfer and store from the concerns of expressing, converting, splitting, synchronizing and joining information. The abstract syntax level methods, techniques and mechanisms, which address the latter mentioned concerns, provide the necessary support for processing medical information in an environment that contains multiple standards for data format and encoding. On the other hand, the transfer and local syntax level methods, techniques and tools, associated to the first mentioned concerns, enable transfer and store of medical information in an efficient and dependable way. The framework, which also contains the vital sign information model discussed in this chapter, therefore supports the exchange of medical information in a meaning preserving way despite the use of different format and encoding standards and the fluctuations of the property of the end to end data transfer connections. This chapter discusses the framework at conceptual level. It provides a generic approach to deal with multiple formats and fluctuating proper-

ties of connections. This approach is considered useful for healthcare delivery in which patients are mobile and self managing. It is expected useful for new clinical pathways for mobile and distributed healthcare delivery that involves collaborating actors of different medical specialty, possibly acting in new roles and each of them needing medical information that are represented in accordance with the (new) working practices of their specialty. The proposed framework, which amongst others is an integrative conceptual structure that binds methods, techniques and mechanisms for interoperability of different format and encodings of medical information, needs to be supplemented further with other ECG and vital sign standards. That is, the framework needs to be populated by relevant format and encoding standards. Consequently, the information model described in this chapter needs to be refined further, for example, to provide tool developers the necessary hooks (e.g. class attributes, object methods and dependency relations) to design medical information conversion, splitting and joining tools. Such refinements not only require details of the format and encoding standards which populate the framework but may also need abstract syntax level knowledge of the ontology of the corresponding bio physiological or bio electrical phenomena, for example, to specify in details the transitivity constraints of the similarity relation. Another topic for future work is for example the specification of guidelines or rules to up- or down-scale digitized continuous-time vital signs in transfer automatically to match to the fluctuations of the properties of the end to end connections within the tolerance specified by care programs or professionals. These guidelines supplement the framework further and improve its use for mobile healthcare delivery in a heterogeneous environment.

89

Medical Information Representation Framework for Mobile Healthcare

ACKknowledgmen The authors thank Bayu Erfianto, who did his MSc project on XML and ASN.1 based representations of ECGs. His project and results have been a starting point for our continued research in this area. This work is part of the Freeband AWARENESS project (http://awareness.freeband.nl). Freeband is sponsored by the Dutch government under contract BSIK 03025.

Refeen ASN.1 Information site. (2008). Retrieved March 28, 2008, from http://asn1.elibel.tm.fr. Blair, G., & Stefani, J-B. (1998). Open Distributed Processing and Multimedia. Addison-Wesley. Booch, G., Rumbaugh, J., & Jacobson, I. (1999). The Unified Modeling Language: User Guide. Addison-Wesley. Bray, T. et al. (2004). Extensible Markup Language (XML) 1.0. 3rd edition. Retrieved 2005, from http:// www.w3.org/TR/2004/REC-xml-20040204. Browns, B., Kohls, M. & Stockbridge, N. (2002), FDA XML data format design specification. Draft of the US Food and Drug Administration. CEN/TC251 prEN 1064 (2002). Health Informatics – Standard Communication Protocol – Computer-assisted Electrocardiography. CEN/TC251 prEN 1064. CEN/TC251 (2007). CEN website. Retrieved June 8, 2007, from http:// www.centc251.org. Concalves, B., Guizzardi, G., & Pereira Filho, J. G. (2007). An Electrocardiogram (ECG) Domain Ontology. In Proceedings of the Second Brazilian Workshop on Ontologies and Metamodels for Software and Data Engineering (WOMSDE’07). 22nd Brazilian Symposium on Databases (SBBD)/21st

90

Brazilian Symposium on Software Engineering (SBES). João Pessoa, Brazil. Freed, N., & Borenstein, N. (1996). Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. IETF RFC 2045. From http://www.rfc-editor.org/rfc/ rfc2045.txt. HealthService24 project eTEN-C517352 (2005). EC eTEN Programme. Retrieved Feb. 24, 2006, from http://www.healthservice24.com. Hinchley, A. (2005). Understanding Version 3, A primer on the HL7 Version 3 Communication Standard. Munich: Alexander Mönch Publishing. ISO 8824 (1994). Information Processing System – Open Systems Interconnection – Abstract Syntax Notation 1 Specification. ISO/IEC JTC1/SC21. ISO 8825 (1994). Information Processing System – Open Systems Interconnection – Basic Encoding Rules for Abstract Syntax Notation 1 (ASN.1). ISO/IEC JTC1/SC21. Le Gall, D. (1991). MPEG: A Video Compression Standard for Multimedia Applications. Communications of the ACM, 4(34). MacKinnon, D., McCrum, W., & Sheppard, D. (1990). An Introduction to Open Systems Interconnection. New York: Computer Science Press. Malik, A. (2008). Design XML schemas using UML. Retrieved March 28, 2008, from http:// www.ibm.com/developerworks/xml/library/xumlschem/. Mei, H., Widya, I., Halteren, A. van, & Erfianto, B. (2006). A Flexible Vital Sign Representation Framework for Mobile Healthcare. 1st International Conference on Pervasive Computing Technologies for Healthcare 2006. Nov. 29th – Dec 1st, 2006. Innsbruck, Austria. MobiHealth project IST-2001-36006 (2002). EC programme IST. Retrieved Feb. 24, 2006, from http://www.mobihealth.org.

Medical Information Representation Framework for Mobile Healthcare

Myotel (2008). Myofeedback based Teletreatment Service Project. EU programme eTEN – 046230. Retrieved Feb. 2008, from http://www. myotel.eu. NEMA (2007a). Digital Imaging and Communications in Medicine (DICOM), Part 1: Introduction and Overview. Virginia: NEMA. NEMA (2007b). Digital Imaging and Communications in Medicine (DICOM), Part 3: Information Object Definitions. Virginia: NEMA. OMG ptc/03-10-14 (2003). UML 2.0 OCL Specification. OMG Adopted Specification (ptc/0310-14). Retrieved in 2007, from http://www. omg.org.

Schiller, J. (2003). Mobile Communications. Addison-Wesley. Wang, H., Jung, B., Anuaje, F., & Black, N. (2003). ecgML: Tools and Technologies for multimedia ECG Presentations. Proceedings of XML Europe Conference. London. Weigand, C. (2005). VITAL: Use and Implementation of a Medical Communication Standard in Practice. Computers in Cardiology, 32, 319322. Wootton, R., Craig, J., & Patterson, V. (Ed.). (2006). Introduction to Telemedicine. 2nd edition. London: Royal Society of Medicine Press Ltd.

91

92

Chapter V

A Distributed Approach of a Clinical Decision Support System Based on Cooperation Daniel Ruiz-Fernández University of Alicante, Spain Antonio Soriano-Payá University of Alicante, Spain

ABSTRACT The incorporation of computer engineering into medicine has meant significant improvements in the diagnosis-related tasks. This chapter presents an architecture for diagnosis support based on the collaboration among different diagnosis-support artificial entities and the physicians themselves; the authors try to imitate the clinical meetings in hospitals in which the members of a medical team share their opinions in order to analyze complicated diagnoses. A system that combines availability, cooperation and harmonization of all contributions in a diagnosis process will bring more confidence in healthcare for the physicians. They have tested the architecture proposed in two different diagnosis, melanoma, and urological dysfunctions.

INTRODUCTION Medicine has been one of the most important disciplines in society since mingled with magic and religion in the Egyptian era. The importance that medicine represents in society makes it one of the major destinations of technological advances:

from elements that provide proofs of diagnosis such as medical image acquisition systems, for example, radiographies, echographies, CAT, PET images, etc. (Rangayyan, 2004); till technical support applied to treatments, for example, electro-stimulation in rehabilitation or prosthesis (Vitenzon, Mironov, & Petrushanskaya, 2005) or

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

telecommunications applied to medicine (Moore, 1999; Wootton, Craig, & Patterson, 2006). Although technology is used to apply certain treatments or to make diagnosis tests, it is still not considered as a real aid to the main medical task: the diagnosis decision process. On the other hand, medical diagnosis is defined as “the discovery and identification of diseases from the examination of symptoms” (Collins, 2003). This definition involves two steps in any act of medical diagnosis. Firstly, the “research” task in which the specialist tries to determine the symptoms of a patient by using his medical record and diagnostic tests. Secondly, a task of analysis of these symptoms and the decision, based on the medical knowledge, of which illness is associated to the symptoms with the greatest probability. An important detail is noting that medical diagnosis is essentially a decision-making process based on the lesser or greater probability of a patient’s symptoms of being related to specific information. Medicine has evolved since the days of Esculapio, when the physician was a wise expert on all the medical knowledge, problems and treatments; research and discoveries have broadened the field of medical knowledge, making necessary the creation of specialities: neurology, traumatology, rheumatology, urology or gerontology (one of the last specialities incorporated). Moreover, most of these specialities are divided into two groups: adult and paediatric specialities (Weisz, 2005). Have you ever wondered how many known diseases are presently now? We might have a slight idea of the number of known diseases by checking the International Classification of Diseases proposed by the World Health Organization in its last revision (ICD-10) (WHO, 2005): the group of infectious and parasitic diseases is divided into 21 subgroups (and each subgroup includes dozens of disease families), the group of tumours is divided into 19 subgroups, the group of nervous system diseases has 11 subgroups, the group of circulatory dysfunctions is subdivided in 10 subgroups, etc. Along with this enormous amount of diseases,

we find the corresponding symptoms: physicians must not only know the name and treatment for diseases, they must also be to identify their diagnostic signs and distinguish them from others corresponding to similar diseases. The evolution of medicine has also led to the gradual change in diagnosis techniques (Adler, 2004; Porter, 2006). In the early days of medicine, diagnosis was based exclusively on clinical data, that is to say, on the symptoms and the physical examination of the patient. With medical advances and the application of technology, new diagnosis tests and laboratory analysis were incorporated. The discovery of new diseases and their grouping into families and specialities has facilitated the development of differential diagnosis, which consists of determining the different illnesses that could affect a patient, after a comparative study of the symptoms and injuries suffered. The large number of diseases and organic dysfunctions coupled with the growing number of diagnostic signs (that increase thanks to new diagnostic tests) are paradoxically hindering the process of diagnosis. Computer engineering has techniques for the treatment of knowledge that may be useful for the processes of medical diagnosis (Burstein & Holsapple, 2008; Greenes, 2007). Most of these techniques are based on artificial intelligence and have been drawn from biology to be applied to computer science as neural networks or genetic algorithms (Haas & Burnham, 2008; Morbiducci, Tura, & Grigioni, 2005; Rakus-Anderson, 2007). These techniques can classify patients into groups according to whether or not they have certain diagnostic signs. There are many examples of researching applications of these techniques to diagnosis support: in (Roberts, 2000) a system based on Bayesian networks is proposed to assist the diagnosis of breast cancer; (Georgopoulos & Malandraki, 2005) shows a soft computing system to help in the differential diagnosis of dysarthrias and apraxia of speech which is able to distinguish among six types of disarthria and apraxia; systems of clinical

93

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

decision support are also applied with diagnostic tests based on images, for example in diuresis renography (Taylor, Manatunga, & Garcia, 2007) or in radiographs for diagnosing lung diseases (Katsuragawa & Doi, 2007). A good example of the importance of the clinical decision support systems is the OpenClinical project. OpenClinical is an international nonprofit organization created and maintained as a public service with support from Cancer Research UK. One of the objectives of OpenClinical is to promote decision support and other knowledge management technologies in patient care and clinical research. This organization, through its web site, presents an interesting group of resources related with support systems. There are several clinical decision support systems that have gone beyond the field of research and are being continually applied in health centres (Coiera, 2003; Greenes, 2007). Examples of these systems are GIDEON®, ERA and Isabel. GIDEON® (Berger, 2001) is a system designed to diagnose infectious diseases, based on symptoms, signs, laboratory testing and dermatological profiles. It is made up of four basic modules: diagnosis, which enables the user to introduce all the signs and symptoms and provides a ranked list of differential diagnosis; the epidemiological module lets the user retrieve epidemiological parameters or access a list of the world wide distribution of any disease; the therapy module provides detailed information about choices in drug therapy; the microbiology module provides full laboratory characteristics for almost 900 organisms. The Early Referrals Application (ERA) (Coiera, 2003) is a system to support physicians in identifying those patients with suspected cancer that should be referred to a specialist in a short time period. ERA is intended to be used within the consultation so the workflow has been designed to be as simple as possible: during a typical user session just four web pages, clear and concise, will be encountered. ERA was developed by the Advanced Computation Laboratory of Cancer

94

Research UK at London in collaboration with Infermed Ltd. Isabel (Ramnarayan et al., 2006; Ramnarayan et al., 2003) is a web system created by physicians to offer diagnosis decision support at the point of care. Isabel covers all ages and specialities as Internal Medicine, Surgery, Gynaecology, Paediatrics, Geriatrics, Oncology, etc. Isabel gives the physician an instant list of diagnoses for a given set of clinical features (symptoms, signs, results of tests, etc.). Isabel consists of a proprietary database of medical content and a tutored taxonomy of over 11000 diagnoses and 4000 drugs and heuristics. Medicine is a context where the massive quantity of knowledge makes it perfect to use distributed knowledge; in fact, as it has been previously explained, clinical knowledge is divided into medical specialities: oncology, cardiology, urology, etc. In computer science, distributed knowledge is implemented in different ways and levels. On a basic level, distributed databases are used (Luo, Jiang, & Zhuang, 2008; Waraporn, 2007); information can be stored in different databases according to a location criterion (store data near the location where it is going to be used) or a homogeneity criterion (store information about the same topic in the same location). One important advantage of distributed databases is that each instance (of the database) can be managed by a different group of experts, so there is an implicit sharing of knowledge (apart from sharing data). Distributed data mining techniques can be used to extract knowledge implicit in a distributed database (Cannataro, Congiusta, Pugliese, Talia, & Trunfio, 2004; Han & Kamber, 2005). In a higher level of distributed of knowledge we have the agents paradigm (Lin, 2007; Pop, Negru, & Sandru, 2006). In this paradigm, the knowledge is shared in an explicit way between different entities called agents. An agent analyzes external information and makes actions (according to its internal logic) to achieve an objective. There are different types of agents but all of them

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

are based in three main components: perception, decision and execution. With the perception, the agent obtains information from the environment; in the process of decision, the agent uses its “knowledge” (represented internally for example with an artificial intelligence method: neural networks, rules, fuzzy logic, etc.) to decide what action to take in order to achieve an objective; finally, with the execution, the agent tries to influence the environment to achieve the objective. An important characteristic of the agents is their ability to interact with other agents. Thanks to this interaction, agents can exchange information or share knowledge. This characteristic of the agents paradigm is the basis of the idea used in the cooperative approach presented in this chapter. We can find an example of cooperation between agents in business processes in which software agents must negotiate in order to reach an objective, for example, the best price. In our scheme, several entities with different knowledge about the same topic, collaborate to get a better diagnosis. In the following sections, we are going to introduce the concept of clinical decision support systems, detailing their features, advantages and disadvantages. Then, we will introduce the natural evolution of these systems into cooperative systems, propose their design and explain its performance in a scenario. Next, we will show some examples and results of the application of cooperative systems to diagnosis support. Finally, we will present different future lines regarding this subject.

CINICAL DECISION SUPPORT SYSTEMS A decision support system (DSS) can be defined as a multi-model, interactive system used by a decision maker to perform an exploration (Berner, 2007; Pomerol, 1997). The main objective of a DSS is to provide an aid to make unstructured

decisions thanks to its capacity to extract and manage information. It is important to note that, many times, the information provided by a DSS becomes another variable of the group of variables involved in the problem; therefore, the experts should determine the value of the decision automatically provided by the DSS. Decision support systems are used in a wide range of fields such as economics (Modarres & Beheshtian-Ardekani, 2005), industry (Delen & Pratt, 2005), medicine (Vihinen & Samarghitean, 2008), etc. DSS can be classified according to different criteria such as the mechanism used to represent knowledge; this is the case of rule-based DSS, DSS based on decision trees, etc. (Burstein & Holsapple, 2008). Another criterion used to classify DSS is their operation autonomy: solicited advice, when the system helps the user when requested; unsolicited advice, when the system provides diagnosis information without any request from the user. In the latter group, there are, for example, intelligent alarm systems that analyse constants and warn about a possible diagnosis that requires an emergency treatment. When we use a DSS to support the medical diagnosis task, we have what is known as Clinical Decision Support System (CDSS), that could be defined as “active knowledge systems which use two or more items of patient data to generate case-specific advice” (van Bemmel & Musen, 1997). In this definition, we have the three main elements of a DSS: the knowledge of medical diagnosis, the patient data or the information to be analysed, and the results provided by the DSS as a recommendation. A result coming from a DSS applied to diagnosis will usually indicate the probability that the symptoms will correspond to a particular illness. The operation of a traditional CDSS is as follows: a user inputs data associated to any illness; the system analyses the information and provides one or more results along with their corresponding probabilities of success. Difficulties found in traditional medical diagnosis can be divided into two main groups:

95

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

sources of error in the examination of the symptoms and problems in forming hypotheses. The first group covers the problems stemming from confused information provided by the patient, low reliability of this information or deliberate concealment of the true cause of consultation (due to cultural reasons or personal embarrassment). The second group includes those situations associated with direct problems of the diagnosis task: patients that present incomplete signs or common illnesses with unusual manifestations, low frequency of diseases (rare diseases), mimicking diseases, and, in general, the difficulty the specialist has in associating the symptoms to a specific disease. Although a CDSS can be useful for both groups, in the first one, its support capacity is more limited, as problems are found in the input data. Additionally, the same difficulties found by the specialist are going to be found by the CDSS. In the second group, the problems are related to the enormous amount of symptoms and diseases (impossible to remember for a specialist) coupled with human diversity (the same illness can be manifested in different ways in different patients). These problems are directly associated with the ability to analyze and compute, a question on which a computer system can be particularly helpful. Two parameters are used to validate a diagnosis system in medicine, sensitivity and specificity (van Bemmel & Musen, 1997). Sensitivity is the probability of classifying a diseased individual correctly (as diseased); that is to say, a high sensitivity of a CDSS implies a low number of false negatives. On the other hand, specificity is the probability of classifying a healthy individual as healthy and is directly related to false positives. In general, it is a priority that a CDSS has a high sensitivity and, therefore, a low number of false negatives (diseased individuals classified incorrectly as healthy). A CDSS may be helpful to a medical specialist in several aspects:

96

•

•

•

To support a clinical decision. Sometimes, if the symptoms are not well defined, the physician may have doubts about several diagnoses. The CDSS may help increase the physician’s confidence in a particular diagnosis. To propose alternatives. The large number of existing illnesses can cause a physician overlooks diagnostic tests for less common diseases. A CDSS is able to propose an alternative diagnostic that could be easily refuted or accepted by means of another diagnostic test or symptom the physician had not initially thought about. To question a clinical decision. A CDSS can provide a more objective diagnosis support than a medical specialist. This can cause that sometimes the CDSS issues, as a first option, a diagnosis result relegated by the physician due to subjective reasons (for example, an emotional feeling).

Advantages and Disadvantages The use of computer technology in the medical field, particularly in diagnosis, involves both advantages and disadvantages. Next we will describe some of the advantages related to the use of a CDSS: •

•

•

Permanence. A computer system does not age or lose power over the course of time. It may need maintenance and updating as well as specialists must constantly update their knowledge, but once it stores a specific knowledge, this information lasts the duration of its working life (without lost of reliability). Duplication. Initially, the cost of developing a CDSS may be high, but once it is implemented, duplication is simple and inexpensive. Reliability. The reliability of a computer system is independent of external condi-

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

•

•

tions such as fatigue, personal affinity or pressure. Ubiquity. A computer system can be accessed via communication networks from anywhere; computers can work in environments that are hostile or dangerous for a human being. Availability. Access can be permanently available, achieving an availability of 24 hours a day, 7 days a week.

The limitations of an expert system that provides diagnosis support are directly associated to the limitations of any computer system when it is responsible for tasks that may require human skills. Some of these limitations are: •

•

•

Lack of common sense or limitation of knowledge. Without the proper knowledge, a male could be diagnosed 80 weeks pregnant by a computer system. Inability to maintain an informal conversation in natural language. There are subtle differences when a patient is expressing his symptoms that could be essential for the diagnosis. Flexibility. When issuing a diagnosis, a human specialist can be flexible because he is

•

•

•

aware of his limitations; this flexibility is not possible with a computer system. Need for structured knowledge. Any knowledge that is incorporated in a computer system requires a task of structuring. Lack of feelings. Its operation is governed by strict rules that have nothing to do with human sensitivity, often necessary in the relationship between patient and doctor. Ethical problems. This limitation especially arises when computer systems are applied in health sciences. As computer systems cannot accept responsibility for their own decisions, their operations should be supervised by a medical specialist at all times.

Classical Design The typical architecture of a decision support system consists of three main elements: the user interface, the reasoning module and the knowledge database on which the reasoning is based. This architecture is schematically shown in figure 1. The user interface has evolved over the course of time, from the input of data and questions via console until the most modern graphical systems that give access ubiquity properties thanks to interconnection networks. Additionally, inter-

Figure 1. DSS Architecture

97

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

Figure 2. Interface of a DSS for urologists

faces have been adapted to the main users, the physicians, who are not technical experts. Figure 2 shows a screenshot of a user interface for clinical decision support system in urology that has been adapted to the clinical methodology used by the urologists. The knowledge database is the part of the system that contains the basic information for the diagnosis issuing. This information may include both structured knowledge and data used to extract information or to train the reasoning module. Finally, the reasoning module implements an algorithm that analyses the input data and provides a result that basically consists of a classification: in the case of medical diagnosis, certain symptoms are classified as belonging to a certain disease with a degree of certainty. The main problem of the classical design for a CDSS is the limitation to tackle problems inside the domain of the CDSS but not well represented in the knowledge database. Another problem is that the only way to improve the functioning of the CDSS is to increase the knowledge database and to improve the reasoning module. This increases the complexity of the CDSS and, therefore, increases

98

the possibility of failure; moreover, maintenance tasks become more difficult. Cooperation between simple CDSS can manage both problems, the lack of a complete knowledge of the domain and the way to improve the reliability easily.

COOPERATIVE CLINICAL DECISION SPPORT SYSTEM In the previous section, we have explained what a clinical diagnosis support system consists of and how it can be a tool to help medical specialists. The evolution of the CDSS causes them to meet the same limitations that the physicians have: the large amount of medical knowledge makes a CDSS specialise in just one kind of disease. The approach presented in this point is the design of a cooperative clinical decision support system (CCDSS). The cornerstone of this architecture is the improvement of the system reliability thanks to the participation of several entities, with diagnosis functions, which work together to provide a single diagnosis. Such cooperation can be oriented towards various directions; different

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

entities can be specialised in different illnesses or organ systems affected by the same illness and their collaboration facilitates the diagnosis. Additionally, the use of several diagnosis entities operating in parallel increases the global system availability. Cooperation in diagnostic tasks, thanks to the participation of several physicians, is a common working manner in many medical teams. When faced with cases of difficult diagnosis, several physicians work together to issue different diagnosis ideas. They all together discuss ideas, propose diagnostic tests and, finally, reach a consensus. The architecture of a CCDSS wants to automate this working manner. The architecture of a CCDSS is primarily meant to satisfy the reliability requirements. Maintaining a high availability of the system is also very important. To meet these criteria, we define a distributed architecture based on the paradigm of intelligent agents. The components of the architecture are: the user interface, the diagnosis entities, the system core and the communications subsystem (figure 3).

The user interface will be the means through which healthcare professionals will be able to request the CCDSS opinion. It will also be in charge of presenting the consensus information that must be evaluated by the specialist that requested it. The diagnosis entities may be physicians, and they will be human entities, or decision-making support software, and they will be then software entities. The software entities will receive the symptoms and diagnostic tests and, next, they will issue a set of possible diagnoses along with their corresponding probabilities of certainty. The system core will be responsible for receiving diagnosis requests and distributing them to the appropriate diagnosis entities. It must keep the system security, preventing intrusions of false entities that will destabilize the system. In addition, it will also be responsible for collecting the results from the different entities and providing a consensus. The communications subsystem consists of both the communications network and the protocol to be used to transmit information. The

Figure 3. Distribution of the components in the CCDSS

99

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

structure of the communications network must preserve the security of the communications and the system integrity.

User Interface This is a key module of the system, as it will influence the degree of user acceptance. The interface must be friendly and adapted not only to the user but also to the device from which is being operated. Authentication will be the first contact with the system, as it is necessary to maintain the appropriate security levels and to provide each user with the most suitable interface. After the authentication process (figure 4), the system core will be responsible for adapting the data according to the device from which the system is being accessed; this involves the design of different environments to facilitate the access from the most common devices used to access a data network: PC, Tablet PC and PDA. These three kinds of devices include the main differences between working environments. For the PC environment, there are no graphical limitations and the size of objects can be small, as the commonly used screens allow it. For the Table PC environment, the touch screen function implies the adaptation of the graphical interface to this working man-

Figure 4. System access process scheme

100

ner; in addition, the size of the screens is often smaller than that in the PC environment. Finally, the PDA environment involves working with a device with graphical limitations, touch screens and a very small size. Once the device environment has been selected, the system will need to format the information according to the role and user permissions as a last step. The system, as a part of the security mechanisms, will distinguish three levels of accessibility according to a set of roles and individualized permissions. There will be six roles: •

•

•

•

Healthcare reviewer. This will be an accredited professional in charge of reviewing the ethics of the system, both the operation of the artificial entities and the activities of consulting physicians and medical officers. It will be responsible for supervising the consensus operations. Medical officer. This is the role for those professionals who are working together in a diagnosis, giving their opinion on certain symptoms. Consulting physician. Users that use the system to get a possible diagnosis will be authenticated under this role. Practice. If users use the system under the practice role, only artificial entities will

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

•

•

participate and the results of clinical cases will not be used to update the system. Student. This role allows the system to serve as a teacher. The operation will be the opposite: the system will provide some symptoms and the user will issue the diagnosis. Thus, the CCDS becomes a system that could help with the task of teaching future physicians, thanks to the enormous amount of clinical cases stored in the database. Administrator. This will be the engineer responsible for the proper operation of the technical side of the system. The activities involved will be coordinated with those corresponding to the healthcare reviewer in charge of the medical supervision.

If a consulting physician accesses the system, the data input will depend on the speciality related to the issue he wants to consult. This does not imply that the information will also be analysed by entities with different specialities if deemed necessary. Moreover, the consulting physician is more familiarised with a certain kind of information related to his speciality and this is why this feature will be taken into account. After introducing the symptoms and diagnostic tests, a diagnosis will be required from the system, indicating a time limit for issuing this diagnosis. This time will allow the adjustment of the accuracy level of some artificial entities as well as indicate the possibility of participation or not of human diagnosis entities (when available during that time limit). Once time has expired, the system will provide a list of possible diagnoses along with their corresponding probabilities of confidence. Furthermore, the listing will show which entities have supported each diagnosis, indicating whether they are artificial entities or physicians and their confidence level within the system.

Diagnostic Entities The second component of a CCDSS is a set of diagnostic entities, each one understood as an element that, after receiving information about the symptoms of a patient, issues a possible diagnosis with a certain degree of certainty. These entities may be either human or artificial. Diagnostic human entities are consulting physicians who want to participate voluntarily in diagnosis activities within the system. Artificial entities are software that can propose a classification and, therefore, a possible diagnosis, thanks to statistical or artificial intelligence techniques. Diagnostic entities are distributed and get the symptoms and report their results to the system core through the communications subsystem. There is a quality value associated to each diagnostic entity. This quality value will be used by the system core to make a decision on the final diagnosis. We can distinguish between human and artificial entities to assign these quality values. Since it is difficult to automatically evaluate the quality of a diagnosis from a physician participating in the system, the healthcare reviewer will be the person who will assign the quality value of a particular doctor when a physician is registered in the system. This value may be altered at any time by the healthcare reviewer. In the case of diagnostic artificial entities, the quality value can be automatically calculated. In order to do this, artificial entities must pass an initial testing phase through which the probability of diagnosis success is calculated as well as sensitivity and specificity. Taking into account these three variables, a value of certainty for the entities can be calculated, for example, calculating the average. Moreover, this value can be updated with the performance of the artificial entity so that the diagnosis successes improve its value of certainty and the failures decrease this value. This

101

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

process of constant updating gives the system an added value, because as new artificial entities are joined to the system (with improved artificial classification techniques), old entities go obsolete automatically and their diagnoses lose importance with regard to the final consensus. For the proper operation of a CCDSS, it is very important that all artificial entities follow the same method to calculate their value of certainty, because if this value is obtained by different means the consensus process will lose reliability. Differences between human and artificial entities should not affect the consensus negatively thanks to the control by the healthcare reviewer; additionally, the final consensus will include the influences of both kinds of entity. However, different CCDSS can use different methods to evaluate the value of certainty because, if we wanted to combine the results of several CCDSS, we would take the final consensus results and not the particular ones corresponding to the entities working together in the consensus. As explained, medical officers are identified with the diagnostic entities. Every medical officer, when accessing the system by the authentication, will find a set of diagnosis possibilities related to his speciality and will be able to choose which ones he wants to use to issue a diagnosis. It is important to say that, with regard to the consulting physician (who is requesting a diagnosis for certain symptoms), the detail of diagnosis will not include any identification of the medical officers who have participated in the diagnosis. If he needs any explanation about the diagnosis, he should ask the healthcare reviewer. Despite this, due to legal and ethical reasons, detailed information of every diagnosis from a medical officer will be stored and only accessible to the healthcare reviewer. Depending on the CCDSS, the medical officer may act in an altruistic way or receive remunerations for his contributions. Figure 5 shows the design of the diagnostic artificial entities. Each artificial entity consists of a diagnostic module, a local storage and a module

102

of perception or interaction with the environment. The diagnostic module has the algorithm to classify the information received (diagnostic data) and decides whether this information corresponds to a healthy individual or to a diseased person. The local storage will be in charge of storing the information relevant to the diagnosis process; furthermore, it will store the data related to the entity itself such us the entity designer, the last update date, the achieved percentages of classification, sensitivity and specificity, etc. The module of interaction with the environment is responsible for receiving the data, adapting them to the analysis to be done by the diagnostic module and, afterwards, formatting the results in a form suitable for transmission; besides, this module will also update the diagnosis algorithm and provide information about the entity itself when required by the system core of the CCDSS. This structure is similar to that corresponding to software agents (Ferber, 1999; Lin, 2007), which are able to perceive changes in the environment, to consider what actions to take and to try to influence the environment to achieve an objective. In the case of a medical agent, the perceptions correspond to the symptoms; the actions would be the diagnoses (that will give rise to treatments), and the main objective would be to give an accurate diagnosis in order to cure the patient.

System Core The system core is a key element in the CCDSS management. This module is responsible for distributing the diagnosis requests to the entities, for reaching a consensus of the different diagnoses and for controlling accesses and information transmitted through the system. The structure of the system core has three different parts: the consensus module, the security control and the request manager. The consensus module is, after receiving the diagnoses from the different entities and taking its values of certainty as a reference, elaborates

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

Figure 5. Diagnostic artificial entity

a consensus listing possible diagnoses and their corresponding probabilities. This is one of the most complex tasks of the CCDSS, as there are numerous factors involved and always surrounded by degrees of uncertainty. The consensus algorithm must be able to solve extreme situations; for example, a case in which several artificial entities with a high degree of certainty agree on a diagnosis and the opinion from a medical officer differs completely. Moreover, depending on the organization that manages the CCDSS, there can be other factors that may influence the decision such us the economic cost of the treatment or whether a diagnosis has a favourable prognosis; thus, faced with two diagnoses, being the second more likely to has a better prognosis, the decision algorithm could consider this factor and change the diagnoses order, keeping an optimistic approach. There are a lot of decision algorithms that can be used and a lot of studies done about the decision problems, especially in economics (White, 2006). Another aspect that must be controlled by the consensus module is whether the request is related to several specialities. In this case, maybe the decision from all entities has the same value or maybe there is a major speciality and secondary specialities; in this case, the diagnosis from the entities belonging to the major speciality

will have more value that those coming from the remaining entities. Security control is mainly performed in two ways: user authentication and entities control. User authentication involves not only the access control and the selection of the appropriate role but also a complete monitoring of their actions within the system. It is important to prevent a malicious user that has taken a medical officer role from modifying a diagnosis, causing a malfunction of the CCDSS. On the other hand, the system core also manages the artificial entities, which must be registered in a database containing information about the entity, the engineer responsible for the development, the speciality, the initial degree of certainty, etc. All this information will be used by the system to control to which artificial entities it is possible to request a diagnosis. The healthcare reviewer is not only in charge of distributing the profiles among the physicians with access permissions, he is also in charge, along with the administrator, of allowing an artificial entity to join the system (and of deciding the deleting). The request manager is responsible for distributing the diagnosis requests and for collecting the results before transmitting them to the decision module. In order to make the distribution, the database with the register data of the entities (both artificial and human) is taken into account, and

103

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

the symptoms input by the consulting physician are sent to those entities that correspond to the speciality or specialities related to the request (which have been input by the consulting physician as well). Along with the transmission of information necessary for the diagnosis, it should be included the time limit for the entities to issue the diagnosis. Once the time has expired, the manager will submit all diagnoses received with their corresponding probabilities, stating the entity from which they come in order to consider the relative importance of each diagnosis in the consensus task.

Communications Subsystem and Protocols The communications subsystem is the basis for the operation of a CCDSS. The information flows between different components through secure channels and standardised protocols. Artificial entities work like web services and they use Hyper Text Transfer Protocol (HTTP) and Simple Object Access Protocol (SOAP) to inter-component communication. In order to ensure a secure channel, HTTP is secured by using the Secure Socket Layer (SSL) protocol, which makes communication secure on the transmission level. Moreover, better security levels can be achieved by encrypting the information on the implementation level. The artificial entities secure the messages they send and receive with the XML-Encryption specification of the World Wide Web Consortium (W3C). They also sign and validate the messages with the XML-signature specification, also of the W3C. The structure of the messages transmitted within the system should be based on a standard. For this project, we intend to use the HL7 standard, so that the XML messages are consistent with the Reference Information Model (RIM) of the HL7 version 3 specification (Hinchley, 2005). The data considered to be managed are only diagnostic data, as the aim of the posed system is the diagnosis process. In accordance with the

104

RIM specifications, data are modelled as observations, both the data coming from the medical examination (joined to the diagnostic tests) and the diagnosis.

SCNARIOS The first proposed scenario is located in the surgery of a family doctor from a city; we assume that there are no limitations with regard to the resources for making diagnostic tests. The physician, after checking the medical record of the patient and examining him, concludes that the patient suffers from an intestinal problem. In order to determine the diagnosis, the physician will order urine and blood tests and ask the patient to come back with the results after three days. During this period, the physician may use the system to consult experts on the digestive system, sending the patient symptoms and waiting for a result within three days, before the patient comes back. The results provided by the system can confirm the physician’s diagnosis, but also can help him look for alternative diagnoses when checking the laboratory results that the patient will bring on his next visit. In this case, the use of the system has avoided the referral of the patient to a specialist on the digestive system, if the laboratory tests did not confirm the hypothesis of the family doctor, and he had not thought about any alternatives. In this scenario, the system has helped reduce waiting lists for specialists. Another scenario could consist of a patient living in a rural environment with a widely disseminated population, away from the city and from the most sophisticated healthcare resources. Faced with the case of a patient with an acute backache, the physician should decide whether to order more tests and, therefore, refer the patient to a medical centre (perhaps, many kilometres away), where the resources necessary for the tests are available. One of the ways of interacting with the system in this case could be to determine which diagnostic

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

tests to do, thus reducing the number of trips the patient should make to the hospital. The physician would check the patient’s symptoms with the system while he prescribes an analgesic treatment to see if the pain goes away. When the patient comes back to the medical centre, the physician will already have a listing of possible diagnoses provided by the entities connected to the system and will be able to order diagnostic tests at the hospital, which confirm any diagnosis. In this case, the system has helped the physician select the diagnostic tests needed to obtain a differential diagnosis; at the same time, inconveniences for the patient due to the several trips to the hospital, far away from his home, has been avoided. Finally, we propose a different scenario that does not involve problems related neither to specialised knowledge (as in the first case) nor to resources (as in the second case). A patient goes to the hospital with strange symptoms that do not correspond to any illness. In this case, a team of physicians takes responsibility for the patient and, usually, begins to study the case in order to get a differential diagnosis. In this scenario, the system could be regarded as one more expert opinion (with the value that the team leader wants to give it), taking into account that this opinion is a consensus of many diagnoses; therefore, it is as if the team of physicians at the hospital had at its disposal another team of external physicians, also taking part in the same differential diagnosis. With these three scenarios, we want to show the reader several possible uses of a CCDSS, in situations with some kind of restriction as well as in cases in which the systems becomes one more opinion to be considered depending on the evaluation of a medical director. Although we have provided only three scenarios, there are many more cases in which the system could be useful; for example, in a prison or war the location characteristics make it difficult for a complete medical team to work together, so a CCDSS would be a viable option.

Although the architecture proposed is focused on the diagnosis of human diseases, it could be used in any decision-making support in which a consensus among different opinions is useful. If we stay in the healthcare field, we have the same situation in veterinary medicine. A CCDSS could be also used to propose economical questions (maybe related to decisions on stock market values) or auto mechanics.

EXPERMENTATION In the research group of bioinspired engineering and healthcare computing, we have developed a prototype of this architecture. The main objectives for this first development were, on the one hand, to confirm that more accurate diagnoses can be obtained thanks to a consensus among the diagnoses provided by different CDSS. On the other hand, we wanted to study the overall performance of the system with the incorporation of medical opinions and to know what the physicians’ acceptance level was. In order to study whether the consensus among several diagnostic artificial entities improved the individual diagnosis provided by each entity, we selected the diagnosis of melanoma as an experimental test. Two classification algorithms were implemented: a Bayesian classifier and a multilayer perceptron (Greenes, 2007). To increase the number of diagnostic artificial entities, multiple instances of the multilayer perceptron were created by modifying the number of hidden neurons and the training set. Finally, in addition to the entity based on the Bayesian classifier, we also obtained four entities based on the multilayer perceptron (with 3, 4, 5, 6, 7 and 8 hidden neurons), which had acceptable classification rates. Table 1 shows the performance of the multilayer perceptron with regard to the number of neurons of the hidden layer. Instead of working with a list of symptoms, the prototype was adapted to work with vector

105

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

features taken from a pre-processing of the melanoma images. Regarding the consensus module, we used a simple voting system based on the classification rate of the entities: the importance of one entity was equivalent to its classification rate. Thus, if an entity with a classification rate of 85% diagnosed a skin injury as healthy and two more entities with rates of 80% and 82% diagnosed the injury as melanoma, the final consensus would be melanoma. This consensus mechanism can involve the following problem: two entities with very low classification rates (45% and 47%) can induce a wrong diagnosis within the system, over the diagnosis provided by an entity with a classification rate of 90% (45+47>90). In order

to solve this problem, we have selected, from all possible artificial entities, only those with classification rates over 75%. Figure 6 shows a comparison of the classification rate between the Bayesian algorithm, the best multilayer perceptron entity (7 neurons in the hidden layer) and the CCDSS (obtaining a consensus from all the artificial entities). The classification rate of the CCDSS (91.32%) is very similar to the one obtained with the multilayer perceptron entity. Regarding the specificity and the sensibility, both measures are higher in the CCDSS: 93.58% and 78.04%, respectively. The Bayesian entity has a classification rate of 81.25%, a sensibility of 93.15% and a specificity of 76.70%.

Table 1. Performance of the multilayer perceptron entities Hidden neurons

Classification Rate (%)

Specificity (%)

Sensibility (%)

3

70.59

22.54

46.08

4

74.22

55.02

52.94

5

81.00

70.89

55.00

6

84.37

92.00

70.58

7

90.62

93.20

77.35

8

87.50

91.15

76.47

Figure 6. Comparison between CCDSS and other DSS diagnosing melanoma

106

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

Figure 7. Classification rates for different artificial entities and CCDSS in urological dysfunctions

In the other experiment, we developed artificial entities to diagnose different urological disorders based on urodynamic tests (Ruiz Fernández, Garcia Chamizo, Maciá Pérez, & Soriano Payá, 2005). In this experiment, we used a urology expert and several family doctors interested in participating as consulting physicians. The experimentation outcome is shown in figure 7. In particular, we used two different multilayer perceptron (MLP1 and MLP2, in which we modify the hidden layer and the training data set) and a Kohonen SelfOrganising Map (SOM) to classify three types of urological dysfunctions: obstruction, hyperreflexia and effort incontinence. As it is possible to observe in the graph, the classification rate obtained with the consensus is higher than the individual rates for each entity for all the dysfunctions studied. In the consensus we used the same voting system as in the other experiment, so the weight of one entity in the final consensus was equivalent to its classification rate (obtained in a previous test stage). The most important conclusion of this second experiment was the physicians’ opinions with regard to the system; they found the system very useful in supporting those diagnoses involving very specific fields in which they do not have deep knowledge.

CONCLUSION Throughout this chapter, we have tried to introduce the reader to the relevance that the decision-making support systems may have in the healthcare field, particularly in medical diagnosis. Moreover, given the characteristics of the medical environment, we have proposed a new kind of system that involves the cooperation between different entities as the core of the diagnosis support process. Thanks to cooperation among diagnostic entities, physicians and artificial entities, we want to achieve higher precision in the final decision, as well as provide wider system availability. The proposed architecture is based on the paradigm of intelligent agents and distributed computing. The diagnostic entities are distributed to the system and act as web services when asked by a control element (system core); consequently, a lot of diagnosis processes can be performed in parallel. These processes are carried out by physicians and software programs. Finally, the system performs a consensus process among the overall results in order to give the user a set of possible diagnoses with their corresponding probabilities of occurrence.

107

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

The distribution of knowledge is a powerful tool in a clinical decision support system. By adapting the system to a distributed architecture, any number of future sources of knowledge could be integrated into the network, generating an expanding knowledge-base. In addition, different knowledge sources specialized in the same problem can provide different points of view, a key factor in decision support. The experimentation carried out by our research group has confirmed that cooperation between different diagnostic entities can determine a diagnosis from a set of symptoms, improving the individual performance of each entity. We have presented two examples, one related to the melanoma diagnosis and another based in the diagnosis of urological dysfunctions. In both cases, diagnosis results obtained with the cooperative approach are better than individual results. It is important to say that at no time did we propose that a CCDSS replace a qualified professional at the diagnosis activity; the CCDSS operation cannot be understood without the supervision of physicians that check the proper operation of the artificial entities and evaluate the quality of the consensus diagnoses provided by the system.

FUTURE TRENDS One problem with implementing a CDSS is the acquisition of the knowledge related with the diagnosis. It is necessary to contact a group of experts and organize their knowledge, before including the diagnosis rules or heuristics in the system; all these actions take a lot of work and time. In the future, the knowledge should be extracted by more automatic means which take less time. Journals and conference proceedings are an easy alternative way to collect useful information about diagnosis; on the other hand, in hospital information systems there are huge databases with data related to diseases and their diagnosis evaluation. Furthermore, the use of data from

108

journals or electronic health records in hospitals allows for an automatic and constant update of the knowledge rules of the clinical decision support systems. An important future goal is the interaction between different decision support systems. These systems should evolve in the same way as medicine. Each CDSS should be an artificial expert in one speciality or even in just one group of diseases. This implies not only incorporation of information about the diagnosis and therapy of diseases but also including information about others organic systems that can be affected by a disease (in order to interact with the CDSS expert in these organic systems). The consensus between the different artificial entities will be more difficult because each entity will be an expert in just one topic so each entity will have a relative importance in the final diagnosis. It will be necessary to improve the consensus algorithms. As a summary we can suggest three specific objectives for the future. First, it will be necessary to involve a higher number of healthcare professionals in order to validate the system when collaboration of entities expert on different specialities is required. Another objective will be to improve the diagnostic capability of the artificial entities, particularly during the self-learning process, based on their performance within the CCDSS and the feedback which is available after the physician approves the consensus. Finally, it will be find necessary to do an in depth study of the consensus algorithms used, in order to ensure more precise results and to ensure that they can take into account additional variables like the morbidity of the diagnosed illness.

REFERENCES Adler, R. E. (2004). Medical Firsts: From Hippocrates to the Human Genome (1st ed.): Wiley.

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

Berger, S. A. (2001). GIDEON: A Computer Program for Diagnosis, Simulation, and Informatics in the Fields of Geographic Medicine and Emerging Diseases. Paper presented at the 2000 Emerging Infectious Diseases Conference. Berner, E. S. (Ed.). (2007). Clinical Decision Support Systems. Theory and Practice (2nd ed.): Springer. Burstein, F., & Holsapple, C. W. (Eds.). (2008). Handbook on Decision Support Systems 1: Basic Themes. Springer. Cannataro, M., Congiusta, A., Pugliese, A., Talia, D., & Trunfio, P. (2004). Distributed data mining on grids: services, tools, and applications. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 34(6), 2451-2465. Coiera, E. (2003). Guide to Health Informatics (2nd ed.). London: Hodder Arnold. Collins (Ed.) (2003) Collins English Dictionary. Collins. Delen, D., & Pratt, D. B. (2005). An integrated and intelligent DSS for manufacturing systems. Expert Systems with Applications, 30(2), 325-336. Ferber, J. (1999). Multi-Agent Systems. An Introduction to Distributed Artificial Intelligence: Addison-Wesley. Georgopoulos, V. C., & Malandraki, G. A. (2005). A Fuzzy Cognitive Map Hierarchical Model for Differential Diagnosis of Dysarthrias and Apraxia of Speech. Paper presented at the 27th Annual International Conference of the Engineering in Medicine and Biology Society. Greenes, R. A. (Ed.). (2007). Clinical Decision Support. The Road Ahead: Elsevier. Haas, O. C. L., & Burnham, K. J. (Eds.). (2008). Intelligent and Adaptive Systems in Medicine (1st ed.): Taylor & Francis.

Han, J., & Kamber, M. (2005). Data Mining: Concepts and Techniques (2nd ed.): Morgan Kaufmann. Hinchley, A. (Ed.). (2005). Understanding Version 3 - A Primer on the HL7 Version 3 Communication Standard (3rd ed.). Katsuragawa, S., & Doi, K. (2007). Computeraided diagnosis in chest radiography. Computerized Medical Imaging and Graphics, 31(4-5), 212-223. Lin, H. (Ed.). (2007). Architectural Design of Multi-Agent Systems: Technologies and Techniques. IGI Global. Luo, Y., Jiang, L., & Zhuang, T. (2008). A GridBased Model for Integration of Distributed Medical Databases. Journal of Digital Imaging. Modarres, M., & Beheshtian-Ardekani, M. (2005). Enterprise support system architecture: integrating DSS, EIS, and simulation technologies. International Journal of Technology Management, 31(1/2), 116-128. Moore, M. (1999). The evolution of telemedicine. Future Generation Computer Systems, 15(2), 245-254. Morbiducci, U., Tura, A., & Grigioni, M. (2005). Genetic algorithms for parameter estimation in mathematical modeling of glucose metabolism Computers in Biology and Medicine, 35(10), 862-874. Pomerol, J.-C. (1997). Artificial Intelligence and human decision making. European Journal of Operational Research, 99(1), 3-25. Pop, D., Negru, V., & Sandru, C. (2006). MultiAgent Architecture for Knowledge Discovery. Paper presented at the Eighth International Symposium on Symbolic and Numeric Algorthms for Scientific Computing, Timisoara. Porter, R. (Ed.). (2006). The Cambridge History of Medicine (1st ed.): Cambridge University Press.

109

A Distributed Approach of a Clinical Decision Support System Based on Cooperation

Rakus-Anderson, E. (2007). Fuzzy and Rough Techniques in Medical Diagnosis and Medication (1st ed.): Springer.

van Bemmel, J. H., & Musen, M. A. (Eds.). (1997). Handbook of Medical Informatics (1st ed.). Houten, the Netherlands: Springer-Verlag.

Ramnarayan, P., Roberts, G. C., Coren, M., Nanduri, V., Tomlinson, A., Taylor, P. M., et al. (2006). Assessment of the potential impact of a reminder system on the reduction of diagnostic errors: a quasi-experimental study. BMC Medical Informatics and Decision Making, 6(22).

Vihinen, M., & Samarghitean, C. (2008). Medical Expert Systems. Current Bioinformatics, 3(1), 56-65.

Ramnarayan, P., Tomlinson, A., Rao, A., Coren, M., Winrow, A., & Britto, J. (2003). ISABEL: a web-based differential diagnostic aid for paediatrics: results from an initial performance evaluation. Archives of diseases in childhood, 88(5), 408-413. Rangayyan, R. M. (2004). Biomedical Image Analysis (1st ed.): CRC. Roberts, L. M. (2000). MammoNet: a bayesian network diagnosing breast cancer. Machine Perception and Artificial Intelligence, 39, 101-148. Ruiz Fernández, D., Garcia Chamizo, J. M., Maciá Pérez, F., & Soriano Payá, A. (2005). Modelling of dysfunctions in the neuronal control of the lower urinary tract. Lecture Notes in Computer Science, 3561, 203-212. Taylor, A., Manatunga, A., & Garcia, E. V. (2007). Decision Support Systems in Diuresis Renography. Seminars in Nuclear Medicine, 38(1), 67-81.

110

Vitenzon, A. S., Mironov, E. M., & Petrushanskaya, K. A. (2005). Functional Electrostimulation of Muscles as a Method for Restoring Motor Functions Neuroscience and Behavioral Physiology, 35(7), 709-714. Waraporn, N. (2007). Confidence levels for medical diagnosis on distributed medical knowledge nodes. Paper presented at the International Conference on Computer Engineering and Applications, Gold Coast, Queensland, Australia. Weisz, G. (2005). Divide and Conquer: A Comparative History of Medical Specialization: Oxford University Press (USA). White, D. (2006). Decision Theory: Aldine Transaction. WHO (Ed.). (2005). The International Statistical Classification of Diseases and Related Problems (2nd ed.). Geneva: World Health Organization. Wootton, R., Craig, J., & Patterson, V. (Eds.). (2006). Introduction to Telemedicine (2nd ed.): Rittenhouse Book Distributors.

111

Chapter VI

Managing Mobile Healthcare Knowledge:

Physicians’ Perceptions on Knowledge Creation and Reuse Teppo Räisänen University of Oulu, Finland Harri Oinas-Kukkonen University of Oulu, Finland Katja Leiviskä University of Oulu, Finland Matti Seppänen The Finnish Medical Society Duodecim, Finland Markku Kallio The Finnish Medical Society Duodecim, Finland

ABSTRACT Incorporating healthcare information systems into clinical settings has been shown to reduce medication errors and improve the quality of work in general by improving medical decision making and by saving time. This chapter aims to demonstrate that mobile healthcare information system may also help physicians to communicate and collaborate as well as learn and share their experiences within their work community. Physicians’ usage of a mobile system is analyzed through a knowledge management framework known as the 7C model. The data was collected through the Internet among all of the 352 users of the mobile system. The results indicate that frequent use of the system seemed to improve individual physicians’ knowledge work as well as the collective intelligence of a work community. The guide for

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Managing Mobile Healthcare Knowledge

acute care, evidence-based medicine guidelines and information related to drug interactions supported the knowledge creation to a large extent. As such, mobile healthcare information systems may be capable of supporting the different sub-processes of knowledge creation and the knowledge work of individual physicians, and through this also improving the collective intelligence of the work community. Overall, knowledge management seems to be a prominent approach for studying healthcare information systems and their impact on the work of physicians.

InTROoduion Personal digital assistants and mobile applications are promising tools for managing medical information and accessing it at the point of care (Ebell et al., 1997). They have been shown to assist in evidence-based practice in a clinical setting and support the educational needs of physicians, nurses and other clinical staff, while drug information, medical calculations, guideline information and administrative tasks have been identified as the most useful resources (Honeybourne et al., 2006). Topics such as e-prescribing (Kushniruk et al., 2005) and patient tracking (Lapinsky et al., 2001) have gained a lot of attention recently. On the other hand, access to medical literature and electronic pharmacopoeias, i.e. drug information, seem to be excellent tools for providing physicians with knowledge at the point of care (Fischer et al., 2003). Incorporating healthcare information systems into clinical settings has been also shown to reduce medication errors (Grasso & Genest, 2001) and improve the quality of work in general by improving medical decision making and by saving time. Mobile versions of these systems are relatively easily incorporated into the workflow of the physicians (Rothschild et al., 2002) as they can be carried around and used when ever needed, for example during home visits or ward rounds. In the information systems field the topic of knowledge management has received a lot of attention recently (for an excellent review on the subject, see (Alavi & Leidner, 2001)). Our view on knowledge management is through a

112

conceptual framework known as the 7C model (Oinas-Kukkonen, 2004). It suggests that the seven Cs or knowledge creation sub-processes, namely Connection, Concurrency, Comprehension, Communication, Conceptualization, Collaboration, and Collective intelligence, play a central role in knowledge management. According to the 7C model, going through the key phases of Comprehension, Communication, Conceptualization and Collaboration repeatedly, in a seamless and spiral-like way leads into the growth of the organizational or social knowledge, i.e. Collective intelligence. This paper focuses on mobile access to medical literature and electronic pharmacopoeias, aiming to demonstrate that these may help physicians to communicate and collaborate as well as learn and share their experiences within their user community. There are relatively few scientific studies on managing knowledge with mobile healthcare information systems. Moreover, only a small number of articles provide knowledge about the actual use of mobile medical applications (Fischer et al., 2003). We will present a case study among the users of Duodecim mobile healthcare information system. The data was collected through the Internet among all of the 352 physicians (with the response rate of 66.5%, n=234), who were users the case system. The article is organized as follows. Chapter II describes the background for the study. Chapter III presents the 7C model for knowledge creation and management, Chapter IV introduces the case system, Chapter V discusses the results, and finally Chapter VI concludes the article.

Managing Mobile Healthcare Knowledge

Bakg Systematic processing of health-related data, information and knowledge focusing on the study of information processing principles and solutions in healthcare is referred to as health informatics, while the scientific discipline related to it is called medical informatics (Hasman et al., 1995). The terms are often used synonymously, even though some differences exist in their use between countries. For instance, medical informatics in Germany also includes nursing informatics and dental informatics, while in other countries medical informatics primarily focuses on solutions from the physicians’ viewpoint (Hasman et al., 1996). In general, health informatics is often examined from different perspectives such as information technology or user needs. A healthcare information system (HIS) is defined as an application of information technology in healthcare, encompassing a wide range of applications from disciplines such as medicine, computer science, management science and statistics (Raghupathi, 1997). Based on the interaction between the medical personnel and the patient, HISs may be categorized as customer supporting systems, interaction supporting systems, consultation systems, decision support systems, process supporting systems, economic systems, preparation tools and administrative tools (Suomi, 2001). According to Siau (2003), mobile healthcare information systems are among the basic tools employed in the healthcare industry, the other two being Internet applications and enterprise systems. Mobile HISs offer two distinct advantages for the healthcare sector: firstly, they are important for the success of telemedicine, and secondly they enable physicians to access information whenever and wherever needed. Access to real-time information is important for physicians and hospitals because information is often needed immediately to enable accurate decision making (Siau, 2003).

Fischer et al. (2003) classify the main uses of mobile applications for medicine as: accessing medical literature, electronic pharmacopoeias, patient tracking, medical education, research data collection, e-prescribing, business management and specialty-specific applications. Other classifications have also been suggested, such as those ones by Adatia and Bedard (2003) and Embi (2001). Providing access to medical literature increases the extent to which evidence will be sought and incorporated into patient care decisions (Sackett et al., 1998). The access to medical literature through a mobile application will allow decisions to be made by the bedside or at the point of care. This could further improve the decisions made by physicians (Sackett et al., 1998). Mobile devices containing decision-making tools and summaries of evidence may also improve learning in evidence-based medicine (Honeybourne et al., 2006) and reduce patients’ length of stay in hospitals (Sintchenko et al., 2005). Usually, evidence-based information is presented in a guideline form to further support decision-making. Pharmacopoeias are drug information databases and drug interaction guides. Drug information refers to information such as adult and paediatric dosing guidelines or common side effects, while drug interaction guides contain information about possible interactions that two or more drugs used together can have (e.g. drug A may influence the absorption of drug B). Access to drug information may reduce medication errors (Grasso and Genest, 2001) as it is impossible in practise to know all conceivable drug interactions by heart. Thus providing an easy manner to double-check these interactions should indeed help the work of physicians at the point of care. The survey conducted by Rothschild et al. (2002) with palmtop drug information guide users suggests that mobile systems may save time in information retrieval and improve drug-related decision making and can be relatively easily incorporated

113

Managing Mobile Healthcare Knowledge

into the workflow of physicians. This is important, as it could improve technology acceptance and save time. Patient tracking systems aid medical staff in ward rounds by keeping them informed about the patient’s condition. Medical education applications are designed to help medical students in their studies, e.g. by monitoring their clinical experience or by finding gaps in their education. Mobile applications used for data collection have also been found promising for research purposes (Fischer et al., 2003). Using mobile applications for electronic prescribing has been found to decrease medication error rates (Grasso & Genest, 2001) and business management applications help the efficiency of hospitals, e.g. by improving coordination and billing (Fischer et al, 2003). Finally, different specialties (for example family medicine) have their own specific mobile applications. Usually medical literature includes not only descriptions of treatment methods but also evidence supporting each method. This form of decision making is referred as evidence-based medicine and is defined as “the conscientious, explicit and judicious use of current best evidence in making decisions about the care of individual patients” (Sackett et al., 1996). For example, mobile decision support systems have contributed a significant reduction in antibiotic prescribing (Sintchenko et al., 2005), i.e. physicians’ have been able to see better when to prescribe antibiotics and when not to. There are two approaches to applying evidence to medicine (Eddy, 2005). The first approach is to use evidence-based guidelines. Twenty years ago medical guidelines were based on experts’ consensus but over the years most of the guidelines have changed into evidence-based. Quite interestingly the new guidelines have been dramatically different than the previous ones (Eddy, 2005). The second approach is to apply evidence in individual decision making (Evidence-based Medicine Working Group, 1992). The difference to evidence-based guidelines is that this

114

approach aims to “educating physicians to help them bring more research and evidence into their individual decisions about individual patients” (Eddy, 2005). Knowledge management is “a business concept which includes concerted, coordinated and deliberate efforts to manage the organization’s knowledge […] and applying it to enhance organizational performance” (Bose, 2003). Because of the growing costs of healthcare various knowledge management solutions have been applied in hospitals and medical centers to enhance performance and e.g. provide better care. Yet the healthcare sector has been said to be data rich but knowledge poor (Abidi, 2001). That is to say different healthcare organizations generate huge amounts of data from hospital reports to clinical trials but not much of the data is transformed into strategic decision-support knowledge (Abidi, 2001). Thus most of the knowledge management solutions in healthcare have been concentrating on transferring data into knowledge. One way of doing this is to utilize data mining (Fayyad et al., 1996). By using data mining we can find e.g. correlations or dependencies from the vast amounts of data available to us. This way the data could be transformed into a more usable form (i.e. knowledge) for e.g. evidence-based medicine. An example could be to use data mining to predict patients’ length of stay in hospital (Kraft et al., 2003). Clinical decision support systems (Teich & Wrinn, 2000) have also been used to utilize the data. Usually, they combine population statistics with existing knowledge to offer real-time information to support physicians’ daily work (Teich & Wrinn, 2000). They can also facilitate evidencebased medicine (Jadad et al., 2000). Recently, information systems focusing on the knowledge and relationships between patients and hospitals have also been introduced to healthcare settings. This solution is called patient relationship management (Siau, 2003) and through it healthcare

Managing Mobile Healthcare Knowledge

unit can provide better care to patients by allowing the unit to get an increased understanding of patients’ needs. Besides the abovementioned the use of knowledge management based solutions on healthcare offers other benefits, too. For example if we had knowledge management based healthcare systems we could better analyze different types of knowledge found in healthcare organizations (e.g. clinical knowledge stored in repositories) as well as achieve significant organizational productivity improvements (Bose, 2003). Our goal is not to define new ways to facilitate knowledge creation through healthcare information systems but rather to investigate knowledge reuse. Using the 7C model of knowledge creation and management we argue that over time through knowledge reuse healthcare organization do not only generate new knowledge but get better at their work, too. The next chapter will present the 7C model used in this study.

7C model of KNOWLEDGE CREea and managemen The 7C model suggests that the following seven Cs play a critical role in the creation of organizational or social knowledge: Connectivity, Concurrency, Comprehension, Communication, Conceptualization, Collaboration, and Collective intelligence (Oinas-Kukkonen, 2004). The 7C model follows Nonaka and Takeuchi (Nonaka & Takeuchi, 1995) in that the integration of individual and social orientations (individual and organizational in their terminology) is emphasized, and that knowledge is assumed to be created through interaction between tacit and explicit knowledge. The model follows Engelbart (1992) in the outcomes of the Comprehension, Communication and Conceptualization sub-processes. The framework assumes that connectivity of all stakeholders with the joint information space (the 1st C) and with people potentially concurrently

(the 2nd C) is provided in a technologically sound manner, e.g. through the Web, Internet, wireless, mobile and other technologies. These may promote options and allow freedom of choice with contextual support, providing users with a rich environment for comprehending (the 3rd C) and communicating (the 4th C) the information they find. Knowledge is conceptualized (the 5th C) as artifacts, which serve as a vehicle for collaboration (the 6th C) through interaction between information producers and consumers, within a team of co‑workers or among other stakeholders. All of these six preceding Cs contribute to the growth of “togetherness” or collective intelligence (the 7th C). The creation of organizational knowledge is not a linear process, but rather a multi-cycle spiral process (Oinas-Kukkonen, 2004). See Figure 1. The four central sub-processes in knowledge creation are comprehension, communication, conceptualization and collaboration (Oinas-Kukkonen, 2004). Comprehension is a process of embodying explicit knowledge in tacit knowledge by surveying and interacting with the external environment on an ongoing basis in order to identify problems, needs and opportunities (e.g. learn by doing or re-experiencing). Communication is a process of sharing experiences between people and thereby creating tacit knowledge in the form of mental models and technical skills, producing dialogue records which emphasize needs and opportunities, and integrating the dialogue and resulting decisions with other project knowledge on an ongoing basis. Conceptualization is a collective reflection process articulating tacit knowledge to form explicit concepts and rationales and systematizing these into a knowledge system, which are iteratively and collaboratively developed, possibly including proposals, specifications, descriptions, work breakdown structures, etc., but rarely a one-shot effort. Collaboration is a team interaction process of using the resulting conceptualizations within teamwork and other organizational and social processes. 115

Managing Mobile Healthcare Knowledge

Each of the sub-processes may also be regarded as the building of an artifact and reasoning over why it has been built in the way it has, i.e. capturing the knowledge rationale. Repeatedly going through these phases in a seamless and spiral-like way leads to the growth of collective intelligence. Support for capturing deep individual thinking and recording the dialogue between team members may help create truly innovative knowledge products. The learning involved in the comprehension and communication processes is closely related to the attitudes of the participants, i.e. whether they understand their weak points in the sense of individual learning styles, for example. It is important to notice that the 7C model does not try to define how information systems should manage knowledge. Rather, it models the processes of how individuals interact with information and knowledge (and with each other) to increase the collective intelligence of the organization. In a hospital physicians and nurses can learn and understand new things (Comprehension) while they perform their daily work. They can then share their work related experiences with

their colleagues (Communication). As they share they can collectively add to the knowledge of the group and create e.g. best practice guidelines (Conceptualization) to help them perform their work better in the future (Collaboration). Over time, as these processes go around over and over again the hospital unit could get better at providing care for its patients (Collective intelligence). In spite of receiving a lot of attention recently among practitioners, relatively little knowledge management research has discussed the evaluation of the solutions suggested (Oinas-Kukkonen, 2005). This kind of evaluation may be carried out at the individual, work unit (group, team, or department), or overall organizational levels. The increase in the sharing and dissemination of information and the increase in varied interpretations are obvious and in any case by no means the most important measures of the success of knowledge management solutions. The truly important measure is the identification of underlying non-obvious, complex problems and issues (Oinas-Kukkonen, 2005).

Figure 1. Knowledge creation sub-processes (Oinas-Kukkonen 2004) Tacit

Communication

Individual

Comprehension

Collective Intelligence

Collaboration

Explicit

116

Conceptualization

Social

Managing Mobile Healthcare Knowledge

Evaluation of the Comprehension and Communication sub-processes means, for instance, assessment of whether the following goals are achieved: better understanding of current and potential future customers, the key organizational business processes, the product portfolio, product features and potential future products and markets in general. Quite naturally, an improvement in any of these will lead to either an increase in new ideas or the achievement of better ideas for future business, and it may also help solve some of the problems that the organizations are faced with over time (by being more capable of defining the core processes and their key challenges) or even avoid some of the pitfalls they might suffer from. (Oinas-Kukkonen, 2004).

Ca DUODECIM The mobile healthcare information system under investigation is evaluated at the individual and work unit levels. The system comprises a set of medical information and knowledge databases developed by Duodecim Publications Ltd (the Finnish Medical Society Duodecim is a scientific society with over 18,000 of Finnish doctors and medical students - almost 90% - as its members.). The system emphasizes the role of evidence-based medical guidelines (EBMG), i.e. a

collection of clinical guidelines for primary care combined with the best available evidence. The collection includes almost 1,000 concise primary care practice guidelines covering a wide range of medical conditions and including both diagnosis and treatment, over 2,700 high-quality evidence summaries supporting the recommendations, a library of 900 high-quality photographs and images of all common and many rare dermatological conditions, electrocardiograms and eye pictures as well as abstracts from the Cochrane Library (which is a collection of databases in medicine and other healthcare specialties). The system also contains the pharmacology database Pharmaca Fennica with a wireless update service for a complete medicine price list, a drug interaction database for drug-related decision making, the international diagnosis code guide known as The International Classification of Diseases ICD-10, an acute care guide, a medical dictionary of over 57,000 terms, and a comprehensive database of healthcare-related addresses and contact information for pharmacies, hospitals and health centres. The system is described in Table 1. It is typically used through smartphones and it is delivered to users as a memory card that includes a search engine, user interface software and the core databases. The knowledge base is planned to support physicians in their day-to-day activities. It can

Table 1. The Duodecim mobile HIS under study Duodecim database

Description / functionality

Evidence-based medical guidelines

Search for evidence-based guidelines including literature references and abstracts from the Cochrane Library.

Pharmaca Fennica

Drug lists, adult and paediatric dosing guidelines, common side effects.

ICD-10

International Statistical Classification of Diseases and Related Health Problems. Codes for classifying diseases and a wide variety of signs and symptoms.

Acute Care Guide

Pathogenesis, causes, symptoms, differential diagnosis.

Drug Interaction Database

Possible interaction effects of selected drugs.

Medical Picture Database

Descriptions of symptoms and pictures.

Contact Information

Search for contact information on pharmacies, hospitals and health centres.

117

Managing Mobile Healthcare Knowledge

be carried around and applied in the bedside or at the point of care. As physicians apply and reuse the knowledge they may be better equipped with the tasks at hand. This knowledge may also support their medical decision making as well as help them to learn new things. Some earlier studies of the system (see Han et al., 2004a, Han et al., 2005) have demonstrated that physicians have a positive perception of it and intend to use it, and that the most frequently requested mobile content entities were EBMG, Pharmaca Fennica and ICD-10.

Data Collection The data were collected through the Internet during a two-week period from January 23 to February 7, 2007. The key knowledge creation issues under investigation were Comprehension, Communication, Conceptualization, Collaboration and Collective Intelligence. The technological viewpoints of the 7C model (Connection and Concurrency) were omitted as they are beyond the scope of this research. Medical performance was not measured either. The questionnaire contained 18 questions. See Appendix 1. Five-point Likert scale from “Completely disagree” to “Completely agree” with the choice “I don’t know” in the middle was utilized. Physicians were very familiar with this scale, as it had already been used in previous studies of the same system (cf. Han et al., 2004b, Han et al., 2006). The respondents were approached by email with a link to the online questionnaire. The questionnaire was sent to all of the 352 users of the mobile system. They were all physicians who had a smartphone of their own and the software installed in it, donated by a large international medical company. It should be mentioned that while all of the users were members of the Finnish Medical Society Duodecim, they were not necessarily working at the same hospital. The response rate was 66.5% (n=234). Two responses were deleted from the data set because the respondents did

118

not actually use the system, and one was deleted because the respondent did not answer any of the main questions related to this study. Thus the final data set consisted of 231 replies.

Re 62.3% (n=144) of the respondents were men and 37.2% (n=86) women. 61.9% (n=143) were specialists, 27.3% (n=63) general practitioners, and 10.4% (n=24) researchers or working in administrative positions. Most of the respondents had more than 20 years of experience of working as a physician (55.8%, n=129), while 32.0% (n=74) had over ten years of experience and only 12.1% (n=28) had less. The majority of the physicians worked daily with patients (80.5%, n=186), nurses (86.6%, n=200) and other physicians (85.3%, n=197). 45.9% (n=106) of the physicians used the information system daily, 37.7% (n=87) several times a week, 11.7% (n=27) once a week, 3.9% (n=9) once a month and only two used it less often than once a month. The two most frequently used parts were Pharmaca Fennica drug information (96.5%) and EBMG (88.7%). The least used was the Picture Database (n=46, 19.9%). It was the most recent addition to the system and not all physicians had access to it yet which at least to some extent explains its low usage (the medical society estimated that about half of the users had the picture database installed). Besides using the mobile HIS, 27.7% (n=64) of the physicians read emails through the mobile device and 36.4% (n=84) used it for other Internet services. Quite naturally, the less experienced physicians more often felt that the system helped them to learn new things, and they also found it more useful to some extent than did the more experienced physicians (see Table 2). Interestingly, there was a slight difference in how specialists and general practitioners felt about the system’s ability to support learning of new things. 62.9% (n=39) of the general practi-

Managing Mobile Healthcare Knowledge

Table 2. Experience affected the perceived usefulness and learning Experience

Learning (Chi-Square=15.445, p=0.000)

Usefulness (Chi-Square=7.459, p=0.024)

under 10 y (n=28)

81.5%

92.9%

10-20 y (n=74)

58.1%

86.3%

over 20 y (n=129)

42.2%

74.2%

Table 3. A mobile HIS may improve all key knowledge creation sub-processes Independent s amples t est Lev en e's T est for

C o llec tiv e Intelligenc e

C o mpr ehen sion

C o mm unic atio n

C o nce ptualiz atio n

C o llabo ratio n

S um V ar ia ble

E qual v arianc es as s ume d E qual v arianc es not as su me d E qual v arianc es as s ume d E qual v arianc es not as su me d E qual v arianc es as s ume d E qual v arianc es not as su me d E qual v arianc es as s ume d E qual v arianc es not as su me d E qual v arianc es as s ume d E qual v arianc es not as su me d E qual v arianc es as s ume d E qual v arianc es not as su me d

M ean ,001

,972

-4,63 0 -4,60 2

3,246

,073

,074

,786

-5,50 4 -5,55 8 -3,30 6 -3,28 1

6,197

,014

-2,77 5 -2,73 6

,035

,851

-2,84 0 -2,83 0

,672

,413

-4,42 4 -4,39 3

tioners felt that the mobile HIS helped them to learn, while 47.9% (n=68) of the specialists felt that way (Chi-Square=3.902, p=0.048). The explanation may be simple fact that the specialists’ area of expertise is more focused while general practitioners have to treat patients with wide variety of symptoms. The four Cs of the knowledge creation spiral correlated with each other strongly. Interestingly, the highest correlations were between Comprehension and Communication, i.e. the individual side of the model (r=0.626) and Conceptualization and Collaboration, i.e. the social side of the model (r=0.675). This supports the individual-social

229 216 ,8 01 226 224 ,0 10 227 211 ,9 89 229 205 ,8 83 229 219 ,7 74 229 215 ,6 31

S td. E rr or

95% C on fide nce Interv al o f the

,000

-,576

,124

-,821

-,331

,000

-,576

,125

-,823

-,329

,000

-,692

,126

-,939

-,444

,000

-,692

,124

-,937

-,447

,001

-,427

,129

-,682

-,173

,001

-,427

,130

-,684

-,171

,006

-,334

,120

-,571

-,097

,007

-,334

,122

-,574

-,093

,005

-,347

,122

-,587

-,106

,005

-,347

,122

-,588

-,105

,000

-,445 45

,1006 9

-,643 86

-,247 05

,000

-,445 45

,1014 0

-,645 31

-,245 60

dichotomy in the knowledge creation model. The next strongest correlation were between Communication and Conceptualization (r=0.554), Comprehension and Conceptualization (r=0.538), and Communication and Collaboration (r=0.534) while the lowest correlation was between Comprehension and Collaboration (r=0.514). To investigate the knowledge creation spiral a sum variable was constructed, representing the Comprehension, Communication, Conceptualization and Collaboration sub-processes (referred to later simply as the “sum variable”). We used the sum approach as each of the 7C sub-processes may be treated equally important. Since five responses

119

Managing Mobile Healthcare Knowledge

had one or more missing data items related to these, the missing data were replaced by means from similar respondents. The sum variable has a high reliability (Cronbach’s α=0.841) and correlates strongly with Collective Intelligence (0.629). This seems to confirm the interplay among the four Cs, i.e. the spiral, indeed leads to the growth of Collective Intelligence. A comparison between those who used the system daily and those who used it less frequently indicates that the daily use improves all knowledge creation sub-processes as well as the sum variable (see Table 3). This seems to indicate that it actually helps physicians to perform their jobs better and it eventually may increase the Collective intelligence of the whole work community. This is an important finding and provides some empirical evidence for the usefulness of mobile information systems in healthcare in general. Thus, a mobile healthcare information system would be of benefit not only for patient safety

(Honeybourne et al., 2006) but for the professional skills of the physicians as well. We also analysed the different parts of the system to find out which functionalities had on effect on different knowledge creation subprocesses. As 96.5% of the physicians used the drug information (only eight did not use it) we could not compare users and non-users with it. The Independent Samples T-tests between those who used EBMG and those who did not suggest that EMBG use improves user perception on the mobile system’s help to Communicate (F=1.813, p=0.001), Conceptualize (F=0.538, p=0.001) and Collaborate (F=0.035, p=0.001). See Table 4. It improves the spiral (F=2.195, p=0.000), and to some extent it also affects Comprehension (F=4.949, p=0.022). The ICD-10 improved Collective Intelligence (F=1.550, p=0.000) and the spiral (F=0.084, p=0.003). Whereas ICD-10 is packed with fourletter abbreviations of various diseases and it

Table 4. Use of EBM Guidelines improves physicians’ Communication, Conceptualization and Collaboration Independent samples test Levene's Test for Equality of Variances

Collective Intelligence

Comprehension

Communication

Conceptualization

Collaboration

SumVariable

120

Equal variances assumed Equal variances not assumed Equal variances assumed Equal variances not assumed Equal variances assumed Equal variances not assumed Equal variances assumed Equal variances not assumed Equal variances assumed Equal variances not assumed Equal variances assumed Equal variances not assumed

F

,285

Sig. ,594

4,949

,027

1,813

,179

,538

,464

,035

,852

2,195

,140

t-test for Equality of Means

95% Confidence Interval of the Difference Lower Upper -,220 ,587

229

Sig. (2-tailed) ,371

Mean Difference ,184

Std. Error Difference ,205

1,003

34,055

,323

,184

,183

-,189

,556

-2,731

226

,007

-,563

,206

-,970

-,157

-2,410

29,842

,022

-,563

,234

-1,040

-,086

-3,357

227

,001

-,681

,203

-1,080

-,281

-2,996

29,968

,005

-,681

,227

-1,144

-,217

-3,424

229

,001

-,644

,188

-1,014

-,273

-3,193

30,537

,003

-,644

,202

-1,055

-,232

-3,341

229

,001

-,639

,191

-1,016

-,262

-3,046

30,213

,005

-,639

,210

-1,067

-,211

-3,941

229

,000

-,63088

,16007

-,94627

-,31548

-3,569

30,118

,001

-,63088

,17676

-,99182

-,26994

t

,897

df

Managing Mobile Healthcare Knowledge

seems impossible for anyone to know all diseases and their codes by heart, it is surprising that there was no correlation with it and Comprehension. It may well be that these abbreviations are really used only for healthcare management and they do not involve diagnosing or modelling the groups of diseases. Use of Acute Care Guide improved all knowledge creation sub-processes: Collaboration (F=10.312, p=0.000), Comprehension (F=6.067, p=0.000), Collective Intelligence (F=0.339, p=0.000), Communication (F=1.730, p=0.001), Conceptualization (F=0.001, p=0.008), as well as the sum variable (F=1.560, p=0.000). As such, the use of the Acute Care Guide seems to improve each of the knowledge creation sub-processes. Use of Drug Interaction Database improved Collaboration (F=1.218, p=0.000), Conceptualization (F=0.979, p=0.001), Comprehension (F=0.095, p=0.001), Collective Intelligence (F=0.073, p=0.010), as well as the sum variable (F=0.922, p=0.000). Quite interestingly, it did not affect Communication. Maybe the drug interaction information is useful in places where communication is not required, e.g. the physicians has already decided that he will prescribe drug A and he uses the system to check out possible interactions with existing medication. Use of Medical Picture Database improved only the sum variable (F=0.000, p=0.009). The results concerning the Picture Database may be

little inconclusive due to its low usage. Contact Information improved Collaboration (F=1.724, p=0.002) and the sum variable (F=0.025, p=0.004). Interestingly it did not improve Communication, even if it provided contact information. Table 5 summarizes the correlations between parts of the system and knowledge creation subprocesses.

DiSCUSSIion From the five Cs addressed in this study Comprehension was improved by the use of the Acute Care Guide and Drug Interaction Database. The Acute Care Guide was used slightly more often by the less experienced physicians, as 33.3% (n=43) of those who had more than 20 years of experience used it, compared with 48.0% (n=49) of the rest of the physicians (Chi-Square=5.140, p=0.023). Quite obviously, the less experienced physicians still have more to learn and comprehend. Maybe this is especially true in acute medical situations. The fact that Drub Interaction Database improves Comprehension seems feasible too, since there are a large number of different drugs and their combinations that it is practically impossible to know all of their interactions. Thus an easy way of checking these interactions should indeed help physicians and over time they may comprehend something new. Interestingly, EBMGs did not

Table 5. Usage of the different parts of the system and their impact on the 7C processes Duodecim database

Frequencies

CI

Comp

Comm

Conc

Coll

Sum var

Acute Care Guide

39.8%

X

X

X

X

X

X

Drug Interaction Database

54.5%

X

X

X

X

X

Evidence-based medical guidelines

88.7%

X

X

X

Contact Information

74.5%

X

X

ICD-10

57.6%

Medical Picture Database

19.9%

Pharmaca Fennica

96.5%

X

X

X X

121

Managing Mobile Healthcare Knowledge

affect Comprehension. This might be because most of the physicians were experienced and thus familiar with the guideline information. On the other hand, most of the users (61.9%, n=143) had specialized in certain medical domains, which implies that their knowledge needs might have been more specialized than what is provided through the evidence-based medical guidelines. Communication was improved by the EBMGs and the Acute Care Guide, which both are well-structured and evidence-based. Thus, they contain guideline information that is relatively easy to deliver. For example, all guidelines in the Acute care guide are organized in the same format, i.e. pathogenesis, causes, symptoms and differential diagnosis. Conceptualization was improved by the EBMGs, Acute Care Guide and Drug Interaction Database. Indeed, evidence-based information may help a group of physicians to reach a consensus in making medical decisions. Collaboration was improved by the EBMGs, Acute Care Guide, Drug Interaction Database and Contact Information. It seems natural that guidelines help physicians to collaborate. Similarly providing Contact Information helps find the right people. Collective Intelligence was improved by ICD10, Acute Care Guide and Drug Interactions. Interestingly, 65.0% (n=93) of the specialists used ICD-10, but only 39.7% (n=25) of the general practitioners. This could mean that specialists have a greater need for the ICD-10 than general practitioners, but as such it does not explain why the use of ICD-10 improves Collective Intelligence. One reason for this could be that hospitals are very bureaucratic by nature and these classifications of diseases are needed in many situations, e.g. when a patient checks in, when a patient’s treatments are entered into hospital records, or when a patient is discharged. The use of a mobile ICD-10 application can provide practical support in these situations.

122

From the different subsystems the Acute Care Guide improved all knowledge creation sub-processes. Mobile applications such as the Acute Care Guide combine the “any time, anywhere” possibilities of mobile applications with actual needs in acute medical situations, where knowledge must be acquired and applied swiftly. Thus, instead of concentrating on any time and anywhere mobile applications in knowledge work context might need to concentrate more on exact situations where knowledge is needed, e.g. in healthcare at the point of care. Of the other subsystems Evidence-Based Medical Guidelines and Drug Interactions seem to support the knowledge creation sub-processes to a greater extent. Overall, guideline information seems to provide a good fit with knowledge creation. Guidelines contain information about diagnostic procedures that may be used with certain symptoms as well as suggestions for which drugs might work best for different illnesses. Physicians may also find them helpful when consulting other physicians, as the guideline information may provide a basis for communicating and collaborating. A general practitioner may first check the information found in the mobile HIS, for example, and then use it as a reference when consulting a specialist.

FuTURE RESEARCH Future research should be directed towards empirical testing of the knowledge processes in more detail, e.g. what type of communication do the evidence-based medical guidelines really support and how can the transfer of tacit knowledge into explicit be better supported. Also multiple sources of data would help obtain deeper understanding. We are also planning a longitudinal study on the case system described in this paper. With the longitudinal data we can see e.g. how the regu-

Managing Mobile Healthcare Knowledge

lar use of the system affects the 7C knowledge creation processes. For example the collective intelligence of the hospital units should increase over time. We would also like to compare the case system to other ways of obtaining the same information and knowledge. For example, how does the usage of the mobile system compare to e.g. books or desktop information systems (Duodecim also has the desktop version of the case system). We are especially interested in finding out does the case system really offer better support at the point of care? Another line of research we are interested in is what kind of features of functionalities would support the processes of the 7C model? We are especially interested in the comprehension and conceptualization processes as they have received less attention in the scientific literature than communication and collaboration.

benefit not only for patient safety (Honeybourne et al., 2006) but for the professional skills of the physicians as well. A limitation of our study is that we were not able to go deeper with studying the differences between experienced and less experienced physicians. Another limitation would be that the picture database was not in use by all of the physicians so the results concerning it are not conclusive. Also one limitation on our study could be that most of the physicians participating in the study had more than 20 years of work experience. It could be argued that the less experience the physician has, the more he has to learn and more he could benefit from the use of a mobile healthcare information system. In sum, knowledge management seems to be a prominent approach for studying healthcare information systems and their impact on physicians’ work.

Conlu

Refeen

This article discusses physicians’ usage of a mobile healthcare information system. This was studied through the 7C knowledge management framework. The usage of the system seemed to improve the knowledge work of individual physicians as well as the collective intelligence of work community. The easiest sub-process to support through the system seemed to be collaboration between the physicians. Comprehension and, quite surprisingly, Communication were the most difficult aspects to support. All parts of the case system helped improve the knowledge creation spiral. These findings go hand in hand with some of the previous findings (e.g. Ebell et al., 1997, Honeybourne et al., 2006) of the usefulness of healthcare information systems, especially in acute medical situations where decisions have to be made swiftly. The findings also hint that the daily use of such a system may indeed over time be of

Abidi, S. (2001). Knowledge management in healthcare: towards “knowledge-driven” decision-support services. International Journal of Medical Informatics, 63(1)2 , 5-18. Adatia, F., & Bedard, P. (2003). Palm reading: 2. Handheld software for physicians. Canadian Medical Association Journal, 168(6), 727-734. Alavi, M., & Leidner, D. E. (2001). Review: Knowledge management and Knowledge Management Systems: Conceptual Frameworks and Research Issues. MIS Quarterly, 25(1), 107-136. Bose, R. (2003). Knowledge management-enabled health care management systems: capabilities, infrastructure, and decision-support. Expert Systems with Applications, 24, 59-71. Ebell, M. H., Gaspar, D. L., & Khurana, S. (1997). Family physicians’ preference for computerized decision-support hardware and software. The Journal of Family Practice, 45(2), 127-128. 123

Managing Mobile Healthcare Knowledge

Eddy, D. M. (2005). Evidence-Based Medicine: A Unified Approach. Health Affairs, 24(1), 9-17. Embi, P. (2001). Information at hand: Using handheld computers in medicine. Cleveland Clinic Journal of Medicine, 68(10), 840-853. Engelbart, D. (1992). Toward High-Performance Organizations: A Strategic Role for Groupware. In proceedings of the GroupWare ‘92 Conference, San Jose, CA, August 3-5, 1992, Morgan Kaufmann Publishers. Evidence-based Medicine Working Group (1992). Evidence-based Medicine: A New Approach to Teaching the Practice of Medicine. Journal of the American Medical Association, 268(17), 2420–2425. Fayyad, U. M., Shapiro, G. P., Smyth, P., & Uthurusamy R. (Eds.) (1996). Advances in knowledge discovery and data mining. California: AAAi Press. Fischer, S., Stewart, T., Mehta, S., Wax, R., & Lapinsky, S. E. (2003). Handheld computing in medicine. Journal of the American Medical Informatics Association, 10(2), 139-149. Grasso, B., & Genest, R. (2001). Clinical computing: Use of a personal digital assistant in reducing medication error rates. Psychiatric Services, 52(7), 883–886. Han, S., Harkke, V., Mustonen, P., Seppänen, M., & Kallio, M. (2004a). Mobilizing medical information and knowledge: some insights from a survey. Proceedings of the 12th European Conference on Information Systems (ECIS), Turku, Finland. Han, S., Mustonen, P., Seppänen, M., & Kallio, M. (2004b). Physicians’ behaviour intentions regarding the use of mobile technology: an exploratory study. Proceedings of the 8th Pacific Asia Conference on Information Systems (PACIS), Sanghai, China.

124

Han, S., Harkke, V., Mustonen, P., Seppänen, M., & Kallio, M. (2005). Understanding physician acceptance of mobile technology: insights from two telephone interviews in Finland. International Journal of Electronic Healthcare, 1(4), 380-395. Han, S., Mustonen, P., Seppänen, M., & Kallio, M. (2006). Physician’s acceptance of mobile communication technology: an exploratory study. International Journal of Mobile Communications, 4(2), 210-230. Hasman, A., Albert, A., Wainwright, P., Klar, R., & Sosa, M. (1995). Education and training in health informatics in Europe, State of art, guidelines, applications. In Studies in Health Technology and Informatics, IOS Press, Amsterdam, 25. Hasman, A., Haux, R., & Albert, A. (1996). A systematic view on medical informatics. Computer methods and Programs in Biomedicine, 51, 131-139. Honeybourne, C., Suttont, S., & Ward, L. (2006). Knowledge in the Palm of your hands: PDAs in the clinical setting. Health Information and Libraries Journal, 23, 51-59. Jadad, A. R., Haynes, R. B., Hunt, D., & Browman, G. P. (2000). The Internet and evidence-based decision-making: a needed synergy for efficient knowledge management in health care. Canadian Medical Association Journal, 162 (3), 362-365. Kraft, M. R., Desouza, K. C., & Androwich, I. (2003). Data Mining in Healthcare Information Systems: Case Study of a Veterans’ Administration Spinal Cord Injury Population. Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03). Jan. 6-9. Kushniruk, A., Triola, M., Borycki, E., Stein, B., & Kannry, J. (2005). Technology induced error and usability: the relationship between usability problems and prescription errors when using a

Managing Mobile Healthcare Knowledge

handheld application. International Journal of Medical Informatics, 74(7-8), 519-526.

reference guide. Journal of the American Medical Informatics Association, 9(3), 223–229.

Lapinsky, S. E., Weshler, J., Mehta, S., Varkul, M., Hallett, D., & Stewart, T. (2001). Handheld computers in critical care. Critical Care, 5(4), 227–231.

Sackett, D .L., Rosenberg, W. M. C., Gray, J. A .M., Haynes, B.. & Richardson, W. S. (1996). Evidence based medicine: what it is and what it isn’t. British Medical Journal, 312(13), 71-72.

Nonaka, I., & Takeuchi, H. (1995). The Knowledge-Creating Company — How Japanese Companies Create the Dynamics of Innovation. Oxford University Press.

Sackett, D. L., & Straus, S. (1998) Finding and applying evidence during clinical rounds: the evidence cart. Journal of the American Medical Association, 280(15), 1336–1338.

Oinas-Kukkonen, H. (2004). The 7C Model for Organizational Knowledge Sharing, Learning and Management. Proceedings of the Fifth European Conference on Organizational Knowledge, Learning and Capabilities (OKLC ‘ 04), Innsbruck, Austria, April 2-3.

Siau, K. (2003). Health Care Informatics. IEEE Transactions on Information Technology in Biomedicine, 7(1), 1-6.

Oinas-Kukkonen, H. (2005). Towards Evaluating Knowledge Management through the 7C Model. Proceedings of the European Conference on Information Technology Evaluation, (ECITE ’05), Turku, Finland, September 29-30. Raghupathi, W. (1997). Health Care Information Systems. Communications of the ACM, 40(8), 81-82. Rothschild, J. M., Lee, T. H., Bae, T., & Bates, D.W. (2002). Clinician use of a palmtop drug

Sintchenko, V., Iredell, J., Gilbert, G., & Coiera, E. (2005). Handheld Computer-based Decision Support Reduces Patient Length of Stay and Antibiotic Prescribing in Critical Care. Journal of the American Medical Informatics Association, 12(4), 398-402. Suomi, R. (2001). Streamlining Operations in Health Care with ICT. In T.A. Spil & R.A Stegwee (Eds.), Strategies for Healthcare Information Systems, Idea Group Publishing: Hershey, PA, 2001, 31-44. Teich, J. M., & Wrinn, M. M. (2000). Clinical decision support systems come of age. MD Computing, 17(1), 43-46.

125

Managing Mobile Healthcare Knowledge

Appendix A Demographics 1. Gender

Male / Female

2. Experience

Less than 1 years / 1-5 years / 5-10 years / 10-20 years / over 20 years

3. Occupation

General practitioner / Specialist / Researcher / Management position

4. I use the mobile databases

Daily / A few times a week / Once a week / Once a month/ Less than once a month

5. I use the following parts of the system

EBM guidelines



Pharmaca Fennica



ICD-10



Acute care guide



Drug interactions



Picture database



Connection information

6. I work with hospital management

Daily/A few times a week/Once a week/Once a month/Less than once a month/Never

7. I work with physicians

Daily/A few times a week/Once a week/Once a month/Less than once a month/Never

8. I work with nurses

Daily/A few times a week/Once a week/Once a month/Less than once a month/Never

9. I work with patients

Daily/A few times a week/Once a week/Once a month/Less than once a month/Never

The medical databases Please, answer using these criteria: 1 = Completely disagree, 2 = Partially disagree, 3 = I don’t know 4 = Partially agree, 5 = Completely agree 10. The mobile medical databases increase the professional capabilities of my work community.

1

2

3

4

5

11. The mobile medical databases help me better comprehend issues relatedto work at hand.

1

2

3

4

5

12. The mobile medical databases help me communicate better.

1

2

3

4

5

related to work at hand.

1

2

3

4

5

14. The mobile medical databases support collaboration.

1

2

3

4

5

15. This mobile service makes me to learn new things.

1

2

3

4

5

16. In my opinion, this is a useful mobile service.

1

2

3

4

5

13. The mobile medical databases help the working community to reach a consensus in issues

126

Managing Mobile Healthcare Knowledge

The use of mobile Internet 17. Do you read email with you mobile phone

Yes / no

18. Do you use your mobile phone for other internet services.

Yes / no

127

Section II

Patient Monitoring and Wearable Devices

129

Chapter VII

Patient Monitoring in Diverse Environments Yousef Jasemian Engineering College of Aarhus, Denmark

ABSTRACT Recording of physiological vital signs in patients’ real-life environment could be especially useful in management of chronic disorders; for example for heart failure, hypertension, diabetes, anorexia nervosa, chronic pain, or severe obesity. Thus, monitoring patients in diverse environments, by a mobile health system, is one of the major benefits of this approach, however at the same time the demands and challenges for improving safety, security and integrity increase. Top priorities for patients under recovery of health and elderly under care are the feeling of being cared securely and safely in there home and its surroundings. Solving these issues will elevate users’ compliance and trust to mobile health services. Most research activities have been focused on achieving common platform for medical records, monitoring health status of the patients in a real-time manner, improving the concept of online diagnosis, developing or enhancing telemedicine solutions, which deals with remote delivery of health care services applying telecommunications, etc.This chapter intends to explore the issues and limitations concerning application of mobile health system in diverse environments, trying to emphasize the advantages and drawbacks, data security and integrity suggesting approaches for enhancements. These issues will be explored in successive subsections by introducing two studies which were undertaken by the author.

INTRODUCTION In recent years, initiatives have been taken both from academia and by the industries with a view for improving the health care and safety of the

public by taking use of information and communication technologies. Most research activities have been focused on achieving common platform for medical records, monitoring health status of the patients in a real-time manner, improving the con-

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Patient Monitoring in Diverse Environments

cept of online diagnosis, enhancing security and integrity of the patients, developing or enhancing telemedicine solutions, which deals with remote delivery of health care services applying telecommunications, etc. (Freedman, 1999; Shimizu, 1999; Woodward, Istepanian & Richards,2001; Jasemian & Arendt-Nielsen, 2005a; Bønes, Hasvold, Henriksen & Strandenaes, 2006; Sax, Kohane & Mandl, 2005). Recent advances in embedded computing systems have led to the evolution of wireless and mobile health services, consisting of small battery-powered entities with computation and radio communication capabilities. This permits data gathering and computation to be deeply integrated in the patients’ daily environment. The technology has also the potential of automatically collecting vital signs to be fully integrated into the patient care record and used for real-time triage, correlation with hospital records, and long-term observation. During the past few years, advances in sensor technology have enabled the development of small, lightweight medical sensors such as pulse oximeters and electrocardiogram leads that can be worn by the patient while wirelessly transmitting data. This frees the patient from the confinement of traditional wired sensors, allowing him or her to move at leisure and increasing comfort in daily environment. It is foreseen that with the help of these enhanced mobile health systems, better health care and services can be delivered to users, and hospitals can also benefit a better information management and administration. Also, it will provide the users the ability to access their medical records anywhere, anytime. As the patients in a mobile heath system are monitored in diverse environments, several challenges are present. First, Mobile health network may contain a large number of mobile sensors due to the mobility of patients. Second, the timeliness and reliability of data delivery is crucial in mobile health services. Third, wireless and mobile communication media generally have limited

130

bandwidth and relatively high loss rate. Finally, the most fundamental challenge is the security and privacy of sensitive patient data. Because the data is transmitted wirelessly, it is easy for an eavesdropper with a properly tuned receiver to intercept the data. Hence, mechanisms must exist for data authenticity and integrity. Moreover, patients’ compliance concerned in a mobile health is an important issue in focus. The present chapter intends to explore the issues and limitations concerning application of mobile health system in diverse environments, trying to emphasize the advantages and drawbacks, data security and integrity suggesting approaches for enhancements. These issues will be explored in successive subsections by introducing two studies which were undertaken by the author of the present chapter.

BACKGROUND AND MOTIVATIONS The number of people with chronic diseases such as heart arrhythmia, diabetes, cancer and chronic obstructive pulmonary disease (COPD) is increasing in most Western countries, and the majority are elderly. Chronic diseases are the leading causes of death and disability, and these accounts for 70 % of all deaths in the U.S., which is 1.7 million each year (National Centers for Chronic Disease Control and Prevention, 2008). Almost 25 million people have major limitations in daily living in the United States (National Centers for Chronic Disease Control and Prevention, 2008). Chronic disease is a growing problem in the United States. More than 125 million Americans had at least 1 chronic care condition in 2000, and this number is expected to grow to 157 million by the year 2020 (Marchibroda, 2008).Some of the challenges associated with chronic care management approaches are the use of telemedicine and mobile health services. Nowadays, in USA, Canada, Australia and many European countries, the health authorities

Patient Monitoring in Diverse Environments

tend to optimise the resources most effectively. By introducing e-health, telemedicine and mobile health services, it became possible to treat/monitor as many patients as possible at remote areas (BeWell Mobile Technology Inc, 2006; Farmer, Gibson, Hayton, Bryden, Dudley et al., 2005, Friedewald, & Pion, 2001; Logan, McIsaac, Tisler, Irvine, Saunders et al., 2007). Thanks to emerging technologies the elderly now have the opportunity to stay longer in their homes and manage everyday tasks without significant burden for their caregivers. Improving the quality of life for patients is also an essential task in these countries (Sneha & Varshney, 2007; Cocosila, Coursaris & Yuan, 2004; Jasemian, 2006; Jasemian, 2008; McLean, Mendis, Harris & Canalese, 2007). Cardiovascular disease is the main cause of death in the UK and it accounts for 39% of all death each year. Among patients who had heart attacks, about 30% of them died even before reaching to the hospital (Petersen, Peto & Rayner, 2004). Although heart attack can happen suddenly without apparent indications, cardiac arrhythmia can often be found before the event. They can potentially be used as the precursor to major cardiac episodes (Panidis & Morganroth, 1983). In Aalborg hospital, Denmark, for instance, 40 % of the heart arrhythmia patients are hospitalized for disease monitoring and control purpose. They are all monitored by short range telemetry in the hospital for one to five days (patient registration section, Aalborg Hospital, Denmark). Non-risky heart patients are referred for monitoring at home by HOLTER or event recording devices. Currently, electrocardiogram (ECG) Holter monitoring is the most widely used technique for providing ambulatory cardiac monitoring for capturing rhythm disturbances. A traditional Holter monitor can record up to 24 hours of ECG signals, and the recorded data is subsequently retrieved and analyzed by a clinician. Due to the short duration involved and the unknown context within which the ECG signal is captured, reliable interpretation of the recorded data is always a

challenge. Not all patients show high compliance with the application of these home monitoring devices. Nor this monitoring arrangement provides comfort to them. Because, these devices do not function on-line and the arrangement requires a number of hospital visits in order to deliver the recorded data on a tape or memory card to the specialists, which is sometimes a stressful and time consuming process for the patients. To address these drawbacks, some more advanced ECG monitoring systems are emerging. An online mobile health service has been suggested as an alternative to the above mentioned monitoring methods (Jasemian & Arendt-Nielsen, 2005c; Clarke, Bratan, Kulkarni & Jones, 2007; Gostin, 1965). Some can also detect and signal a warning in real-time if any adverse event is captured (Standing, Dent, Craig & Glenville, 2001). The trend of providing more and more wireless health care solutions is especially visible, because going wireless is supported by the telecommunications service providers as well as by the end-users. For users, wireless means being free from inconvenient cables and thereby more mobility plus easier and more flexible access to healthcare services. For operators and providers, wireless means cheaper access, more users on the network and more benefit. In many situations different telecommunication systems coexist thus forming a heterogeneous telecommunications environment. This, however, does not exhaust the problem of heterogeneity. The term applies also to the coexistence of different operators and service providers. Finally, different users’ need can also be defined as heterogeneous. Due to these aspects, addressing variety of systems, environments, services, technologies and needs has already now become a big problem for the telecommunications technology and it is very likely to continue gaining importance. Wireless technology has its own advantages and drawbacks. Among the advantages, mobility and flexibility are important characteristics. Among the drawbacks, major problems with a

131

Patient Monitoring in Diverse Environments

mobile health system are safety, data security and integrity. These concerns increase, as the patients are monitored in diverse environments. Research for optimization of security has been done and in this relation a number of security arrangements have been suggested (Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic, V., Khan, S. 2008; MacDonald, JA. 2008). The remote monitoring of patients, for chronic diseases or to follow up elderly people at home, is a particular application of the promising mobile healthcare services in home environment. The follow up of patients at home must satisfy the same security standard as it does in the hospital. The mobile healthcare device plays the role of the human to machine interface. This communicates with a home care station that should contain the following features: sufficient local data storage (memory), a local processing facility (real time alarm agents), a communication mediator, an authentication agent (PIN), and a “fire wall” to preserve data from piracy. Thus, top priorities for patients under recovery of health and elderly under care are the feeling of being cared securely and safely in there home and its surroundings. Solving these issues will elevate users’ compliance and trust to mobile health services.

SECURITY AND INTEGRITY ARRANGEMENTS IN M-HEALTH SOLUTIONS Recording of physiological vital signs in patients’ real-life environment could be especially useful in management of chronic disorders; e.g. for heart failure, hypertension, diabetes, anorexia nervosa, chronic pain, or severe obesity. This could also be used to provide feedback about someone’s health in the form of behavioural feedback in order to prevent diseases. Thus, monitoring patients in diverse environments, by a mobile health system, is one of the major benefits of this

132

approach, however at the same time the demands and challenges for improving safety, security and integrity increase. Security relates to the means by which an entity protects the privacy of any information, and it depends very much on the applied communication technology and data processing. Privacy refers to the individual’s right to keep certain data or information private, unless that information will be used or disclosed with his/her permission (Jasemian, 2006). The rapidly emerging infrastructure of health care information and its relation to patient privacy have been described in the literature (Gostin, Brezina, Powers, Kozloff, Faden et al., 1993; Gostin, Lazzarini, Neslund & Osterholm, 1996; Boncella, 2002). Authentication, confidentiality and integrity of the transferred information are minimum requirements any patient will demand (Boncella, 2002). Security and privacy are very much intertwined; indeed this is security that assures the privacy.

Security and Privacy in a Wireless Remote Medical System for Home Healthcare Purpose (Study 1) The study explores data security and patients’ privacy in a wireless remote patient monitoring system which has been designed, implemented and tested in a clinical setup by the author (Jasemian et al., 2005a; Jasemian et al., 2005c; Jasemian & Arendt-Nielsen, 2005b). A wireless remote patient monitoring system (Figure 1) consisting of a patient-unit (an ECG device, a Bluetooth module and a Mobile phone), public GSM/GPRS network, a GSM/GPRS modem server, and a graphical monitoring station were arranged and setup. To make the setup functioning in a reliable manner with god performance a generic communication platform based on Bluetooth and GSM/GPRS protocols were designed, developed and integrated (Jasemian et al., 2005a; Jasemian et al., 2005c; Jasemian et al., 2005b).

Patient Monitoring in Diverse Environments

System Functionality (Study 1) The ECG signal is collected, via 4 disposable electrodes, by an ECG device. The ECG device is connected to a Bluetooth module, which transfers data via Bluetooth connection to a mobile phone (Figure 1). The Bluetooth module invokes the mobile phone as soon as the ECG device has detected any electric activity of the heart. The mobile phone establishes a GSM or a GPRS connection to the public mobile network automatically. The transmission of data, from mobile phone to Modem Server at the hospital, is carried out in real time and continuously in packet format. The Modem Server receives the data and converts it to a predefined format. The data are sent to the central monitoring station via a serial cable. Central monitoring station interoperates and converts the received data to graphical ECG (Jasemian et al., 2005a; Jasemian et al., 2005c; Jasemian et al., 2005b). The mobile phone is connected in the course of the real-time monitoring period. In case the network connection fails or no GSM/GPRS network coverage, the Bluetooth module automatically, via the mobile phone, repeatedly attempts for connection reestablishment until a complete connection is established. When the connection is established, the GSM mobile phone is functioning as a mobile modem to the ECG device.

Health care personal at the hospital have the possibility to communicate with the patient by sending him/her text message (in packet format). In case an audio conversation is needed, either a mobile phone (an extra one) which is on the patient outdoors, or a fixed telephone at home is used.

The Benefit of the System (Study 1) Most of the existing telemetry devices are offline (Store and Forward Telemedicine) and rely on wired telecommunication network such as Digital Subscriber Line, Public Switched Telephone Network and Integrated Services Digital Network. Even though, very few devices/systems applying wireless and cellular technologies, those are most off-line, and the majority use Wireless Local Access Network and Internet connection, which make these telemetry devices dependent on a fixed access point and fixed infrastructure. Although, these telemedicine models have a reasonable performance but need a great deal of preparation from the network provider side before any application, as regards installation and logistics. Moreover, these models limit users’ movement freedom and bound them only to their home environment and very close surroundings. This telemedicine setup needs also sophisticated security management, as hackers can easily

Figure 1. A principal sketch of the wireless remote monitoring system consisting of an ECG device, Bluetooth module attached to ECG device, mobile phone, GSM/GPRS network, mobile modem server and a central monitoring station.

133

Patient Monitoring in Diverse Environments

intrude the internet and access vital patient’s information. One of the main factors that make a telemedicine system a success is the use of a secure modern communication The designed and implemented telemedicine model in the present study employs advanced wireless and mobile technologies (Bluetooth protocol, and TCP/IP connection over GSM and GPRS) utilising the existing public cellular network (Jasemian et al., 2005a). One the main benefits of this model is that there is no need for any preparation regarding installation and logistics from the network provider side, and the patients need only a short instruction in the employment of the telemedicine device at the hospital/health centre before using it (Jasemian et al., 2005c), and application of a mobile phone is more common in these days. The second benefit is that the patients are not bounded to their home environment and surroundings, and they can move wherever there is network coverage, thus the telemedicine device is not dependent on a fixed infrastructure. Moreover, the system takes advantage of using the solid security arrangement build in the Bluetooth, GSM and GPRS security protocols. Hence, the present model guarantees as well the Portability as the Accountability of the system.

Method and Material (Study 1) Fifteen non risky heart patients (n = 15), aged (49±14) years (6 males and 9 females) were recruited. The patients’ ECGs were continuously monitored (72 h), while they were performing their every day’s indoors and outdoors activities. Following the instructions, the patients wore the patient-unit, mount the disposable electrodes by own self. For safety reasons, the patients had a fixed telephone line at home and were equipped with an extra mobile phone when they were outdoors, and they were promptly contacted in case there was any technical or health problem (Jasemian et al., 2005c). Taking shower or swimming, while

134

wearing the patient unit, was not permitted. The ECG data was transferred anonymously via Bluetooth-GSM/GPRS connection in packet format, assigning each patient an id-number, start monitoring time and date. No name, personal idnumber, age, or address, were transferred along with the ECGs. Only healthcare personal knew whom each ECG was belonging to. The data were collected and processed by a modem server at destination side. The ECGs in the graphical interface, on the server side, were identified by patients’ id-numbers. The server was assigned a user-name and a password, which were known only by the in charge health care personal. Data security from the technological point of view was investigated (Jasemian et al., 2005a). The applied telecommunication technologies and services (Bluetooth, GSM and GPRS) offered Access Control, Authentication, Data Encryption, and User Anonymity. The privacy and security of the transferred ECGs were judged by a committee consisting of three competent persons who were blind to the experiments. The wireless remote patient monitoring system was inspected and examined in order to explore any possible intrusion from unauthorised persons and to unveil any possible impersonalised ECG data. In this relation the authentication, confidentiality and integrity of the data were tested for the risk of Insertion attacks, Client-to-client attacks and Misconfiguration.

Results (Study 1) Without knowing user-id and password of the patients on the patient side, no access was possible; the Bluetooth module which controls connection establishment and termination, data flow and dial-up connection could not be accessed by any unauthorised person as well. No received ECG could be personalized at the server side and only the authorized healthcare personnel could access the data on the server side. However, the achieved results could not be generalised, since the pres-

Patient Monitoring in Diverse Environments

ent remote patient monitoring system was tested on limited number of patients (n = 15), only few health care providers were involved (n = 4), and the system was tested only within one specific healthcare environment with specific security and privacy policies. However, the applied approach for security and privacy measurement and evaluation were basic and fundamental; hence the used method is valid.

COMFORT, COMPLIANCE AND TR A MOBILE HEALTH SM The success of integration and adaptation of a mobile health technology depends on the patients’ compliance and trust to the introduced system. Trust is a composition of many different attributes; reliability, dependability, honesty, truthfulness, security, competence, timeliness and comfort, which may have to be considered depending on the environment in which trust is being specified. According to The Compact Oxford English Dictionary (Compact Oxford English Dictionary, 2007), trust is “firm belief in the reliability, truth, ability, or strength of someone or something”. A trustworthy entity will typically have a high reliability and so will not fail during the course of an interaction, will perform a service or action within a reasonable period of time, will tell the truth and be honest with respect to interactions and will not disclose confidential information.

Elderly Comfort and Compliance to Modern Telemedicine System (Study 2) The aims of the present study are to investigate, verify and evaluate elderly patients’ compliance, trust and comfort in relation to a real-time wireless telemedicine system at home.

A telemedicine system composed of a patientunit (an ECG device, a Bluetooth module and a Sony Ericsson T610 mobile phone), GSM/ GPRS network, a router, a data interpreter and a monitoring system were used (Figure 2). The system is designed implemented and tested by the author (Jasemian et al., 2005a; Jasemian et al., 2005b).

System Functionality (Study 2) A telemetry device collects the ECGs from the patient’s chest via 4 disposable electrodes. The telemetry device is connected to a Bluetooth module via a serial interface. The Bluetooth module is wirelessly connected to a mobile phone (Figure 2). The Bluetooth module is designed to invoke the mobile phone to establish either a GSM or a GPRS connection automatically. The transmission of the data, from the mobile phone to the server at the hospital, is carried out via GSM/GPRS network. On hospital side the interpreter receives the data through a router and converts it to pre-defined format. The data are sent to the monitoring system via serial cable. The monitoring system converts the received data to graphical ECG (Jasemian et al., 2005a; Jasemian et al., 2005b). The mobile phone is connected in the course of the real-time monitoring period. In case of network failure or no GSM/GPRS network coverage, the Bluetooth module via mobile phone, repeatedly attempts for connection reestablishment until a complete connection is established. The system is equipped with alarm procedure, and gets benefit of the integrated data security arrangements in Bluetooth, GSM and GPRS (Jasemian, 2006).

Method and Material (Study 2) Twenty four non risky elderly heart patients, aged (60±5) years (12 males and 12 females), were included. A week of continuous ECGs for each of the elderly was recorded. The experiments were carried out while the elderly were wearing the

135

Patient Monitoring in Diverse Environments

Figure 2. A principal sketch of the wireless remote patient monitoring system containing ECG device, Bluetooth module, mobile phone, GSM/GPRS network, router, data interpreter and a graphical ECG monitoring system.

patient-unit, performing their every day’s indoors and outdoors activities. They were instructed how to mount the disposable electrodes, how to operate the patient unit and how and when they should change/ recharge the batteries. They were asked not to shower while wearing the patient-unit. The elderly had a fixed telephone line at home and were equipped with an extra mobile phone when they were outdoors. They were contacted in case there was any problem. The patients were asked to keep a diary of their daily activities. To evaluate the elderly compliance, trust and comfort in respect to the present telemedicine system, three questionnaires were designed and prepared. The first one was for the evaluation of the system’s degree of user-friendly, usability and reliability, the second one was for the evaluation of the patients’ privacy, freedom and mobility during monitoring period, the third one for the evaluation of the patients’ degree of confidence and trust in respect of using the present wireless remote monitoring system at home.

Results (Study 2) The elderly spent (15 ± 3) minutes to learn how to use the patient-unit. In average, 80 % of the

136

elderly scored the user friendly and usability of the system as good. The majority (92 %) could easily manage employing the system. Only 16 % of the elderly sought help from the healthcare personnel in relation to employment of the patient-unit, and few (4 % - 8%) had problem with changing or recharging batteries for the mobile phone and ECG device as well. 76 % of the elderly (n = 24) scored the reliability of the system as “reasonable”, 20 % as “only now and then”, and only 4 % scored the reliability as “excellent”. The majority of the elderly believed that their expectation to privacy was in 84 % fulfilled. And only 4% believed that their expectation to privacy was only now and then fulfilled. Almost 52 % of the elderly patients (n = 24) scored for a reasonable mobility and freedom, and the rest 20 % scored for not complete fulfilment of freedom and mobility. Only 12 % of the elderly patients do not trust the present wireless remote monitoring system at all, whereas 72 % trust the system. More than 60 % of the elderly are used to employ a mobile phone in daily life and 50 % have a reasonable understanding of the system application. 80 % believe that their comfort is satisfied. Eighteen out of twenty four elderly patients (76 %) preferred to

Patient Monitoring in Diverse Environments

be monitored from their home (in more natural environments).

DISCON AND CONCLUSION Ubiquitous computing environment is the fundamental of a mobile health care system. In this environment multiple mobile devices and healthcare personal are combined to provide an all-pervasive computing and communications service to end-users. Advanced medical technologies provide solutions for distant home care in form of specialist consultations and home monitoring. This requires automatic configuration of certain aspects of some devices, since there is no global management infrastructure, yet. Ubiquitous computing is still at an early stage of research and development, and very few work environments have been described. Many threats existing in a mobile health system are the same as those arising in a more conventional environment. However, there are also new threats in an M-health setup, e.g. mobile devices typically offer less physical security and it may need to communicate with other devices where a single security infrastructure is not present, e.g. in a hospital. For instance, a mobile device may capture personal/medical information without requiring user consent or knowledge. While Information Technology (IT) enables the use of security arrangement in medical remote monitoring system to limit access to confidential information, it also introduces some real vulnerability. Unless proper controls and procedures are implemented, these kinds of applications also invite unauthorized users to access the data. If the concerns are not sufficiently addressed, the health care consumers will hesitate to share information. Therefore, IT application development and use of that in remote monitoring system must be done in the midst of maintaining confidentiality, privacy, and security.

Data security, patients’ trust and compliance, in relation to a mobile healthcare system were the central concern in these two studies. In this connection, the patient’s mobility, freedom, privacy, and comfort in addition to the user-friendly and reliability of the system, were verified and evaluated. The results in first study showed that the system was reliable, functioning with a clinically acceptable performance, and transferred medical data with clinically acceptable quality, even though the system was tested under totally uncontrolled circumstances during the patients’ daily activities (Jasemian et al., 2005c). A number of important design techniques that were tightly coupled with the real-time patients’ monitoring were elaborated, in order to enhance the system performance. The ECG data were transferred anonymously via Bluetooth-GSM/GPRS connection in packet format, assigning each patient an id-number, time and date of monitoring onset. No name, personal id-number, age, or address, were transferred along with the ECGs. Only healthcare personnel knew whom each ECG was belonging to. On the server side on the graphical interface, the ECGs were identified by patients’ id-numbers. This was a secure way for providing anonymity, and was practical only because the number of the patients was limited and the study was fully controlled. However, when the setup is applied in a larger scale in medical practice a very careful and precise Id-number assignment system should be designed and elaborated, otherwise a little mistake can cause confusion, some data mismatches and lost of some data identification. To evaluate the safety and security of the transferred data in the proposed system a number of tests and control were worked out with great care. Although in the first study the clinical application of the system was implemented in a small scale, the ECG data was secured and patients’ privacy was achieved, though was not guaranteed. However, if the setup should be tested and evaluated in a large scale, where larger number

137

Patient Monitoring in Diverse Environments

of patients is involved, several health care providers are in charge, data magnitude is huge, and the setup is tested in several health care centres with deferent infrastructure and different security policy, then there will be a need for development of security standards for the management of authority access and coding structure. In the second study the patients’ compliance, trust and comfort in relation to a real-time wireless telemedicine system at home were investigated. In this connection, the patient’s mobility, freedom, trust and compliance in addition to the system’s user friendly and reliability were verified and evaluated. The results showed that the system in second study was reliable, functioned with a clinically acceptable performance, even though the system was tested under totally uncontrolled circumstances while the patients’ were performing their daily activities indoors and outdoors. The patients have expressed reasonable compliance and trust to the application of the system at home; the more natural environment. The majority believed that their comfort was satisfied. However, a few numbers of the elderly were not satisfied with the weight and user interface of the ECG device. These issues bring up an important principal approach in a system design and development, namely patients’ satisfaction relies on a more user-driven design and development. The ECG sensors and the corresponding leads malfunction have been the cause of signal deterioration in some cases. This can be enhanced by introducing wireless body-sensor network. The results could not be generalized, as the number (n = 24) of the recruited elderly patients were not representing heart patients’ among the elderly population. Furthermore, the present investigation has been performed only in respect with one specific telemedicine system and should be applied on a number of similar systems in order to have a better picture of the general attitude of the elderly patients’ in the population. Finally, it could be concluded, that the system is applicable for patient monitoring and aftercare in elderly

138

patients’ home and the elderly are reasonably confident in using it. However, the patient-unit should be designed more user-friendly (small and lightweight), and the ECG sensors should be enhanced. These subjects also need further investigation in a larger scale. Although reasonable and clinical acceptable results have been achieved, the studies had some limitations. Some confounding factors such as age, social status, education and gender difference were also presented and should have been treated and analyzed. But this was not possible because of the small number of patients in the study. Hence, the results of both studies could not be generalized. However, the evaluated parameters are essential key issues in mobile health services hence these should be explored, investigated and evaluated in a large scale and multidimensional environments.

FUT ON AN M-HEALTH SYSTEM Before trying to decide how to provide and support privacy in a mobile health environment, we need to explore the issues that privacy can arise. This requires identifying where Personally Identifiable Information is at risk of access or disclosure. Disclosure of such vital information can occur in a variety of ways (one way is e.g. linking of sensitive information to a unique identifier, which may eventually be linked to a particular individual). It is important to distinguish between security and privacy. Privacy is not just a special case of security – there are interesting interactions between security and privacy. Indeed the two sometimes conflict. For instance there is a conflict between accountability and anonymity e.g. conflict of denial of service resistance versus anonymity. It is nevertheless true that supporting privacy requires the provision of security services, e.g. confidentiality for stored and transmitted data, and access control.

Patient Monitoring in Diverse Environments

In a mobile environment, for health information handling, there are a number of possible point where the sensitive information is at risk. The following are just a representative number of those listed. • •

•

•

•

When a communication between two devices are established. At the point of capture of information on both side of communicating side, e.g. by individuals, physicians, paramedics or automatically when a sensor is used. When the information is stored/used in personal devices (e.g. mobile phone, PDA, smart card or sensor equipment). When the information is stored in fixed databases (e.g. in a hospital or in a network provider agency). When the information is stored or used in mobile third party devices (e.g. a healthcare mobile device belonging to a physician or paramedic).

To secure the information and provide privacy and anonymity some action and arrangement are necessary. The following are some key issues that must be consider improving the quality of mobile healthcare devices or services. • • • • •

Identity Credentials Authorisation Anonymity Consent

General Problem •

•

An ad hoc network is a collection of communicating devices with no pre-existing relationships or infrastructure. A typical scenario for use of such a network is an emergency situation, e.g. a major transport accident.

•

Many security issues arise in establishing working relationships in such a network, e.g.: ° Initial trust setting; ° Managing collaborative activities (e.g. routing); ° Authentication, authorisation, …

Identity A user may have many identities with associated identifiers for use when communicating with different third parties. For instance, we all have a name (although this is not a unique identifier); an employee may have an employee number for use with his/her employer; a citizen has one or more numbers for interactions with government; a health care user may have a government ID, and one or more health insurance identifiers. These must be arranged or defined as uniquely as possible.

Credentials When a service provider wants to authenticate a user as a legitimate holder of an identity, the user may be required to provide one or more credentials. Possible credentials include: a password; a biometric sample; a public key certificate; or a signature on a challenge provided by the service provider. These must be assigned in a secure way and must be protected against intruders.

Authorisation Once an entity has been authenticated, the provider needs to decide whether or not to grant the requested service. This is refereed to as authorisation. It means that the network provider has the responsibility to insure whether the holder of this identity authorised to access this service. This could, for instance, be supported using server-held Access Control Lists (ACLs).

139

Patient Monitoring in Diverse Environments

Anonymity A user may wish to be able to access a service in an anonymous way. Anonymity means that no party will learn any of the identities of the user. If a service requires using stored data, then some level of identification to the stored data might be required by the provider. If payment is needed, then an anonymous payment system is needed, e.g. cash or e-cash. However, absolute anonymity is difficult to achieve, since even revealing an IP address or a MAC layer address to some extent compromises it.

Consent In many medical scenarios, the subject may be required to give implicit or explicit consent for treatment to be given, and information to be passed to a practitioner or insurance company. In case of treatment, some measure of nonrepudiability may be required; In case of passing information, the information source will need to authenticate the subject. This is potentially problematic since the information source may be remote and only communicating with a device belonging to the practitioner.

An Ad Hoc Network An ad hoc network is a collection of communicating devices with no pre-existing relationships or infrastructure. Such network is one of the fundamental components in mobile healthcare systems/services. A typical scenario for use of such a network is an emergency situation, e.g. a major transport accident. Many security issues arise in establishing working relationships in such a network, e.g.: initial trust setting; managing collaborative activities (e.g. routing); authentication, authorisation, etc. One fundamental issue for two devices in an ad hoc network is deciding whether to trust one another and in what extend, and what resources

140

or services one node should make available to another. Then the question is: Can another node be trusted to provide a communications service without eavesdropping, manipulating messages, and/or selectively dropping packets?

Diionfou Reea In this section, the fundamental problems that need to be solved to realise full potential of mobile healthcare system, have been identified; these are: need for a ubiquitous security infrastructure to support secure communications between mobile devices; need for one device to be able to verify the conditions under which data will be stored, handled, and retransmitted by another device. Thus, the questions are: can trusted computing systems realise all the security infrastructure needs of future pervasive computing environment? Who will be the trusted third parties to support the trusted computing based security infrastructure? What if some mobile devices are trusted computing enabled and others are not? What other solutions are there? Devices collecting, storing and/or using health data may need to share this data with other devices. For instance a wireless heart monitor may need to pass data to a portable device used by a physician which integrates and displays the data to the physician. Such data transfers should not take place without restriction for privacy/security reasons. What if the devices interacting do not all belong to the same individual? We need trusted computing (TC) technologies to be implemented as a combination of hardware and software enhancements to a computing platform such as PC, PDA, server, or mobile phone. The root of most of these problems is the potential lack of a single pre-existing managed security infrastructure. When such an infrastructure is established, many of the problems become much less fundamental.

Patient Monitoring in Diverse Environments

Thus, the future research direct towards development of trusted computing (TC) technologies and security infrastructure. Providing a trusted computing platform can help to provide security infrastructure. In the other hand provision of a security infrastructure enables one device to determine its level of trust in another device.

Refeen BeWell Mobile Technology Inc. (2006). Better health well in hand: Cell phones have the capacity to more frequently and efficiently connect chronically ill patients with caregivers. Healthc Inform. 23(4), 56-57. Boncella, R. J. (2002). Wireless Security: an overview. Communication of the Association for Information System, 9, 269-282. Bønes, E., Hasvold, P., Henriksen, E., & Strandenaes, T. (2007). Risk analysis of information security in a mobile instant messaging and presence system for healthcare. Int J Med Inform, Sep. 76(9), 677-87. Epub 2006 Aug 23. Clarke, M., Bratan, T., Kulkarni, S., & Jones, R. (2007). The impact of remote patient monitoring in managing silent myocardial infarction in a residential home setting. Anadolu Kardiyol Derg., 7(Suppl. 1), 86-88. Cocosila, M., Coursaris, C., & Yuan, Y. (2004). Mhealthcare for patient self-management: a case for diabetics. Int J Electron Healthc, 1(2), 221-41. Compact Oxford English Dictionary, free internet access. Retrieved March 5, 2008, from: http://www.askoxford.com/concise_oed/ trust?view=uk. Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic V., & Khan, S. (2008). Timestamp Authentication Protocol for Remote Monitoring in eHealth. 2nd International Conference on Pervasive Computing Technologies for Healthcare,

Proceedings, peer reviewed conference article, IEEE Xplore. Retrieved June 15, 2008, from: http:// www.google.dk/earch?hl=da&q=Timestamp+Au thentication+Protocol+for+Remote&meta= Farmer, A., Gibson, O., Hayton, P., Bryden, K., Dudley, C., Neil A., et al. (2005). A real-time, mobile phone-based telemedicine system to support young adults with type 1 diabetes. Inform Prim Care, 13(3), 171-177. Freedman, S. B. (1999). Direct Transmission of Electrocardiograms to a Mobile Phone for Management of a Patient with Acute Myocardial Infarction. Journal of Telemedicine and Telecare, 5, 67-69. Friedewald, V. E., & Pion, R. J. (2001). Telemedicine/home care. Returning home. Health Manag Technol, 22(9), 22-24, 26. Gostin, L. O. (1965). Health information privacy. Cornell Law Review, 80, 451-528. Gostin, L. O., Brezina, J. T., Powers, M., Kozloff, R., Faden, R., & Steinauer, D. D. (1993). Privacy and security of personal information in a new health care system. JAMA, 270, 2487-2493. Gostin, L. O., Lazzarini, L., Neslund, V. S., & Osterholm, M.T. (1996). The public health information infrastructure: A national review of the law on health information privacy. JAMA, 275, 1921-1927. Jasemian, Y., & Arendt-Nielsen, L. (2005a). Design and implementation of a telemedicine system using BLUETOOTH and GSM/GPRS, for real time remote patient monitoring. The International Journal of Health Care Engineering, 13, 199-219. Jasemian, Y., & Arendt-Nielsen, L. (2005b). Evaluation of a real-time, remote monitoring telemedicine system, using the Bluetooth protocol and a mobile phone network. J Telemed Telecare, 11(5), 256- 260.

141

Patient Monitoring in Diverse Environments

Jasemian, Y., & Arendt-Nielsen, L. (2005c). Validation of a real-time wireless telemedicine system, using Bluetooth protocol and a mobile phone, for remote monitoring patient in medical practice. European Journal of Medical Research, 1(6, 2)54-262. Jasemian, Y. (2008). Elderly Comfort and Compliance to Modern Telemedicine System at home, 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, ISBN 978-9639799-15-8. Jasemian, Y. (2006). Security and privacy in a wireless remote medical system for home healthcare purpose. 1st International Conference on Pervasive Computing Technologies for Healthcare [CD-ROM],. s. 3, & Proceedings in IEEE Xplore, peer reviewed conference article, 29 November-1 December 2006, Innsbruck, Austria. Logan, A.G., McIsaac, W.J., Tisler, A., Irvine, M.J., Saunders, A., Dunai, A., et al. (2007). Mobile phone-based remote patient monitoring system for management of hypertension in diabetic patients. Am J Hypertens, 20(9), 942. MacDonald, J. A. (2008). Cellular Authentication & Key Agreement for Service Providers. 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, IEEE Xplore, Retrieved June 25, 2008, from: http://ieeexplore. ieee.org/Xplore/guesthome.jsp Marchibroda, J. M. (2008). The impact of health information technology on collaborative chronic care management. J Manag Care Pharm., 14(2 Suppl), S3-11. McLean, R., Mendis, K., Harris, B. & Canalese, J. (2007). Retrospective bibliometric review of rural health research: Australia’s contribution and other trends. Rural and Remote Health 7:

142

767. Retrieved April 15, 2008, from: http://www. rrh.org.au. National Centers for Chronic Disease Control and Prevention, opdated June 2008, Retrieved April 15, 2008, from: http://www.cdc.gov/nccdphp/ Panidis, I. P., & Morganroth, J. (1983). Sudden death in hospitalized patients: cardiac rhythm disturbances detected by ambulatory electrocardiographic monitoring. J Am Coll Cardiol, 2(5), 798-805. Petersen, S., Peto, V.v & Rayner, M. (2004). Coronary heart disease statistics, British Heart Foundation statistics website. Retrieved June 30, 2008, from http://www.heartstats.org/datapage. asp?id=1652. Sax, U., Kohane, I., & Mandl, K. D. (2005). Wireless technology infrastructures for authentication of patients: PKI that rings. J Am Med Inform Assoc. 2005 May-Jun, 12(3), 263-8. Epub 2005 Jan 31. Shimizu, K. (1999). Telemedicine by Mobile Communication. IEEE Engineering in Medicine and Biology, 32-44. Sneha, S., & Varshney, U. (2007). A wireless ECG monitoring system for pervasive healthcare. International Journal of Electronic Healthcare, 3(1), 32-50. Standing, P., Dent, M., Craig, A., & Glenville, B. (2001). Changes in referral patterns to cardiac out-patient clinics with ambulatory ECG monitoring in general practice. The British Journal of Cardiology, 8(6), 396-398. Woodward, B., Istepanian, R. S. H., & Richards, C. I. (2001). Design of a Telemedicine System Using a Mobile Telephone, IEEE, 13-arch?hl=d a&q=Timestamp+Authentication+Protocol+for +Remote&meta=

143

Chapter VIII

Monitoring Hospital Patients Using Ambient Displays Monica Tentori CICESE, Mexico Daniela Segura CICESE, Mexico Jesus Favela CICESE, Mexico

ABSTRACT Hospital work is characterized by intense mobility, a frequent switching between tasks, and the need to collaborate and coordinate activities among specialists. These working conditions impose important demands on hospital staff, whose attention becomes a limited and important resource to administer. Nurses in particular, need to constantly monitor the status of patients in order to assess their condition, assist them and/or notify physicians or specialists. Given their work load, it is not rare for them to miss important events, such as a catheter being disconnected due to the patient movement or the need to change a urine bag that has been filled. Pervasive technologies by being able to continuously monitor patients could provide awareness of the patients’ health condition. This awareness must be subtle, expressive, and unobtrusive without intruding on hospital workers’ focal activity. In this chapter the authors explore the use of ambient displays to adequately monitor patient’s health status and promptly and opportunistically notify hospital workers of those changes. To show the feasibility and applicability of ambient displays in hospitals they designed and developed two ambient displays that can be used to provide awareness patients’ health status to hospital workers. The first display takes into account the mobility experienced by nurses during their work to supervise the activities of daily living (ADL) conducted by patients. The second display is a flower vase that notifies nurses the urine output of patients and the status of their urine bag.

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Monitoring Hospital Patients Using Ambient Displays

InTROoduion Hospital staff face working conditions that are substantially different from those of office workers, for which traditional desktop computers were developed (Bardram, J. E., & Bossen, C., 2003; Bardram, J. E., & Bossen, C., 2005; Moran, E. B., Tentori, M., González, V. M., Martinez-Garcia, A. I., & Favela, J., 2006). Most hospital staff need to move continuously around the premises to access people, knowledge, and resources in order to perform their work effectively (Bardram, J. E., et al, 2005). Thus, mobility characterizes work in these environments. For instance, physicians make daily rounds to assess and diagnose patients, changing their location to find colleagues or locate artifacts (patient records, x-ray images, medications) placed in bed wards, laboratories or offices. Therefore, information in hospitals is not generally concentrated in a single place, but distributed among a collection of artifacts in different locations. Consequently, hospitals can be seen as an information space and it is by “navigating” this space that hospital staff can access the information required to support their goal (Bossen, C., 2002). Indeed, nowadays highly mobile hospital workers spend more than 50% of their time onthe-move, making it difficult for them to be aware of the status of the patients they are responsible for (Moran, E. B., et al., 2006). For instance, sometimes hospital workers have patients placed in different rooms or even in different areas of the hospital. Consequently, hospital workers have been held liable for their failure to monitor and promptly respond to patients needs (Smith, K. S., & Ziel, S. E., 1997). This has motivated the introduction of pervasive technologies in hospitals to allow hospital workers to closely monitor patients. For instance, a hospital in Boston is testing an ultrasound tracking system that can determine the location and vital signs of patients (O’Connor, M. C., 2006). These pervasive technologies being introduced range from wireless networks, PDAs

144

(Chin, T., 2005), RFID tags for patient tracking (O’Connor, M. C., 2006), voice-activated communication devices (Stanford, V., 2003), and sensors for patient monitoring (Pentland, A., 2004). Indeed, widespread adoption of sensors that monitor the patients’ vital signs and other indicators promise to improve care and reduce medical costs. Thus, pervasive technologies for hospitals are increasingly supporting heterogeneous devices that range from handheld computers that can be used to capture and access limited amounts of information, to PCs that can be used at fixed sites for longer periods of time, and semi-public displays located at convenient places that can be used to share and discuss information with colleagues (Favela, J., Rodríguez, M. D., Preciado, A., & Gonzalez, V. M., 2004; Markarian, A., Favela, J., Tentori, M., & Castro, L. A., 2006). Hence, hospital workers today need to interact with different devices with a wide range of functionality (Bardram, J. E., 2005). Consequently, carrying out a single activity typically involves the use of several systems that call for the user’s undivided attention where several information sources battle for a piece of space in the already limited screen real state. One way to overcome such difficulties is to develop ambient displays that could be embedded into the environment to provide a getaway for that information that could be displayed by objects already placed in the physical space instead of the traditional computer displays. Objects already known and used by hospital workers could be augmented with pervasive sensors making them capable of extending their capabilities beyond its primary role while still constituting a part of the user’s environment. For instance, a mirror augmented with infrared sensors and an acrylic panel could detect human presence and act as a message board to display relevant information when a user faces the mirror. Hence, hospital environments could be augmented with such displays that unobtrusively convey information

Monitoring Hospital Patients Using Ambient Displays

to hospital workers without requiring their full attention, while at the same time, allowing an implicit and natural interaction. Indeed, the notion of what constitutes a computer display is changing. No longer is a display confined to the typical CRT monitor with a single user paying focused attention while interacting with virtual objects on the screen (Lund, A., & Wilberg. M., 2007). Rather, computer displays are found in such diverse forms as small screens in mobile phones or handheld computers, to ambient displays that provide peripheral awareness to the presence and status of people, objects or information. Such ambient displays could be located throughout hospital premises providing hospital workers awareness of relevant events associated to their patients while they are on-the-move. In this chapter we explore the use of ambient displays to adequately monitor patient’s health status and promptly and opportunistically notify hospital workers of those changes. To show the feasibility and applicability of ambient displays in hospitals we developed two ambient displays aimed at creating a wearable ambient connection between patients and hospital workers –particularly nurses. The rest of the chapter is organized as follows: In Section II we describe our vision of a hospital as an interactive smart environment saturated with heterogeneous computing devices and specialized services –the iHospital. Section III describes the results of a workplace study conducted in a public hospital to understand the way hospital workers monitor and assess patients. In section IV we describe the design of two ambient displays in support of patient monitoring. Finally, in section V we present our conclusions and directions for future work.

The ipial: TThe HOSPpi a SMmaenvionmen The iHospital is our vision of a highly interactive smart environment saturated with heterogeneous

computing devices where hospital workers use a set of specialized services that account for contextual information (Camacho, J., Galicia, L., Gonzalez, V., & Favela, J., 2008; Favela, J., et al., 2006; Markarian, A., et al., 2006; Munoz, M., Rodriguez, M. D., Favela, J., Martinez-Garcia, A. I., & Gonzalez, V. M.). To help realize this vision, we have developed several ubiquitous and context-aware applications which provide support for the following functionality:

Providing Awareness of People and Artifacts In a hospital, artifacts and people are distributed in space and time. Hence, hospital workers must navigate hospital premises in order to gather the information they need to conduct their work. Unlike others processes, gathering information is a necessary task but adds overtime to the already busy day of hospital workers. Consequently, the iHospital, to reduce the time hospital workers spend searching and gathering information, provides the means for them to be aware of the presence, location and status or artifacts and other people by showing this information through a floor map or a list of users as reported in (Bardram, J. E., & Bossen, C., 2005).

Spporting Collaboration through Context-Aware Communication and the Seamless Interaction among Heterogeneous Devices Hospital staff can send messages that depend on environmental conditions. As an example, a physician can send a message that will be delivered to the doctor responsible for a patient in the next shift when laboratory results are ready. The sender does not need to know a-priori the identity of the doctor that will be attending the patient nor the time when the laboratory results will become available. In addition, hospital staff can transfer information from public spaces to

145

Monitoring Hospital Patients Using Ambient Displays

personal devices, share information between heterogeneous devices, remotely monitor other computers, and share handheld applications. For instance, two colleagues carrying their PDAs and discussing a clinical case using a public display, could seamlessly transfer information between their personal information space (PDA) and the shared space (public display). Mobility and collaboration create a need to contact colleagues within the hospital, either to discuss a case with a specialist or request help to transfer a patient. Several mechanisms are used for these purposes and technology has been developed to assist in this task; such as the Vocera communication system which enables users to contact a fellow hospital worker either by name, role or location using a hands-free voice communication system (Stanford, V., 2003).

Using Context to Adapt and Personalize the Information To provide relevant information to users, the iHospital takes into account contextual information, such as the user’s identity, role, location, time, or status of an information artifact (e.g. availability of laboratory results). Thus, when a physician, carrying a PDA, is near a patient, the system offers to display the clinical record of the patient. Contextual information such as identity or role is also taken into account to adapt and personalize the presentation of information to the user. Thus, when a physician approaches a public display, it shows only the physician’s patients, personnel calendar, messages, and the location of others with whom s/he may need to interact.

Supporting Multitasking To assist mobile users in the management of their multiple activities and collaborations, the iHospital allows hospital staff to easily manage their activities and their associated resources helping them preserve and recover the necessary context

146

when switching between them (Camacho, J., 2008). Using the mobileSJ application, the user can define each of his activities and associate to them, information resources, contacts relevant to the activity, emails related to the activity and pending issues. When a user switches between spheres, each sphere is enabled to quickly gather and retrieve its own workspace state (windows positions, status and overlay order) and context information like open documents or idle time, in a silent manner. In addition, mobileSJ allows sharing activities and resources, as well as, communicating with colleagues through either SMS messages or phone calls. Although these pervasive technologies use contextual information to provide opportunistic services and information to hospital staff they aren’t appropriate mechanisms to convey information about the health status of a patient. This type of information changes very fast and is highly sensitive. Thus using this type of mechanisms of sending messages to a display or a PDA each time an event occurs with a patient could be extremely disruptive to the task the hospital worker is engaged in. For instance, suppose that a nurse is monitoring the urine and evacuation habits of the patient in room 240. While she is inserting a catheter to the patient in room 226 she doesn’t want to receive a sound or message alert in her PDA notifying to her each time such patient has urinated or evacuated. Although the nurse wants to be aware of this information she wants to receive this information in a subtle and unobtrusive manner. One way to overcome this is to show this information in a public display. While this is less disruptive to the nurse’s current goal, it attempts to the patient’s privacy. What we need, thus, is to develop mechanisms to provide another type of ambient awareness. Another class of displays that unlike ordinary computer displays does not call for its users’ undivided attention. Rather, a kind of display that alongside furniture and other fixtures serves its role by constituting a part of the user’s background environment by

Monitoring Hospital Patients Using Ambient Displays

proving hospital workers with peripheral cues undistinguishable by others.

Amien DISPplay The physical environments where we live and work are saturated with ambient information, such as sounds or lights, that we use as peripheral cues to discover contextual information relevant or that we manipulate to convey information to others. For instance we can leave our door’s office open, semi-open or closed to communicate to others our availability. In addition, we can become aware of the activity of our peers through passing sounds and shadows at the periphery of our attention. Indeed ambient information exists to provide us with continuous information in a subtle, peripheral and expressive manner without intruding on our focal activity. Research in pervasive computing has focused on developing ambient devices that can become a part of our background while acting as a digital interface to this ambient information. As stated by Mankoff: “Ambient displays are aesthetically pleasing displays of information which sit on the periphery of a user’s attention. They generally support the monitor of information and have the ambitious goal of presenting information without distracting or burdening the user” (Mankoff, J., Dey, A. K., Hsieh, G., Kientz, J., Lederer, S., & Ames, M., 2003). For instance, the artist Natalie Jermijenko at Xerox Parc augmented a string with a motor and spin to convey the traffic’s status to a user –the Dangling String (Weiser, M., & Brown, J. S., 1995). The device rotates at a speed that depends on the amount of traffic in the highway captured through analog sensors. During periods of intense traffic, the string’s movements are slightly audible as well. Thus, ambient displays are, unlike ordinary computer displays, designed not to distract people from their tasks at hand, but to be subtle reminders that can be occasionally noticed. In addition to presenting information,

the displays also frequently contribute to the aesthetics of the locale where they are deployed (Lund, A., & Wilberg. M., 2007). Many types of ambient displays have been built to augment physical objects allowing users to manipulate or access information. For instance, as part of the AmbientRoom project, several displays using light, sound or motion have been developed to augment a user’s office. Such displays provide users with awareness of the activity executed by a distant loved one and the physical presence of others (Ishii, H., Wisneski, C., Brave, S., Dahley, A., Gorbet, M., Ullmer, B., & Yarin, P., 1998). Users of this AmbientRoom can also use these displays to manage ambient activity sources. For instance, a small glass bottle is employed as a graspable “container” for digital content, such that uncorking the bottle “releases” information into the room (Ishii, H., et al., 1998). Similarly, a pair of interactive pillows were instrumented to allow users to stay connected with their relatives who live abroad (Nack, F., Schiphorst, T., Obrenovic, Z., Tjoe, M. K., Bakker, S., Perez, A., & Aroyo, L., 2007). Users can interact with a pillow in a specific location activating dynamic textile patterns that makes another pillow located elsewhere glows. These ambient patterns expand the vocabulary for remote communication through tangible and aesthetic interactions (Nack, F., et al., 2007). The breakway ambient display is a sculpture that bends up or down based on the amount of time a user has been seated (Jafarinaimi, N., Forlizzi, J., Hurst, A., & Zimmerman, A., 2005). The user can place this sculpture on his desk to be aware of the how much time he has been immobile to persuade him in improving his posture. Likewise, an ambient display in the form of a lamp has been developed with the aim at informing smokers the level of contamination in our environment as a result of their smoke habits–the Smoking lamp (Hehe, H., 2007). This lamp is a funnel that terminates with a ring of light. The lamp changes from a bright white to a warm pink if it detects nicotine smoke beneath it.

147

Monitoring Hospital Patients Using Ambient Displays

Although, these projects have shown the feasibility and applicability of ambient displays in support of varied goals, designers face many issues in their development and evaluation. These issues range from the understanding of the information that must be notified to users to the design of such displays that have to work on many levels –aesthetics, utility and integration with the user’s environment. For instance, most ambient displays monitor non-critical information; however, this information should be useful and relevant to the users. It is important to involve the users in the design of the display, in order to obtain the information that will be useful to them. It is also necessary to consider that too much information cramps the display, and too little could restrict the usefulness of the display. In addition, users do not have experience in interacting with ambient displays, yet. Hence, novel metaphors must be used to make such ambient displays intuitive reducing the cognitive load that users could experience in learning how they work (Gross, T., 2003). Finally, an ambient display that changes too fast can distract the user, whiles a display that changes too slow can pass unnoticed (Johan, R., Skog, T., & Hallnäs, L.). Hence, we must develop mechanisms to balance this tradeoff. As design issues remain unsolved, evaluation techniques to assess the impact of these displays are not available. Consequently, the majority of ambient displays have not been tested, some only report brief evaluations with few details or informal feedback; instead they focus on technology and design innovation. This is because the evaluation of ambient displays can be costly, difficult and time consuming.

UndeRSTAanding how hopial STAaff monipaien A CASE STUudy We conducted a field study to understand the way hospital workers monitor and assess patients and

148

discover new unseen opportunities in the development of ambient displays for hospitals. The field study was conducted in the Internal Medicine area of a mid-size hospital. There are approximately fifteen patients registered, supervised by three or four nurses, one attending physician and five medical interns. The patients attended in this area, are generally elder people, senile and alone. They normally have a chronic or a terminal disease, such as diabetes, renal failure, cerebral lesions or cardiac problems. Hence these patients are normally immobile and incapable of performing alone the activities of daily living (ADLs), such as eating or dressing. For nine months, we used mobile structured observation to shadow five nurses, five medical interns, and five physicians for two complete working shifts. Mobile structured observation requires researchers to shadow individuals, annotating and time-stamping their actions as executed. We later transcribed and analyzed these handmade detailed records using grounded theory—a systematic research methodology for generating theory from data (Strauss, A., & Corbin, J., 1998). As a result of this analysis, we identified the patient’s behavioral patterns that are monitored by hospital workers. Since nurses are the ones who closely monitor patients, for now on, we will focus in discussing only the results obtained by the analysis of the nurses’ behaviors.

Activities of Daily Care Nurses are responsible for providing integral and specialized care for patients. As part of the integral care, nurses monitor the activities of the daily living (ADL) conducted by patients, such as, if a patient has taken his medicine, if he has walked, eaten, felt from the bed, evacuated, etcetera. As a part of specialized care, nurses need to monitor the behavioral patterns in the activities that put at risk the patients’ health or that indicate an internal failure which might evolve into a more serious disease (e.g., pneumonia, an apoplexy

Monitoring Hospital Patients Using Ambient Displays

or a stroke), such as, if a patient is agitated, if a patient is bleeding or if the patient has respiratory insufficiency. These behavioral patterns associated to risk activities (RA) are monitored through the vital signs. Nurses, thus, have incorporated to their work strategies that allow to them be aware of the status of the patients they are taken care off. In this regard, nurses execute activities on a daily basis which are critical in providing quality of attention to patients. We call these actions the Activities of Daily Care (ADC). The goal of an ADC is to allow hospital workers to maintain or establish a connection with patients by being aware of their needs and their progress. Such goal is impel by the nature of the role who is executing such ADC. For instance, while the ADCs executed by nurses have a more technical and specific goal, aimed at providing integral care to patients; physicians and interns, on the other hand, are engaged in assessing the progress of a patient and his diagnosis. As an example of the nature of the ADCs conducted in hospitals we present a scenario that depicts the ADCs performed by a nurse during a working day (Figure 1). At 7:00 am at the bed wards in the Internal Medicine Area, Rita, a nurse, begins her shift by taking the vital signs of all her patients (i.e.,

the patients she is taken care off). During this activity Rita asks her patients for their symptoms and explains to them their progress. Later, Rita administers medicines to her patients and monitors their diet. During this activity, often she interacts with patients and/or relatives by handing over the medicine to them or she, injects the medicine directly to a serum bag attached to the patient. Once Rita finishes the administration of medicines to all of her patients, which occasionally lasts until 10 am, she computes the liquid balance by weighting each patient’s urine bag and measuring their liquid inputs. During this activity Rita cleans and baths some of the patients that can not perform this activity without help. While Rita is performing some of these activities, physicians and medical interns start the ward round. When the ward round has started, Rita makes sure that the information generated through the execution of the ADC (e.g, the heart rate of a patient or his liquid balance) is ready before physicians and interns start the evaluation of a patient. In addition, during this period of time, Rita helps physicians and interns in basic or surgical procedures and discusses with them information relevant to the patient being evaluated. When the ward round finishes, at 12 pm approximately, Rita initiates her ADC routine all over again by consulting the new indications stated by physicians during the ward round.

Figure 1. A nurse performing the activities of daily care using a variety of devices and interacting with several people

149

Monitoring Hospital Patients Using Ambient Displays

As shown in the scenario, an ADC routine is a coherent and chronological history of the execution of several ADCs. In a similar way, physicians and interns conduct ADCs routines with the aim of evaluating clinical cases. From a particular clinical case physicians and interns start their assessment by exploring the patient and asking about his symptoms, after that they consult clinical evidence, such as the medical records, nurse charts, study results and reference material, to support their discussion towards a new diagnostic of the patient. Table 1 shows the activities of daily care performed by nurses, and how much time they spent in performing such ADCs. We identified common characteristics among the ADC’s conducted by nurses on a daily basis. These characteristics shape the way activities are experienced, monitored and understood by hospital staff.

Activities Monitored are Classified Nurses assign three levels of urgency (i.e., low, medium, high) to each of the activities monitored. For instance, the ADCs are generally classified with a low level of urgency while the RAs are classified as being of medium urgency, and the possibility of evolving to a high urgency. In addition, nurses make exceptions based on each patient’s disease. For instance, for a patient who has cirrhosis hepatic

and that is immobile, monitoring his evacuations is very important since his liver does not function and nurses must avoid the formation of sores in his skin. Hence the classification of an activity might depend on the state of the patient.

Activities are Monitored Based on Cntextual Information Over time, measurements associated to activities performed and/or the patient’s state or disease, are used to determine what needs to be monitored. For instance, a nurse explained during an interview “some activities, at a particular moment, might not be urgent but they could become urgent after a period of time or depending of the patient status or disease”. Moreover, the status of the patient sometimes indicates activities that patients should not perform. For instance, if a patient has a cardiac problem he should not get up from bed. Hence, nurses must monitor when a patient with such disease is out of his bed or they need to be aware of his disease to bring him a wheel chair instead of to take him for a walk if the patient needs to move to another area.

Activities Monitored are Distributed Nurses attend patients distributed in space; hence, it is hard for nurses to select which patient must

Table 1. Time nurses spent performing activities of daily care Nurses Nurses ADCs (time per day per subject) Average time

%

Monitoring diet and medicines administration

00:44:56

36.73

Providing quality of attention

00:33:33

27.43

Cleaning patients

00:19:40

16.08

Taking vital signs

00:15:34

12.73

Performing basic care or surgical procedures

00:06:54

5.64

00:01:42

1.39

02:02:19

100

Computing the liquid balance and monitoring evacuations All

150

Monitoring Hospital Patients Using Ambient Displays

be monitored closely or to be at the location when an emergency occurs. For instance, a nurse commented: “sometimes, I have patients that are placed in different areas of the hospital and if I am looking for a patient I am locked up in his room and I do not realize what is happening with my other patients, I am totally disconnected from those patients and in one or two minutes a thousand things could happen because I am not there I am over here”

Activities are Monitored to Collect Information Nurses need to compute and manage the information associated with the activities monitored. Therefore, the need for this information under several circumstances determines which activities must be monitored. For instance, a nurse explained: “Sometimes, I do not need to monitor when the patient has eaten or drank instead I need to monitor how much he has eaten or drank. Mostly, when I am controlling the amount of liquids he evacuates”. Hence, in this case the activity being executed by a patient only acts as a trigger alerting the nurse that she must gather the information associated to such activity.

AUGMENTIing naal o wih digial SERVvi and am DISPplay fo paien moniing The data from our study helped us to identify the problems currently faced by hospital workers when monitoring patients. In particular, issues related to hospital workers being on the move and due to the distributed and dynamic nature of the activities being monitored by them, include maintaining awareness of their patients’ status, being easily accessible when an emergency occurs, and prioritizing patient care on the basis

of the patient’s health condition and the activity executed. To cope with these issues we designed and implemented two ambient displays aimed at creating a wearable ambient connection between patients and nurses. The first display takes into account the mobility experienced by nurses during their work to supervise the activities of daily living (ADL) conducted by patients (Tentori, M., & Favela, J.). The second display is a flower vase that takes into account contextual information of the nurses’ presence to adapt its behavior notifying nurses whenever a patient she is taken care off has urinated, as well as, the state of the urine bag wore by him. In the following section we describe the motivation, the sensing technologies required, and the design of both ambient displays.

A Mobile ADL Monitor The mobile ADL monitor uses an ambient display (digital bracelet) and a smart phone to notify events related to the activity being executed by a patient to nurses. The device is a two-layered vinyl bracelet containing five buttons with embedded lights (Figure 2a). Each button represents a patient under the nurse’s care. Adapted from the medical model utilized in the emergency unit, each light in the button turns on with colors analogous to a traffic light. The lights turn on when a patient is executing an activity, when particular actions occur, or after a series of events take place. Nurses can press the button to consult information associated to the activity a particular patient is executing. This information is displayed in the nurse’s smart phone, which can show a more complex representation of the activity being executed by the patient (Figure 2b). Nurses can also use their phone to assign priorities by selecting colors (Figure 2c) or setting contextual information to act as a trigger for the activities being monitored (Figure 2d). The following scenario illustrates the use of the display in the hospital.

151

Monitoring Hospital Patients Using Ambient Displays

Figure 2. The mobile activity monitor. (a) A nurse uses the activity-aware bracelet; (b) the mobile activity-aware assistant shows information related to an activity being executed by a patient; (c) a nurse uses her cell phone to assign colors; and (d) a nurse associates contextual information with an activity.

Scenario of Use: Monitoring the ADLs Conducted by Patients Juan is a 60 years old man who just had a neurological surgery. Juan is partially immobile so he must perform physical exercises on his bed to improve his motors skills and blood circulation. Since the surgery, he has been very anxious performing abrupt movements resulting in falls from the bed –especially during the night. Consequently, Carmen, the nurse in charge of Juan, wants to monitor Juan’s movements to find out: (1) if Juan has performed his exercises, (2) if he is abruptly moving and (3) if he has fallen from the bed. Therefore, Carmen uses the activity-aware mobile assistant in her smart phone to specify that the light that represents Juan in her bracelet must turn green if Juan is performing his exercises, yellow if Juan is abruptly moving and red if Juan’s has fell from the bed. To do this, Carmen selects from her smart phone a light color and then specifies the contextual information that will trigger a notification to her. For instance, Carmen specifies that the light that represents Juan in her bracelet must turn yellow (Figure 2c) when he moves abruptly, and must change to red if Juan does so at least 3 times over a period of 2 hours (Figure 2d). Later, while Carmen is preparing the medicines to be delivered to the patients, Juan’s light (i.e., the light that represents Juan in Carmen’s bracelet) turns green (Figure 2a). Carmen presses

152

the button that represents Juan in her bracelet and the activity being executed by Juan is displayed in Carmen’s smart phone (Figure 2b). Carmen realizes that Juan is performing his physical exercises. Carmen updates this information in Juan’s nurse chart. Throughout the day, Juan’s light in Carmen’s bracelet constantly turns yellow indicating to her that Juan is anxious. An hour later, while Carmen is discussing with a patient his symptoms her bracelet turns red. Carmen consults her smart phone and realizes that Juan has been frequently moving for the last two hours. Carmen moves to Juan’s room and she realizes that Juan is about to fall down. Carmen holds Juan and gives him medication to calm him down.

Sensing the Contextual Information Required to Monitor Patients The system requires to measure users’ movements by monitoring how movements are gradually being change from stationary state to an abrupt one. In particular, when patients are still we must distinguish between when they are lying or have fallen from bed. In this regard, several methods and technologies have been proposed to capture and monitor users’ patterns of movement, ranging from the use of simple sensors such as accelerometers to complex systems that fusion the information from different sources. Research in wearable computing has shown that users’ move-

Monitoring Hospital Patients Using Ambient Displays

ment pattern can effectively be inferred from body-worn standalone accelerometers or those wirelessly connected to motes Aminian, K., Robert, P., Jequier, E., & Schutz, Y., 1995; Bao, L., & Intille, S., 2004; Foerster, F., Smeja, M., & Fahrenberg, J., 1999; Minnen, D., & Starner, T., Essa, I., & Isbell, C., 2006; Parkka, J., Ermes, M., Korpipaa, P., Mantyjarvi, J., Peltola, J., & Korhonen, I., 2006). These devices can be embedded in wrist bands, bracelets, adhesive patches, or belts and later placed on various parts of users’ body. The findings of these studies indicate that the detection of posture and motion based on accelerometers is highly reliable with overall recognition accuracy of up to 95%. Several efforts have been made to use accelerometers to detect differences in users’ patterns of movements, such as if they are gradually changing their movements from uniform to abrupt. For instance, acceleration data of the wrist and arm have been used to estimate users’ upper body activities such as martial arts movements (Foerster, F., Smeja, M., & Fahrenberg, J., 1999). Similarly, others have place accelerometers in a user chest and thigh to detect his posture and ambulatory movements (Aminian, K., et al., 1995). Although these approaches can also estimate if a user is in a steady state, several projects have explored how to combine accelerometers with motes to infer when a user is lying or when he has fallen from bed. For instance, the Ivy Project uses a small device worn on the waist of a user and a network of fixed motes to detect the occurrence of a fall and the location of the victim. Low-cost and low-power accelerometers are used to detect the fall while RF signal strength is used to locate the person (Chen, J., Kwong, K., Chang, D., Luk, J., & Bajcsy, R.). Another project uses a tri-axial accelerometer embedded in a cellphone and wirelessly connected to Internet that uses a pattern recognition algorithm to accurately detect falls (Zhang, T., Wang, J., Liu, P., & Hou, J., 2006).

Designing the Mobile ADL The system uses e-activities as its core units allowing it to react when an event occurs with a patient; display activities in different devices such as in a smart phone or in the bracelet; and, store activities to determine when an ADL is evolving into a RA. An e-activity is the computational representation of a human activity, and it stores attributes depicting the activity’s execution context, such as who owns it, other participants, its location, and the artifacts or applications used. An e-activity can also store a set of rules to inform the system how to adapt the smart environment or infer other attributes, such as a person’s availability. E-activities are: reactive, they can act as a trigger; sequential, they can form histories; mobile, they’re executed across devices; and, persistent, their state is stored over long time periods. The system uses an activity-aware assistant as client and an activity-aware server as a basis for its implementation. The activity-aware server is composed of three layers that are responsible for creating e-activities and histories on the basis of the information sensed. The lower layer recognizes the activity by reading contextual information from sensors; the middle layer defines the activity’s computational equivalence by either extracting a similar activity from its activity knowledge base or creating a new activity from scratch on the basis of information the lower layer provides and; the upper layer uses the e-activity definition to create a history of activities using the activities stored in the history knowledge base. This layer also analyzes such history to infer the next step that should be executed or how such e-activity attributes change as the user course of action evolves. The activity-aware assistant uses a device and a smart phone to notify the nurse of the events related to the activity being executed by a patient. The display that we designed it’s a two-layered vinyl bracelet containing five buttons with embedded lights (Figure 2a). When a nurse presses a button

153

Monitoring Hospital Patients Using Ambient Displays

Figure 3. The bracelet electrical components. (a) The transmitter used in the activity-aware server; (b) the receiver embedded in the bracelet.

on the bracelet, a message is sent back to the activity-aware server, specifying a patient and bracelet ID. This ID is used by the activity-aware server to determine which activity should be displayed on which smart phone. Communication between the phone and the server occurs wirelessly. We developed our own components to communicate the bracelet with the server (Figure 3). A transmitter is responsible for sending and receiving messages from the bracelet at frequencies under 27 Mhz (Figure 3a). This avoids interference between the bracelet and equipment placed in the hospital or worn by patients. This transmitter is internally connected to the CPU through a RS232 port and uses a remote control to send messages. The transmitter has embedded a receptor circuit that manages the radioelectrical signals from the bracelet and translates them into pulses. The circuit uses a 7805 regulator to decrease volts greater than 5VDc forcing it to work under a TTL range. The circuit also uses a Max232 component that converts signals of the serial port from +12/-12V to 5V+. These volts are the outputs of the circuit and activate the circuit’s remote control for sending messages. In contrast, the bracelet has embedded a receptor circuit which converts radioelectrical signals into electrical pulses (Figure 2b). This circuit enforces a NOT operation over such pulses, using the 74ls04 floodgate, to turn such pulses

154

into zero. This will allow the bracelet to either receive or send messages.

The Flower Vase The flower vase is an ambient display that notifies nurses the urine output of patients and the status of their urine bag (Figure 4). The flower is a wooden box containing twenty four artificial flowers: twelve emergency flowers and twelve situation flowers. The flowers are composed of a two-layered felt that enclose pistils covered with insulating tape. In each pistil a red or yellow led is embedded. The emergency flowers are have stems with an embedded yellow light in their pistils (Figure 4a). All emergency flowers blink whenever an event or an emergency occur with a urine bag wore by a patient –if a urine bag is full. In contrast, situation flowers are flowers without stems with a red light embedded in their pistils. This situation flowers are arranged in a matrix to represent the location of the patients in the area. The columns in the matrix represent rooms and the rows represent patient’ beds (Figure 4b) –each room has three beds for patients. This arrangement allows nurses to quickly discover the bed where a patient is located. Situation flowers turn on whenever a nurse approaches the flower vase or if the emergency flowers are blinking. While

Monitoring Hospital Patients Using Ambient Displays

Figure 4. The flower vase placed in the nurse pavilion (a) The flowers that notify of emergency events (b) The flowers that personalized their color based on the nurse’s presence

emergency flowers are blinking a situation flower turns on, indicating to a nurse the location of the patient related to that event. If emergency flowers are not blinking and a nurse approaches the vase, the situation flowers personalize their color by turning on only those flowers that represent the patients assigned to that nurse and for which an event has been associated. The following scenario illustrates the use of the display in the hospital.

Senario of Use: Monitoring Patients’ Urine Outputs Carmen, the nurse in charge of Pedro, explains Refugio, the nurse whose shift has just started, that Dr. Perez, the attending physician, has changed Pedro’s medication to include cyclosporine. Pedro is a 56 years old man, who has a chronic renal failure and just had a renal transplant. Hence, to monitor Pedro’s reaction to the new transplanted kidney, Refugio needs to supervise the frequency and quantity of Pedro’s urine. When Pedro’s urine bag reaches a threshold the emergency lights in the flower base start to blink (Figure 5). She approaches the flower vase and realizes that is Pedro’s bag is almost full. She moves to the warehouse and gathers the medical equipment she needs to change the urine bag. Then, she updates the patient’s liquid balance. A couple of hours

later, while Rita is discussing the evolution of a patient with Dr. Perez she approaches the flower vase. The flower vase personalizes the situation flowers and turns on Pedro’s light indicating that he has been urinating. Rita discusses with the physician Pedro’s case, who decides to change the medication to avoid damaging the newly transplanted kidney.

Sensing the Contextual Information Required to Monitor Patients The flower vase requires to monitor the weight of a urine bag wore by a patient and the presence of the nurses who are in front of the vase. To monitor the status of the urine bag we developed a weight sensor that measures the amount of urine in a bag. This weight sensor is attached to a urine bag wore by a patient and connected to a mote (Figure 5a). This sensor is composed of two acrylic pieces which are separated through a spring and a push button. We calibrated the required separation between both pieces. When the urine reaches a threshold (i.e., when the urine has filled 80% of the urine bag) the button is pressed. Once the button gets pressed, the sensor generates an electronic pulse. This pulse is read by the mote that is responsible for the transmission of this information wirelessly. When the bag is replaced

155

Monitoring Hospital Patients Using Ambient Displays

the button goes back to its normal position. We use motes to avoid saturating the rooms with wires that could be obtrusive to nurses and patients. To monitor nurses’ proximity, several approaches have been proposed to infer user proximity based on location sensing, proximity measurement, and device discovery (Hightower, J., & Borriello, G., 2001; Krumm, J., & Hinckle, J., 2004; Krumm, J. & E. Horvitz; Naya, F., Noma, H., Ohmura, R., & Kogure, K., 2005).

Designing the Flower Vase The flower vase consists of two parts: a weight sensor attached to the urine and a set of flowers that display the status of the urine bag of the patient (Figure 5). When the base station receives the information, it identifies the sensor that sent it, thereby identifying the location of the patient, and then turning on the red light of the corresponding flower (Figure 5b). At the same time the flowers with stems begin to blink, trying to get the attention of nurses. We use the phidgets toolkit (Greenberg, S., & Fitchett, C., 2001) to implement the flower base (Figure 5a). We embedded in the box a communication interface with 8 analog inputs, 8 digital inputs, and 8 digital outputs. We used the digital outputs to directly control substantial devices by switching up to 30VDC at up to 2 Amps. The output acts as a switch to ground voltages, and it

is protected from transient voltages typical when switching inductive devices - relays, solenoids, motors. The outputs can be used to directly control devices requiring substantial power such as incandescent lights, high power LEDs, relays, solenoids and motors, making it possible to control flowers’ light.

Conlu In this chapter, we discuss how ambient displays can support of hospital work. To illustrate this, we designed and implemented two ambient displays that monitor patients’ health status and provide continuous awareness of this information to hospital workers while they are on-the-move. This awareness is expressive, subtle and unobtrusive to the activity being conducted by hospital staff. This awareness will allow hospital workers to promptly identify patient’ needs, save time and avoid errors. The ambient displays presented here are just preliminary designs that give a hint of the potential of this technology in healthcare. We plan to conduct an in situ evaluation of the displays developed to assess their impact within the hospital. In addition, we plan to explore a new setting where this type of technology could be useful –in particular, in nursing homes. Workers at nursing homes specialized in the care of elders

Figure 5. The flower vase components (a) The sensor device; (b) The flower vase as an ambient display

156

Monitoring Hospital Patients Using Ambient Displays

with cognitive disabilities face working conditions that are similar to those in hospitals. Such workers also use common strategies to monitor patients’ status. This monitoring is done manually, making it time consuming and error prone. This is another healthcare scenario in which ambient displays can prove useful.

Refeen Aminian, K., Robert, P., Jequier, E., & Schutz, Y. (1995). Estimation of speed and incline of walking using neural network. IEEE Transactions on Instrumentation and Measurement, 44(3), 743–746. Bao, L., & Intille, S. (2004). Activity recognition from user-annotated acceleration data. in Pervasive. Vienna, Austria. Bardram, J. E. (2005). The Trouble with Login -On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6), 357-367. Bardram, J. E., & Bossen, C. (2003). Moving to get aHead: Local Mobility and Collaborative Work. In ECSCW. Helsinki, Finland: Kluwer Academic Publishers. Bardram, J. E., & Bossen, C. (2005). Mobility Work: The Spatial Dimension of Collaboration at a Hospital. In ECSCW. 2005. Paris, France: Kluwer Academic Publishers. Bossen, C. (2002). The Parameters of Common Information Spaces: The Heterogeneity of Cooperative Work at a Hospital Ward. In CSCW. New Orleans, Lousiana: Kluwer Academic Publishers. Camacho, J., Galicia, L., Gonzalez, V., & Favela, J. (2008). mobileSJ: Managing Multiple Activities in Mobile Collaborative Working Environments. Accepted for publication in International Journal of e-Collaboration, 4(1), 60-73.

Chen, J., Kwong, K., Chang, D., Luk, J., & Bajcsy, R. Wearable Sensors for Reliable Fall Detection. In 27th Annual International Conference of the Digital Object Identifier. Chin, T. (2005). Untapped power: A physician’s handheld. In AMNews. Favela, J., Rodríguez, M. D., Preciado, A., & Gonzalez, V. M. (2004). Integrating Context-aware Public Displays into a Mobile Hospital Information System. IEEE Trans. IT in BioMedicine, 8(3), 279- 286. Foerster, F., Smeja, M., & Fahrenberg, J. (1999). Detection of posture and motion by accelerometry: A validation in ambulatory monitoring. Computers in Human Behavior, 1999. 15(1): p. 571–583. Greenberg, S., & Fitchett, C. (2001). Phidgets: easy development of physical interfaces through physical widgets. In 14th annual ACM symposium on User interface software and technology. Orlando, Florida. Gross, T. (2003). Ambient Interfaces: Design Challenges and Recommendation. Hehe, H. (2007). Smoking lamp. Available from: http://hehe.org.free.fr/hehe/smokinglamp/index. html. Hightower, J., & Borriello, G. (2001). Location Systems for Ubiquitous Computing. IEEE Computer, 57-66. Ishii, H., Wisneski, C., Brave, S., Dahley, A., Gorbet, M., Ullmer, B., & Yarin, P. (1998). ambientRoom: Integrating ambient media with architectural space. In CHI. Jafarinaimi, N., Forlizzi, J., Hurst, A., & Zimmerman, A. (2005). Breakaway: An ambient display designed to change human behavior. In CHI. Johan, R., Skog, T., & Hallnäs, L. Informative Art: Using Amplified Artworks as Information Displays.

157

Monitoring Hospital Patients Using Ambient Displays

Krumm, J., & Hinckle, J. (2004). The NearMe Wireless Proximity Server. In Ubicomp.

on Human-centered multimedia of International Multimedia Conference. New York, NY, USA.

Krumm, J. & E. Horvitz. LOCADIO: Inferring Motion and Location from Wi-Fi Signal Strengths. in First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services. 2004. Boston, MA, USA: IEEE Press.

Naya, F., Noma, H., Ohmura, R., & Kogure, K. (2005). In IEEE International Symposium on Wearable Computers. Bluetooth-based Indoor Proximity Sensing for Nursing Context Awareness.

Lund, A., & Wilberg. M. (2007). Ambient displays beyond conventions. In British HCI Group Annual Conference.

O’Connor, M. C. (2006). Testing Ultrasound to Track, Monitor Patients. RFID Journal, 1(31), 2.

Mankoff, J., Dey, A. K., Hsieh, G., Kientz, J., Lederer, S., & Ames, M. (2003). Heuristic evaluation of ambient displays. In Conference on Human Factors in Computing Systems. Lauderdale, Florida, USA.

Parkka, J., Ermes, M., Korpipaa, P., Mantyjarvi, J., Peltola, J., & Korhonen, I. (2006). Activity Classification Using Realistic Data From Wearable Sensors. IEEE Transactions on Information Technology in Biomedicine, 10(1), 119–128.

Markarian, A., Favela, J., Tentori, M., & Castro, L. A. (2006). Seamless Interaction among Heterogeneous Devices in Support for Co-located Collaboration. In CRIWG. Valladolid, Spain: Springer-Verlag.

Pentland, A. (2004). Healthwear: Medical Technology Becomes Wearable. IEE Computer, 37(5), 42-49.

Minnen, D. and T. Starner, Essa, I., Isbell, C. Discovering characteristicactions from on-body sensor data. In International Semantic Web Conference (ISWC). Athens, GA, USA: IEEE. Moran, E. B., Tentori, M., González, V. M., Martinez-Garcia, A. I., & Favela, J. (2006). Mobility in Hospital Work: Towards a Pervasive Computing Hospital Environment. International Journal of Electronic Healthcare, 3(1), 72-89. Munoz, M., Rodriguez, M. D., Favela, J., Martinez-Garcia, A. I., & Gonzalez, V. M. ContextAware Mobile Communication in Hospitals. IEEE Computer, 36(9), 38-46. Nack, F., Schiphorst, T., Obrenovic, Z., Tjoe, M. K., Bakker, S., Perez, A., & Aroyo, L. (2007). Pillows as adaptive interfaces in ambient environments. in Proceedings of the international workshop

158

Smith, K. S., & Ziel, S. E. (1997). Nurses’ duty to monitor patients and inform physicians. AORN Journal, 1(2), 235-238. Stanford, V. (2003). Beam Me Up, Doctor McCoy. IEEE Pervasive Computing, 2(3), 13- 18. Strauss, A., & Corbin, J. (1998). Basics of Qualitative Research: Techniques and procedures for developing grounded theory. Thousand Oaks, CA: Sage. Tentori, M., & Favela, J. Activity-aware computing for healthcare. Accepted for publication in IEEE Pervasive Computing, to appear. Weiser, M., & Brown, J. S. (1995). Designing Calm Technology. PowerGrid, 1(1). Zhang, T., Wang, J., Liu, P., & Hou, J. (2006). Fall Detection by Embedding an Accelerometer in Cellphone and Using KFD Algorithm. International Journal of Computer Science and Network Security, 6(10), 277-284.

159

Chapter IX

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks Javier Espina Philips Research Europe, The Netherlands Heribert Baldus Philips Research Europe, The Netherlands Thomas Falck Philips Research Europe, The Netherlands Oscar Garcia Philips Research Europe, The Netherlands Karin Klabunde Philips Research Europe, The Netherlands

ABSTRACT Wireless body sensor networks (BSNs) are an indispensable building stone for any pervasive healthcare system. Although suitable wireless technologies are available and standardization dedicated to BSN communication has been initiated, the authors identify key challenges in the areas of easy-of-use, safety, and security that hinder a quick adoption of BSNs. To address the identified issues they propose using body-coupled communication (BCC) for the automatic formation of BSNs and for user identification. They also present a lightweight mechanism that enables a transparent security setup for BSNs used in pervasive healthcare systems. Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

INTRODUCTION Wireless Body Sensor Networks (BSNs) are an enabling technology for the paradigm shift towards pervasive health monitoring. Instead of the traditional event-driven model where patients go to their doctor only when they are sick, we envision that a person’s state of health is continuously monitored through the use of smart body-worn medical sensors to detect changes to the worse before a critical condition arises. Thereby emergency cases are prevented and both patients and care givers are empowered to act more proactive in general. However, pervasive health monitoring systems will be widely adopted only if users experience them as easy-to-use and trustworthy, which is a challenging task as we illustrate in this chapter. Although several wireless technologies are available to allow body-worn sensors to communicate with one another, they all presume that the user has connected all her body sensors to a single network. But since existing wireless standards fail to provide support for setting up a network, this turns out to be a difficult job, asking too much of normal users. We propose a mechanism for making wireless body-worn medical sensors aware of the person they belong to by combining body-coupled with wireless communication. This enables a user to create a wireless BSN by just sticking the sensors to her body. We exploit Body-Coupled Communication (BCC) to also eliminate the mixing up of medical data from different patients, which is a common source of errors. For this the user wears a personal identifier that broadcasts her unique user ID around her body. Thereby all her body-worn sensors are able to unambiguously annotate their readings with her ID. Protecting the user’s privacy and ensuring confidentiality of medical data is essential for the acceptance of any pervasive healthcare system. To this end we describe a security system for BSNs that takes the resource constraints of tiny

160

sensors into account and can be rolled out in an easy and unobtrusive way. The remainder of the chapter is organized as follows. Section 1 introduces the concept of wireless medical BSNs by describing some sample applications and suitable available and upcoming wireless technologies. In Section 2 we present our approach for automatic network formation and user identification based on BCC. A lightweight security system for pervasive BSNs is described in detail in Section 3. In Section 4 we identify some future trends relevant for the deployment of BSNs followed by our conclusions in Section 5.

WIRELESS MEDICAL BODY SNSOR NETWORKS Concept and Applications Wireless medical BSNs are an enabling technology for the application domain of unobtrusive health monitoring. This field includes continuous cable-free monitoring of vital signs in hospitals (Philips Medical Systems, 2005), remote monitoring of chronically ill patients (Herzog, 2004; Kraemer, 2006; Lo, 2005), monitoring of patients in mass casualty situations (Malan, 2004), monitoring people in their everyday lives to provide early detection and intervention for various types of disease (Habetha, 2008), computer-assisted physical rehabilitation in ambulatory settings (Jovanov, 2005), and assisted living of elderly at home (Eklund, 2005). A wireless medical BSN consists of smart wireless sensors measuring for example electrocardiogram (ECG), non-invasive blood pressure and blood oxygen saturation. By means of advanced low-power radios the body-worn sensors can communicate with one another or with nearby devices (e.g. stationary Internet gateways or mobile phones) within a range of typically 5 to 10 meters.

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

BSNs are an indispensible building stone for any pervasive healthcare system because they are unobtrusive and allow the patient to perform her normal daily activities while being cared for. Moreover they open up completely new medical perspectives. To illustrate this, we briefly describe two sample systems consisting of several bodyworn sensors for: (1) continuous blood pressure monitoring and (2) motor rehabilitation of stroke patients.

Continuous Cuff-less Blood Pressure Monitoring Arterial blood pressure has long been one of the most important vital parameters for determining a patient’s state of health. Nevertheless its diagnostic potential is not fully exploited yet. Blood pressure shows a high variability during the day due to physical or mental stress, which cannot be monitored effectively and comfortably with usual blood pressure devices. Such traditional devices are mainly based on a sphygmo-manometric occlusive cuff, which is clumsy, uncomfortable

and allows only for intermittent measurements at intervals of several minutes. An alternative is to infer the arterial blood pressure using the pulse wave velocity methodology. This can be done by using a wireless sensor configuration with an ECG measured from the chest and a photoplethysmogram (PPG) measured at the ear or finger (Muehlsteff, 2006; Espina, 2008). With this setup the Pulse Arrival Time (PAT) can be measured, which is defined as the time delay between the R-peak of the QRS wave from the ECG and the arrival of the arterial pulse wave at the periphery, i.e. the foot of the PPG wave. Systolic blood pressure can then be estimated from the PAT with an accuracy of 6.9 mmHg (root mean square error) (Muehlsteff, 2006). Figure 1 shows an overview of a BSN for continuous blood pressure monitoring according to the aforementioned pulse wave velocity methodology. The system consists of an ECG and a 3D-acceleration patch sensor, a finger/ear PPG sensor, and a personal digital assistant (PDA). The wireless sensors are accurately time-synchronized and transmit their data over an IEEE

Figure 1. Left—BSN devices: PDA, finger-PPG sensor, and ECG/3D-accelerometer sensor. Right—Device position on the patient’s body

161

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

802.15.4 wireless link to the PDA, which aligns their data streams and performs the PAT measurement and blood pressure estimation. All data are displayed on the PDA, from where they can be sent to a clinical site via GPRS or UMTS. This BSN application is described in (Espina, 2008) in greater detail.

Home Stroke Rehabilitation System Stroke is the third common cause of death in USA (American Heart Association, 2007) and also results in serious long-term disability for its survivors. In an ageing society, the incidence of stroke is expected to grow in the coming years. Out of the various deficits deriving from strokes, unilateral sensorimotor deficits are very prominent ones, with more than 80% of stroke patients suffering from them (Parker, 1986). Stroke rehabilitation programs allow patients to improve on their sensorimotor capabilities. However, stroke patients have not reached their full potential when they are discharged from the rehabilitation program (Malouin, 2005). Home rehabilitation can increase the intensity of training, which is known to have a huge positive impact on the rehabilitation outcome (Willmann, 2007). Figure 2 shows several components of a novel home stroke rehabilitation system (Acht, 2007; Willman, 2007) consisting of a motion captur-

ing BSN, a user interface, and a therapist station. Upon release from the rehabilitation clinic, patient and therapist agree on rehabilitation goals and the therapist selects exercises and compiles a training plan. The system compares the patient movements to motion targets defined by the therapist and presents the patient with meaningful feedback. Furthermore the therapist can access all data remotely and tracks the patient’s therapy progress and compliance with the exercise plan. The BSN is formed by several match box-sized sensor nodes (Acht, 2007)—from 2 to 10—attached by garments to the parts of the patient’s body that need to be tracked, usually both upper arms, lower arms, shoulders, and chest. Each sensor measures 3D-acceleration, 3D-magnetization (Earth magnetic field), and 3D-angular speed (MEMS gyroscopes) and transmits those data streams to a PC via an IEEE 802.15.4 wireless link. From the raw sensor data the PC calculates the 3D-orientations of all sensors. Since the sensors are time-synchronized with an accuracy better than 1 ms, their 3D-orientations can be combined to successfully reconstruct the patient’s posture and 3D-limb position.

Wireless Technologies To allow for low-cost transceiver implementations as well as low body-induced RF attenuation

Figure 2. Left—Attachment of wireless inertial nodes to the body. Right—Home rehabilitation

162

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

(i.e. good link robustness) medical BSNs should ideally transmit data in frequency bands below 1 GHz. However the available bands are either crowded—as is the case in the 433 MHz spectrum range—too application-specific—e.g. Medical Implant Communication Service (MICS) and Wireless Medical Telemetry Systems (WMTS)— or not usable on a global basis—e.g. the North American 915 MHz Industrial, Scientific, and Medical (ISM) band or the European 86x MHz bands. The worldwide available 2.4 GHz ISM band appears to be today the most appropriate portion of spectrum for wireless medical BSNs. Moreover wireless medical BSNs should communicate using standard-based wireless technologies. This enables device and systems interoperability, low bill of materials, and reduces the medical device manufacturer’s dependency on RF transceiver manufacturers. The most

suitable wireless communication standards are presented below.

Available Communication Standards The 2.4 GHz ISM band accommodates a number of concurrent connectivity standards such as IEEE 802.15.1 (2002) (Bluetooth), IEEE 802.11b/g (2003) (basis of WiFi) and IEEE 802.15.4 (2006), the basis of ZigBee (2007). IEEE 802.11 standardizes Wireless Local Area Networks (WLANs), which refers to systems with a coverage of 10 to 100 meters that often interact with a wired infrastructure (LANs). In contrast, IEEE 802.15 standardizes Wireless Personal Networks (WPANs)—a.k.a. Wireless Body Area Networks (WBANs)—which refers to systems with a coverage of less than 10 meters for highly mobile devices, such as wireless I/O peripherals with very limited power resources. The

Figure 3. Radios are agnostic about persons

163

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

IEEE 802.15 standardization body issued three major WPAN standards so far: IEEE 802.15.1 medium-rate WPAN (derived from the Bluetooth® standard), IEEE P802.15.3 (n.d.) high-rate WPAN (never reaching a product status in the market), and IEEE 802.15.4 (2006) low-rate WPAN (aiming at sensor/actuator networks).The latter was amended in 2007 with the IEEE 802.15.4a (2007) standard (no products available yet). Most existing BSN implementations are based on IEEE 802.15.1 or IEEE 802.15.4 since (compared to the popular WLAN standards IEEE 802.11b/g) they feature low power consumption, low complexity, and a small form factor. Table 1 shows a comparison of such standards. For medical BSNs we endorse the use of IEEE 802.15.4. Compared to it, IEEE 802.15.1 exhibits less flexible networking concepts, limited usability for uninterrupted real-time data transfers, and higher average power consumption. Furthermore most medical BSNs do not require data rates higher than 200

kbps. The BSNs presented in this section were built with the Philips IEEE 802.15.4-compliant AquisGrain sensor platform (Espina, 2006).

Upcoming Communication Standards IEEE 802.15.4a (2007) is an amendment to the IEEE 802.15.4 standard that defines a pulse-based Ultra Wide Band (UWB) physical layer. Despite the high body-induced RF attenuation at the frequencies in which it operates (3 GHz to 10 GHz), IEEE 802.15.4a is a promising communication standard for BSNs. Its implementations are expected to enable very low-power communication while being especially robust to multipath fading. Moreover IEEE 802.15.4a supports sub-meter ranging to enable fully wireless device positioning. Although the standard was published in 2007 there are no compliant implementations so far. The IEEE 802.15 Task Group 6 (2007)—a.k.a. Body Area Networks (BAN) Task Group—is de-

Table 1. Comparison of wireless communication standards

ISM band

Air interface #Channels/schemes Data rate (aggregated) Range Network topology Network size Network join time Real-time support Protocol complexity Stack size Security Typical power consumption

164

IEEE 802.11b WiFi

IEEE 802.15.1 Bluetooth

2.4 GHz

2.4 GHz

Directsequence spread spectrum (DSSS) 11 (US) 13 (EU)

Frequencyhopping spread spectrum (FHSS) 10

11 Mbps (50 Mbps)

1 Mbps (<10 Mbps)

100 m

10 m, 30 m, 100 m

Star, peer-topeer 32

Star

IEEE 802.15.4-2006 ZigBee 2.4 GHz

868 MHz (EU)

915 MHz (US)

Direct-sequence spread spectrum (DSSS)

-

-

16

10

1

-

250 kbps (<4,000 kbps)

Optionally 250 kbps (<2500 kbps)

Optionally 250 kbps (250 kbps)

-

10-30 m Star, peer-to-peer

8

+ Multi-hop mesh

65,535

<3 s

<5 s

<<1 s

No

No

Guaranteed time slots

Medium

High

Simple

Low

100 KB

256 KB

24 KB

Authentication, encryption

Authentication, encryption

Authentication, encryption, integrity, freshness

471 mW (MAXIM MAX2822)

83 mW (LINKMATIK 2.0)

62 KB + centralized key distribution

60 mW (Texas Instruments CC2420)

No

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

veloping a communication standard optimized for low power devices and operation on, in and around the human body to serve a variety of applications including medical, consumer electronics/personal entertainment and other. The standard will be the first to specifically address the effects of the body on wireless data communication. The IEEE 802.15 Task Group 6 was launched in November 2007 and is currently at the initial stage of the standardization process.

AUTMATIC NETWORK FORATION AND USER IDENTIFICATION

a problem with short range radios in this context making that a challenging task: since the communication range of RF transceivers is not restricted to the body of a person, as illustrated in Figure 3, a wireless sensor cannot determine whether or not another sensor in range belongs to the same person. The radios’ ignorance of persons makes setting up a wireless body sensor network to a cumbersome and error prone procedure, asking too much of normal users not to mention elderly and frail people and thereby hampering the adoption of wireless technology for pervasive healthcare applications. Next we describe our solution that allows body-worn wireless sensors:

Problem Description

•

From a user’s perspective the ideal solution would be that all sensors attached to the same body know which person they belong to and automatically form a wireless network. Unfortunately there is

• •

To unambiguously identify the person they belong to To detect all other sensors attached to the same body To exchange all the information required to form a wireless network

Figure 4. BCC is restricted to a person’s body

165

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Figure 5. BSN overview

Bupled Communication Based Sensor Association The concept is to use Body-Coupled Communication (BCC) (i.e. using the human body as signal transmission medium) for bootstrapping of wireless body sensor networks. A BCC transceiver generates a weak yet detectable electric field that is capacitively coupled to the body, allowing for the transmission of small amounts of information (Zimmerman, 1996). In contrast to an electromagnetic field, the electric field only extends outwardly a couple of centimeters from the entire surface of the skin, enabling interference-free person-bound communication, as depicted in Figure 4. Figure 5 visualizes the resulting wireless health monitoring system we have in mind. It consists of two kinds of devices, several medical body sensors and a body-worn Personal Identifier (PI). The main functional components of the medical sensors and the PI are shown in Figure 6. The PI is basically a small tag, which can be easily built into a wristband or a watch. It exploits

166

BCC for emitting a unique user ID around the body of the person. Other authorized BCC receivers that come close to the skin of that user can then pick up this identification code. A medical sensor has both RF and BCC capabilities. The BCC transceiver allows the sensor to find out the ID of the person it belongs to and to set up wireless connectivity between the sensors. For the latter the sensors on the body exchange network parameters through BCC at first, then wake up their radio subsystem to establish a wireless ad hoc network based on the parameters received. Afterwards the actual application data can be transmitted through the wireless RF link between the body sensors. Using RF for the transmission of application data enables to send the data also to off-body devices like e.g. a mobile phone or an Internet gateway, which is required by most pervasive healthcare scenarios. Similar to medical sensors off-body devices can be associated to a specific BSN by touching them for a snatch; afterwards the communication can continue via RF.

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Figure 6. Block diagrams of BSN components

As a result from a user’s perspective forming a wireless body sensor network is as easy as sticking sensors to her body or just touching an off-body device. The ability to uniquely associate sensor readings with a PI is crucial for the integration of BSNs into the healthcare enterprise. For example a mobile phone equipped with both a BCC and RF transceiver can be used to forward the measurements annotated with the user ID wirelessly through UMTS to a remote medical service center where the processing of the data takes place. Doing it in this way avoids mixing up medical data from different patients, thereby reducing the likelihood of medical errors.

Implementation We implemented and validated the automatic association solutions. Our prototype is based on the versatile IEEE 802.15.4-compliant AquisGrain sensor platform developed by Philips Research (Espina, 2006). For enabling BCC we designed a so-called Active Digital Aura (ADA) module, which can be used stand-alone or directly mate to the wireless sensor platform. The physical layer realizes the transmission over the BCC channel. While initially the data transmission was Manchester encoded using ASK modulation at 125 kHz, currently we are developing a new system version

working on higher frequencies between 1 and 30 MHz. In addition to the ADA hardware we developed protocols for reliable network formation and user identification capable of handling multi-user scenarios as illustrated in Figure 7. Once a medical sensor is attached to the body or a device is touched, it requests through BCC the user ID from the PI. Forming a wireless network works as follows: When a sensor is stuck on the body it searches for other sensors by asking via BCC for a WBAN descriptor to learn the network parameters required to join the network. If it receives no answer, the sensor knows that there is no other sensor yet attached to the same body. Since it does not make sense to start a network without having any communication peer, the sensor waits in sleep mode until another sensor arrives. Once a second sensor is attached to the person, the new sensor starts also requesting a WBAN descriptor by means of BCC. The first sensor is woken up by the search request, gets aware that there is now a second sensor, creates a new wireless network, and informs through BCC the second sensor about the network parameters such as network ID, radio channel, etc. The second sensor uses the received WBAN descriptor to join the network. Thereafter the body sensors communicate via the wireless network. The same protocol is used for extending the network with off-body devices. For this the user

167

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Figure 7. Network formation and user identification protocol

just has to touch for example her mobile phone for a snatch.

Related Work Alternative approaches to setting up ad-hoc wireless communication links do either require extra actions by the user, exploit proximity between devices to be connected, or use some extra means (e.g. set-up pen) to exchange configuration data between the devices. SyncTap (Rekimoto, 2003) triggers the connection set-up by synchronously pressing and releasing the “connection” buttons on both devices. Then, multicast packets that contain press and release timing are sent. By comparing this timing both devices can identify each other.

168

When two devices can be brought close to each other, near-field communication such as RFID or IR technology can be used to exchange the required parameters for establishing a wireless network (Rekimoto & Oba, 2003). ProxNet (Rekimoto, 2004) is another example exploiting proximity and pressing of a connection button. The devices identify each other by measuring each other’s signal strength. Facile (Partridge, 2003) is a software framework for supporting applications that require invisible association between users and devices in the context of ubiquitous computing. A first implementation is based on a capacitively-coupled communication mechanism for realizing an attention-correlated communication channel between

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

a personal wearable device and a selected multiperson device. Another proposed solution for setting up a wireless medical body network is to equip all sensors with an IR-receiver and to use a setup pen, which emits a unique identifier via IR to limit the scope to a single patient. All sensors receiving the same identifier form a network (Baldus, 2004). In the BLIG approach (Andersen, 2007) an additional short range (< 50 cm) communication channel is introduced to group sensor nodes. The first sensor generates a unique group-id. Successive sensors are added to the group by pressing the grouping button while holding the new sensor close to any one of the already attached sensors. For security reasons during the grouping procedure there must be a special authorization node worn by a caregiver in range. Our BCC-based automatic association does not require extra devices or user intervention (e.g. pressing buttons or bringing sensor nodes very close to each other): all sensors attached to a person’s body are able to discover each other automatically and exchange network parameters to participate in the same network. Taking another point of view and looking at current procedures in hospitals, we find that barcode or RFID systems are used for electronic patient identification. These technologies allow a semi-automatic identification: patient identifiers – e.g. worn by the patient as an irremovable wristband - can be read automatically, which eliminates manual input errors. However, barcode and RFID solutions are still restricted, as they require user action: bringing a corresponding reader into close proximity (~10 cm) to the identification unit for reading of the identifier. Thus, automatic identification, assignment, verification of association and exchange of network parameters between sensor nodes is not possible with these current identification technologies. The basic concept of BCC is to send information over the human body (and a few centimeters

around it) via electric fields, thus allowing for touch-based interaction and data exchange. The first research work and applications were presented by Zimmerman (1996) in the mid nineties. This first system consisted of communication devices equipped with a pair of electrodes which are battery powered and electrically isolated. The BCC transmitter capacitively couples a modulating ρA displacement current through the human body to the BCC receiver. The return path is provided by the “earth ground”, which includes all conductors and dielectrics in the environment that are in close proximity to the BCC devices. The earth ground needs to be electrically isolated from the body to prevent shorting of the communication circuit. The prototype of (Zimmerman, 1996) measures 8×5×1 cm, uses on-off keying or direct sequence spread spectrum modulation, transmits at a frequency of 330 kHz and can achieve a data rate of 2.4 kbps. Further work was performed by Partridge (2001), Hachisuka (2003), Shinagawa (2004), and Song (2006). Partridge (2001) extended the BCC system of Zimmerman (1996) by adding amplifiers and filters, using FSK Modulation, transmitting at a frequency of 140 and 180 kHz, and achieving a data rate of 38.4 kbps. Among other results they pointed out that portable devices, with poor ground coupling, suffer more significant signal attenuation than devices with better ground coupling. As a different approach, Hachisuka (2003) treats the human body as a waveguide and transmits high frequency electromagnetic waves through the body. Using FSK Modulation and transmitting at a frequency of 10.7 MHz, it achieved a data rate of 9.6 kbps. Keeping the same physical principle but using electric-field sensor implemented with an electro-optic crystal and laser light, Shinagawa (2004) enabled IEEE 802.3 half-duplex communication of 10 Mbps through a person’s body in an operating range of about 150 cm between the hands. Recent work described in (Song, 2006) and (Yoo, 2007) proposes a wideband signaling transceiver with a direct coupled interface using

169

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

only a single electrode for data transmission. The authors studied frequencies between 10 kHz and 100 MHz to enable communication between different devices at the body and achieved a data rate of up to 10 Mbps at the higher frequencies.

•

LIGHTWEIGHT SECURITY FOR BDY SENSOR NETWORKS Security is a compulsory requirement in BSNs as required by international laws such as the Health Insurance Portability and Accountability Act (HIPAA) (The US Congress, 1996) or the European Directive 95/46 (The European Parliament and the Council of the European Union, 1995) on protection of personal data. These directives demand methods and solutions to protect patient privacy, ensure the confidentiality of medical data, and, in general, deploy secure systems in the healthcare domain. Security in BSNs has been identified as an open challenge due to the strict operational requirements and the resource-constrained nature of sensor nodes (Ng, 2006). Firstly we provide an overview of the most important security services that ensure both privacy and safety of patients. Additionally, we survey the concept of α-secure Key Distribution Schemes (α-sKDSs) to allow for lightweight security setup in medical BSNs. Then we present a comprehensive security system for BSNs aiming at pervasive healthcare applications. This system combines α-sKDSs with BCC to build a secure and reconfigurable system. Finally, we summarize the related work.

Security Requirements Medical BSNs require the provision of the following basic security services (Barker, 2006): •

170

Confidentiality and orivacy are the properties whereby information is not disclosed to unauthorized parties. Confidentiality is achieved by using encryption to render infor-

•

•

•

mation unintelligible except by authorized entities. Data integrity is the property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. This includes the insertion, deletion and substitution of data. Both accidental and deliberate modification of data can be detected by means of digital signatures or message authentication codes. Authentication is a service that is used to establish the origin of the information. That is, authentication services verify the identity of the user or system that created information. Authentication is provided by digital signatures or message authentication codes; some key agreement techniques also provide authentication. Authorization is concerned with providing an official permission to perform a security function or activity. Normally, authorization is granted by following a process of authentication. Authentication can be used to authorize a role rather than to identify an individual. Once authenticated to a role, an entity is authorized for all the privileges associated with the role. Non-repudiation is a service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party. Nonrepudiation is supported by the use of digital signatures calculated by a private key.

Cryptographic security services often require supporting services, such as key management and random number generation services. The key management infrastructure plays a fundamental role in BSNs, since it supports the establishment and maintenance of keying relationships between authorized parties, i.e., initialization of sensors and users in a Security Domain (SD), generation, distribution, storage, controlling, revocation, update, and destruction of related keying material

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

(Barker, 2006). Therefore, key management can be considered as the Achilles heel of BSN security, as the operation of basic security services depends upon it. A fundamental part of the key management infrastructure is key distribution and establishment. Key establishment is a process whereby a shared secret becomes available to two or more parties. Key pre-distribution schemes are key establishment protocols whereby the resulting established keys are completely determined a priori by initial keying material. In contrast, dynamic key establishment schemes are those whereby the key establishment by a fixed pair (of groups) of users varies on subsequent executions (Barker, 2006).

α-Scure Key Distribution Schemes The deployment of secure BSNs must rely on lightweight key distribution schemes due to the resource-constrained nature of sensor nodes. Additionally, key agreement must fulfill the operational requirements of mobile medical BSNs such as mobility, distributed operation, low delay requirements, or direct key agreement (GarciaMorchon, 2007). α-secure Key Distribution Schemes (α-sKDSs) represent an efficient approach to solve the key distribution problem in BSNs either at home or in professional medical environments. These schemes were introduced by Blom (1984) and Blundo (1992) in the context of or group keying in traditional networks. Later, these schemes have been applied to wireless sensor networks (Liu, 2005; Sanchez, 2005). In general, some root Keying Material (KMroot) generated by a trust center and stored on a secure location is used to generate and distribute a different but correlated keying material share (KM z) to each entity z. KM shares can be used for distributed key agreement between parties in a SD afterwards. A trivial α-sKDS can be generated by using as KMroot a symmetric bivariate polynomial f(x,y) of degree λ over a finite field Fq, where q is large enough to accommodate

a cryptographic key. Each node, z, receives as KMz a polynomial share, f(z,y), generated by evaluating the original bivariate polynomial at x=z. Two nodes, w and z, can agree on a pairwise key by evaluating their respective polynomial shares in the identity of the other party, i.e.: K

w z

=f (z, y)|

=

y = w

f ( w , y ) | y=z (Equation 1)

α-sKDSs allow for efficient and secure communication in BSNs due to several reasons, as thoroughly described in (Garcia-Morchon, 2006). Key generation can be carried out in a few milliseconds on standard commercial sensor nodes without requiring an additional expensive cryptocoprocessor. Besides the memory requirement of these mechanisms is very low, making feasible the coexistence of security and medical applications, which actually consume most of the code and specially Random Access Memory (RAM) available on sensor nodes. α-sKDSs exhibit further operational advantages including distributed operation, scalability properties or friendly system reconfiguration. The distributed approach is useful in particular for many pervasive healthcare scenarios where an online Key Distribution Center (KDC) (Menezes, 1996) is not desired or may not be always reachable due to, e.g., temporary lack of connectivity or congestions around it. In contrast, distributed approaches ensure that a secure channel can always be established between different medical sensor nodes in a same SD. The scalability and reconfiguration properties of α-sKDS ensure the effortless upgrading of medical BSN systems. For instance, new nodes can be easily configured and added to a security domain by providing correlated KM shares to them.

Lightweight End-to-End Security Sstem This subsection completes the user identification system based on BCC described in the former sec-

171

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Table 2. DPKPS (Sanchez, 2005) resource requirements on AquisGrain for a key strength of 64 bits according to (Garcia-Morchon, 2006) Keying Material

Code Size

RAM

Key Generation

2 Kbytes

~ 1 Kbyte

< 80 bytes

1.5 ms

tion providing the basic security functionalities described at the beginning of this section. This comprehensive security system is based on (Garcia-Morchon, 2008) and allows for secure BSN association, exchange of medical data between body sensor nodes and PDAs, as well as setting up a secure end-to-end channel between home BSNs and back-end healthcare services. We use an efficient α-sKDS, the Deterministic Key PreDistribution Scheme (DPKPS) (Sanchez, 2005; Garcia-Morchon, 2006), to deploy secure home BSNs. DPKPS’s resource requirements for key agreement are summarized in Table 21. In this setting, each medical body sensor and actuator node z in the home security domain carries a set of correlated DPKPS KM, KM z. Additionally; each user in the system owns a PI and a mobile phone. Each PI stores the user’s name, identifier, and a set of correlated DPKPS KM, KM ID_User. Besides, the PI and mobile phone are pre-configured with a symmetric key used for setting up a secure channel between both devices. Furthermore, the mobile phone supports public-

Figure 8. Secure BSN association

172

key cryptography storing the user’s private and public keys2, and serving as local secure repository of medical data. Figure 8 describes the security BSN association protocol carried out between sensor nodes and a user’s personal identifier aiming at identifying and authenticating the nodes that join a user’s BSN. This handshake completes the system operation described in the former section (see Figure 7) and is triggered by the identifier request. Here, a joining sensor node and the PI exchange their node identifiers (Figure 8, step II) and agree on a common key by using the distributed DPKPS keying material (Figure 8, step III). The DPKPS operation is similar to the one described in subsection “α-Secure Key Distribution Schemes” and Equation 1, but it uses several optimizations (Sanchez, 2005) to minimize the resource requirements for key agreement on commercial sensor nodes. Both nodes use the generated master pairwise key to derive a session key (Figure 8, step III). A one-way hash function is used to this end. This session key is used to carry out a challenge-

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

response authentication handshake (Menezes, 1996) between both parties. A successful handshake ensures that both nodes are members of the same home security domain (Figure 8, step IV). Our system employs this symmetric session key in combination with the Advanced Encryption Standard (AES) coprocessor on the ADA module to guarantee confidentiality, authentication, integrity and freshness of BCC-based communication, e.g., the secure exchange of the user’s ID as shown in Figure 8, step V. Additionally, the PI generates and securely distributes a BSN key, KBSN to each successfully authenticated node in the BSN. KBSN is different for each BSN and used to secure wireless communication between sensor nodes and monitoring devices such as PDAs or mobile phones. The BSN key can be periodically updated enabling effortless implementation of a sensor node revocation procedure. This is necessary when a node is captured or leaves a user’s BSN. To this end, the PI sends periodic requests to each member of the BSN3. If the PI does not receive a reply from any of them, the KBSN is updated in order to protect the user’s privacy. The new BSN key is sent to all BSN members in a secure manner as done before. By using such an approach we can ensure that different users belonging to the same home SD can share sensors and actuators, and yet ensure that the medical data of different BSNs is correctly linked to the right user. Each BSN forms its own security domain with an individual KBSN. This setting also allows for effortless realization of end-to-end security between users’ BSNs and back-end healthcare services such as healthcare records by using the users’ mobile phones as gateways. If this is required, the user’s BSN key is transmitted to the user’s mobile phone in a secure way by using the preconfigured key and public-cryptography is used for user identification and setting up the secure connection with back-end services.

Rlated Work Security in wireless sensor networks has attracted the attention of many researchers in the last years due to the challenging operational requirements and resource-constrained nature of sensor nodes. Basic security services such as confidentiality, authentication, or integrity protection can be easily solved by using standard symmetric algorithms such as AES—hardware-implemented on many commercial radio chips such as Texas Instrument’s CC2420. However, there exist many open issues such as secure data aggregation, secure routing or key distribution and management (Perrig, 2004). In particular, many different key distribution protocols have been proposed in the literature including distributed random key pre-distribution schemes (Chan, 2003), centralized schemes such as LEAP (Zhu, 2006) or S2RP (Dini, 2006) and public-key systems (Gupta, 2005; Liu, 2007). Key distribution and end-to-end security is an open key issue for medical sensor networks in order to prevent attackers from hacking medical systems. Different orthogonal approaches have been proposed. The ZigBee Personal Home & Hospital Care profile (ZigBee Alliance, 2007) uses a centralized trust center to distribute cryptographic keys to nodes. In (Malasri, 2007) the authors propose the use of elliptic curve cryptography in medical networks following the work of, e.g. Gura (2004) in WSNs. I-Living (Wang, 2006) makes use of preconfigured keys and certificates that are stored on USB sticks and recognized after plugging them into a device. Poon (2006) et al. propose the use of vital signs such as ECG for generation of cryptographic keys in a BSN. Misic (2007) et al. have proposed several security policies based on public-key cryptography for clinical usage. Other medical systems such as CodeBlue (Shnayder, 2005) or ALARM-NET (Wood, 2006) leave it as an open issue.

173

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

FUT TRENDS We presented a solution for bootstrapping of wireless BSNs based on BCC. From the user’s perspective, human centered connectivity is achieved by BCC. On the one hand, it enables a paradigm shift towards intuitive applications that involve user-device interaction, device sharing, as well as content sharing. On the other hand, it provides, along with its communication and security protocols, a reliable and safe communication environment. In BCC there are still several challenges to be addressed from a technical point of view. A lot of work has already been done to achieve a model of the signal transfer along the human body, but this work is still not exhaustive as it has not been performed on a statistically relevant population. Moreover, the influence of the external environment, for instance due to interference, generates an additional source of variability that has not been completely addressed. The knowledge about channel characteristics and interference can be further refined to achieve a definitive conclusion on an optimal approach for an energy efficient physical layer. Instead of being used for bootstrapping wireless BSNs—as described in this chapter, BCC could be used for on-body data transmission, thus replacing the RF transceiver. For the deployment and commercial success of such BCC-based BSNs it is important that an industry standard is developed. This would allow for a widespread use of the technology and enable interoperability between devices from different vendors. As explained in this chapter, the standardization activity IEEE 802.15.6 for the connectivity of BANs is currently ongoing. BCC optimally meets the IEEE 802.15.6 requirements for on-body communication and could be a candidate communication technology. The deployment of intelligent healthcare monitoring systems for medical sensor networks in different application scenarios such as home,

174

hospital and fitness centers requires safeguards to maintain security and privacy of patient data. A key step towards this goal is the deployment of a comprehensive end-to-end security architecture between BSNs and backend healthcare systems. Issues such as the unique identification of users and BSNs in the whole system, the design of context-aware security policies to grant access to the Electronic Health Information (EHI) to authorized personal only, and the secure and efficient storage of the EHI for rapid and secure access are of paramount importance in the design and rollout of such comprenhensive security systems.

CNCLUSION Medical BSNs enable unobtrusive health monitoring. They improve care quality, efficiency, and care-giving paradigms. However, the deployment of medical BSNs in real application scenarios reveals that wireless BSNs are more than mere miniaturization and cable replacements. Their realization imposes new challenges on usability and safety. To address that, our medical BSN solution combines security, operational safety and Plug&Play simplicity. A BCC transceiver generates a weak yet detectable electric field that is capacitively coupled to the body, allowing for the transmission of small amounts of information. We use BCC to bootstrap wireless BSNs. In our approach, a user wears a BCC-enabled PI and one or more medical body sensors featuring a wireless transceiver and a BCC transceiver. Thanks to the person-bound communication enabled by BCC, medical body sensors automatically retrieve the wireless network parameters as soon as they are stuck to the user’s body. As a result, from a user’s perspective, forming a wireless BSN is as easy as sticking sensors to her body or just touching an off-body device. Furthermore, the PI also allows sensors to annotate their readings with a unique user ID, thereby enabling safety in

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

personal healthcare environments with multiple users. A complete BSN design must also involve security. Key management is of paramount importance in BSN security, as the operation of basic security services depends upon it. A fundamental part of the key management infrastructure is key distribution and establishment. Our α-secure key-distribution scheme DPKPS enables lightweight key agreement between sensor nodes–whereas it is optimized for resourceconstrained wireless sensors and fully meets the medical security requirements. Similarly to our network formation approach, BCC is used for the BSN security setup: when a body sensor is stuck to the body, it exchanges identifiers with the PI and both agree on a common key by means of the distributed DPKPS keying material. The user’s PI identifies and authenticates the nodes that join a user’s BSN. Despite the utilization of personal identifiers, our security setup does not compromise the user’s privacy in identification procedures. Our system can also enable end-toend security in mobile healthcare systems. The user’s BSN key is transmitted to the user’s mobile phone in a secure way by using the preconfigured key, and public-cryptography is used for user identification and for setting up the secure connection with back-end services. We implemented and validated the automatic BSN formation and security setup solution using the versatile IEEE 802.15.4-compliant AquisGrain sensor platform developed by Philips Research. Future trends around BCC include a deeper study and better modeling of the communication channel and of the influence of the environment—e.g. interferences. Moreover BCC may also be used as on-body data communication technology replacing RF transceivers. Obviously off-body communication still requires RF-based communication since it cannot be achieved by means of BCC. Regarding security for BSNs, comprehensive end-to-end security architectures between BSNs and backend healthcare systems need to be developed.

REFERENCES Acht, van V., Bongers, E., Lambert, N., & Verberne, R. (2007). Miniature Wireless Inertial Sensor for Measuring Human Motions. In Proceedings of Engineering in Medicine and Biology Society, 2007 (EMBS 2007). 29th Annual International Conference of the IEEE EMBC 2007 (pp. 62786281). Lyon, France. American Heart Association (2007). Heart Disease and Stroke Statistics – 2004 Update. Dallas, Texas: A.H. Association. Andersen, J., & Bardram, J. E. (2007). BLIG: A New Approach for Sensor Identification, Grouping, and Authorisation in Body Sensor Networks. In Proceedings of 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007) (pp. 223-229). Aachen, Germany. Baldus, H., Klabunde, K., & Müsch, G. (2004). Reliable Set-Up of Medical Body-Sensor Networks. First European Workshop on Wireless Sensor Networks (EWSN 2004) (pp. 353-363). Berlin, Germany: LNCS, 2920, Springer. Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for Key Management – Part 1: General. NIST Special Publication (800-57). Blom, R. (1984). An Optimal Class of Symmetric Key Generation Systems. Advances in Cryptology in Proceedings Eurocrypt’84 (pp. 335-338). Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., & Yung M. (1992). Perfectly-Secure Key Distribution for Dynamic Conferences. In E.F. Brickell (Ed.), Proceedings Conference Advances in Cryptology (Crypto’92) (pp. 471486). Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In Proceedings of IEEE Symposium on Research in Security and Privacy (pp. 197-213).

175

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Dini, G., & Savino, M. (2006). S2RP: a Secure and Scalable Rekeying Protocol for Wireless Sensor Networks. In Proceedings of Mobile Adhoc and Sensor Systems (MASS) - IEEE International Conference (pp. 457-466). Eklund, J. M., Hansen, T. R., Sprinkle, J., & Sastry, S. (2005).Information technology for assisted living at home: building a wireless infrastructure for assisted living, In Proceedings of the TwentySeventh Annual International Conference of the IEEE Engineering in Medicine and Biology Society. Shanghai, China. Espina, J., Falck, T., & Mülhens, O. (2006). Network Topologies, Communication Protocols, and Standards. In G. Z. Yang (Ed.), Body Sensor Networks (pp. 145-182), Springer. Espina, J., Falck, T., Muehlsteff, J., Jin, Y., Adan, M. A., & Aubert, X. (2008). Wearable Body Sensor Network towards Continuous Cuff-less Blood Pressure Monitoring. In Proceedings of the 5th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2008/ISSS-MDBS 2008) (pp. 28-32). Hong Kong, China. Garcia-Morchon, O., & Baldus, H. (2007). Hierarchical Key Pre-Distribution in Mobile Sensor Networks. Paper presented at 2nd Workshop on Embedded Systems Security (WESS’2007). A Workshop of the IEEE/ACM EMSOFT’2007. Garcia-Morchon, O., Baldus, H., & Sanchez, D. S. (2006). Resource-Efficient Security for Medical Body Sensor Networks. Presented at 3rd International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2006). Garcia-Morchon, O., Falck, T., Heer, T., & Wehrle, K. (2008). A Comprehensive Security System for Pervasive Medical Sensor Networks. Paper submitted to Special Issue of IEEE Journal on Selected Areas in Communications on Body Area Networking. Call for papers retrieved May 20, 2008, from http://dutetvg.et.tudelft.nl/~alex/CFP/

176

old/20080115-200903xx-CFP-Special_Issue_of_ IEEE_Journal_on_Selected_Areas_in_Communications_on_Body_Area_Networking.html Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., & Shantz, S. C. (2005). Sizzle: A Standards-based end-to-end Security Architecture for the Embedded Internet. In PERCOM’05 Proceedings of the third IEEE International Conference on Pervasive Computing and Communications (pp. 247-256). Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 2004). Habetha, J., & Reiter, H. (2008). MyHeart Project. Retrieved February 19, 2008, from http://www. hitech-projects.com/euprojects/myheart/ Hachisuka, K., Nakata, A., Takeda, T., Terauchi, Y., Shiba, K., Sasaki, K., Hosaka, H., & Itao, K. (2003). Development and Performance Analysis of an Intra-Body Communication Device. In Proceedings of the 12th International Conference on Solid State Sensors, Actuators, and Microsystems. Herzog, R. (2004). MobiHealth Project. Retrieved February 19, 2008, from http://www.mobihealth. org/ IEEE 802.11g-2003 (2003). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 4: Further Higher Data Rate Extension in the 2.4GHz Band. IEEE 802.15 WPAN™ Task Group 6 Body Area Networks (BAN) (2007). Retrieved February 19, 2008, from http://www.ieee802.org/15/pub/TG6. html

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

IEEE 802.15.1™-2002 (2002). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 15.1: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Wireless Personal Area Networks (WPANs). IEEE 802.15.4-2006 (2006). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs). IEEE P802.15.3 (n.d.). Draft Standard for Information technology—Telecommunications and information exchange between systems—LAN/ MAN Specific requirementsPart 15.3: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specs for High Rate Wireless Personal Area Networks (WPANs). IEEE P802.15.4a (2007). Draft Amendment to IEEE Standard for Information technology— Telecommunications and information exchange between systems—Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs): Amendment to add alternate PHY. Jovanov, E., Milenkovic, A., Otto, C., & Groen, P.C. de. (2005). A Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation. Journal of Neuroengineering and Rehabilitation, 2(1), 6. Kraemer, R., & Ebert, J-P. (2006). BASUMA Project. Retrieved February 19, 2008, from http:// www.basuma.de/index.php?lang=en Liu, A., Kampanis, P., & Ning, P. (2007). TinyECC: Elliptic Curve Cryptography for Sensor Networks

V. 0.3. Retrieved May 29, 2008, from http://discovery.csc.ncsu.edu/~pning/software/TinyECC/ index.html Liu, D., Ning, P., & Li, R. (2005). Establishing Pairwise Keys in Distributed Sensor Networks. In ACM Transactions on Information and System Security, 8(1), 41-77. Lo, B. P. L., & Yang, G. Z. (2005). Key Technical Challenges and Current Implementations of Body Sensor Networks. In Proceedings of 2nd International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2005) (p. 1). London, UK. Malan, D., Fulford-Jones, T., Welsh, M., & Moulton, S. (2004). Codeblue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care. In Proceedings of 1st International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2004) (pp. 55-58). London, UK. Malasri, K., & Wang, L. (2007). Addressing security in medical sensor networks. In Proceedings of the 1st ACM SIGMOBILE International Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (pp. 7-12). San Juan, Puerto Rico: ACM, New York, NY. Retrieved February 19, 2008, from http://doi. acm.org/10.1145/1248054.1248058 Malouin, F. et al. (2005). Assessment and Training of Locomotion after Stroke: Evolving Concepts (pp. 185-222). Edinburgh: Butterworth Heinemann. Menezes, A. J., van Oorschot, P. C., & Vanstone, S. C. (1996). Handbook of Applied Cryptography. Boca Raton, FL: CRC Press, 1996. Retrieved February 19, 2008, from http://www. cacr.math.uwaterloo.ca/hac/ Misic, J., & Misic, V. B. (2007). Implementation of security policy for clinical information systems over wireless sensor networks. Elsevier’s Ad Hoc Networks, 5(1), 134-144.

177

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

Muehlsteff, J., Aubert, X., & Schuett, M. (2006). Cuffless Estimation of Systolic Blood Pressure for Short Effort Bicycle Tests: The Prominent Role of the Pre-Ejection Period. In Proceedings IEEE-EMBC 2006, 28, 5088-5092. Ng, H. S., Sim, M. L., & Tan, C. M. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 138-144. Retrieved February 19, 2008, from http://dx.doi.org/10.1007/s10550-006-0051-8. Parker, V. M., Wade, D. T., & Hewer, R. L. (1986). Loss of Arm Function after Stroke: Measurement, Frequency and Recovery. International Rehabilitation Medicine, 8, 69-73. Partridge, K., Dahlquist, B., Veiseh, A., Cain, A., Foreman, A., Goldberg, J., & Borriello G. (2001). Empirical Measurements of Intrabody Communication Performance under Varied Physical Configurations. In Proceedings of the 14th annual ACM symposium on user interface software and technology (pp. 183-190). Orlando, FL. Partridge, K., Newman, S., & Borriello, G. (2003). Facile: A Framework for Attention-Correlated Local Communication. In Proceedings of 5th IEEE Workshop on Mobile Computing Systems & Applications (pp. 139-147). Monterey, CA. Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53-57. Retrieved February 19, 2008, from http://doi.acm.org/10.11 45/990680.990707 Philips Medical Systems (2005). Striving for cableless monitoring. In C. Ragil (Ed.), Philips Medical Perspective Magazine, February 2005 (pp. 24-25). Poon, C., Zhang, Y., & Bao, S. (2006). A Novel Biometrics Method to Secure Wireless Body Area Sensor Networks for Telemedicine and M-Health. In IEEE Communications Magazine (pp.73-81).

178

Rekimoto, J., Ayatsuka, Y., & Kohno, M. (2003). SyncTap: An Interaction Technique for Mobile Networking. 5th International Symposium on Human-Computer Interaction with Mobile Devices and Services (pp. 104-115). Udine, Italy: LNCS, Springer, 2795. Rekimoto, J., Ayatsuka, Y., Kohno, M., & Oba, H. (2003). Proximal Interactions: A Direct Manipulation Technique for Wireless Networking. In: Proceedings of Human-Computer Interaction (INTERACT 2003). Zurich, Switzerland. Rekimoto, J., Miyaki, T., & Kohno, M. (2004). ProxNet: Secure Dynamic Wireless Connection by Proximity Sensing. 2nd Conference on Pervasive Computing (Pervasive 2004) (pp. 213-218). Vienna, Austria: LNCS, 3001, Springer. Sanchez, D., & Baldus, H. (2005). A Deterministic Pairwise Key Pre-Distribution Scheme for Mobile Sensor Networks. Presented at SecureComm 2005. Shinagawa, M., Fukumoto, M., Ochiai, K., & Kyuragi, H. (2004). A Near-Field-Sensing Transceiver for Intrabody Communication Based on the Electrooptic Effect. In IEEE Transactions on Instrumentation and Measurement, 53(6). Shnayder, V., Chen, B., Lorincz, K., Fulford-Jones, T. R. F., & Welsh, M. (2005). Sensor Networks for Medical Care. Harvard University Technical Report TR-08-05 April 2005. Song, S.-J., Cho, N., Kim, S., Yoo, J., & Yoo, H.-J. (2006). A 2Mb/s Wideband Pulse Transceiver with Direct-Coupled Interface for Human Body Communications. In Proceedings of IEEE International Solid-State Circuits Conference (Session 30, Silicon for Biology, pp.558-559). Philadelphia, PA. The European Parliament and the Council of the European Union (1995). Directive 95/46/EC. Retrieved February 19, 2008, from http://www.cdt. org/privacy/eudirective/EU_Directive.html

Towards Easy-to-Use, Safe, and Secure Wireless Medical Body Sensor Networks

The US Congress (1996). Health Insurance Portability and Accountability Act. Washington D.C.. Retrieved February 19, 2008, from http://www. hhs.gov/ocr/hipaa/

Zhu, S., Setia, S., & Jajodia, S. (2006). LEAP+: Efficient security mechanisms for large-scale distributed sensor networks. In ACM Transactions on Sensor Networks (Vol. 2, 4, pp. 500-528).

Wang, Q., Shin, W., Liu, X., Zeng, Z., Oh, C., Bedoor, K., Li, A., Caccamo, M., Gunter, C. A., Gunter, E., Hou, J., Karahalios, K., & Sha, L. (2006). I-Living: An Open System Architecture for Assisted Living. In Proceedings of IEEE SMC 2006.

ZigBee Alliance (2007). ZigBee 2007 Specification (Release 053474r1, May 2007).

Willmann, R. D., Lanfermann, G., Saini, P., Timmermans, A., Vrugt, J. te, & Winter, S. (2007). Home Stroke Rehabilitation for the Upper Limbs. Paper presented at EMBC 2007. Lyon, France. Wood, A., Virone, G., Doan, T., Cao, Q., Selavo, L., Wu, Y., Fang, L., He, Z., Lin, S., & Stankovic, J. (2006). ALARM-NET: Wireless Sensor Networks for Assisted-Living and Residential Monitoring. Technical Report CS-2006-1. Charlottesville, VA: University of Virginia, Department of Computer Science. Yoo, H.-J., Song, S.-J., Cho, N., & Kim, H.-J. (2007). Low Energy On-Body Communication for BSN. In Proceedings of 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007) (pp 15-20). Aachen, Germany.

Zimmerman, T. G. (1996). Personal area networks: Nearfield intrabody communication. IBM Systems Journal, 35(3/4), 609-617.

EndnoTES

1



2



3

Note that these requirements depend upon several DPKPS parameters. The results of Table 2 are extracted from (Garcia-Morchon, 2006) and provide a resiliency of α=256. We assume that asymmetric cryptography is used in pervasive healthcare applications for user identification and authentication. We also assume the existence of a centralized healthcare certification authority. Observe that this only applies to those wireless sensors that are attached to the patient’s body, but not to off-body devices such as clinician PDAs, as the BCC channel with them is only established while touching them during the initial association phase.

179

180

Chapter X

Sensing of Vital Signs and Transmission Using Wireless Networks Yousef Jasemian Engineering College of Aarhus, Denmark

ABSTRACT People living with chronic medical conditions, or with conditions requiring short term monitoring, need regular and individualized care to maintain their normal lifestyles. Mobile healthcare is a solution for providing patients’ mobility while their health is being monitored. Existing studies show that mobile healthcare can bring significant economic savings, improve the quality of care, and consequently the patient’s quality of life. However, despite all progresses in advanced information and telecommunication technologies, there are still very few functioning commercial wireless mobile monitoring devices present on the market, which most work off-line, are not proper for m-health services and there are still many issues to be dealt with. This chapter deals with a comprehensive investigation of feasibility of wireless and cellular telecommunication technologies and services in a real-time m-health system. The chapter bases its investigation, results, discussion and argumentation on an already developed remote patient monitoring system by the author. The implemented m-health system has been evaluated and validated by a number of well defined tests and experiments. The designed and implemented system fulfils the requirements. The suggested system is reliable, functions with a clinically acceptable performance, and transfers medical data with a reasonable quality, even though the system was tested under totally uncontrolled circumstances during the patients’ daily activities. Both the patients and the involved healthcare personnel expressed their confidence in using it. It is concluded that the system is applicable in clinical setup, and might be generalized in clinical practice. Finally, the chapter suggests improvement approaches for more reliable, more secure, more user-friendly and higher performance of an m-health system in future. Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Sensing of Vital Signs and Transmission Using Wireless Networks

INTRDUCTION Telemedicine has been defined as “medicine practiced at distance”. This encompasses diagnosis and treatment as well as medical education. The European Commission Information Society Directorate-General (2001), defines telemedicine as “the use of remote medical expertise at the point of need, which includes two major areas: Home care, as care at the point of need through connected sensors, hubs, middleware and reference centers, and co-operative working, as a network of medical expertise linked together”. The definition of telemedicine differs depending on the background of the user and the applications aim. From a clinician’s point of view, telemedicine can be defined as “practicing healthcare delivery such as consultation, transferring medical data, monitoring, diagnosis, treatment and patient education, using interactive audio/video facilities and a telecommunication network”. This definition leads to the creation of “E-health” and “Tele-health” terms. Tele-health is the use of information and communication technology to deliver health services, expertise and medical information over a distance. Whereas, e-Health is broader than either Telemedicine or Tele-health and can be described as an emerging field composing medical informatics, public health and business, which enables health services and medical information to be delivered or enhanced through the internet or other related communication technologies. So, a telemedicine system encompasses information technology, biomedical engineering and telecommunication technologies, serving healthcare providers and patients at a distance. Thus, the used terminology to describe healthcare services at a distance will probably change as fast as the used technology. Telemedicine is showing its value in a rapidly increasing number of clinical situations (Agha, Schapira & Maker, 2002; Bai et al. 1999; Freedman, 1999; Kyriacou et al., 2003; Magrabi, Lovell & Celler, 1999; Scalvini et al., 1999). Moreover,

telemedicine applications may include but are not limited to, rural healthcare, public healthcare service, humanitarian efforts, school-based health services, disaster medicine, prison healthcare and nursing home care (Berek & Canna ,1994; Perednia & Allen, 1995). There have been many studies around the world which have shown the feasibility and usefulness of telemedicine in remote areas (Jasemian & Arendt-Nielsen, 2005c; Lin, Chiu , Hsiao, Lee & Tsai, 2006; Jasemian, 2006; Jasemian, 2008; Bai et al. 1999; Freedman, 1999; Kyriacou et al., 2003; Magrabi et al., 1999; Gott, 1995; Coyle, Boydell & Brown, 1995; Dansky, Palmer, Shea & Bowles, 2001). Fixed communication networks have been used in different telemedicine setups for some years (Gott, 1995; Coyle et al., 1995; Rezazadeh & Evans 1990; Patel & Babbs 1992), whereas wireless and cellular technologies within telemedicine have been in focus in the latest few years (Freedman, 1999; Kyriacou et al., 2003; Orlov, Drozdov, Doarn & Merrell 2001; Satava, Angood, Harnett, Macedonia & Merrell, 2000; Shimizu, 1999; Uldal, Manankova & Kozlov, 1999; Woodward, Istepanian & Richards,2001). Mobile healthcare is a solution for providing patients’ mobility while their health is being monitored. It has real benefits which are often significant; this can become evident through clinical trials (Jasemian et al., 2005c; Lin et al., 2006). Based on the existing studies it is clear that mobile healthcare can bring significant economic savings, improve the quality of care and consequently the patient’s quality of life. The performance of communication links has greatly improved, and communications networks have been extended throughout most of the world. Mobile communications, in particular, and particularly in combination with the internet, have brought new possibilities to various fields. Therefore, advanced telecommunication technologies may make the realization of new and innovative monitoring and healthcare delivery a reality. Despite all progress in advanced telecommunication technologies,

181

Sensing of Vital Signs and Transmission Using Wireless Networks

there are still very few functioning commercial wireless mobile monitoring devices present on the market, which most work off-line, and there are still many issues to be dealt with. The present chapter intends to explore the state-of-the-art of the wireless and mobile technologies applied in an M-Health service and the most important issues in design and implementation of mobile and pervasive healthcare services for sensing vital signs; suggesting improvement approaches for more reliable, more secure, more user-friendly and higher performance of an M-Health system.

BGROUND AND MOTIVATION People living with chronic medical conditions, or with conditions requiring short term monitoring, need regular and individualized care to maintain their normal lifestyles. The life of these patients is often centered on check-ups and hospital visits. According to the Administration on Aging (2002), the elderly population is increasing worldwide and it is expected that the number of people over 65 will increase even more in the coming decades. Older adults, 65 years plus, comprise about 12.4% of the U.S. population. By 2030, this will have increased to 20%, representing twice the number as in 2000. Eighty five years and older seniors represent the fastest growing group (He, Sengupta, Velkoff & DeBarros, 2005). An aging population will impact upon traditional healthcare delivery methods. Older people have different requirements from society and government as opposed to young people, and frequently differing values as well. These issues alone will have an enormous impact on the demands for care services for the elderly. Many elderly people suffer from physical and mental disabilities that affect their everyday life. Many older adults require long-term care due to diseases associated with aging. According to the Administration on Aging (2002), in U.S.A, About 7 million adults over 65 have mobility or self-

182

care limitations. This often makes it necessary to constantly monitor the vital functions of these patients in hospitals or nursery homes which are both costly and uncomfortable. By 2030, the average number of children per family will be about 2 compared to 3 in 1990 (Fields & Casper, 2001). Smaller family sizes along with geographically dispersed family members make it difficult to provide long-term care without some type of external support system. These demographic trends highlight the need for innovative support systems for family members and their caregivers. Nowadays, in many Western countries, there is a tendency for health authorities to optimize resources by introducing pervasive and mobile healthcare services. In many cases it has become a preference to treat and/or monitor as many patients as possible in their homes. The benefits of mobile healthcare are to decrease hospital-based resource utilization, improve patient compliance with treatment plans, improve the level of patient satisfaction with healthcare services, and improve patients’ perceived quality of life. In many cases, continuous monitoring has allowed patients to return to productive work. This reduces the burden on the society and most specifically healthcare system. For people with diseases such as cardiac arrhythmia, Chronic Obstructive Pulmonary Disease (COPD), asthma, and for others in need of frequent medical monitoring, it is easier to enjoy everyday activities when they have mobile healthcare available. An important area of the mobile healthcare service is the mobile monitoring of the patient’s vital signs outside the clinical environment. Mobile healthcare can monitor common vital signs such as blood pressure, electro cardiogram (ECG), pulse rate, blood oxygenation (SpO2), breathing rate, body temperature, body activity and weight, and other measures. Questionnaires and several blood tests can also be integrated to remote monitoring systems such as the monitoring of pain or blood glucose.

Sensing of Vital Signs and Transmission Using Wireless Networks

While health providers are already geared up to dealing with an increasing number of elderly patients, and could probably cope with a rise in instances of obesity related diseases, they cannot do both without automating clinical processes and using technology to improve public health. For the healthcare sector, wireless and mobile technologies have appeared at an opportune time. For decades the healthcare sector has lagged behind the manufacturing and financial sectors in the adoption of automated processes. Now it can use mobile and wireless technology to realize the sort of efficiency gains achieved by banks and large businesses. Pervasive and mobile healthcare services can apparently create insecurity when the patients are remote from access to medical systems. However, the capturing of real-time data has been proven to significantly improve the observed effects of treatment (Philips Medical Systems, 2005; BASUMA Project, 2008; MobiHealth Project, 2008; Lo & Yang, 2005; Jasemian et al., 2005c; Lin et al., 2006). Frequent monitoring reassures patients that their condition is being regularly followed, providing them with security and peace-of-mind. The patients can feel less limited in their daily lives (Jasemian, 2006; Jasemian, 2008). Moreover, with wireless technology, physicians can use their hand-held devices such as Personal Digital Assistant (PDA), to access the clinical data repository and can view both the historical and real-time patient data such as laboratory result quickly and conveniently. Inevitably, healthcare goes mobile. Recently developed mobile healthcare (i.e., m-health) services allow healthcare professionals to monitor mobile patient’s vital signs and provide feedback to this patient anywhere at any time. Due to the nature of current mobile service platforms, mhealth services are delivered with a best-effort, i.e., there are no guarantees on the delivered Quality of Service (QoS).

To estimate the global progress of telemedicine and mobile healthcare a search in the PubMed database and some simple statistics shows that from 1974 to 2007 approximately 7,772 published articles on telemedicine and mobile healthcare were registered, of which relatively few were review articles and the rest representing great activity in the field reporting the design, implementation, evaluation and application of telemedicine and mobile healthcare in all areas. These are of course only the registered papers in the PubMed database and there would be more if other database were searched too. It is only a rough estimate, but one can have a notion of the course which progress in this field has taken in the last 34 years. Figures 1 and 2 illustrate the numbers of published telemedicine papers from 1974 to 1991, and from 1991 to 2007 respectively. The years with higher publication rates are those in which the feasibility, applicability and implementation of new technologies in telemedicine and mobile healthcare were under investigation, evaluation and validation, however on the research and prototyping level. It seems that there was a significant decrease in years 2006 and 2007. Probably these are the years in which the technologies became more mature and there was more focus on the commercialization of different solution/products. Very few numbers of mobile healthcare systems are commercialized, clinically applied but not all evaluated scientifically. Mobile healthcare provision in the home environment or outdoors presents many challenges. Patients are becoming more informed about the management of chronic conditions and the use of technology to support the process is rising. Thus, it is unavoidable to address issues such as system interoperability, cost, security, reliability, performance, patient’s compliance and training in order to ensure effective use of mobile devices within the home healthcare arena.

183

Sensing of Vital Signs and Transmission Using Wireless Networks

Figure 1. the distribution of the published papers on telemedicine, in PubMed database, from 1974 to 1991.

Figure 2. the distribution of the published papers, in PubMed database, on telemedicine from 1991 to 2007.

SYSTEM REQUIREMENTS FOR AN M-HEALTH SERVICE Taking the recommendations and advice from the literature in addition to the practical and technological possibilities into consideration, a common mobile healthcare system should satisfy the following requirements: •

184

The system must be secure and safe (Specific Absorption Rate (SAR) < 2.0 W/Kg in

Europe, according to the international commissions’ recommendations (International Commission on Non-Ionizing Radiation Protection [ICNIRP], 1996; Standard for Safety levels with respect to human exposure to radio frequency electromagnetic fields [ANSI/IEEE C95.1-1992, NJ 08854-1331], 1991- 1999; International Radiation Protection Association, Health Physics [IRPA], 1988; World Health Organization, Environmental Health Criteria 137, Electromagnetic

Sensing of Vital Signs and Transmission Using Wireless Networks

• •

• •

•

•

• • •

•

Fields [WHO], 1993) and SAR < 1.6 W/Kg in USA (www.conformity.com, 2002) The M-Health device must be user friendly [Design requirement] The operation of the M-Health device must be fast and simple for the patients as well as for the healthcare personnel [Design requirement] The system should works interactively [Design requirement] The system should give the patients full mobility and freedom, in that way it would be possible to monitor them wherever they are, as long as the remote area has network coverage [Design requirement] The system should improve the present monitoring method significantly [Design requirement] The start-up must be fast and easy (< 25 s the time required for link establishment) (Kammann, 2001) The system uptime must be > 99.95 % The transfer rate should be at least ≥ 3.4 kbps [Design requirement] The data transmission must be without information loss or artifact gain (Bit Error Rate<10-4 at application level (Melero, Wigard, Halonen & Romero, 2002) and Signal to Noise Ratio > 22 dB [Design requirement]) The system should have high performance (Delay < 7.5 s application-level Round Trip Time, Dropped Call Rate < 1.8 %, Call Success Rate > 95 %, Packet Error Rate < 10-4, Packet Lost Rate < 10-4) (Melero et al., 2002; Romero, Martinez, Nikkarinen & Moisio, 2002).

TLEMEDICINE AND MOBILE HEALTHCARE SYSTEM AND TNOLOGY A telemedicine system, in general, is composed of four main parts; 1) Patient unit /client side, 2) Communication network, 3) Receiver unit / server side, and 4) Presentation unit / user interface. Figure 3 is a simplified sketch of a general telemedicine system. A patient unit collects information / vital data from a patient, sends it as an analogue signal or performs A/D conversion and error correction, controls the data flow, and performs data transmission, using a transmission media. The type of the information that might be sent could be: audio, data, motion video, still images or fax. The network is responsible for data security and data transmission from patient side to hospital / server side. The architecture of the communication network could contain one or a combination of telecommunication services such as: Plain Old Telephone Service (POTS), Integrated Services Digital Network (ISDN), Asynchronous Transfer Mode (ATM), Global System for Mobile communication (GSM), Universal Mobile Telecommunications System (UMTS), Microwaves radio system and Satellite link. A server unit receives the data from the communication network, processes and converts it into a well defined format and then sends it to a presentation unit. The received data could be analogue or digital, and could be in a bit stream or data packets. A presentation unit receives the data from the server and transforms it into either a text or a graphical format, and presents the data to the user via a user interface (e.g. at the hospital).

Figure 3. A simplified sketch of a telemedicine system

185

Sensing of Vital Signs and Transmission Using Wireless Networks

No mater which technology or network a telemedicine system has, patient safety, data integrity and, privacy, system’s performance and reliability, data quality, applicability and interoperability are common aspects which should be considered, during a telemedicine system design and setup. A number of trials in telemedicine field such as modeling and system simulation, design and development, have been carried out by different research groups. These found a number of valuable issues to deal with, from which the following were selected. Istepanian et al. (Istepanian, Woodward, Gorilas & Balos, 1998) modeled and simulated a complete cellular digital telemedicine system, using cellular telephone channels. The system was studied using both Interim Standard 54 (IS54) and GSM cellular telephone standard. The feasibility of transmitting and receiving Photoplethesmography (PPG) data using simulated GSM and IS-54 cellular channels was investigated. The results showed a successful PPG transmission over both simulated standards. They found that the performance of the mobile telemedicine system was dependent on the degree of multi-path, noise and interference, which were presented in the specified communication channel. To test the performance of the GSM standard, the input PPG data were tested for different power delay profiles (rural environment, hilly environment, urban environment or flat fading), mobile speeds, and noise and interference conditions. In another study (Freedman, 1999), investigated two important issues in a telemedicine system, namely, timeliness and ease of ECG transmission, using a cellular phone (Nokia 9000) and GSM standard. To study the mentioned issues experimentally, an ECG transmission system to a mobile phone was developed. The system was an off-line (saves and forward) using the mobile phones inbuilt fax software and modem. The results showed that the system could solve the above mentioned issues. Namely, it required very little

186

effort for acquiring the ECG and the transmission to the fax mail-box was rapid, in this way the healthcare process was not delayed. Shimizu (Shimizu, 1999), proposed a concept providing a mobile telemedicine system for emergency care in moving vehicles. An experimental system for transmission of color images, an audio signal, three-channel ECG and blood pressure was developed. The system used a satellite link, and both a fixed and a cellular communication network for real-time medical data transmission. Some problems with the used technique were identified (the problems are not mentioned in his paper), but the theoretical analysis verified the feasibility of the proposed technique. Later on in 2001 Woodward et al. (Woodward, Istepanian & Richards, 2001), presented the design of a prototype integrated mobile telemedicine system that was compatible with the existing mobile telecommunication networks. The system utilized an Infrared Data Association standard (IrDA), GSM and ISDN. The system was in its first phase of development and the research was carried out producing a working system that allowed the transmission of only one parameter of data (ECG). The system was simulated but not fully developed. In 2003, Kyriacou et al. (Kyriacou et al., 2003) designed and tested a Multi-purpose HealthCare Telemedicine System using satellite, POTS system and GSM mobile communication link support, which combined real-time, and store and forward facilities. It seems that the final system was installed and used in Greece and Cyprus later on. They reported that the results from the system application were very promising using the GSM system. Zhao et al. (Zhao, Fei, Doarn, Harnett & Merrell, 2004) designed and developed a Telemedicine System for Wireless Home Healthcare Based on Bluetooth and the Internet. The system uses Bluetooth as wireless technology connecting the client side to the server side and conversely via

Sensing of Vital Signs and Transmission Using Wireless Networks

internet using dial-up modem, Digital Subscriber Line, or cable modem. Medical information and data were transmitted over short-range interface (Universal Serial Bus (USB) and RS232), wireless connection and the internet. The system was tested and the results showed promising performance for the wireless Bluetooth connection. It was revealed that the latency could be reduced as bandwidth increases. They found that the major source of data error arose from the serial port communication, when working in high noise environments. Jasemian and Arendt-Nielsen (2005a), have designed and implemented a telemedicine system using Bluetooth and GSM/GPRS, for real time remote patient monitoring. They evaluated the system applying a number of well defined tests and experiments. The results showed that the system fulfilled most of the requirements. They concluded that the implemented system was reliable, was functioning with a clinically acceptable performance, and was transferring medical data with a reasonable quality, even though the system was tested under totally uncontrolled circumstances during the patients’ daily activities (Jasemian & Arendt-Nielsen, 2005a & 2005b). They concluded that the system was applicable in clinical practice, since the patients as well as the involved nurses expressed their confidence and acceptance in using it. Therefore, they suggested that the real-time remote monitoring system might be generalized in clinical practice e.g. cardiology, and with small adjustment could be applied for monitoring other patient categories e.g. epileptic and diabetic patients. In spite of the differences in system setups, materials and methods, the encountered issues such as feasibility, applicability, bandwidth, throughput, performance, reliability and data quality of the telemedicine system, were common investigation issues in all the above mentioned studies. They are also the concern of this present chapter.

The State of the Art in Telemedicine Inevitably, healthcare goes mobile. Recently developed mobile healthcare (i.e., m-health) services allow healthcare professionals to monitor mobile patient’s vital signs and provide feedback to them anywhere at any time. The recent studies in the telemedicine field showed that wireless and mobile telemedicine systems are needed and are in focus at the present time. In this relation cellular networks and communication technologies such as GSM cellular telephone, infrared, Bluetooth, Satellite link, TCP/IP over the GSM/GPRS network or internet connection, Wireless Local Access Network (WLAN) have been utilized. Thus, using wireless and mobile technologies utilizing the existing public cellular network for telemedicine system design and setup is the stateof-the-art at the present time. Due to the nature of current supporting mobile service platforms, M-health services are delivered with a best-effort, i.e., there are no guarantees on the delivered Quality of Service (QoS) yet.

MOBILE HEALTHCARE SYSTEM STR Mobile Healthcare (M-Health) can be regarded as a medical assistance service that integrates the technologies of medical sensors, mobile computing, information technologies and wireless communications into one complete remote system. Advances in technology have led to development of various sensing, computing and communication devices that can be woven into the physical environment of our daily lives. Such systems enable on-body and mobile health-care monitoring, can integrate information from different sources, and can initiate actions or trigger alarms when needed. An M-health system could be composed of four main parts; (1) Wireless patient units including wireless Network Access Point, (2) Mobile

187

Sensing of Vital Signs and Transmission Using Wireless Networks

communication network, (3) Server unit, and (4) Presentation unit. Figure 4 illustrates a simplified sketch of an M-Health system. In the successive subsections, those four mentioned parts will be described using the scenario in figure 4.

2.

Wireless Patient Units & Network Access Point Wireless patient units are a set of wireless devices that monitor patient’s vital signs and transmit measured data wirelessly to a mobile gateway or access point. In the scenario illustrated in figure 4 four types of patient unit are applied. 1. A Bluetooth Pedometer or Step Counter; it is a Bluetooth enabled wireless device, that counts each step a patient takes by detecting the motion of his/her hips. Pedometers are inexpensive body-worn motion sensors that can easily be used by researchers and practitioners to assess and motivate physical activity behaviors (Tudor-Locke & Bassett,

3.

4.

2004). The device determines the patient’s physical activity indices and transmits those data via a Bluetooth connection to a mobile access point, which the patient has on him/her. A Bluetooth enabled monitoring device for home telemonitoring of patients with chronic diseases. This mobile device is able to measure: Blood Oxygen saturation (SpO 2), Pulse rate, Breath rate and Body acceleration. The measured vital signs are transmitted to the mobile access point by Bluetooth connection. A digital Bluetooth enabled device which monitors, measures and transmits the patients Blood Pressure over a Bluetooth connection to the mobile access point. A Bluetooth enabled Precision Health Scale. The device is able to measure patient’s weight with a reasonable precision, and it is capable of wireless communication by Bluetooth to the mobile access point.

A Bluetooth and GSM/GPRS enabled Personal digital assistant (PDA) device. The device acts as

Figure 4. The structure of an M-Health system; (1) Bluetooth Pedometer or Step Counter. (2) Bluetooth Monitoring Device for home telemonitoring of patients with chronic diseases. The device is able to measure: Blood Oxygen saturation, Pulse rate, Breath rate and Body acceleration. (3) Bluetooth Blood Pressure Monitor. (4) Bluetooth Precision Health Scale. (5) Bluetooth and GSM/GPRS enabled Network Access Point e.g. a smart mobile phone or a personal digital assistant (PDA) device applying mobile communication network, remote server at hospital and a monitoring device (presentation unit).

188

Sensing of Vital Signs and Transmission Using Wireless Networks

master in an ad-hoc network, which communicates with all patients’ units and establishes GSM/GPRS connection to a public mobile network when it is necessary. The availability of compact IP stacks has made it possible for Bluetooth to adopt the protocol suite which drives the Internet, and it is the Personal Area Network (PAN) profile which lays out the ground rules for doing that. The PAN profile provides the rule for carrying IP traffic across Bluetooth connection. A PAN user can connect to a Network Access point (NAP) in order to access a remote public network. Thus, the NAP provides a bridge to a public network. This NAP can be mobile (A) or fixed (B), as it is illustrated in figure 5. These two ways of connection require three different roles: (1) Network Access Point (NAP) – A device acting as a bridge to connect a Pico net to an IP network. It forwards data packets to and from the network composed of PAN user. (2) Group ad-hoc network (GN) - A NAP device which connects to one or more PAN users, forwarding data packets between more than one connected PAN users. (3) PAN user – A client which uses the Group ad-hoc Network or NAP service (Bray & Sturman, 2002). In the scenario (Figure 4) a NAP is applied, which is a Bluetooth enabled access point. This access point automatically detects and connects Bluetooth devices to the Bluetooth network, con-

firming and connecting users with security and access rights configurations specified for each user. The current Bluetooth technology provides a data transfer rate of 1Mbps, with a personal area range of up to 10m in client-to-client open air (5m in a building). In terms of client-to-access point, the current range is 100m in the open air and 30m in buildings. The present scenario utilizes client-to-access point within the range of 30-100 m.

An Overview of Bluetooth Architecture Bluetooth is a wireless technology with a universal radio interface within the globally available 2.4 GHz frequency band, which makes the wireless data and telephony communication, in both fixed and mobile environment, possible. Bluetooth employs the globally available, license free Industrial Scientific Medical (ISM) frequency bands. Bluetooth technology is based on a low cost short distance wireless connection, which eliminates the necessity of cable connections. It provides movement freedom, via a wireless connection. It has a number of different security algorithms, such as authentication and encryption. By Bluetooth, it is easy to establish an ad hock connection for a local network. It is versatile system, since it can interact with different devices

Figure 5. (A) Bluetooth enabled Precision Health Scale and a Bluetooth Blood Pressure monitor using mobile access point to communicate with a public communication network and/or Internet. (B) The same Personal Area Network (PAN) establishing Bluetooth connection to a fixed access point (AP) to communicate with a public communication network and/or Internet.

189

Sensing of Vital Signs and Transmission Using Wireless Networks

regardless of manufacturer. It is reliable within an open frequency band, ISM. Bluetooth does not exactly match the well known Open System Interconnect (OSI) standard reference model, which is an ideal reference model for a communication protocol stack. Figure 6 illustrates an OSI reference model contra Bluetooth protocol stack for comparison. In OSI model, the Physical Layer is responsible for the electrical interface to the communications media, including modulation and channel coding. This covers the Radio and a part of Baseband tasks in Bluetooth. The Data Link Layer in OSI is responsible for transmission, framing, and error control over a particular link. This overlaps the control part of the Baseband including error checking and correction and the Link Controller in Bluetooth. The Network Layer in OSI is responsible for data transfer across the network. This covers the higher end of the Link Controller (which is setting up and maintaining multiple links), and also covers most of the Link Manager (LM) task in Bluetooth. In OSI, The Transport Layer is responsible for reliability and multiplexing of data transfer across the network to the level provided by the application. It covers the higher end of LM

and the Host Controller Interface (HCI) in the Bluetooth. HCI indeed provides the actual data transport mechanisms. The Session Layer in OSI is responsible for the management and data flow control services. This is provided by Logical Link Control and Adaptation Protocol (L2CAP) and the lower end of the RFCOMM (protocol for RS-232 serial cable emulation)/SDP (Service Discovery Protocol) in the Bluetooth protocol. Finally, the Application Layer in OSI is responsible for managing communications between host applications, which covers the Applications in the Bluetooth. In spite of the mentioned differences, Bluetooth covers all necessary communication protocol layers for a reliable wireless connection.

Bluetooth Device, Discovery and Ad Hock Connection Bluetooth is able to establish an ad-hock wireless connection to a variety of Bluetooth enabled mobile and fixed devices in surroundings. The connection establishment can be arranged to happen selectively and automatically. In order to establish a connection, both ends of the link have to be willing to connect. Thus, a connection can

Figure 6. OSI reference model contra Bluetooth protocol stack

190

Sensing of Vital Signs and Transmission Using Wireless Networks

not be forced to accept if it is not selected or not in the correct mode. Figure 7 illustrates the steps when a Bluetooth enabled telemetry device (patient’s unit) finds the correct NAP, in order to establish a connection to the monitoring centre at hospital for medical data transmission. The PDA here acts as a Network Access Point (NAP) using the Dial-Up Networking (DUN) profile. It periodically scans the surroundings to see if any device wants to use it. When the patient’s unit wants to establish a connection to the remote monitoring centre it needs a DUN connection to connect to NAP. To do that, it employs the DUN profile of the Bluetooth protocol. The first stage in such connection is to find out if any Bluetooth enabled device in surroundings supports the DUN profile. The Bluetooth enabled patient’s unit performs an inquiry, by sending a set of inquiry packets to look for NAP devices in the neighborhood. The NAP replies with a Frequency Hop Synchronization (FHS) packet which contains

all the information that the patient’s unit needs for a connection establishment to the NAP. The information packet contains also the device class. Every existing Bluetooth enabled device in the neighborhood that scans for inquiries, will respond with a similar FHS packet, thus the Bluetooth enabled patient’s unit accumulates a list of devices. However, the patient’s unit automatically chooses the NAP device with pre-known address among the found devices. The next stage is to find out if the NAP supports the DUN profile. To do that, the patient’s unit uses the Service Discovery Protocol (SDP). First the patient’s unit pages the NAP, using the gathered information during the inquiry. The NAP responds if it is scanning for pages, then an Asynchronous Connection Less (ACL) baseband connection is set up to transfer data (control and configuration data) between these two entities. After an ACL connection establishment, a Logical Link Control and Adaptation Protocol (L2CAP) is set up and used. The patient’s unit uses the

Figure 7. The necessary steps to take when a patient’s unit using the Bluetooth protocol finds the correct NAP in order to establish a connection to the remote monitoring centre for medical data transmission

191

Sensing of Vital Signs and Transmission Using Wireless Networks

L2CAP channel to set up a connection to the SDP server in the NAP. The SDP client in the patient’s unit asks the SDP server in the NAP to send all the information it has about the DUN profile. The SDP server in the NAP searches its database and returns the attributes relating to the DUN. This SDP information provides the patient’s unit all needed information to connect to the DUN service on the NAP. The patient’s unit configures the link using the Link Management Protocol (LMP) to meet its requirement, which in this case is DUN connection. Once the ACL and L2CAP connection are set up, an RFCOMM (an RS-232 emulator layer) connection it also set up, and then the DUN profile uses the RFCOMM. Each protocol has its own channel number. In this case, the NAP’s channel number for DUN was previously sent to the patient’s unit in the DSP packet. So, the patient’s unit knew in advance which number it should be used for setting up a RFCOMM connection. Thus, the DUN is set up using the RFCOMM connection and the patient’s unit starts to use the DUN service of the NAP. Finally, the patient’s unit uses the NAP to perform connection across the public mobile network.

Buetooth Security Since anyone, possibly, could eavesdrop wireless transmission, security has become an important key issue for wireless communication systems. Bluetooth uses SAFER+ cipher, which generates 128-bit cipher keys from a 128-bit pain text input, for link encryption and authentication in order to insure that the device at the two ends of the communication are who they claim to be. The SAFER+ has been designed by Cylink Corporation as a candidate for the U.S. Advanced Encryption Standard (AES) (Bray et al., 2002). The basic objective of security arrangements in Bluetooth is to provide means for a secure link layer, which encompasses entity authentication (facilitate access control and “Hardware” identi-

192

fication), and link privacy (eavesdropping is not easy). The applied key types are Link Keys (128 bit) and Encryption keys (8-128 bit). For Pairing it establishes secret keys and authentication. For encryption algorithm uses a stream cipher algorithm. The encryption engine is initiated with a random number using a random number machine. When the initiation is succeed the encryption engine uses four inputs for the encryption process, namely, (1) A number to be encrypted or decrypted (this is the data being passed between devices), (2) The Master’s Bluetooth device address (the device address of the initiator device), (3) the Master’s Bluetooth slots clock, (4) A secret key which is shared by both devices. Additional to the above mentioned security arrangement the high speed pseudo-random frequency hopping algorithm in Bluetooth makes it very difficult to eavesdrop a wireless connection (Bray et al., 2002).

MOBILE COMMUNICATION NETORK, SERVICES AND WIRELESS TECHNOLOGIES This section explores the most applied wireless and cellular technologies in most part of the world, in order to get an overview on the key enabling technologies for a mobile healthcare system. Table 1 summarizes frequency allocations for mobile phones, cordless phones, and Wireless Local Access Network (WLAN) technologies in Europe, USA and Japan (Schiller, 2000).

Global System for Mobile C) GSM is a most successful digital mobile telecommunication system. It is the most popular digital system in Europe, approximately 100 million individuals use GSM, more than 130 countries use this system, and it has 40 % of the market share. GSM allows integration of different telephony

Sensing of Vital Signs and Transmission Using Wireless Networks

Table 1. frequency allocations for some of most used mobile phone, cordless phone, Wireless Local Access Network (WLAN) in Europe, USA and Japan

and communication services, and it adapts to the existing network. A GSM mobile device has approximately 0.125 – 0.25 W maximum output power. It has full duplex, synchronous, 1.2, 2.4, 4.8 and 9.6 kb/s data rate, and full duplex asynchronous, from 300 to 9.6 kb/s data rate (Schiller, 2000; Melero, wigard, Halnen & Romero, 2002 ). It has 9.6 kb/s and 14.4 kb/s Bandwidth. GSM interplays with PSTN, ISDN, and Public Switched Packet Data Network (PSPDN).

High Speed Circuit Switched Data (HSCSD) The High Speed Circuit Switched Data (HSCSD) is designed to enhance the data transmission capabilities in GSM system. HSCSD is circuit switched as basic GSM is, and it is based on connection-oriented traffic channel of 9.6 kbps each channel. By combining several channels, HSCSD increases the bandwidth and enhances the data transmission capabilities. A Mobile Station, in theory, could use all eight time slots within a Time Division Multiple Access (TDMA) frame to achieve an air interface user rate of 115.2 kbps (Schiller, 2000; Melero et al., 2002 ). HSCSD seems to be attractive at first glance, but HSCSD exhibits some major disadvantages. It applies connection-oriented mechanism of GSM,

which means the connection setup is performed before information transfer take place. In this way, transferring a large amount of bursty data (e.g. computer data traffic) may require all channels reserved. This channel allocation will be reflected in the service cost directly. Furthermore, for n channel allocation, HSCSD requires n time signaling for connection setup, connection release and during handover, as in HSCSD each channel is treated separately. Thus, the probability of blocking or service degradation increases during handover and connection setup or release, as Base Station Controller (BSC) has to check the resources for n channels. HSCSD might be an attractive solution for higher bandwidth and constant traffic (e.g. file download) in spite of being a costly solution.

General Packet Radio Service (GPRS) GPRS is a data communication service for a GSM system. As it is illustrated in figure 8, for one GPRS radio channel the GSM can allocate 1-8 timeslots within one Time Division Multiplexing frame (TDM). The time slots are allocated on demand and are not fixed. All time slots can be shared by the active users. This means that each time slot is multiplexed for up to 8 active users.

193

Sensing of Vital Signs and Transmission Using Wireless Networks

Allocation of the time slots is based on current load and operator preferences (Schiller, 2000; Romero, Martinez, Nikkarinen & Moisio, 2002). The traffic channel is dependent on the coding scheme. Allocating all time slots using the coding for 14.4 kbps traffic channel, results in 115.2 kbps channel. GPRS is independent of channel characteristic and channel type. It does not set any limitation regarding the maximum data rate (just the GSM transport system limits the transmission rate). GPRS keeps an open connection, staying online to receive and send data at all times when it is needed. In GPRS, data is sent in packets, and up to three time slots can be combined to provide the necessary bandwidth, up to 39.6 kbps for receiving data, depending on coding scheme (Schiller, 2000; Romero et al., 2002). GPRS is an IP-based connection, which means that a high transmission capacity is only used when needed. This makes it possible to stay connected via GPRS, whereas keeping a constant circuit switched connection would be more expensive. Using GPRS, this provides data and internet/intranet access, for a PC, PDA or any handheld device connected via Bluetooth wireless technology, infrared or cable.

Figure 8. Channel arrangement in GSM and GPRS

194

Enhanced Data Rtes for GSM Evolution (EDGE) EDGE is an enhanced version of GPRS, as it combines digital Time Division Multiple Access (TDMA) and GSM. It is anticipated that by using EDGE you can reach 85% of the world, using dual-mode handsets. EDGE applies enhanced modulation schemes and another technique, using the same 200 kHz wide carrier and the same frequency as GSM. In an arrangement of 48-69.2 kbps per time slot it offers up to 384 kbps data rate (Schiller, 2000; Hakaste, Nikula & Hamiti, 2002).

Universal Mobile Telecommunications System (UMTS) The European proposal for IMT-2000 prepared by ESTI is called Universal Mobile Telecommunications System (Dasilva 1997 and Ojanperä 1998). IMT-2000 is called future public land mobile telecommunication system. The major aims of UMTS are personal mobility, removing any distinctions between mobile and fixed networking and supporting the Universal Personal Telecommunication concept of ITU. UMTS offers both narrowband

Sensing of Vital Signs and Transmission Using Wireless Networks

(2 Mbps) and broadband (> 100 Mbps in 60 GHz band) type of services (Schiller, 2000). By UMTS implementation any user will be able to approach any fixed or mobile UMTS terminal nationally or internationally. UMTS intends to provide several bearer services, real-time and non real-time services, circuit and packet switched transmission, and many different data rates (Schiller, 2000). High Speed Downlink/Uplink Packet Access (HSDPA and HSUPA) are advanced data services that are now being deployed on the UMTS networks worldwide. Together, HSDPA and HSUPA offer reduced latency and much higher data rates on the downlink and uplink. They are expected to help users in a mass market for mobile IP multimedia services. UMTS was not fully implemented at the time of the study; therefore it was not possible to investigate its communication general aspects in practice.

Digital Enhanced Cordless Telecommunication (DECT) Digital enhanced cordless telecommunication (DECT) standard was developed in 1992 within the European Telecommunication Standard Institute (ETSI). DECT technology is successor technology for CT2 and CT3 digital wireless telephone systems in Europe. Comparing DECT with Bluetooth, DECT has lack of spontaneous and ad hock network management mechanism. Furthermore, Bluetooth is more protected in respect to the data security management. Table

2 compares Bluetooth contra DECT properties (Schiller, 2000). DECT is dependent on a fixed infrastructure while Bluetooth is not. This makes Bluetooth more feasible for the implementation of an M-health system comparing with DECT.

Infrared Data Association (IrDA) Infra Red Data Association (IrDA) with 900 nm wavelengths provides data communication system based on infrared light. The technology is simple and cheap and is integrated in almost all mobile devices today. Electrical devices do not interfere with infrared transmission (Schiller, 2000). The main disadvantage is that infrared is quite easy shielded (transmission can not penetrate walls or obstacles). Infrared contra Bluetooth properties are compared in Table 3. IrDA creates only data communication by applying infrared light, while Bluetooth creates its connection by Radio Frequency (RF). IrDA is limited to an optical directional wireless connection, while Bluetooth is Omni-directional. IrDA is not able to penetrate furniture and wall, while Bluetooth does that. Bluetooth and IrDA are both short distance wireless technologies, but IrDA has much less range than Bluetooth. Bluetooth has more complete network architecture, compared to IrDA which has no capability of internet working, media access, or other enhanced communication mechanisms. IrDA is typically limited to only two participants (point-to-point

Table 2. Properties of digital enhanced cordless telecommunication compared to the properties of Bluetooth

195

Sensing of Vital Signs and Transmission Using Wireless Networks

Table 3. Bluetooth compared with Infra red data association (IrDA)

connection). Data security in Bluetooth is more protected than in IrDA.

Wireless LAN Wireless Local Access Networks (LAN) offer much higher access data rates than do cellular mobile networks, but provide limited coverage – typically up to 50 meters from the radio transmitter, while GSM/GPRS and WCDMA offer widespread – typically nationwide – coverage. Ericsson provides IEEE 802.11b based 2.4GHz WLAN enterprise systems today, and will continue to update this service with new capabilities. WLAN IEEE 802.11 technology offers infrared transmission in addition to radio transmission, whereas High Performance Local Area Network (HIPERLAN) and Bluetooth rely only on radio transmission (Schiller, 2000). In this respect, WLAN compared to Bluetooth has a limitation concerning patient’s mobility, as it needs an infrastructure and it depends on a fixed access point in the patient’s house and partly line-of-sight (LOS) between sender and receiver. Bluetooth does not need a fixed infrastructure and is not restricted to LOS. Therefore Bluetooth provides more mobility when integrated in a device using a mobile cellular network. Table 4, summarizes the difference between Bluetooth and WLAN 802.11.

Terrestrial Trunked Radio (TETRA) TETRA is one of a number of digital wireless communication technologies standardized by 196

European Telecommunications Standards Institute (ETSI). ETSI Technical Committee (TC) Terrestrial Trunked Radio (ETSI TC TETRA) shall produce standards for a frequency spectrum for Professional Mobile Radio (PMR) and Public Access Mobile Radio (PAMR) Operators to support voice and data services using techniques such as Trunking, Time Division Multiple Access (TDMA) methods in narrow band RF channels and/or a variety of efficient modulation schemes in multiple allocations of narrow band RF channels for increased data throughput. TETRA applies another arrangement for wireless data transmission. This system uses many different carriers but assigns only one specific carrier to a certain user for a short period of time according to a demand. This radio system offer interfaces to a fixed telephone network, i.e., voice and data, but is not publicly accessible. It is reliable and cheap, but it does not have nationwide coverage. TETRA offers bearer services up to 28.8 kbps and 9.6 kbps. It offers two standards, namely, Voice + Data (V+D) and Packet Data Optimized (Schiller, 2000).

Zigbee Specification for High Level Cmmunication Protocols ZigBee is a low-cost, low-power, wireless standard which applies digital radio based on the IEEE 802.15.4 standard. ZigBee uses self-organizing mesh networks that can be used for industrial control, embedded sensing, medical data collection, smoke and intruder warning, building

Sensing of Vital Signs and Transmission Using Wireless Networks

Table 4. Bluetooth properties compared with the properties of WLAN IEEE 802.11

automation, home automation, etc. The low cost attribute allows the technology to be widely deployed in wireless control and monitoring applications. The low power-usage allows longer life with smaller batteries, and the deployment of mesh networking characteristic provides high reliability and larger range (ZigBee Standards Organization, 2008). ZigBee operates in the industrial, scientific and medical (ISM) radio bands; 868 MHz in Europe, 915 MHz in countries such as USA and Australia, and 2.4 GHz in most other countries. The technology is intended to be simpler and cheaper than other Wireless Personal Area Networks (WPANs) such as Bluetooth (ZigBee Standards Organization, 2008). The raw, over-the-air data rate is 250 Kbit/s per channel in the 2.4 GHz band, 40 Kbit/s per channel in the 915 MHz band, and 20 Kbit/s in the 868 MHz band. Transmission range is between 10 and 300 meters, however it is heavily dependent on the particular environment (ZigBee Standards Organization, 2008). The maximum output power of the radios is generally 0 dBm (1 mW). Table 5 summarizes the differences between ZigBee and Bluetooth technologies.

Wi-Fi Wi-Fi is the global brand name across all markets for any 802.11-based wireless LAN products. Wi-Fi stands for Wireless Fidelity and is meant to be used generically when referring of any type of 802.11 network, whether 802.11b, 802.11a,

dual-band, etc. The term is formally proclaimed by the Wi-Fi Alliance. Any products tested and approved as “Wi-Fi Certified” (a registered trademark) by the Wi-Fi Alliance are certified as interoperable with each other, even if they are from different manufacturers. Formerly, the term “Wi-Fi” was used only in place of the 2.4GHz 802.11b standard, in the same way that “Ethernet” is used in place of IEEE 802.3. The Wi-Fi Alliance expanded the generic use of the term in an attempt to stop confusion about wireless LAN interoperability. Typically, any Wi-Fi product using the same radio frequency (for example, 2.4GHz for 802.11b or 11g, 5GHz for 802.11a) will work with any other, even if not “Wi-Fi Certified. As Wi-Fi is widely used WLAN, some of its important features are compared with ZigBee, and Bluetooth in table 6.

Server Unit A server unit receives medical data from the communication network, processes and converts it into a well defined format and then sends it to a presentation unit. The server unit could be e.g. a Pentium 4 computer, 2GHz or faster running on Windows 2000 or XP operating system, with minimum 1 GB RAM, 80 GB hard disk with a built in database. It could be connected either to a mobile modem or to the internet, and could be situated at a hospital, care/health centre or alarm centre. The server software carries out the following functions:

197

Sensing of Vital Signs and Transmission Using Wireless Networks

Table 5. Bluetooth properties compared with the properties of ZigBee IEEE 802.15.4

Table 6. the properties of Bluetooth IEE 802.15.1, ZigBee IEEE 802.15.4 and WI-Fi IEEE 802.11b are compared

•

•

•

•

198

It allows the registration of client terminals to make them able to communicate to the remote server. The process uses the stored information in the database of the server to identify each user; telephone number, device address and IP address assigned by e.g. the GPRS network. It detects the communication request from a caller trying to communicate with the server. If the caller is not registered in the server, the caller will be warned that a conversation is not possible. When the server accepts the incoming call of a user and the communication channel is established, the server drives the data traffic between the client and the server. It receives the medical information as data packets, interprets and converts them to a synchronized data stream, before sending it to the monitoring/presentation unit.

Presentation Unit A presentation unit receives medical data from the server and transforms it into either a text or a graphical format, then presents the data to the user via a user interface (e.g. at the hospital). The presentation unit could be a computer, applying a user application program to convert the received medical data to a user-friendly graphical image or text format. The application program controls and detects true alarms and ignores false alarms. The presentation unit can monitor many patients simultaneously. Each patient has a unique identification number in addition to his/her name. Through the application program, the caregiver can communicate with the patient at any time either via text massage or by phone (e.g. IP-telephony). The patient also can communicate with the health personals either via Short Message Service (SMS) or by phone.

Sensing of Vital Signs and Transmission Using Wireless Networks

Patient’s Safety (Electromagnetic Waves and Specific Absorption Rate) Electromagnetic waves have a spectrum range from 30 Hz with a wavelength of approximately the half of the earth’s diameter to more than 1022 Hz high-frequency cosmic rays with a wave length smaller than the nucleus of an atom (Goleniewski, 2002; Schiller, 2000). Table 7 summarizes the designation of the frequency bands and the corresponding wave length in this spectrum. In mobile telephony, radio waves within 450 – 2200 MHz frequency range are used (Schiller, 2000), which are a part of microwave frequencies. In fact, all modern communications are based on manipulation and controlling signals within this electromagnetic spectrum. The power density or intensity of radio signals emitted from a mobile telephone or a base station, wanes quickly following the Inverse square law (Parsons, 2000). Radio waves’ tendency to lose power intensity as distance from the antenna increases is considered to be useful from the safety point of view. Furthermore, in order to serve more subscribers, network providers develop networks of higher density. This higher density networks make it possible to keep the transmission power low, this property has been investigated and considered as an advantage in relation to an M-health system (Jasemian & Arendt-Nielsen, 2005a). The absorption of electromagnetic energy causes temperature rise in a tissue (Bernardi,

Cavagnaro, Pisa & Piuzzi, 2000). Specific Absorption Rate (SAR) is defined as the mass averaged rate of energy absorption in tissue, and can be considered as a measure of the local heating rate. Testing the SAR of a mobile phone is an effective method of quantifying the amount of energy absorbed by biological tissue, particularly in the human body. To test the SAR value, standardized methods are utilized, with the phone transmitting at its highest certified power level (2 W) in all used frequency bands (Poljak, 2004; Ramqvist, 1997). Many different devices are tested using the same method and not only mobile handsets. Wireless LAN and Bluetooth are just a few of the available technologies, which have had SAR measurements taken. Patient safety is investigated in a previous research work (Jasemian et al., 2005a), where the applied mobile phone and Bluetooth module had 0.89 W/Kg maximum SAR value. This is less than the recommended SAR value (< 2.0 W/Kg in Europe, and < 1.6 W/Kg in USA) (ICNIRP, 1996; ANSI/IEEE C95.1-1992, NJ 08854-1331], 1991- 1999; IRPA, 1988; WHO, 1993).

DATA SECURITY Data security is an essential aspect in telemedicine, particularly in mobile healthcare systems, as the patient is moving from one location to another,

Table 7. the designation of the frequency bands in electromagnetic spectrum and the corresponding wave lengths

199

Sensing of Vital Signs and Transmission Using Wireless Networks

and is not bound to a specific place. A mobile healthcare system applies wireless and cellular technologies. Wireless communication contrary to a cable connection is more likely to be exposed to eavesdropping. Therefore, the transmitted medical data should be impersonalized and access controlled. Data security in such M-health systems has also been investigated by the author (Jasemian et al., 2005a) using telecommunication technologies and services such as Bluetooth, GSM and GPRS. The applied technologies offer Access Control, Authentication, Data Encryption, and User Anonymity for data security and access arrangements.

MOBILE HEALTHCARE SYSTEM AND STANDARDS Mobile healthcare and telemedicine systems like other fields must, of course, obey standard rules and regulations. Indeed, telemedicine benefits from a large number of standards such as medical informatics, digital images, messaging, telecommunications, equipment specifications and networking (Sosa-Iudicissa, Luis & Ferrer-Roca, 1998). Most used telemetry devices obey the following standards: European Telecommunications Standards Institute (ETSI 300 220), International Electro technical Commission (IEC 529), International standard for Electromagnetic compatibility (EMC) and testing of Medical Electrical Equipment (EN60601-1 and EN60601-1-2). The most used mobile phone and Bluetooth modules obey the ETSI as well as the Institute of Electrical and Electronics Engineers (IEEE) standards.

GENERAL DISCUSSION, IMPLICATION AND CONCLUSION The present chapter dealt with a comprehensive investigation of feasibility of wireless and cellular

200

telecommunication technologies and services in a real-time M-health system. The chapter based its investigation, results, discussion and argumentation on a remote patient monitoring scenario (figure 4). GSM allows 8 timeslots allocation for one GPRS radio channel within one Time Division Multiplexing frame (TDM), which results in an effective resource utilization for up to 8 active user and consequently higher bandwidth (115.2 kbps), however allocation of the time slots is based on current load and operator preferences (Schiller, 2000; Romero et al., 2002). GPRS is an IP-based connection, keeps an open connection, staying online to receive and send data at all times when it is needed, which make the service less expensive in respect to a standard GSM circuit switched connection. Using GPRS provides data and internet/intranet access, for a PC, PDA or any handheld device connected via Bluetooth wireless technology, infrared or cable. These properties make GPRS more attractive for implementation of an M-health system. The investigation shows that EDGE is an enhanced version of GPRS, which offers up to 384 kbps data rate as it combines digital Time Division Multiple Access (TDMA) and GSM. This can be a promising enhancement of, and an alternative to, the GPRS service. Although HSCSD appeared to be an attractive and promising alternative to GPRS, it exhibited some disadvantages, such as higher service costs comparing to a traditional GSM data service. Moreover, HSCSD required more signaling during each handover, connection setup and release, thus the probability of blocking or service degradation increased during each handover, and as a consequence the QoS in general was reduced. The HSCSD is an ideal alternative to the GPRS if the patient is monitored only at home, however this is an essential limitation for realization of an M-health system. DECT acquires a higher bandwidth and communication range; however Bluetooth has more protected data security arrangements compared

Sensing of Vital Signs and Transmission Using Wireless Networks

to DECT. Bluetooth supports spontaneous and ad hock networking while DECT does not. This makes Bluetooth more feasible for the implementation of an M-health system comparing with DECT. TETRA offers bearer services op to 28.8 kbps and 9.6 kbps. It offers two standards, namely, Voice + Data (V+D) and Packet Data Optimized. Its radio system offer interfaces to fixed telephone network, i.e., voice and data, it is reliable and cheap, it does not have nationwide coverage and it is not publicly accessible. Therefore, it doesn’t fulfill the requirement of an M-health system. ZigBee is a low-cost, low-power, wireless standard, uses self-organizing mesh networks that can be used for embedded sensing and medical data collection. The low cost attribute allows the technology to be widely deployed in M-health and monitoring applications, the low power-usage allows longer life with smaller batteries, and the deployment of mesh networking characteristic provides high reliability and larger range. The technology is simpler and cheaper than other Wireless Personal Area Networks (WPANs) such as Bluetooth, however the raw, over-the-air data rate (250 Kbit/s per channel) is much less than Bluetooth data rate. The technology is more attractive compared with Bluetooth as long as medical application requires data transmission with low data rate. Despite the high bandwidth of Wi-Fi which is the most widely used WLAN, it has essential limitations compared with ZigBee and Bluetooth. It requires more memory space, its battery life is very much shorter and it is dependent on a fixed infrastructure. However, its bandwidth is much higher than ZigBee and Bluetooth. Therefore, Wi-Fi is more suitable for home healthcare but not for an M-health solution which are intended to be used outdoors. The Universal Mobile Telecommunications System (UMTS) as a third generation of GSM mobile network was also considered as an alternative network. UMTS was not fully implemented at

the time of the study; therefore it was not possible to investigate its communication general aspects in practice. It has been shown that development of an M-health system, utilizing Bluetooth, GSM and GPRS is entirely possible (Jasemian et al., 2005a & 2005b & 2005c). To implements a real-time Mhealth system a wireless communication platform, utilizing Bluetooth protocol was designed, implemented and tested (Jasemian et al., 2005a). It has been shown that there is interplay between high throughput and high QoS (Jasemian et al., 2005a). To increase the probability of errorless packet transmission, and increase the QoS, the TCP/IP packet size was decreased, and by this the transmission traffic was reduced, as the transmission of a long packet generates more traffic. On the other hand, the error correction mechanism in GPRS and RFCOMM reduces the bandwidth, as it was dealt with a distributed data line. Thus, TCP/IP was triggered to retransmit a packet, which was stuck in the buffer waiting for retransmission; this increased the traffic unnecessarily. This issue appeared to be one of the limitations in the implementation process. The limited memory capacity in the patient unit or the Network Access Point (NAP) was another limitation; however it is believed that a patient unit with a higher memory capacity would easily overcome this problem. Furthermore, with dedication of telemedicine transmission channels by network providers, an additional system improvement can be achieved. It has also been demonstrated (Jasemian et al., 2005a) that a Bluetooth enabled M-health service combined with GSM/GPRS solution was applicable, but while promising, further work needs to be carried out before reaching ideal reliability and performance. The M-health system was tested and evaluated on healthy volunteers and heart patients while they were in their daily environments. Generally, the test results showed that the system, in a more realistic environment, had a reasonable reliability, performance and quality (Jasemian et al., 2005b;

201

Sensing of Vital Signs and Transmission Using Wireless Networks

Jasemian et al., 2005c), compared to the system behavior in the laboratory (a more controlled circumstance/environment). Comparing these two conditions, there was no significant difference in throughput, but there were clear differences in PER, PLR and Up-time. These variations can probably be due to the fact that in the more realistic (uncontrolled) conditions, volunteers and patients attended to different indoor and outdoor activities. These included moving in vehicles at varying speeds, being in different landscapes and building environments and possibly being close to different sources of interference. All factors which can significantly influence the reliability and the performance of the system. This drawback can probably be avoided by asking the patients to avoid specific circumstances, which may influence the systems behaviors during the monitoring period. The quality of the transmitted data was generally good, and only 9.6 % of the transferred ECG, in the more realistic environments, had an unacceptable quality. It is believed that the data quality could be improved by using the most suitable disposable electrodes, and by instructing the patients in skin preparation, since most of the impaired quality originated from a bad skin-electrode connection. The M-health system has been evaluated and validated by a number of well defined tests and experiments. Comparing the characteristics of the designed system with the system requirements, it can be concluded that the designed and implemented system fulfils the requirements. The suggested system is reliable, functions with a clinically acceptable performance, and transfers medical data with a reasonable quality, even though the system was tested under totally uncontrolled circumstances during the patients’ daily activities. Thus, it can be concluded that the system is applicable in clinical practice. Both the patients and the involved healthcare personnel expressed their confidence in using it. Therefore, it can also be concluded that the M-health real-time

202

remote monitoring system might be generalized in clinical practice e.g. cardiology.

FUTURE RESEARCH ON AN M-HEALTH SYSTEM When implementing a mobile or wireless healthcare solution, a complicated set of choices must be faced. Combinations of devices, network, software, infrastructure, application design and security can make or break a mobile project. Thus, the system requirements should be based upon a set of real scenarios. Knowledge about the existing technologies, services and their advantages and disadvantages, in addition to knowing what is practical, ease the choice and aid its success. The scenarios may be built upon two different conditions: 1.

2.

Providing mobility by M-health system only for monitoring vital medical signs on patients at home (Home Healthcare Monitoring) Providing mobility by M-health system for monitoring vital medical signs on patients everywhere at any time (Pervasive Healthcare)

In the first case it would be advantageous to apply a fixed Access Point (AP), figure 5b, TCP/IP backbone and internet connection for long rage communication, in order to use the power line to supply the fixed AP power, as there are always battery life limitations in an M-health solution. Based on the nature of the monitored signal, the required measuring frequency and the required bandwidth one of the globally applied wireless technologies can be chosen; namely, Bluetooth or ZigBee for short range communication. The choice should be made as a trade-off between what is feasible and what is necessary. In the second case (figure 5a), it is suggested to take advantage of The UMTS properties for long distance communication. Again based on

Sensing of Vital Signs and Transmission Using Wireless Networks

the nature of the monitored signal, the required measuring frequency and the required bandwidth one of the globally used wireless technologies can be chosen; namely, Bluetooth or ZigBee for short range communication. In this case power consumption and battery life are the two main issues to deal with, as both the measuring unit and the mobile AP are battery dependent. Recent advances in embedded computing systems have led to the emergence of wireless sensor networks, consisting of small, batterypowered units with limited computation and radio communication capabilities. Sensor networks permit data gathering and computation to be deeply embedded in the physical environment. This technology has the potential to allow vital signs to be automatically collected and fully integrated into the patient care record and used for real-time triage, correlation with hospital records, and long-term observation. During the past few years, wireless sensor technology has shown great potential as an enabler of the vision of ubiquitous computing. One promising application of wireless sensor networks (WSNs) is healthcare. Recent advances in sensor technology have enabled the development of small, lightweight medical sensors such as pulse oximeters and electrocardiogram leads that can be worn by the patient while wirelessly transmitting data. This frees the patient from the confinement of traditional wired sensors, increasing his or her comfort and quality of life. However, wireless sensor networks generally have limited bandwidth and high data loss rate. However, based on the nature of the monitored signal, the required measuring frequency, the required bandwidth, power consumption and sufficient memory space are still the main issues. By reducing the amount of signal processing in the patient unit or the WSN and letting most of the required signal processing be done on the remote server, longer battery life can be achieved.

In any case the most fundamental challenge is the security and privacy of sensitive patient data. Encryption must be done to ensure the confidentiality of the data. At the same time, a sensor receiving a query from a base station (and likewise a base station receiving data from a sensor) needs to have some way of verifying the identity of the other party, and of ensuring that the data has not been altered from its source. Hence, mechanisms must exist for data authenticity and integrity. What makes security uniquely challenging for WSNs is that the computational, memory and bandwidth costs must be carefully balanced against the limited resources of the individual nodes. As it has been explored and described in the present section, the future trend is toward the patient’s involvement in her/his own treatment and health monitoring in own natural everyday’s environment. Thus, the patient needs to be equipped with mobile health care devices that provide him/her full mobility in a secure manner. To fulfill this need, the device must be user friendly, lightweight and battery driven. This requires a low power conception device using longer lifetime batteries. The sensors need to be wireless, small, and lightweight and preferably integrated in the patient’s cloths or should be worn easily. Moreover, the mobile health device needs to be equipped with high security arrangements. Thus, the trend of the future research will be development of embedded software design with minimum memory requirement for M-health services. The devices should have a build in intelligent data flow control mechanism with higher data security that is integrated in a cost-effective wireless sensor network. Moreover, there is an insisting demand for development of lightweight batteries with longer life-time. All these will enhance the M-health services significantly in the future, ensuring the patients, their relatives and the healthcare providers and elevate their compliance to M-health services.

203

Sensing of Vital Signs and Transmission Using Wireless Networks

REFERENCES Administration on Aging. (2002). Profile of older Americans. Administration on Aging, U.S. Department of Health and Human Services. Retrieved March 25, 2008, from http://www.aoa. gov/prof/Statistics/profile/2002profile.pdf. Agha, Z., Schapira, R. M., & Maker, A. H. (2002). Cost effectiveness of telemedicine for the delivery of outpatient pulmonary care to a rural population. Telemedicine Journal and E-Health, 8, 281-291. Bai, J., Zhang, Y., Shen, D., Wen, L., Ding, C., Cui, Z., et al. (1999). A portable ECG and Blood Pressure Telemonitoring System. IEEE Engineering in Medicine and Biology, 18(4), 63-70. BASUMA Project. Retrieved March 12, 2008, from http://www.basuma.de/. Berek, B., & Canna, M. (1994). Telemedicine on the move: healthcare heads down the information superhighway. AHA Hospital Technology Series, 13, 1-55. Bernardi, P., Cavagnaro, M., Pisa, S., & Piuzzi, E. (2000). Specific Absorption Rate and Temperature Increases in the Head of a Cellular-Phone User. IEEE Trans. MTT, 48(7). Bray, J., & Sturman, C. F. (2002). BLUETOOTH 1.1: Connect Without Cables. In J. Bray C. F. Sturman, B. Goodwin (Eds.), (pp. 12, 33, 52-53 , 112, 224-230, 320-328). New Jersey. Coyle, G., Boydell, L., & Brown, L. (1995). Home telecare for the elderly. J. Telemed. Telecare, 1, 183-185.

Freedman, S. B. (1999). Direct Transmission of Electrocardiograms to a Mobile Phone for Management of a Patient with Acute Myocardial Infarction. Journal of Telemedicine and Telecare, 5, 67-69. European Commission Information Society Directorate-General (2001). Telemedicine Glossary, 3rd Edition, Glissary of standard, concepts, technologies and users. Unit B1: Applications relating to Health, working Document. Goleniewski, L. (2002). Telecommunications Essentials. P. Education (Ed.), (pp. 28-30 & 444449). Bosyon: Addition-Wesley Gott, M. (1995). Telematics for health: The role of Telemedicine in Homes and Comminities. Oxford, UK: Radcliffe Med. Press. Hakaste, M., Nikula, E., & Hamiti, S. (2002). GSM/EDGE Standard Evolution. In T. Halonen, J. Romero, & J. Melero, (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 3-63). West Sussex: John Wiley & Sons LTD. He, W., Sengupta, M., Velkoff, V. A., & DeBarros, K. A. (2005). 65+ in the United States: 2005. Special report issued by the U.S. Department of Health and Human Services and the U.S. Department of Commerce. Washington, DC. ICNIRP (1996). Health issues related to the use of hand-held radiotelephones and base transmitters. International Commission on Non-Ionizing Radiation Protection, Health Physics (pp. 70-4, 587–593).

Dansky, K. H., Palmer, L., Shea, D., & Bowles, K. H. (2001). Cost analysis of telehomecare. Telemedicine Journal and e-Health, 7, 225-232.

IEEE (1991- 1999). Standard for Safety levels with respect to human exposure to radio frequency electromagnetic fields (3 kHz to 300 GHz). ANSI/ IEEE C95.1-1992, NJ 08854-1331. New York.

Fields, J., & Casper, L. M. (2001). America’s families and living arrangement population characteristics. P20-537. U.S. Bureau of the Census, U.S. Department of Commerce, Washington, D.C.

IRPA (1988). Guidelines on limits of exposure to radio frequency electromagnetic fields in the frequency range from 100 kHz to 300 GHz.

204

Sensing of Vital Signs and Transmission Using Wireless Networks

International Radiation Protection Association, Health Physics, 54, 115-123. Istepanian, R. H., Woodward, B., Gorilas, E., & Balos, P. A. (1998). Design of Mobile Telemedicine Systems using GSM and IS-54 Cellular Telephone Standards. Journal of Telemedicine and Telecare, 4(Supplement 1), 80-82. Jasemian, Y. (2008). Elderly Comfort and Compliance to Modern Telemedicine System at home. 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, ISBN 978-9639799-15-8. Jasemian, Y. (December 2006). Security and privacy in a wireless remote medical system for home healthcare purpose. 1st International Conference on Pervasive Computing Technologies for Healthcare [CD-ROM] s. 3, & Proceedings in IEEE Xplore, peer reviewed conference article, 29 November-1, Innsbruck, Austria. Jasemian, Y., & Arendt-Nielsen, L. (2005a). Design and implementation of a telemedicine system using BLUETOOTH and GSM/GPRS, for real time remote patient monitoring. The International Journal of Health Care Engineering, 13, 199-219. Jasemian, Y., & Arendt-Nielsen, L. (2005b). Evaluation of a real-time, remote monitoring telemedicine system, using the Bluetooth protocol and a mobile phone network. Journal of Telemedicine and Telecare, 11(5), 256-260. Jasemian, Y., & Arendt-Nielsen, L. (2005c). Validation of a real-time wireless telemedicine system, using Bluetooth protocol and a mobile phone, for remote monitoring patient in medical practice. European Journal of Medical Research, 10(6), 254-262. Kyriacou, E., Pavlopoulos, S., Berler, A., Neophytou, M., Bourka, A., Georgoulas, A., et al. (2003).

Multi-purpose HealthCare Telemedicine System with mobile communication link support. BioMedical Engineering OnLine. Retrieved March 25, 2008, from http://www.biomedical-engineering-online.com/content/2/I/7, 1-12. Kammann, J. (2001). Proposal for a Mobile Service Control Protocol. Institute for Communications and Navigation German Aerospace Centre (DLR), PDCS Anaheim (USA), Retrieved March 25, 2008, from: http://www.kn-s.dlr.de/kammann/papers/ iasted/iasted.pdf Lo, B. P. L., & Yang, G. Z. (2005). Key Technical Challenges and Current Implementations of Body Sensor Networks. In Proc. of 2nd Intl. Workshop on Wearable and Implantable Body Sensor Networks (BSN 2005) (p. 1). London, UK. Lin, C. C., Chiu, M.J., Hsiao, C. C., Lee, R. G., & Tsai, Y. S. (2006). Wireless health care service system for elderly with dementia. IEEE Trans Inf Technol Biomed, 10(4), 696-704. MobiHealth Project (last update, 2008), Available at: http://www.mobihealth.org/ Magrabi, F., Lovell, N. H., & Celler, B. G. (1999). A Web-based approach for electrocardiogram monitoring in the home. International Journal of Medical Informatics, 54, 145-153. Melero, J., Wigard, J., Halonen, T., & Romero, J. (2002). Basics of GSM Radio Communication and Spectral Efficiency. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 145190). West Sussex: John Wiley & Sons LTD. Orlov, O. I., Drozdov, D. V., Doarn, C. R., & Merrell, R. C. (2001). Wireless ECG monitoring by telephone. Telemedicine Journal and e-Health, 7, 33-38. Philips Medical Systems (February 2005). Striving for cable less monitoring. In C. Ragil (Ed.), Philips Medical Perspective Magazine, 8, 24-25.

205

Sensing of Vital Signs and Transmission Using Wireless Networks

Perednia, D. A., & Allen, A. (1995). Telemedicine technology and clinical applications. JAMA, 273, 483-488. Parsons, J. D. (2000). Fundamental of VHF and UHF Propagation. In J. D. Parsons (Ed.), the Mobile radio propagation channel (pp. 15-18). West Sussex: John Wiley & Sons LTD. Patel, U., & Babbs, C. (1992). A computer based, automated telephonic system to monitor patient progress in home setting. J. Med. Syst., 16,101112. Poljak, D. (2004). Human Exposure to Electromagnetic Fields. In D. Poljak (Ed.), (pp. 11-40 & 49-52). Southampton: WIT press. Ramqvist, L. (1997). Health and Safety in Mobile Telephony. EN/LZT 123 4060, Ericsson Radio Systems AB, 164 80 Stockholm, 1-14. Rezazadeh, M., & Evans, N. (1990). Multichannel physiological monitor plus simultaneous full-duplex speech channel using a dial-up telephone line. IEEE Trans. Biomed. Eng., 37, 428-432. Romero, J., Martinez, J., Nikkarinen, S., & Moisio, M. (2002). GPRS and EGPRS Performance. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 230-248). West Sussex: John Wiley & Sons LTD. Romero, J., Martinez, J., Nikkarinen, S., & Moisio, M. (2002). GPRS and EGPRS Performance. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (p. 291). West Sussex: John Wiley & Sons LTD. Satava, R., Angood, P. B., Harnett, B., Macedonia, C., & Merrell, R. (2000). The physiologic cipher at altitude: telemedicine and real-time monitoring of climbers on Mount Everest. Telemedicine Journal and e-Health, 6, 303-313.

206

Scalvini, S., Zanelli, E., Domenighini, D., Massarelli, G., Zampini, P., Giordano, A., et al. (1999). Telecardiology community: A new approach to take care of cardiac patients. Cardiologia, 921924. Schiller, J. H. (2000). Mobile Communications. In J. H. Schiller (Ed.) (pp. 24, 27, 83-92, 86, 105-113, 119-125). London, UK: Addition-Wesley. Shimizu, K. (1999). Telemedicine by Mobile Communication. IEEE Engineering in Medicine and Biology, (pp. 32-44). Sosa-Iudicissa, M., Luis J., & Ferrer-Roca, O. (1998). Annex I: Standardisation Bodies. In O. Ferrer-Roca & M. Sosa-Iudicissa (Eds.), Handbook of telemedicine (pp. 197-209). Amesterdam: IOS press, Amesterdam. Tudor-Locke, C., Bassett, D. R. Jr. (2004). How many steps/day are enough? Preliminary pedometer indices for public health. Sports medicine, 34(1), 1-8. Uldal, S. B., Manankova, S., & Kozlov, V. (1999). Choosing a PC-based ECG System for a Mobile Telemedicine unit. The Health News magazine (www.Telemedtoday.com), (pp. 30-31). Woodward, B., Istepanian, R. S. H., & Richards, C. I. (2001). Design of a Telemedicine System Using a Mobile Telephone, IEEE, (pp. 13-15). World Health Organization WHO (1993). Environmental Health Criteria 137, Electromagnetic Fields (300 Hz to 300 GHz), Geneva. World Wide Web (July 2002). Retrieved March 25, 2008, from: http://www.conformity.com/ 0207specific.pdf). Zhao, X., Fei, D., Doarn, C. R., Harnett, B., & Merrell, R. (2004). A Telemedicine System for Wireless Home Healthcare Based on Bluetooth and the Internet. Telemedicine Journal and eHealth, 10(supplement 2), 110-116.

Sensing of Vital Signs and Transmission Using Wireless Networks

ZigBee Standards Organization (January 17, 2008). Copyright © 2007 All rights reserved, ZigBee Specif ication, ZigBee Document 053474r17.

207

208

Chapter XI

Towards Wearable Physiological Monitoring on a Mobile Phone Nuria Oliver Telefonica Research, Spain Fernando Flores-Mangas University of Toronto, Canada Rodrigo de Oliveira State University of Campinas, Brazil

ABSTRACT In this chapter, we present our experience in using mobile phones as a platform for real-time physiological monitoring and analysis. In particular, we describe in detail the TripleBeat system, a research prototype that assists runners in achieving predefined exercise goals via musical feedback, a glanceable interface for increased personal awareness and a virtual competition. We believe that systems like TripleBeat will play an important role in assisting users towards healthier and more active lifestyles.

INTRODUCTION Wearable health monitoring devices have attracted increasing interest in recent years, both in research and industry. The ability to continuously monitor physiological signals is of particular importance for the world’s increasingly aging and sedentary

population, whose health has to be assessed regularly or monitored continuously. It has been estimated that a third or more of the 78 million baby boomers and 34 million of their parents may be at risk for the development of devastating diseases including cardiovascular disease, stroke and cancer. Fortunately, presymp-

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Towards Wearable Physiological Monitoring on a Mobile Phone

tomatic testing could save millions of these lives –and dollars– in the coming decades, according to experts. Wearable physiological monitoring devices are a critical component in preventive medicine where they will play an increasingly important role in the years to come. In addition, a sedentary lifestyle is a major underlying cause of death, disease, and disability. Unfortunately, levels of inactivity are high –and keep increasing– in virtually all developed and developing countries. The World Health Organization (WHO)1 has estimated that 60 to 85% of all adults are sedentary or nearly so. Physical inactivity is the cause of approximately 2 million deaths every year. All causes of mortality are increased by physical inactivity. In particular, it doubles the risk of cardiovascular disease, type II diabetes, and obesity [Booth et al., 2002], [Flegal et al., 1998]. It also increases the risks of colon and breast cancer, high blood pressure, lipid disorders, osteoporosis, depression and anxiety. Chronic diseases are now the leading causes of death in the entire world, with the exception of sub-Saharan Africa. The WHO has estimated that the greatest public health problem in most countries in the world are unhealthy diets, caloric excess, inactivity, obesity and associated chronic diseases. Fortunately, technology can play a very important role to address the reality of an aging, sedentary population. Wearable health monitoring devices will be at the core of this role, since they have the potential to: (1) support the practice of preventive medicine by enabling the detection of early signs of health deterioration; (2) allow daily, casual monitoring, which would lead to finding correlations between lifestyle and health [Oliver and Flores­Mangas, 2007]; (3) notify health care providers in critical situations; (4) enhance the sense of connectedness with loved ones by sharing real-time raw or interpreted physiological data; (5) promote and support an active lifestyle, i.e. a lifestyle that incorporates physical activities, sports and healthy life choices [Andrew et al.,

2007], [cdc, 2005], [Oliver and Flores-Mangas, 2006a]; (6) bring sports conditioning into a new dimension, by providing detailed information about physiological signals under various exercise conditions; (7) bring healthcare to remote locations and developing countries, where cellular phones are pervasive and in some cases the only available communications device; and ultimately (8) transform health care by providing doctors with multi-sourced, real- time physiological data. However, there are still technical, legal and societal obstacles that need to be tackled before these wearable devices are ready for general use. For example, these devices need to be non-intrusive, easy to use, comfortable to wear, efficient in power consumption, privacy compliant, with very low failure rates and high accuracy in triggering alarms, especially if used for diagnostic purposes. In this chapter, we describe our experience in developing wearable real-time health monitoring systems on mobile phones. In particular, we have developed two prototypes that explore the impact of real-time physiological monitoring in the daily life of users: (1) HealthGear to monitor users while they are sleeping and automatically detect sleep apnea events; and (2) MPTrain/TripleBeat, a mobile phone-based system that encourages users to achieve specific exercise goals. The HealthGear prototype has been described in detail elsewhere [Oliver and Flores-Mangas, 2007]. Hence, the focus of this chapter will be the MPTrain/TripleBeat2 prototype. TripleBeat allows users to establish healthy cardiovascular goals from high-level desires (e.g. lose fat); it provides real-time musical feedback that guides users during their workout; it creates a virtual competition to further motivate users, and it displays relevant information and recommendations for action in an easy-to-understand glanceable interface. Note that this chapter is based on research presented elsewhere [Oliver and Flores-Mangas, 2006a], [Oliver and Flores-Mangas, 2006b], [de Oliveira and Oliver, 2008]. The focus of the chapter is

209

Towards Wearable Physiological Monitoring on a Mobile Phone

to provide a comprehensive description of the TripleBeat prototype, to present our results in two user studies and to illustrate with an example the impact that systems like TripleBeat will have in supporting more active and healthier lifestyles. The chapter is structured as follows: First, we review the most relevant previous work in the area of wearable physiological monitoring. Then, we describe the software and hardware architectures of the TripleBeat system, followed by TripleBeat’s signal processing algorithms. TripleBeat’s music selection algorithms, competition and glanceable interface are presented in the next three Sections, followed by the two runner studies that we carried out to validate the system. Finally, we describe future trends in the area of wearable physiological monitoring, present our conclusions and outline our future directions of research.

RELATED WORK A. Wearable Physiological Monitoring Consumer health monitoring devices have become increasingly popular in recent years. In particular, a significant portion of these devices have been developed for the sports conditioning and weight management areas. Some examples include sophisticated watches3 that provide real-time heartrate information and let users store and analyze their data on their home PCs, or an armband with multiple sensors by Bodymedia [Harrison, 2005] to continuously collect physiological data for a few days at a time. The Bodymedia PC software allows users to compute “Lifestyle” information, such as energy expenditure, duration of physical activity, number of steps, etc. their historic sensed data. In the medical domain, there are numerous projects for telemonitoring physiological data [Scannell et al., 1995]. Holter monitors are probably the most common personal medical monitor-

210

ing system. However, they have traditionally been used only to collect data for off-line processing. In addition, multi-sensor systems for physical monitoring and/or rehabilitation typically feature many wires between the electrodes and the monitoring system. These wires may limit a patient’s activity and level of comfort, thus potentially affecting the reliability of the measured results. Therefore, there has been an increasing interest in health monitoring in the wearable computing community. In particular, we shall highlight three lines of research in this domain that we believe are of importance: real-time analysis of physiological information; wireless, non-intrusive physiological monitoring and user-centric systems that are tested on real users. There has been recent work in the area of health monitoring where the devices provide real-time feedback to the patient [Martin et al., 2000], [Cheng et al., 2004] and/or are active nodes of a Personal Area Network (PAN) or Body Area Network (BAN) [Park and Jayaraman, 2003], [fos, 2003], [Paradiso, 2003], [Husemann et al., 2004], [Jovanov et al., 2005]. However, most of the research prototypes in this area have not been validated in user studies with real users. We shall highlight two exemplary projects in the area of wireless sensor networks: the MobiHealth European project [van Halteren et al., 2004] and CodeBlue [Malan et al., 2004]. MobiHealth aims to provide continuous monitoring of patients outside the hospital environment by developing the concept of a 3G-enabled BAN. CodeBlue is a wireless infrastructure intended for deployment in emergency medical care, integrating low-power wireless vital sign sensors, PDAs and PCs. Their research interests include wireless ad-hoc routing protocols, adaptive resource management and the integration of medical sensors with low-power wireless networks. One of the most remarkable research prototypes in the field of wearable physiological monitoring devices is the AMON prototype [Anliker et al., 2004]. It consists of a wearable

Towards Wearable Physiological Monitoring on a Mobile Phone

(wrist-worn) medical monitoring and alert system targeting high-risk cardiac/respiratory patients. The system includes continuous collection and evaluation of multiple vital signs (blood pressure, SpO2, one lead ECG and two-axis accelerometer), multiparameter medical emergency detection (via a rule-based approach with some heuristics) and cellular connection to a medical center. Unlike other research prototypes, the AMON prototype was tested in a medical trial with 33 patients. Even though the trial highlighted some problems with the prototype, it also validated the feasibility of the concepts and solutions adopted by the project. Finally, our work with the HealthGear prototype [Oliver and Flores-Mangas, 2007] was aimed at addressing some of the limitations of previous systems. In particular, HealthGear’s main contributions include: (a) A real-time, light-weight wearable health monitoring architecture to wirelessly send physiological data to a mobile phone; (b) the ability to store, visualize and analyze in real-time physiological data on a mobile phone; and (c) the implementation of two algorithms for automatically detecting sleep apnea events from blood oximetry. In addition, we validated the complete system (hardware and software) in a user study with 20 participants.

B . Physiology and Motivation Health monitoring systems typically assist users in changing their behavior to maintain or improve their health. Therefore, motivation is a key element in these systems. Unfortunately, regular physical activity is part of the lifestyle of a small percentage of the adult population worldwide. Therefore, we believe that a motivational tool to support and encourage active lifestyles would be of great value to a large portion of the population. According to Fogg, persuasive technologies are computer-based tools that persuade people to change their behavior [Fogg, 2002]. Some strategies to successfully implement persuasive systems

include self-monitoring, computer-originated recommendations and tailoring. Researchers in the area of wearable physiological monitoring systems have proposed an array of techniques to motivate users to follow a desired workout routine. In particular, we would like to highlight four distinct methods for persuading users: 1.

2.

Enjoyable interaction: Systems that are fun to interact with are not only more attractive to users, but they also engage the user for longer periods of time. Therefore, it is no surprise to find exercise support systems that exploit the benefits of music on exercise [Reddy and Mascia, 2006], [Oliver and Flores-Mangas, 2006a], [Biehl et al., 2006], include appealing 3D virtual trainers [Buttussi et al., 2006] or bring indoor exercises to virtual environments [Mokka et al., 2003]. Social factors: Social factors are a strong motivating factor. Previous research has supported the value of providing real-time information about the performance of other users who are engaged or have been engaged in the same activity [Vorderer et al., 2003]. Social pressure is so relevant as an external motivational factor that users lose their interest in a competition that is easy to cheat [Sohn and Lee, 2007]. Maitland et al. [Maitland et al., 2006] proposed using a mobile phone as a health promotion tool. Their prototype application tracks the daily exercise activities of people carrying phones –using fluctuation in signal strength. They have validated their system with a short-term user study where participants shared activity information amongst groups of friends, and found that awareness encouraged reflection on, and increased motivation for, daily activity. Brien and Mueller concluded in [O’Brien and Mueller, 2007] that a jogging experience

211

Towards Wearable Physiological Monitoring on a Mobile Phone

3.

4.

supporting a conversation between remote partners during the workout was desirable and motivating. Other systems support interaction with a group of friends or peers via instant messaging after a workout session [Sohn and Lee, 2007]. Awareness of physiological state: Several research prototypes and commercial products, such as the Nike+iPod4 and the Polar watches5 have been developed that improve the jogging experience with information about the user’s performance and workout goals. In such systems, current physiological and activity data collected on-the-fly using accelerometers, heart-rate monitors, GPS sensors, etc. is captured and presented to the user in a general purpose system [Asselin et al., 2005], or targeted to specific groups, such as children [Hartnett et al., 2006] or women [Toscos et al., 2006], [Consolvo et al., 2006], [Gockley et al., 2006]. Unobtrusive and intuitive interaction: A big challenge in wearable exercise and activity monitoring systems is the need to provide users with relevant information without interrupting or disturbing their workout or current activity. One example of unobstrusive notification is the use of sound spatialization to make it easier to identify the position of the partner while jogging apart [Mueller et al., 2007].

The TripleBeat prototype presented in this chapter is a real-time and mobile heart-rate and acceleration monitoring system. TripleBeat stores, analyzes and presents heart-rate and pace information to its users in real-time. In addition, it utilizes an array of persuasive techniques, including: (1) personal awareness by allowing users to monitor their heart-rate and pace in realtime, (2) computer-generated recommendations by providing real-time feedback on what needs to be done to achieve specific workout goals, (3) tailoring by learning from past interactions

212

to provide a personalized experience, (4) social pressure by establishing a virtual competition with other runners, (5) enjoyable interaction via musical feedback and (6) unobtrusive notifications via a glanceable interface.

SYSTEM DESCRIPTION TripleBeat implements three main features to help users achieve their personal workout goals: (1) An automatic music selection algorithm that takes advantage of the music’s tempo to influence the user’s pace, (2) a glanceable interface that provides visual feedback during an exercise session based on physiological information obtained from the user’s heartbeat, and (3) a virtual competition that persuades the user to perform better than his/her opponents in a healthy manner. Next, we describe TripleBeat’s architecture and introduce its music selection algorithm (the glanceable interface and competition are described in later sections). TripleBeat’s architecture is composed of two main components: the Sensing Module and the Mobile Computing Module. The Sensing Module, represented on the left side of Figure 1, includes a set of physiological and environmental sensors, a processing board to receive and digitize the raw sensor signals, and a Bluetooth transmitter to wirelessly send the processed data to a mobile computing device (e.g., smartphone, PDA, etc.). The right side of the Figure depicts the Mobile Computing Module, which gets the sensed data via a Bluetooth Receiver and makes it available to TripleBeat’s software. TripleBeat’s software analyzes the raw sensor data and extracts and logs the user’s heart-rate and pace, in addition to other relevant information (e.g., song being played, percentage of time inside the training zone, etc.). It also selects and plays songs from the user’s Digital Music Library (DML) to help users achieve their workout goals: a song with faster tempo than the current one will be chosen if the user needs to speed up, with similar tempo if the user needs to

Towards Wearable Physiological Monitoring on a Mobile Phone

keep the current pace, and with slower tempo if the user needs to slow down. Figure 2 depicts TripleBeat’s musical feedback data flow. The runner carries a mobile phone while jogging and uses it to listen to music while exercising. Before starting the workout session, the user selects the desired workout goals for that session. Once the user starts running, TripleBeat’s software monitors and logs the user’s heart-rate and running pace. When the song currently being played is about to end –typically with 10s remaining, TripleBeat compares the user’s current heart-rate with the desired target heart-rate according to the pre-selected workout. The Next Action Module determines if the user needs to speed up, slow down or keep the pace of jogging, based on whether his/her heart-rate needs to increase, decrease or remain the same. This information is used by the Music Finding Module to identify the most appropriate song to be played next. As will be described in detail later, the music selection algorithm searches the database for songs that: (1) haven’t been recently played, (2) and whose tempo –in beats per minute– is similar to the user’s current gait plus an amount that is inversely related to the deviation between the user’s actual heart-rate and the desired heart-rate. The user’s performance with respect to the desired workout can be checked at any time via

auditory and visual feedback. In addition, exercise goals and music tracks may also be changed during the workout session. Next, we shall describe TripleBeat’s hardware and software components in some detail.

HARDWARE TripleBeat is implemented using off-the-shelf hardware components, as illustrated in Figure 3: 1.

Alivetec6 Alive heart-rate monitor. Depicted on the right in the Figure. Similar to most wearable heart- rate monitors available in the market, the Alive heart-rate monitor is worn in a chest band. It only weighs 60g (including the battery), and its low-power consumption allows for 60 hours of continuous operation and wireless transmission. Cardiac activity is sensed using a single channel electrocardiogram (ECG), which provides 300 samples per second with a resolution of 8 bits per sample. Additionally, the unit features a 3-axis accelerometer, digitally sampled 75 times per second with 8 bits per sample resolution. A Secure Digital (SD) card for local data storage is also built

Figure 1. TripleBeat architecture

213

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 2. Musical feedback data flow in the TripleBeat system

2.

in, as well as a Bluetooth class 1 transmitter, which is used to send the sensor data to the mobile phone, via the Serial Port Profile protocol. In summary, this device provides continuous and wireless cardiac and motion monitoring for up to one week. Audiovox SMT5600. The processing unit of TripleBeat is the SMT5600 (or Cingular 2125) GSM mobile phone (depicted on the

Figure 3. TripleBeat’s Hardware. Left: Audiovox SMT5600 mobile phone. Right: Alivetec Alive heart monitor

left in the Figure), which features Microsoft’s Windows Mobile 2003 operating system. The mobile phone includes a built-in Bluetooth interface, 32 MB of RAM, 64 MB of ROM, and a 200 MHz ARM processor which allowed TripleBeat to run in real-time. The SMT5600’s battery lasts for about 5 days on stand-by mode. Note that the TripleBeat prototype runs in real-time for about 6 hours uninterruptedly (playing music, updating and displaying the user interface, receiving and storing data), before the mobile phone’s battery runs out. We have experimentally identified the music playing module as the component that drains the most power in the system.

S PROCESSING In order to compute in real-time the user’s heart rate (in beats per minute) and running gait (in

214

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 4. Top: Beat detection (yellow) from a raw ECG signal (blue). Bottom: Gait detection (light blue) from raw Y-acceleration (dark blue)

steps per minute), TripleBeat’s processing unit (i.e. the mobile phone) must continuously receive and analyze raw ECG and acceleration data, wirelessly provided by the sensing module.

C Heart-Rate Computation from ECG An ECG is a record of the electrical activity of the heart over time. This common, non-invasive measurement is typically obtained by positioning electrical sensing leads (electrodes) on the thorax area of the person to be monitored. In our experiments, we used a 2-lead ECG positioned either via a chest band or with 2 adhesive electrodes. The algorithm with which TripleBeat determines the user’s heart-rate from raw ECG data is described below. The top part of Figure 4 illustrates a typical ECG signal (dark blue). Overlaid, the results of

the heart beat detection algorithm can also be observed. The main steps of the algorithm are as follows: 1. 2.

3.

4.

Apply a low pass filter to the raw ECG signal to obtain ECGLowPass. Extract the high-frequency component, named ECGHighfreq, by subtracting ECGLowPass from the original ECG signal. Compute a high-frequency envelope, named ECGHighFreqEnv, by low-pass filtering the ECGHighFreq. Compute a dynamic threshold, named ECGThreshold (on magenta in the Figure), by low-pass filtering from ECGHighFreqEnv using a very low frequency. A heart beat is detected when the high frequency component (ECGHighfreq) is greater than the dynamic threshold (ECGThreshold), provided that no heart beats were detected during the last quarter of a second. 215

Towards Wearable Physiological Monitoring on a Mobile Phone

Table 1. Training zones and their respective exercise types and benefits Healthy (50 60%HR reserve )

Walk: Decrease body fat, blood pressure and cholesterol.

(60

zone, but burns more calories.

70%HR reserve )

Aerobic (70 80%HR reserve )

Steady jog: Improves cardiovascular/ respiratory system and increases heart’s size/strength.

(80

aerobic, but burns more calories (less fat).

90%HR reserve )

Maximal/Red Zone (90 100%HR reserve )

Full out run: Used in interval training.

Figure 5. Histograms, from left to right, of the average tempo and duration of the songs in the DML

5.



6.

216

Compute the user’s instantaneous heart-rate (in yellow on the same graph) as the inverse of the time period between beats and then multiply by 60 to obtain beats per minute (BPM): HR i = 60 ×

1 T imeBetweenBeats



(1)

Heart-rate samples beyond the range 30 < HR <300 BPM are considered spurious and therefore are discarded. Finally, apply a median-filter to HR to obtain the heart-rate HR. Median filtering increases robustness and preserves the edges of the

input signal, effectively removing impulses andutliers [Pitas and Venetsanopoulos, 1990].

F. Music S election Algorithms Audible feedback is provided to the user by TripleBeat in either of two ways: (1) with a metronome or (2) with music. A metronome is a device that produces regular clicking or beeping sounds with a steady tempo. TripleBeat contains a library of metronome tracks with tempi ranging from 100 to 200 beats per minute. Each track is 2 minutes long and

Towards Wearable Physiological Monitoring on a Mobile Phone

a constant tempo is kept throughout the whole track. Two distinct beating sounds can be heard on these tracks. The first sound keeps the tempo. The second sound complements tempo and also indicates rhythm (number of beats per measure). A 4 beat rhythm is used, which means that the second sound is heard after three repetitions of the first one, e.g. tic tic tic toc tic tic tic toc, etc. The motivation for using a metronome in TripleBeat is to isolate tempo from all other musical features that could have an impact in the user’s response, such as perceived tempo, the music’s average energy and its variance, and even emotional factors. Therefore, the metronome mode would provide a better understanding of the impact of tempo in the runner’s pace. Figure 7 shows a typical example of TripleBeat’s music selection algorithm with real data. The top graph shows the user’s heart-rate in red and the target heart-rate is in blue. This graph also highlights 4 heart-rate zones, namely, from bottom to top: (a) temperate, (b) aerobic, (c) anaerobic and (d) maximal [Edwards, 1999]. The workout shown includes sections that fall within the temperate, aerobic and anaerobic regions. TripleBeat keeps runners from reaching the over-exertion region. The bottom graph shows the runner’s actual pace (in green) and the metronome or song’s tempo (in magenta). The highlighted regions in this graph correspond to running paces, from walking to sprinting. During a workout, TripleBeat keeps playing the current track8 until one of the following three conditions is true. 1.

2.

The current track is about to end (e.g. 10s before the actual end): In this case, TripleBeat determines whether the user needs to increase, decrease or keep the actual running pace. This decision is made based on; The workout pattern changes, as when moving from warming-up (about 60% of maximum heart-rate reserve9) to weight management (about 70% of maximum heart-

3.

rate reserve). Regions 1, 3, 4 and 6 of Figure 7 are examples of this situation. In this case, TripleBeat will stop the track currently being played (unless the song has been playing for a short time, e.g. 20s, in which case the song has already been selected based on the new target heart-rate) and will search for a song as described in condition (1), taking into account the difference between desired and current heart-rates, and the current runner’s pace. The user requests to change the song. In this case, TripleBeat selects the a new song from the DML whose features still satisfy the constraints given the current situation.

D. Pedometry from 3-Axis Accelerometry Pedometry is the count of strides that a subject takes. As previously described, TripleBeat’s current hardware features a 3-axis (X,Y and Z) accelerometer. However, the step detection algorithm requires information about vertical (Y axis) acceleration only. Therefore, data from the other two axes is disregarded by the algorithm. The bottom part of Figure 4 shows both standing (flat signal) and walking (oscillating signal) stages of typical, raw, Y-acceleration data (in dark blue), as well as the detected steps by TripleBeat’s algorithm (as positive peaks on the cyan signal). The algorithm used by TripleBeat operates in the time domain and is similar in nature to the heart rate detection algorithm. The raw Yacceleration signal is first low-pass filtered to obtain AccelYLowPass. Another low-pass filter is applied to the original raw Y-acceleration signal using a much lower pass frequency to obtain an adaptive threshold AccelYThreshold (in magenta in the Figure). A step is detected when the filtered signal (AccelYLowPass) is larger than the adaptive threshold (AccelYThreshold). A new step is detected only after the filtered signal has gone below the threshold. The instantaneous number

217

Towards Wearable Physiological Monitoring on a Mobile Phone

of steps per minute is given by the inverse of the time period between detected steps, which is then multiplied by 60 to obtain steps per minute:

SP M i = 60 ×

1 T imeBetweenSteps



(2)

A median filter is also applied to SPMi to obtain the final number of steps per minute, SPM. To validate the accuracy of the proposed heart-rate and pace detection algorithms, we ran a set of experiments comparing the output of our algorithms with that of commercial systems, including the popular Polar heart rate monitor and other standard acceleration-based pedometers [Melanson et al., 2004]. We found no performance differences. Before presenting TripleBeat’s music selection algorithms, we first present some background information on cardiovascular training.

HEART-RATE TARGET ZONES Heart-rate is perhaps the best indicator of the intensity level at which a subject is exercising, as it adapts to the subject’s changes in oxygen requirements. In the sports science community, training zones are the most popular tools to characterize the correlation between the type of exercise with its level of cardiac stress (and in turn with its specific fitness benefits). One of the most effective methods to define training target zones is via the Heart Rate Reserve, HRres, formula, which is defined as the difference between the subject’s maximum heart-rate HRmax, and his/her resting heart-rate HRres. Both maximum and resting heart-rates can be either empirically measured or approximated. Miller’s equation [Miller et al., 1993] is, for instance, a commonly accepted approximation for HRmax. It is given by the expression: HRmax = 217 - (0.85 X age). TripleBeat uses Karvonen’s formula

218

PHRreserve = (HRmax – HRres) × P + HRres

(3)

to define user-specific training zones based on the percentage (P) of the user heart-rate’s reserve. Clearly, user-specific heart-rate zones must be defined using his/her maximum and resting heart-rates. Additionally, note that variations on a user’s heart-rate are relatively slow, requiring seconds or minutes to adjust to a specific range of values. Using HRreserve as a reference point, different zones have been defined using 10% increments. Each zone can then be related to the fitness benefits that will be achieved during a workout [Edwards, 1999]. Table 1 summarizes exercise types and fitness benefits when exercising at each training zone. Based on the user’s personal information and high-level goals, TripleBeat will automatically select the ideal training zone for the user.

MUS AND MUSIC SLECTION ALGORITHMS Auditory feedback is used by TripleBeat to encourage the user to accelerate, decelerate or maintain a running pace, acting as a personal trainer. A key observation is that music improves gait regularity due to its beat, which motivates individuals to maintain a specific pace [Staum, 1983]. When both music and motion are rhythmically similar, they are believed to combine and synchronize.

E. Digital Music Library TripleBeat’s Digital Music Library (DML) is stored in the mobile phone’s memory. In our experiments, the DML consisted of 70 MP3 songs, with durations that vary from just over two minutes to almost six. Tempi ranged from 65 to 180 beats per minute, and the collection spanned a variety of genres including pop, techno, soul and hip-hop, with both instrumental and vocal songs. For each

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 6. Histogram of the genres and subgenres of the songs in the DML

Figure 7. TripleBeat’s music selection behavior

song, TripleBeat stored additional information, such as the song’s tempo7 and energy, both in 20s window intervals and for the entire song. The music selection algorithm described in this Section takes into account the song’s duration and tempo. Figures 5 and 6 show three histograms of the average tempo, duration and genres (and subgenres) of the songs in the DML.

The difference between the user’s average heart-rate, during the last N seconds (where N is typically 25) and the target heart-rate given by the workout. Once it has determined the action to take, the DML is searched for the optimal track to play. TripleBeat analyzes several factors to appropriately choose the next track. Depending on 219

Towards Wearable Physiological Monitoring on a Mobile Phone

the current situation, it will search for a track whose beat is similar, higher or lower than that of the one currently being played, according to the difference between the actual and desired heart-rates. In the event that the workout target is about to change (e.g. within the next 20 seconds), TripleBeat selects a track appropriate to the next workout target. Region 2 in Figure 7 illustrates this behavior. As can be seen in the graph, the user’s average heart-rate (in red) has been lower than the target heart-rate (in blue) during the last N seconds. Because the user is maintaining a running pace close to the current track’s tempo (as can be observed in region 2 of the bottom graph), TripleBeat selects a track with a higher tempo than that of the track currently being played. The increase in the track’s tempo is proportional to the difference between the target and actual heart-rates. Additionally, TripleBeat acknowledges the user’s physical limitations and avoids tempo increments larger than a certain threshold (e.g. 5-10%). Notice how as the tracks’s tempo increases (right part of Region 2 in the bottom graph), the runner’s pace follows, and in turn his heart-rate increases as well (same region, top graph). Therefore, the target heart-rate is closely followed by the subject’s heart-rate. Training workouts should have paces within the typical running region (e.g. 140 to 170 steps per minute). TripleBeat treats paces that are outside the typical running region differently. Tracks with slower or faster tempi will be selected only if (1) the user’s heart-rate must be decreased or increased and (2) the user has been closely following the current track’s tempo for the past N seconds (where N is typically 10). Region 5 of Figure 7 is a good example of this behavior. In this case, the user’s heart-rate is below the target heart-rate and in consequence, TripleBeat tries to speed up the user by selecting a track whose tempo is at the upper limit of the typical running region (first part of region 5, bottom graph). After this change, the user’s heart-rate is still lower than the target, but because he/she still keeps up with

220

the current song’s tempo, TripleBeat now plays an even faster track (middle part of Region 5), which takes the subject into the fast running region. Now, the user’s heart-rate increases accordingly, but he is no longer capable of following the track’s tempo since it is too fast to keep up. In consequence, the next track (last segment of Region 5) will be chosen with a slower tempo, hoping that the user may synchronize back to it. The previous analysis leads to a noteworthy phenomenon, which is supported by our experimental data: if a user is running at a significantly different pace than the tempo of the track being played, the system will have difficulty inducing running pace changes to effectively guide the user’s heart-rate. However, if the user’s pace is within a small range (e.g. 5 to 15 bpm) of the track’s tempo, he/she will often synchronize his/her motion to the track’s beat, allowing for efficient heart rate control. The current implementation of TripleBeat makes use of two empirically learned functions, one that maps the influence of the music’s beat with the running pace and another one that maps running pace with physical stress (heart-rate). The data used to parameterize these functions was obtained from a varied population of runners which allows TripleBeat to make statistically accurate track selections. We envision further versions of the system that will continuously incorporate user-specific information into these functions in order to increase the accuracy and effectiveness of the track selection algorithm.

VIRTUAL COMPETITION & GLANC EABE INTERFACE In this Section, we focus on TripleBeat’s two additional persuasive techniques to motivate runners in achieving their exercise goals: (1) a virtual competition with other runners and (2) real-time personal awareness via a glanceable interface.

Towards Wearable Physiological Monitoring on a Mobile Phone

G. Virtual Competition as a Persuasive Technique A hypothesis that we wanted to validate with the TripleBeat prototype was that users can be more motivated to achieve their predefined workout goals when participating in a social competition. Therefore, TripleBeat was designed to create challenges between the user and other runners, including fictional runners, real runners that have previously run with the system, or the actual user on past runs. The main feature of TripleBeat’s competition approach is that it does not reward runners who run faster, burn more calories or arrive earlier to a particular landmark. The competition is instead defined by how well users achieve their predefined goals, thus encouraging users to workout in a healthy manner (i.e. maintaining their heart-rate as close as possible to the suggested target heart-rate). In the following, we describe how TripleBeat evaluates competitors during the workout and how it selects appropriate opponents according to the user’s profile. 1.



Performance score function: A well-designed competition defines an unbiased score function that summarizes how well users achieve their predefined exercise goals. This score function should ensure the user’s success in achieving the predefined workout goal while feeling appropriately challenged. Users typically lose interest in competitions that others could easily cheat on, or that require a skill level significantly lower or higher than their own. In addition, if the score function persuades runners to go beyond their physical limits, consequences could be dangerous. Therefore, we designed a score function that is safe, fair and easy to understand. The score function consists of the linear combination of two components. The first component, ZoneAccur guarantees that the

partial computed score is always proportional to the amount of time spent by a certain runner inside the proposed training zone. Equation 4 presents a cumulative measure for this score:





ZoneAccur (x ) =

(4)

where x is the duration (in seconds) of the workout. As can be noticed, the score given by Equation 4 always has a value in the interval between zero and one. The closer the value to 1, the closer the user’s performance to his/her desired high-level goals –i.e heartrate remains inside the proposed training zone more often. The ZoneAccur function correctly correctly the runner’s performance according to the competition criterion. However, it still lacks information on how accurate the runner’s heart-rate is in relation to the target heartrate. In other words, if two runners spend the same amount of time inside their target zones, ZoneAccur will not identify which one is doing better than the other, i.e. whose heart-rate is on average closer to the target heart-rate. Therefore, we added a second component to the score function named Heart-Rate Accuracy(HRAccur), and given by Equation 5.

HR

Accur

(x ) =

|f ac (x ) |HR target

lowest | lowest |

(5)

where f ac (HR ) = HR | HR target

1.5

SecondsInZone x

target

+

HR |

2 × HR target

| HR target

1.5

(6) HR |

2 × HR target

2

, (7)

221

Towards Wearable Physiological Monitoring on a Mobile Phone

lowest = min (f ac (HR rest ), f ac (HR



max

))

(8)

where HRtarget is the target heart-rate and HR is the current heart-rate. Note that the Heart-Rate Accuracy function reaches its highest value on the HRtarget and falls as a hyperbolic function, reaching zero when HR = HRrest. The hyperbolic function was chosen to benefit runners that maintain their heart-rate closer to the HRtarget, and penalize those that deviate from it. TripleBeat computes the final score as a linear combination of HR Accur and ZoneAccur, given by:

Figure 8. Example of the score function computed for a hypothetical runner with constant heart-rate acceleration of 1 beat/second, resting heart-rate of 45 BPM and maximum heart- rate of 195 BPM. The cumulative score increases as the runner’s heart-rate approaches the target heart-rate band (Zone Lower Bound: 136 BPM) and decreases as the heart-rate leaves the target heart-rate band (Zone Upper Bound: 150 BPM). Note that Zone Accuracy and THR Accuracy are normalized by the runner’s target heart-rate of 143 BPM to ease visualization.

Score (x ) = 0 .5 × HR Accur (x) + 0 .5 × ZoneAccur(x )

(9) Figure 8. illustrates the behavior of the score function computed for a hypothetical runner TripleBeat computes the score function given by Equation 9 every second to determine the positions of every runner in the competition. Another attribute computed during workout is the score difference between opponents in a 0 - 100 scale for feedback purposes. 2. Real-time Competition and Opponents Selection: In addition to ensuring a fair score function, an engaging and motivating competition needs to provide opponents of similar skill level when compared to the user. In order to do this, TripleBeat stores information about all the runners and their performances. Before starting a workout, the user is given the option to select his/her competitors manually or automatically. TripleBeat’s automatic opponent selection algorithm uses a variation of the k-nearest neighbor algorithm to choose registered users whose scores are the closest to that of the current user. In addition, TripleBeat always selects at least one opponent with slightly better performance than the user.

H. A Glanceable Interface as a Persuasive Technique TripleBeat provides real-time feedback about the runner’s physiological responses, both auditory –via the selected music– and visual –by means of its graphical interface. A major constraint in designing a user interface for a mobile phone is its reduced screen. In addition, mobile users add the challenge of having to interact with the device while in motion. The information displayed on the mobile phone, when appropriately presented,

222

Towards Wearable Physiological Monitoring on a Mobile Phone

should enhance and support the runner’s decision making process during the workout. Therefore, we developed a glanceable interface for the TripleBeat system that would enable quick intake of visual information with low cognitive effort. Figure 9 displays two exemplary screenshots of TripleBeat’s glanceable interface. The screenshot on the left of the Figure illustrates the visual feedback when the the runner needs to take an action to move inside the proposed training zone. TripleBeat displays a red background and other visual clues (i.e. plus/minus signals, heart-rate difference) to indicate that the runner needs to increase or decrease the running pace. On the other hand, the screen turns green when the user’s heart-rate enters the training zone, as shown on the right screenshot. Accurate real-time information (obtained every second) is critical to increase the runner’s personal awareness during the monitored workout. Moreover, TripleBeat’s interface presents information about the competition, such as the runner’s current position and the difference in score to the next and previous opponents. Finally, the bottom part of the interface displays the total number of calories burned, the workout elapsed time and the name of the song being played.

Figure 9. TripleBeat’s V2 glanceable interface. The screen on the left uses red color semantics to inform the user that his/her current heart-rate is outside the suggested training zone. The plus sign indicates the need to speed up the heart-rate by 6 BPM. The screen on the right illustrates the case where the user’s heart-rate is inside the target zone –hence the green background color. In this case, TripleBeat displays the actual heart-rate, as there is no need to increase or decrease the heart-rate. The user’s position in the competition is shown on the right side of the interface. Right below, there are the names and distance in score to the opponents. The lower part of the interface displays, from left to right, the total number of calories burned and the total time of workout. Finally, the name of the song currently being played is shown at the very bottom together with a progress bar underneath

MUS FEEDBACK USER STUDY To validate the TripleBeat prototype, we conducted two user studies. The goal of the first user study was to validate TripleBeat’s musical feedback as a persuasive technique. The second user study was designed to evaluate TripleBeat’s two other persuasive techniques: its glanceable interface and virtual competition. This Section is devoted to describing the first user study, while the next Section will present the results of the second user study. The first user study expanded for a period of 9 weeks. Participants were amateur runners who ran with

the TripleBeat system for up to 4 running sessions of 42 minutes long each. Note that the TripleBeat system that runners used in the first user study was the first version of the system, named MPTrain or TripleBeat V1. TripleBeat V1 did not have a glanceable interface nor a virtual competition feature. Its only persuasive technique was the musical feedback. Figure 10 depicts TripleBeat’s V1 user interface. As shown in the Figure, this user interface significantly differs from TripleBeat’s V2 glanceable interface, depicted in Figure 9.

223

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 10. TripleBeat’s V1 main user interface

I. Hypotheses

a.

The main hypotheses for this first user study were: 1.

2.

3.

Runners listening to music or metronome as selected by TripleBeat are able to achieve their predefined workout goal better than when running without any music or with randomly selected music; Runners listening to TripleBeat’s music enjoy their workout more than when running without music or with randomly selected music; Runners listening to TripleBeat’s auditory feedback perceive their run as more effective towards reaching their workout goal than when running in silent or random modes.

J . Measures In order to investigate the validity of the hypotheses previously presented, we quantitatively measured the following variables:

224

b.

c.

Task performance: Task performance was measured by the % of time that the user spent running inside the training zones associated to the proposed workout pattern. In practice, this was computed as the % of time that the user’s % heart-rate reserve (see Equation 3) was within a [-5, +5]% range of the target percentage of heart-rate reserve, as commonly defined in the exercise physiology literature [Edwards, 1999]; Enjoyment: A subjective quantitative measure about the runner’s enjoyment of the workout. We obtained this measure via a post-run questionnaire in which participants had to: (1) rate their run on a scale from 1 to 10 in terms of enjoyment and (2) compare it to previous runs with and without the system; Perceived usefulness: A subjective quantitative measure about the runner’s perception about the exercise effectiveness towards achieving the workout goal. We obtained this measure via a post-run questionnaire in which participants had to: (1) rate the

Towards Wearable Physiological Monitoring on a Mobile Phone

run’s effectiveness on a scale from 1 to 10 and (2) compare it to previous runs with and without the system.

K. Design We designed four running sessions to evaluate the impact of TripleBeat’s musical feedback. Each session corresponded to one of the following running conditions: 1.

2.

3.

Mute condition: Participants had to run and follow the proposed workout without any audio feedback; Random condition: Participants had to run and follow the proposed workout listening to random music; Metronome condition: Participants had to run and follow the proposed workout listening to a metronome controlled by TripleBeat;

4.

TripleBeat condition: Participants had to run and follow the proposed workout listening to songs selected by TripleBeat.

All participants first ran in the mute condition, which was useful to give them a certain level of expertise with the system’s hardware and software. In addition, we could also obtain good estimates of each participant’s resting and maximum heart-rates. The order for the rest of the running conditions was randomly assigned to participants to avoid bias. We carried out a statistical analysis of the participants’ data by means of a factorial within-subject design with one independent variable, named condition (referred to each of the running sessions). In the remaining of the discussion we will refer to the runs with auditory feedback as TripleBeat/Metronome, without distinguishing between them. We shall present quantitative and qualitative differences between them in Section P.

Figure 11. Detail of the heart-rate zones defined for 2 of the workout regions. The Figure highlights the areas where the runner’s heart-rate is within the band for each of the running conditions

225

Towards Wearable Physiological Monitoring on a Mobile Phone

L. System Setup All participants used the same hardware and software. We used an AliveTec ECG and acceleration monitor attached to either a leather chest-band that contained the 2-lead ECG sensors or to 2 adhesive ECG electrodes. The sensors were wirelessly connected to an Audiovox SMT5600 mobile phone running the TripleBeat’s software. The same Digital Music Library was used for all runners to ensure consistency among running sessions (see Section -D). In addition, we offered an armband pouch to carry the mobile phone during sessions. Interestingly, the pouch was used by 50% of the runners. The other 50% of runners preferred to track their performance visually and therefore chose to carry the phone in their hand.

M. Participants Participants were recruited by email advertisement within a big corporation. Twenty participants10 (13 men and 7 women) ran at least once with the system. The average age was 36 years, ranging from 24 to 63, and all participants were regular runners of various levels of expertise and fitness (4 runs of 52 minutes per week on average). From the 20 participants, 13 (9 men and 4 women) completed at least three runs with the system and 7 finished only one or two runs due to traveling, injury (not related to the user study) or sickness. About 35% typically ran with partners (7 participants), 60% had worn a heart rate monitor while running (12 participants), but only 40% wore one regularly (8 participants). With respect to their music listening habits, 12 participants regularly listened to music while exercising. The two main reported reasons for listening to music were because music “helped pass time faster” (11 participants) and “helped them maintain a certain pace” (10 participants). In the group of runners who did not enjoy running with music (8 participants), the most commonly cited reason

226

was that “the music device was too cumbersome” (5 participants).

N. Task Each running session consisted of a 42 minute workout in which participants had to follow the training pattern displayed on the phone (see Figure 12). The workout included a warm up of 5 minutes (65% of heart- rate reserve), three jogging periods of 8 minutes (75% of heart-rate reserve), two running periods of 4 minutes (85% of heart-rate reserve), and a cool down phase of 5 minutes (65% of heart-rate reserve). Moreover, all participants were asked to run on the same trail for all of the runs in the study, and preferably on a flat surface. Note that the current version of TripleBeat does not account for incline on the terrain. Therefore, all changes in the runner’s heart-rate are assumed to have been caused by changes in the runner’s pace.

O. Procedure Participants took part in up to 4 running sessions on 4 separate days. Each session corresponded to a running condition: (1) mute or without music; (2) random or with randomly selected music; (3) Figure 12. Workout pattern used in the musical feedback runner study

Towards Wearable Physiological Monitoring on a Mobile Phone

Table 2. Performance under each of the running conditions Running Condition Mute

Random

TripleBeat/ Metronome

M e a n % Ti m e H R in Range

42.6

41.7

54.0

Mean HR Error (% of reserve)

5.1

4.1

2.5

M e a n % Ti m e SPM in Range

N/A

7.0

33.1

Best Mode (%)

30.8

7.7

61.5

B e s t S P M ( %)

N/A

11.1

88.9

metronome or with a metronome as selected by TripleBeat; and (4) TripleBeat or with music as selected by TripleBeat. Before their first session, participants filled out an online questionnaire to record personal data and attributes, including their exercise and running experience. The first running session started with instructions and a demonstration on how to use the TripleBeat prototype. Next, they were asked to put on the system to verify that the hardware was properly working and to compute their resting heart-rate. Finally, they were shown how to use TripleBeat’s user interface. The goal of the study was emphasized during this set-up period: participants were supposed to achieve the workout pattern that appeared on the phone’s interface and is depicted in Figure 12. Once they were confident with how to use the system (typically after 5 or 10 minutes), they were sent off for a 42 minute run in mute mode (e.g. without any music). After the run on mute mode was finished, they returned the system to us and were asked to fill out an online post-run questionnaire for the mute condition. The running conditions for the rest of the sessions were randomized. After each session, they were asked to fill out the corresponding online post-run questionnaire.

To further motivate the runners to achieve the workout goals, we offered a 50$ gift certificate to the runner whose heart-rate best tracked the desired workout heart-rate in any of the running conditions.

P. Data Analysis Table 2 summarizes the quantitative analysis of the data. Note that the Table contains the average results for the TripleBeat and Metronome modes, in order to better understand the impact of providing auditory feedback to the user versus not. The differences between the TripleBeat and Metronome modes appear in Table 3. Finally, the highlighted cell on each row corresponds to the best condition. The first row of Table 2 contains the mean percentage of time that the runner’s percentage of heart-rate reserve was within a [-5+5]% band of the desired percentage of heart-rate reserve. The second row contains the mean error in the runner’s heart-rate when compared to the desired heart-rate (in percentage of heart-rate reserve). The mean percentage of time that the runner’s pace (in steps per minute or SPM) was within a [-5+5]% band of the desired tempo (in beats per minute) appears in the third row. The percentage of time that each mode was the best mode – as measured by how well it helped the runner achieve the workout goal – is summarized in the fourth row. Finally, the last row contains the percentage of time that the runner’s pace best matched the desired tempo, for each of the running conditions. 1.

TripleBeat’s music vs. metronome: Our study revealed significant quantitative and qualitative differences between the TripleBeat and Metronome modes11. Table 3 summarizes the quantitative measures for the TripleBeat vs Metronome conditions. As can be seen on the Table, the Metronome mode was superior to TripleBeat in all quantitative measures.

227

Towards Wearable Physiological Monitoring on a Mobile Phone

Table 3. Performance of the triplebeat versus metronome condition Running Condition TripleBeat

Metronome

Mean % Time of HR in Range

45.7

62.3

Mean HR Error (% of reserve)

3.2

1.8

Mean % Time SPM in Range

25.6

40.6

Best Mode (%)

23.1

38.5

Best SPM (%)

33.3

55.6

Some of the reasons that might have contributed to the Metronome’s superior performance include: (1) In order to minimize the differences between participants, all runners ran with the same music, instead of using their personal music collection. Consequently, some participants were more familiar with the songs than others and some enjoyed the music selection more than others. This fact had an impact on how well they could identify the songs’ tempi. Conversely, all runners were able to quite easily identify the metronome’s tempi; (2) Some of the songs probably elicited an emotional response in some of the runners. This effect was certainly non-existent with the metronome; (3) About 20% of the runners did not identified the tempo of the songs correctly. Therefore, they synchronyzed their pace to their perceived tempo rather than the actual tempo. This phenomenon never occurred with the metronome. In terms of enjoyment, the TripleBeat condition was significantly more enjoyable than the Metronome, as explained in Table 4) and Section -Q. 2.

228

Individual differences: During the study, we observed significant personal differences from participant to participant. Note that TripleBeat is designed to be a highly personal and adaptive system. However, in



this study, we asked all participants to do the same workout routine and to listen to music from the same DML. Therefore, not all participants responded the same to the workout routine and music selection. The task performance for the 13 participants who completed the runs under the mute, random and TripleBeat and/or Metronome conditions is depicted in Figure 14. In both graphs, the X-axis corresponds to the participant’s number. The Y-axis corresponds to the % of time that the runner’s heart-rate was within the target zone (top graph) and the runner’s pace was within the target tempo (bottom graph). From the Figure, we can identify 3 groups of individuals, based on their response to TripleBeat’s auditory feedback: 1.

2.

Almost 50% of the participants responded very well to TripleBeat’s coaching style via auditory feedback. These runners consistently adjusted their pace with the music. In consequence, their heart-rates tracked significantly better the desired workout than in the conditions without any explicit feedback (mute and random). Arrow 1 on the Figure points to an exemplary runner belonging to this group. A second group of runners (about 30%) adjusted their pace as needed, but did not achieve a significant improvement with respect to the mute and random conditions. We believe that runners in this group would perform better with practice. Interestingly, in a few cases runners in this group adjusted their pace incorrectly. For example, when the system was cueing them to run faster, they would slow down and vice-versa. We shall address this topic later. Arrow 2 points to an exemplary participant from this group.

Towards Wearable Physiological Monitoring on a Mobile Phone

3.

Finally, about 20% of the runners did not change their running pace when cued by the system. These runners seemed to be very accustomed to their running habits and workout. Therefore, they did not deviate from them during the study, even though they knew that they had a specific workout goal to achieve. Arrow 3 illustrates an exemplary runner in this group.

Figure 13. Desired (blue) and actual (red) heart rate for a runner on mute (left), random (middle) and TripleBeat/Metronome mode (right). Note how in the TripleBeat/Metronome condition the runner’s heart-rate follows the desired heartrate

Figures 13 and 15 illustrate the impact of TripleBeat’s auditory feedback on two different runners. An exemplary performance of the same runner under the mute, random and TripleBeat/Metronome conditions is depicted in Figure 13. The runner’s actual and desired heart-rates are shown in red and blue respectively. As can be seen in the Figure, the runner’s heart-rate nicely tracks the desired heart-rate only in the TripleBeat/Metronome condition, being unable to do so in any of the other conditions. The impact of the auditory feedback on this runner is very significant. Finally, Figure 15 shows the performance of a different runner with the Metronome condition. This Figure illustrates the impact that the running pace has on the runner’s heart-rate. On the top, there is the runner’s actual (in red) and desired (in blue) heart-rates. On the bottom, there is the runner’s actual pace (in blue) and the metronome’s tempo (in green). Note how the runner’s pace closely adjusts to the metronome’s tempo. This causes his heart-rate to increase or decrease accordingly. In consequence, the runner’s heart-rate tracks the desired workout heart-rate very well. In order to further understand individual differences, we carried out a small user study. With this study, we wanted to understand the differences between actual and perceived tempo. In addition, we intended to explore which music features might have an impact on the perceived tempo of a song. The main result of this study was that subdivisions of the major tempo in a song have a

229

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 14. Top Graph: Percentage of time spent within a 5% band of the target heart-rate for 13 runners, where cyan corresponds to mute mode, blue to random mode and maroon to TripleBeat/Metronome mode. Bottom Graph: Percentage of time spent within a 5% band of the target tempo for the same 13 runners, where cyan corresponds to mute mode, blue to random mode and maroon to TripleBeat/Metronome mode

substantial impact its perceived speed. The results of our study also suggest that such a perception is shared between subjects. Therefore, it could be possible to add the user’s perceived tempo to TripleBeat’s song metadata and use that tempo in the music selection algorithm. We plan to do so in the next versions of the system.

the running condition that scored highest for each of the questions. We shall highlight a few observations that can be drawn from the Table: 1.

Q. Questionnaire Analysis Table 4 summarizes our findings from the postrun questionnaires. The figure in bold highlights

230

2.

Under the TripleBeat/Metronome condition, runners perceived that they ran for a longer distance than in any other condition, even though the workout duration was exactly the same for all conditions. The prototype was reported to be less cumbersome (second row on Table) when running on TripleBeat/Metronome mode.

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 15. Top Graph: Desired (blue) and actual (red) heart-rate for a user running on Metronome mode. Bottom Graph: Metronome’s tempo (green) and user’s pace (blue) in steps per minute. Note how well the user is able to track the metronome’s tempo with his pace. In consequence, his heart-rate nicely tracks the desired heart-rate

3.

4.

The workout was considered more effective – both than average and within the study – and more enjoyable – both than average and within the study – when running on TripleBeat/Metronome mode than on any other mode (rows 4, 5, 7 and rows 6, 9, 10 respectively). Finally, participants found that the music as selected by TripleBeat strongly matched the workout goals and assisted them in achieving those goals (rows 11 to 14).

GLANCABLE INTERFACE & CMPETITION USER STUDY The first runner study was designed to validate the impact of musical feedback to assist runners in their workout. Therefore, the second user study was dedicated to analyzing the impact of a glanceable interface and a virtual competition. In the following, we shall refer to the TripleBeat system without glanceable interface and competition features as TripleBeat V1 or V1. The

prototype with full functionality will be referred to as TripleBeat V2 or V2. TripleBeat’s V1 and V2 user interfaces are depicted in Figures 10 and 9, respectively. Note that the first version of the TripleBeat system that was used in the first user study (TripleBeat V1) neither included a glanceable interface nor a competition feature.

R Hypotheses The goals of the second user study were to: (1) Evaluate TripleBeat’s V2 efficacy in assisting runners to achieve a predefined workout when compared to V1; (2) Evaluate TripleBeat’s V2 enjoyment of use when compared to V1’s and (3) Validate TripleBeat’s V2 persuasive techniques. The main hypotheses for this user study were: 1.

2.

Runners using TripleBeat V2 are more effective in reaching their predefined workout goals than when using TripleBeat V1; Runners using TripleBeat V2 enjoy their workout more than when using TripleBeat V1.

231

Towards Wearable Physiological Monitoring on a Mobile Phone

Table 4. Summary of questionnaire answers Running Condition

the system’s efficacy (reported in post-run questionnaires answered after each of the running sessions); Enjoyment: This measure evaluates the quality of the user experience, particularly in terms of the enjoyment of their interaction with the prototype. We captured this measure subjectively via appropriate postrun questionnaires given to the participants after each of the running sessions.

Mute

Random

TripleBeat

Metron.

> 5 miles (%)

76.4

76.5

92.3

81.8

not cumbersome

76.4

64.7

92.4

91.0

more energy

76.4

94.1

76.9

91.0

more effective

70.7

88.2

84.6

91.0

more effective towards workout goals

64.7

64.7

84.6

91.0

equally or more enjoyable

52.8

76.5

76.9

63.7

T. Design

more effective within study

N/A

29.4

76.9

77.8

worked harder within study

N/A

29.4

23.1

36.4

more enjoyable within study

We designed two assays in order to investigate the advantages of the proposed persuasive techniques:

N/A

76.5

92.3

54.7

music increased enjoyment

N/A

77.62

100

81.8

music s l i g h t l y matched workout goals

N/A

23.5

46.2

45.5

music s t r o n g l y matched workout goals

N/A

0.0

30.8

27.3

music s l i g h t l y assisted achieving goals

N/A

35.3

46.2

45.5

music s t r o n g l y assisted achieving goals

N/A

0.0

38.5

36.4

S . Measures Thus, two measures were quantitatively evaluated in the study: 1.

232

Efficacy: This measure quantifies how often the runner’s heart-rate remains inside the proposed training zone. We captured this measure objectively, by computing the percentage of time spent running inside the training zone12 , and subjectively, by asking participants about their impressions over

2.

1.

2.

TripleBeat V1 vs TripleBeat V2: The first assay evaluated efficacy and enjoyment of TripleBeat V1 and V2. This assay investigated the relevance of V2’s novel persuasive techniques in the context of personal monitoring systems; Competition vs No Competition: The second assay evaluated efficacy and enjoyment of TripleBeat V2 with and without competition. The goal was to investigate the impact of social pressure.

U. Participants Ten participants13 (8 men and 2 women) were recruited by email advertisement within a big corporation and completed all the user study requirements, including all running sessions and surveys. Their ages ranged from 25 to 41 years (x = 33). All participants were in good health and 9 were regular runners. Interestingly, the only participant that was not a regular runner chose the lowest intensity workout that corresponded to a brisk walk. With respect to the 9 regular runners, they ran an average of 4 times per week with an average of 56 minutes per workout session. Only 3 runners

Towards Wearable Physiological Monitoring on a Mobile Phone

confirmed their experience or interest in running with other partners, mostly to increase their motivation towards finishing the workout. The remaining 6 runners pointed out two advantages for running alone: no need to match schedules (2 participants) and flexibility in coordinating personal workouts (4 participants). When asked about their experience on carrying a cell phone while running, 9 participants reported not using it for a variety of reasons, including not having a place where to put it, worrying about it getting damaged, not being able to talk and run, avoiding interruptions, and not being able to play music with it. In terms of their habits in listening to music while running, 5 participants reported listening to music with a portable media player during workout. The two main reasons for listening to music were that music was good to (a) make you forget the physical effort (3 participants) and to (b) focus on the workout (2 participants). Those who did not like listening to music while exercising found quiet runs with less distraction to be more enjoyable. With respect to personal monitoring during workouts, 2 participants frequently wore heartrate monitors and 6 had a prior experience with it. The main benefits pointed out were the ability to be aware of the training zone and to pace the effort during the run. Conversely, the other runners considered heart-rate monitors to be somewhat inconvenient and of questionable usefulness. Finally, 4 participants were familiar with the TripleBeat V1 system as they had participated in the previous TripleBeat runner study, described in Section H.

V. Task Participants took part in 3 to 4 outdoor running sessions, each divided in 3 phases: an initial warm up of 3 minutes, the actual workout of 40 minutes (where physiological and pace data were recorded and analyzed), and finally a cool down of 3 minutes. Each session corresponded to one of the following running conditions:

1.

2.

3.

4.

TripleBeat V1 Baseline: All participants did their first run with the TripleBeat V1 prototype, because TipleBeat’s V2 virtual competition requires a database of previous runs before it can select opponents for any given user. Note that this restriction could prevent fair comparisons between the TripleBeat V1 and V2 systems, as every runner would have had their first run with V1, thus biasing the results. Therefore, we requested an additional run with TripleBeat V1 for some of the runners, and designed the appropriate methodology for unbiased data analysis, as explained below; TripleBeat V2 (No Competition): Five participants were randomly chosen to do their second running session with TripleBeat V2 without the virtual competition. The following session for this group of runners was a third run with TripleBeat V2 in competition mode. For this session, runners were given the option of choosing their opponents either manually or automatically, based on their best previous run; TripleBeat V2 (Competition): Likewise, the remaining five participants did their second running session with TripleBeat V2 in competition mode and their third run without the competition information; TripleBeat V1 Last Run: This fourth session was created explicitly to address the bias issue raised by the first session, TripleBeat V1 Baseline. We randomly asked five participants to do a last run with TripleBeat V1. Therefore, the data analysis for the first assay could be performed by splitting the sample in two halves: one in which we considered the data from the first interaction with the V1 and V2 systems, and another in which we considered the data from the last interaction with them. This way, we could ensure a fair comparison on the first assay while still supporting the second assay.

233

Towards Wearable Physiological Monitoring on a Mobile Phone

In sum, the four running sessions were conducted considering the sample division in four groups as depicted in Table 5. The first assay compared TripleBeat’s V1 and V2 interfaces by considering data from the first interaction with the prototype on groups 1 and 2 (note that the 3rd run in these groups was ignored to avoid bias, as previously explained), and the last interaction for groups 3 and 4 (likewise, the 1st and 2nd runs in these groups were ignored). As for the second assay, all values collected with TripleBeat V2 were used, because five runners started in competition mode (groups 2 and 3) and the remaining five started without it (groups 1 and 4).

W. Procedure Before each running session, we gave participants detailed instructions on how to use the prototype, followed by a demonstration. We also used this setup period to emphasize the goal of the study to the runners: to achieve their predefined workout goal by keeping their heart-rate as close as possible to the desired heart-rate. Participants had the chance to explore the interface before each running session, in order to become more familiar and confident in their use. This process typically

took around 10 minutes. Once they were ready, they were sent off for a 46 minute exercise session (40 minutes of workout and an additional 6 minutes of warm up and cool down phases). Note that two system parameters were pre-determined by us for this study: the workout duration and the number of opponents for the virtual competition (two opponents). With respect to the workout intensity, we allowed participants to select their preferred one among 4 options, ranging from an active walk or intensity level 1 (55% of HRres) to cardio/strength gain or intensity level 4 (85% of HRres). All levels of intensity were covered in this user study, as each of the intensities ranging 1 through 3 were chosen by 20% of the runners, and intensity 4 was selected by the remaining 40%. Once runners chose an intensity level, they were required to keep the same level for all the running sessions in the study. Figure 16 presents an example of the typical setup screens shown by TripleBeat V2. Note that the right-most screen in the Figure was only shown during the competition session. As soon as the running session was over, participants returned the equipment in person to the experimenter. They typically provided informal,

Table 5. Sample division in four groups to enable comparisons between triplebeat v1 and v2 on the first assay, and triplebeat v2 with and without competition on the second assay

234

Group Group 1

Subjects 1 and 2

Group 2

3, 4 and 5

Group 3

6 and 7

Group 4

8, 9 and 10

Running Sequence 1) TripleBeat V1 2) TripleBeat V2 (no competition) 3) TripleBeat V2 (competition) 1) TripleBeat V1 2) TripleBeat V2 (competition) 3) TripleBeat V2 (no competition) 1) TripleBeat V1 (just for baseline) 2) TripleBeat V2 (competition) 3) TripleBeat V2 (no competition) 4) TripleBeat V1 1) TripleBeat V1 (just for baseline) 2) TripleBeat V2 (no competition) 3) TripleBeat V2 (competition) 4) TripleBeat V1

Towards Wearable Physiological Monitoring on a Mobile Phone

oral feedback, in addition to filling out the corresponding post-run online questionnaire. All runners were asked to select a flat route at their convenience and to use the same route in all their running sessions.

1.

X. Data Analysis As stated before, we performed two assays (efficacy and enjoyment) with two treatments each. The treatments for the first assay were TripleBeat V1 and TripleBeat V2, and for the second assay, TripleBeat V2 with and without competition. The sample was submitted to all treatments and data analysis was carried out using an analysis of variance (ANOVA). The runners performance variate was transformed using arcsin of the square root of the percentages, a standard procedure applied whenever the residues do not follow the normal distribution. In the following, we present and discuss our results in the evaluation of efficacy and enjoyment for TripleBeat V1 and V2. Table 6 summarizes the results of the objective measures for each of the assays14.

Figure 16. TripleBeat’s V2 setup workout interface. The left screenshot captures the user’s decision for a walking exercise by selecting the “Stay active” goal. The right screenshot reveals the user’s preference for an automatic approach to select his/her opponents







First Assay. TripleBeat V1 vs V2: On average, 57.1% and 82.8% of the participants workout time was spent exercising inside the proposed training zone when using TripleBeat V1 and V2 respectively. These averages reveal a significant difference (p < 0.05; n = 10) between both prototypes. Therefore, we conclude that TripleBeat V2 was more effective than TripleBeat V1 in keeping runners inside their desired training zone. Moreover, Table 7 shows that 100% of the subjects spent more time inside the proposed training zone when running with TripleBeat V2 than with V1. In the subjective evaluation of efficacy, we asked participants if their experience with each of the systems was more effective, about the same or less effective than any of the runs they had in the past. TripleBeat V1 was considered more effective by 4 subjects while TripleBeat V2 doubled this preference (8 participants). Such significant difference in the perception of efficacy corroborates the objective performance evaluation results. Therefore, both objective and subjective evaluations of efficacy lead us to conclude that TripleBeat V2 was more effective than TripleBeat V1 in assisting runners to achieve their exercise goal. Participants also revealed the main reasons of efficacy for each of the systems. Musical

Table 6. Percentage of the workout time spent inside the proposed training zones for all subjects and their running sessions Subjects 1 2 3 4 5 6 7 8 9 10

V1

V1

V2

V2

33.2% 6.2% 86.2% 5.4% 85.1% 75.4% 93.2% 80.5% 18.5% 69.8%

— — — — — 25.5% 94.2% 71.0% 73.7% 90.7%

49.3% 68.3% 100% 19.3% 100% 61.1% 99.6% 83.2% 94.2% 96.4%

99.9% 29.6% 100% 50.2% 100% 86.9% 89.5% 99.7% 100% 99.7%

235

Towards Wearable Physiological Monitoring on a Mobile Phone







2.

feedback and the heart-rate graph monitor were considered the most important reasons for efficacy with TripleBeat’s V1 interface (5 and 4 subjects respectively). Interestingly, the primary reason for TripleBeat’s V2 efficacy was its glanceable interface (8 subjects). Figure 17 summarizes these results. With respect to the subjective evaluation of enjoyment, we asked participants to rate their experience as being more enjoyable, about the same or less enjoyable than any of the runs they had in the past. No significant difference could be observed in this evaluation between TripleBeat V1 and V2: TripleBeat V1 was considered more enjoyable by 5 subjects and V2 by 6. However, when we asked participants to choose between TripleBeat V1 or V2, all participants preferred TripleBeat V2 over TripleBeat V1 (see Figure 21). The main reasons for enjoyment with TripleBeat V1 and V2 were the music (5 subjects) and the competition (5 subjects) respectively. Finally, Figure 18 summarizes all the reasons pointed out by the subjects for both systems. Second Assay. Competition vs No Competition with TripleBeat V2: In this second assay, our main goal was to evaluate the impact of a competition in motivating runners to achieve their workout goals. In a similar

Table 7. Comparison between the percentage of time spent inside the training zones with triplebeat V1 and V2 Group Group 1 Group 2 Group 3 Group 4 Average*

Subjects 1 2 3 4 5 6 7 8 9 10

TripleBeat V1 33.2% 6.2% 86.2% 5.4% 85.1% 25.5% 94.2% 71.0% 73.7% 90.7% 57.1%

Averages diverge significantly for p < 0.05

*



way to the first assay, we also analyzed the efficacy and enjoyment of the TripleBeat V2 system, without and with competition in this case. According to Table 8, 77.1% and 85.5% of the subjects’ workout time was spent exercising inside the proposed training zone when using TripleBeat V2 without and with competition respectively. These averages do not diverge significantly (p> 0.05; n = 10), which might suggest that the efficacy of TripleBeat V2 is not due to the competition feature. This assumption is reinforced by the fact that only 2 participants considered competition as being the main efficacy factor in TripleBeat V2 (see Figure 17). Actually, the glanceable interface of the heart-rate

Figure 17. Main reasons for efficacy on TripleBeat V1 and V2 in percentage of subjects

236

TripleBeat V2 49.3% 68.3% 100% 50.2% 100% 61.1% 99.6% 99.7% 100% 99.7% 82.8%

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 18. Main reasons for enjoyment on TripleBeat V1 and TripleBeat V2 in percentage of subjects







monitor was considered the most relevant reason for TripleBeat’s V2 efficacy, both in competition and no competition modes (see Figure 19) However, Figure 20 shows that competition was considered the main reason for enjoyment with TripleBeat V2 in competition mode (5 participants), whereas music was the most relevant factor in TripleBeat V2 without competition (6 subjects). As mentioned before, TripleBeat V2 was unanimously preferred over V1 by all participants (see Figure 21). Additionally, 7 subjects considered TripleBeat V2 with competition to be more desirable than without it. This result confirms the importance of social pressure as a factor for enjoyment in monitored workouts. Finally, Figure 22 summarizes the main results obtained with the subjective evaluation.

Table 8. Comparison between the percentage of time spent inside the training zones with triplebeat V2, without and withcompetition Group Group 1 Group 2 Group 3 Group 4 Average * *

FUTURE TRENDS IN MOBILE PHYSIOLOGICAL MONITORING Some of the trends associated with the use of mobile devices as the predominant component of personal health monitoring systems include: 1.

Improvement of Personal Information Management (PIM) Systems: Instead of keeping record of every medical test, doctor’s

2.

Subjects 1 2 3 4 5 6 7 8 9 10

TripleBeat V2 (no competition) 49.3% 68.3% 100% 19.3% 100% 61.1% 99.6% 83.2% 94.2% 96.4% 77.1%

TripleBeat V2 (competition) 99.9% 29.6% 100% 50.2% 100% 86.9% 89.5% 99.7% 100% 99.7% 85.5%

p < 0.05

appointment and medicines taken using papers and folders that could be easily lost or damaged, mobile health monitoring systems would provide better tools for maintenance, management and sharing of this information. Additionally, the stored data would also include details on daily exercise and diet, injuries, and other contextual information that would be automatically captured, creating a much more reliable and accurate personal database; Better access of health information by healthcare professionals: Digital Information systems might be designed to retrieve relevant information from the subject’s personal records and assist specialists in making the right decisions for the patient (e.g. avoid

237

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 19. Main reasons for efficacy in TripleBeat V2 (without and with competition) in percentage of subjects

Figure 20. Main reasons for enjoyment in TripleBeat V2 (without and with competition) in percentage of subjects

Figure 21. Preferred system in percentage of subjects

3.

238

potential conflicts with other prescriptions, etc.); Support for Telemedicine: Sharing personal, real-time and historic physiological data data with specialists via private and secure network channels would represent a significant step towards reducing the need to travel for medical care; Physical activity status as a shared feature on social networking: Sharing personal reports on daily exercise and diet could be of great interest to friends and members of

4.

the user’s social network (e.g. MySpace, Facebook, Orkut, etc.). Social pressure could also act as a strong motivating factor to encourage users to adopt healthier lifestyles; Reduction of the world’s obesity and associated medical problems: Mobile services and applications that promote healthy lifestyles seem to be an effective strategy towards assisting users in reaching healthier and more active lifestyles. Persuasive interfaces become a critical element for the success of such systems;

Towards Wearable Physiological Monitoring on a Mobile Phone

Figure 22. Summary of the subjective evaluation. Runners’ perception of TripleBeat V1 and V2 in percentage of runners

5.

Higher demand for powerful mobile devices, faster and more reliable wireless networks and better integration of user interfaces for multiple devices: By switching from the desktop to the mobile paradigm, the so called “personal computers” are being reinvented with a different perspective, which requires improvements in hardware technologies, network architectures and design methodologies.

CONCLUSION AND FUTUREWORK TripleBeat is a mobile phone based system that includes persuasive techniques for exercise enhancement. We have described in detail the hardware and software components of two versions of the TripleBeat system: TripleBeat V1 and TripleBeat V2. In addition, we have carried out two runner studies to evaluate three of TripleBeat’s persuasive techniques: musical feedback, a glanceable interface for increased personal awareness and

for providing real-time recommendations, and a virtual competition with other runners. From our experimental studies, it could be concluded that TripleBeat significantly helped runners achieve their workout goals. TripleBeat’s higher effectiveness was measured quantitative and qualitatively. Both from a quantitative and qualitative perspective, running with auditory feedback was significantly superior to running on mute or on random modes. In addition, TripleBeat’s V2 glanceable interface increased the effectiveness of the training. Finally, TripleBeat’s V2 virtual competition feature was considered to be the most important reason for enjoyment. Most subjects preferred TripleBeat with competition over TripleBeat without competition. Moreover, all participants preferred TripleBeat V2 over V1. In sum, our experimental results support the hypothesis that TripleBeat’s persuasive techniques have a positive impact on exercise monitoring systems. We have found the user interface to be the most important element in increasing the ef-

239

Towards Wearable Physiological Monitoring on a Mobile Phone

ficacy of these systems, while social factors via a competition contribute to a more enjoyable experience. We believe that systems like TripleBeat will have an important role to play in supporting healthier and more active lifestyles. Next, we shall highlight a few lines of future research that we are planning to pursue: 1.

2.

3.

4.

240

Real-time telemetry: Specialized audio feedback via a personal trainer located anywhere to assist the users on the fly might be an important enhancement to increase TripleBeat’s efficacy. Performance social network: TripleBeat’s data may be integrated in a social network where users could share their exercise performances and make them available to friends and family. Users could download their friends’ data and use TripleBeat to compete against them or just check their friends progress. Improved score function for multiple target zones: For the purposes of the TripleBeat V1 vs V2 study (second study presented in this chapter), TripleBeat’s proposed workout consisted of a single 46 minute long training zone. Most of the participants (80%) in the study found that TripleBeat chose the right opponents to compete with them. However, the accuracy of the proposed score function could be compromised in the case of interval training or multiple target zones. This is due to the fact that every time there is a change of target heart-rate –i.e. each interval during interval training, there is a delay until the human heart can adopt it. Therefore, additional research may need to be carried out to include this factor in the proposed score function. Motivational training proposal: TripleBeat should be able to learn from the user’s past performances to propose more personalized training schedules. For example, the target heart-rate could be computed considering not

5.

only the high-level goal of the workout, but also the user’s performance history. Thus, the system would present each runner with a training proposal that would be challenging, but not impossible to achieve. Additional contextual information: Additional contextual information would improve the system’s decisions to select music, opponents and adequate trainings. Among them, we are planning to include: (1) GPS data to propose routes, connect with other geographically close runners, etc., (2) body and external temperature to detect dehydration, (3) barometric pressure to measure incline, and (4) diet, overall mood and stress levels.

REFERENCES [cdc, 2005] (2005). Preventing obesity and chronic diseases through good nutrition and physical activity. Retrieved July 28, 2008, from http://www. cdc.gov/nccdphp/publications/factsheets/prevention/obesity.htm. [Andrew et al., 2007] Andrew, A. H., Anokwa, Y., Koscher, K., Lester, J., and Borriello, G. (2007). Context to make you more aware. In ICDCSW’07: Proceedings of the 27th Int. Conference on Distributed Computing Systems Workshops, page 49, Washington, DC, USA. IEEE Computer Society. [Anliker et al., 2004] Anliker, U., Ward, J. A., Lukowicz, P., Troster, G., Dolveck, F., Baer, M., Keita, F., Schenker, E., Catarsi, F., Coluccini, L., Belardinelli, A., Shklarski, D., Menachem, A., Hirt, E., Schmid, R., and Vuskovic, M. (2004). Amon: a wearable multiparameter medical monitoring and alert system. IEEE Transactions on Information Technology in Biomedicine, 8(4):415–427. [Asselin et al., 2005] Asselin, R., Ortiz, G., Pui, J., Smailagic, A., and Kissling, C. (2005). Imple-

Towards Wearable Physiological Monitoring on a Mobile Phone

mentation and evaluation of the personal wellness coach. In ICDCSW’05: Proceedings of the 5th Int. Workshop on Smart Appliances and Wearable Computing (IWSAWC), pages 529–535, Washington, DC, USA. IEEE Computer Society. [Biehl et al., 2006] Biehl, J. T., Adamczyk, P. D., and Bailey, B. P. (2006). Djogger: a mobile dynamic music device. In CHI’06: extended abstracts on Human factors in computing systems, pages 556–561, Montréal, Québec, Canada. ACM Press. [Booth et al., 2002] Booth, F., Chakravarthy, M., Gordon, S., and Spangenburg, E. (2002). Waging war on physical inactivity: using modern molecular ammunition against an ancient enemy. Journal of Applied Physiology, 93:3–30. [Buttussi et al., 2006] Buttussi, F., Chittaro, L., and Nadalutti, D. (2006). Bringing mobile guides and fitness activities together: a solution based on an embodied virtual trainer. In MobileHCI’06: pages 29–36, Helsinki, Finland. ACM Press. [Cheng et al., 2004] Cheng, P.-T., Tsai, L.-M., Lu, L.-W., and Yang, D.-L. (2004). The design of pdabased biomedical data processing and analysis for intelligent wearable health monitoring systems. In CIT’04: Proceedings of the 4th Int. Conference on Computer and Information Technology, pages 879–8 84, Washington, DC, USA. IEEE Computer Society. [Consolvo et al., 2006] Consolvo, S., Everitt, K., Smith, I., and Landay, J. A. (2006). Design requirements for technologies that encourage physical activity. In CHI’06: Proceedings of the SIGCHI Conference on Human Factors in computing systems, pages 457–466, Montréal, Québec, Canada. ACM Press. [de Oliveira and Oliver, 2008] de Oliveira, R. and Oliver, N. (2008). Triplebeat: Enhancing exercise performance with persuasion. In MobileHCI’08: Amsterdam, The Netherlands. ACM Press.

[Edwards, 1999] Edwards, S. (1999). The heart rate monitor guidebook to heart zone training. Heart Zones Co, Sacramento, California, USA. [Flegal et al., 1998] Flegal, K., Carrol, M., Kuczmarski, R., and Johnson, C. (1998). Overweight and obesity in the united states: prevalence and trends, 1960-1994. Int. Journal of Obesity, 22(1):39–47. [Fogg, 2002] Fogg, B. (2002). Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann Publishers, Amsterdam, The Netherlands. [fos, 2003] (2003). Wear and forget sensors for health monitoring. Retrieved July 28, 2008, from http://www.foster-miller.com/projectexamples/ t_biomedical/Wear_Forget_Sensors%20.htm. [Gockley et al., 2006] Gockley, R., Marotta, M., Rogoff, C., and Tang, A. (2006). Aviva: a health and fitness monitor for young women. In CHI’06: extended abstracts on Human factors in computing systems, pages 1819–1824, Montréal, Québec, Canada. ACM Press. [Harrison, 2005] Harrison, G. P. (2005). Bodybugg aims to revolutionize fat loss. Retrieved July 28, 2008, from http://www.caycompass.com/cgi-bin/ CFPnews.cgi?ID=1007045. [Hartnett et al., 2006] Hartnett, J., Lin, P., Ortiz, L., and Tabas, L. (2006). A responsive and persuasive audio device to stimulate exercise and fitness in children. In CHI’06: extended abstracts on Human factors in computing systems, pages 1837–1842, Montréal, Québec, Canada. ACM Press. [Husemann et al., 2004] Husemann, D., Narayanaswa, C., and Nidd, M. (2004). Personal mobile hub. In ISWC’04: Proceedings of the 8th Int. Symposium on Wearable Computers, pages 85–9 1, Arlington, VA, USA. IEEE Computer Society. [Jovanov et al., 2005] Jovanov, E., Milenkovic, A., Otto, C., and de Groen, P. C. (2005). A wireless

241

Towards Wearable Physiological Monitoring on a Mobile Phone

body area network of intelligent motion sensors for computer assisted physical rehabilitation. Journal of Neuroengineering and Rehabilitation, 2(1):6. [Maitland et al., 2006] Maitland, J., Sherwood, S., Barkhuus, L., Anderson, I., Hall, M., Brown, B., Chalmers, M., and Muller, H. (2006). Increasing the awareness of daily activity levels with pervasive computing. In Proceedings of Pervasive Health Conference and Workshops, pages 1–9, Innsbruck, Austria. IEEE Computer Society. [Malan et al., 2004] Malan, D., Fulford-Jones, T., Welsh, M., and Moulton, S. (2004). Codeblue: An ad-hoc sensor network infrastructure for emergency medical care. In BSN’04: Proceedings of the 1st Int. Workshop on Wearable and Implantable Body Sensor Networks, London, UK. Imperial College London. [Martin et al., 2000] Martin, T., Jovanov, E., and Raskovic, D. (2000). Issues in wearable computing for medical monitoring applications: A case study of a wearable ecg monitoring device. In ISWC’00: Proceedings of the 4th IEEE Int. Symposium on Wearable Computers, pages 43–49, Washington, DC, USA. IEEE Computer Society. [Melanson et al., 2004] Melanson, E. L., Knoll, J. R., Bell, M. L., Donahoo, W. T., Hill, J. O., Nysse, L. J., Lanningham­Foster, L., Peters, J. C., and Levine, J. A. (2004). Commercially available pedometers: considerations for accurate step counting. Preventive Medicine, 39(2):361–368. [Miller et al., 1993] Miller, W., Wallace, J., and Eggert, K. (1993). Predicting max hr and the hr-vo2 relationship for exercise prescription in obesity. Medicine & Science in Sports and Exercise, 25(9):1077–1081. [Mokka et al., 2003] Mokka, S., V¨a¨at¨anen, A., Heinil¨a, J., and V¨alkkynen, P. (2003). Fitness computer game with a bodily user interface. In ICEC’03: Proceedings of the 2nd Int. Conference on Entertainment Computing, pages 1–3, Pittsburgh, PA, USA. Carnegie Mellon University.

242

[Mueller et al., 2007] Mueller, F. F., O’Brien, S., and Thorogood, A. (2007). Jogging over a distance: supporting a “jogging together” experience although being apart. In CHI’07 extended abstracts on Human factors in computing systems, pages 2579–2584, San Jose, CA, USA. ACM Press. [O’Brien and Mueller, 2007] O’Brien, S. and Mueller, F. F. (2007). Jogging the distance. In CHI’07: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 523–526, San Jose, California, USA. ACM Press. [Oliver and Flores-Mangas, 2006a] Oliver, N. and Flores-Mangas, F. (2006a). Mptrain: a mobile, music and physiology- based personal trainer. In MobileHCI’06: Proceedings of the 8th Int. Conference on Human-Computer Interaction with Mobile Devices and Services, pages 21–28, Helsinki, Finland. ACM Press. [Oliver and Flores-Mangas, 2006b] Oliver, N. and Flores-Mangas, F. (2006b). Mptrain: A mobile, music and physiology- based personal trainer. In Proc. MobileHCI’06. [Oliver and Flores-Mangas, 2007] Oliver, N. and Flores-Mangas, F. (2007). Healthgear: Automatic sleep apnea detection and monitoring with a mobile phone. JCM: Journal of Communications, 2(2): 1–9. [Paradiso, 2003] Paradiso, R. (2003). Wearable health care system for vital signs monitoring. In Proceedings of the 4th Int. EMBS special topic conference on Information Technology Applications in Biomedicine, pages 283–286, Birmingham, UK. IEEE Computer Society. [Park and Jayaraman, 2003] Park, S. and Jayaraman, S. (2003). Enhancing the quality of life thourgh wearable technology. IEEE Engineering in Medicine and Biology Magazine, 22:3:41–48. [Pitas and Venetsanopoulos, 1990] Pitas, I. and Venetsanopoulos, A. (1990). Nonlinear Digital

Towards Wearable Physiological Monitoring on a Mobile Phone

Filters: Principles and Applications. Kluwer Academic, Boston, USA. [Reddy and Mascia, 2006] Reddy, S. and Mascia, J. (2006). Lifetrak: music in tune with your life. In HCM’06: Proceedings of the 1st ACM Int. Workshop on Human-Centered Multimedia, pages 25–34, Santa Barbara, California, USA. ACM Press. [Scannell et al., 1995] Scannell, K., Perednia, D., and Kissman, H. (1995). Telemedicine: Past, present, future. Technical report, U.S. Department of Health and Human Services. National Library of Medicine. Reference Section. [Sohn and Lee, 2007] Sohn, M. and Lee, J. (2007). Up health: ubiquitously persuasive health promotion with an instant messaging system. In CHI’07: extended abstracts on Human factors in computing systems, pages 2663–2668, San Jose, CA, USA. ACM Press. [Staum, 1983] Staum, M. (1983). Music and rhythmic stimuli in the rehabilitation of gait disorders. Journal of Music Therapy, 20:69–87. [Toscos et al., 2006] Toscos, T., Faber, A., An, S., and Gandhi, M. P. (2006). Chick clique: persuasive technology to motivate teenage girls to exercise. In CHI’06: extended abstracts on Human factors in computing systems, pages 1873– 1878, Montréal, Québec, Canada. ACM Press. [van Halteren et al., 2004] van Halteren, A., Bults, R., Wac, K., Konstantas, D., Widya, I., Dokovski, N., Koprinkov, G., Jones, V., and Herzog, R. (2004). Mobile patient monitoring: The mobihealth system. Journal on Information Technology in Healthcare, 2(5):365–373. [Vorderer et al., 2003] Vorderer, P., Hartmann, T., and Klimmt, C. (2003). Explaining the enjoyment of playing video games: the role of competition. In ICEC’03: Proceedings of the 2nd Int. Conference on Entertainment Computing, pages 1–9,

Pittsburgh, PA, USA. Carnegie Mellon University. http://www.fostermiller.com/projectexamples/t biomedical/Wear Forget Sensors.htm.

Endno †

1 2

3

4



5

6 7 8

9 10

11

12

13

14

The work presented in this chapter was carried out while all authors worked at Microsoft Research in Redmond, WA. http: //www.who. mnt MPTrain was the first version of the TripleBeat prototype. In the following we shall refer to both systems as TripleBeat, adding a V1 or V2 suffix when necessary. See products from Polar (http://www.polarusa.com) and Suunto (http://www.suunto. com) http: //www. apple. com/ipod/nike http: //www .polarusa .com http: //www. alivetec .com Determined automatically or manually. In the following, we will use the term track to indistinctively refer to a song from the DML or a metronome of a particular tempo. As given by equation (3). Initially, we had a pool of 36 registered participants. From the thirteen runners that ran on TripleBeat, 10 runners also ran with the Metronome. Note that this is the second component of the score function given by Equation 9. We used the score function to select the opponents and perform the competition, but the efficacy in the study was measured by the more common measure of ZoneAccur. From an initial pool of 20 registered participants. Note that this data was analyzed according to the methodology described in section -V).

243

Section III

Context Aware Systems

245

Chapter XII

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications Giovanni Russello Imperial College London, UK Changyu Dong Imperial College London, UK Naranker Dualy Imperial College London, UK

ABSTRACT In this chapter, the authors describe a new framework for pervasive healthcare applications where the patient’s consent has a pivotal role. In their framework, patients are able to control the disclosure of their medical data. The patient’s consent is implicitly captured by the context in which his or her medical data is being accessed. Context is expressed in terms of workflows. The execution of a task in a workflow carries information that the system uses for providing access rights accordingly to the patient’s consent. Ultimately, the patient is in charge of withdrawing consent if necessary. Moreover, the use of workflow enables the enforcement of the need-to-kwon principle. This means that a subject is authorised to access sensitive data only when required by the actual situation.

INTROoduion Healthcare Applications are characterised by the integration of software systems in healthcare environments. Healthcare applications seamlessly

assist patients and carers in performing their tasks and provide them ubiquitous access to required information. As such, healthcare application can be considered as pervasive computing systems (Weiser, 1991). Real-world medical environments

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

present several research challenges that need to be addressed for developing robust healthcare applications. As a showcase for our approach, in this chapter we focus on technology-assisted living, where the domains to be administered are units of personal living. Here, someone may be living alone, perhaps in sheltered housing, perhaps postoperative, perhaps with one or more disabilities, perhaps elderly and infirm. In this scenario, the healthcare applications are composed of several services to monitor the patient conditions, and to assist the patient or the carer in performing the appropriate treatments. Monitoring the physical condition of a patient is carried out by means of body sensors. Several types of sensors are commercially available to measure blood pressure, blood sugar, pulse rate, etc. Another form of monitoring can be achieved using infra-red cameras that avoid the invasiveness of video surveillance. Combining infra-red cameras with motion detection, such as in the Irisys technology (2007), makes it possible to detect the number of people or animals such as guide dogs that are present, and to make a note of any visitors, in order to find out whether carers are visiting according to schedule. This information, together with the data gathered from sensors could be used to detect critical conditions for the patient and raise an alarm to summon help. Healthcare applications provide to the carers and relatives visiting the patient’s home easy access to patient’s medical data. The virtualisation of the patients’ medical records allows electronic storage, transmission, display and analysis of healthcare information that can improve and streamline healthcare delivery. However, it also poses new challenges to individual privacy. Healthcare information contains sensitive personal information; i.e. it may include the details of a person’s history of diseases and treatments, history of drug use, genetic testing, sexual orientation and practices etc. Improper disclosure of this data can influence decisions about an individual’s access to credit, education and employment.

246

Therefore, it is crucial that healthcare information systems should offer adequate protections to address these concerns. The European standards on confidentiality and privacy in healthcare (2007) states that patient information is confidential and should not be disclosed without adequate justification. The justification for disclosure should normally be consent. However, most security models for clinical information systems are merely variations of Role-Based Access Control (RBAC) which make access decisions based on the role of the user rather than patient consent. There are some exceptions, for example the BMA policy model (Anderson, 1996a; 1996b) and Cassandra (Becker & Sewell, 2004a; 2004b). The BMA policy model is the first security model which requires the patient’s consent for accessing healthcare information. Cassandra is a trust management system designed for securing electronic health records which captures consents as special roles in the system. Nevertheless, they have some common problems. First, how to capture patient consent properly. Patient consent can be explicit, e.g. in written form, but more often is implicit, e.g. the context in which the access is being executed could carry enough information for implicitly obtain consent. In general, when the use and disclosure of patient information is for the patient’s own healthcare purposes, and provide the patient or his legal representative has been informed of what information sharing is necessary for such purposes, implicit consent is sufficient. But in the BMA model and Cassandra, the consent must be explicit. This requirement adds unnecessary workload to healthcare professionals. Second, how to ensure that the consent is obtained on a well informed basis. A valid consent requires that the patient has been informed as to what information is intended to be used or disclosed, and for which purposes. Consent that has been obtained does not imply information has been given. However, none of the current models handle this.

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

In this chapter, we make us of a home-based healthcare scenario to address two main problems of current access control mechanisms. The first problem is the integration of patient consent with access control. Most access control models are designed for non-healthcare systems and do not have the concept of patient consent at all. However, patient consent occupies a pivotal role in legitimising the use and disclosure of healthcare information. Patients have a right to control access to and disclosure of their own healthcare information by giving, withholding or withdrawing consent. Therefore patient consent should serve as the ultimate foundation of access control decisions in healthcare systems. The second problem is related to the need-toknow principle. According to this principle, even when one has the necessary approvals, i.e. if the patient consents, access should not be given unless one has a specific need to know. An access decision should be justified by not only who is requiring access and what is being accessed, but also why the information needs to be accessed. Capturing and enforcing the access is also useful for mitigating exposure of healthcare systems to insider attacks (Anderson 1996a). For example, browsing a patient’s medical record by a doctor should be allowed when the doctor is diagnosing the patient, but should not be allowed if the doctor is off-duty. Access control models such as RBAC cannot capture the access needs precisely. For example, in RBAC, the permission assignment is decided by “job functions” assigned to the role. The set of permissions is assigned to the role statically to enable the subjects playing this role to perform all the job functions. The subject has all the permissions all the time even when they are not performing certain job functions. We believe that to better protect patient privacy, access control should not just be based on rules of who should or should not access what. Enforcing a correct procedure is also important. That is why we introduce a workflow based control framework. The framework is designed for healthcare systems

and can enforce consent-based access control as well as the need-to-know principle and various other constraints. In addition, it releases end users (e.g. the medical professionals) from security related configurations so that they can concentrate on their medical duties. This chapter is organised as follows. Section 2 discusses other approaches related to our work. In Section 3, we describe the benefits of workflow systems in healthcare environments. Section 4 describes in details the components in our framework for capturing patient consent. For validating our ideas in Section 5 we introduce a case study where a medical procedure is implemented using our framework. We conclude in Section 6.

Ba The BMA policy model was developed in late 1990s in response to the National Health Service (NHS) project of building a nationwide medical database. The access privileges for each medical record are defined in the form of access control lists (ACLs) and managed by a responsible clinician who is the only one can change the ACLs. The main goal of the BMA model is to enforce the principle of patient consent, and to prevent too many people getting access to too large databases of identifiable records. A prototype implementation has been built in a General Practice environment (Hassey & Wells, 1997). Apart from the weakness we discussed in the introduction, other criticisms include the ACLs are not flexible and expressive enough, and the model is more clinician-centred rather than patient-centred. Cassandra is a role-based trust management language and system for expressing authorisation policy. Cassandra supports credential-based authorisation between administrative domains, and rules can refer to remote policies for credential retrieval and trust negotiation. Cassandra focuses on healthcare systems. Cassandra has been used to develop a policy for the UK national electronic

247

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

health record (EHR) system, based on the requirements of the NHS’ National Programme for Information Technology (NPfIT). The notion of consent is captures in Cassandra as a special role. The consent is given to a subject, that is assigned to a special role, only if the subject requests the consent from the patient. This requirement adds extra workload for the healthcare professionals. As we shown in this paper, in most situations the consent can be implicitly derived from the context. Also relevant to our discussion is the RBAC model proposed in (Sandhu, 1996}. RBAC is motivated by the observation that in the real-world most access control decisions are based on the subject’s job functions in an organisation. This observation is valid for organisations that own the data that is being accessed. For healthcare organizations however, the medical data that is being accessed is ``owned’’ by patients. Ideally, medical data should only be disclosed when consent is obtained from patients. But the notion of consent is not captured by the original RBAC model. Thereby, extensions to this model are required for its applicability in healthcare systems (such as Cassandra). The idea of using the workflow concept for deriving access rights was first conceived by Atluri and Huang in (Atluri, 1996), where they introduce the Workflow Authorisation Model (WAM). In WAM, authorisation constraints for data and resources are synchronized with the execution of workflows. Our framework described here is a refinement of the WAM model where the patient consent plays a crucial role in the access control decisions.

why woRKkflow One of the significant benefits of using workflow is that it provides better process control. Users must follow predefined procedures, ensuring that the work is performed in the planned way and meets

248

business and regulatory requirements. Workflows can also provide feedback to carers. For instance, if an action defined in a medical procedure is not performed within a certain amount of time then an alarm could be raised. The use of workflows enables the logging of the actions being executed by subjects. These logs can be used for assessing and improving the performance of carers. Moreover, logs should be made available to patients, or they representatives, in case they want to audit the medical procedures to which they were subjected and track responsibilities of subjects in case of negative experiences during their treatment. Obtaining patient consent can be easily captured as a mandatory step in a medical workflow before any use or disclosure of patient healthcare information. By executing the workflow, the control requirements for patient consent can be enforced. A workflow also provides a way of limiting access permissions to the context in which an action is being performed enforcing the needto-know principle. The intuition behind this is that subjects need to access specific parts of the patient’s medical record only when they are executing a specific task in a workflow. Therefore by associating permissions with tasks and tracking the execution of tasks, we can ensure that the subjects can access medical records only when they have a need. Another reason why we consider workflow is that many efforts has been made in developing and experimenting with automated or semi-automated medical workflow systems which support evidence-based medical procedures, therapies and hospital administrations (Ardissono, 2006; Poulymenoulou, 2002; Quaglini, 2001). In our work, we assume that governmental organisations such as the National Health Service in the United Kingdom are responsible for designing and providing to hospitals standard medical procedures. Workflow systems help with this through secure auditing mechanisms that can track and record accesses, and support analysis of anomalies, failure etc.

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 1. Overview of our consent-based framework

onenedamewo Our workflow based framework consists of the following components: subject, role, workflow, task, policy, permission and medical records (see Figure 1). Each workflow is defined according to a medical protocol or administrative process. It consists of multiple tasks. Each task is associated with a set of policies. The policies define the constraints for executing the task. Policies can be defined by both the hospital and the patient. A subject is an entity who needs to access a medical record, e.g. a doctor, a nurse. Each subject has a set of attributes. The attributes can be used for authorisation decisions. A role is a named collection of subjects. Unlike in RBAC, which assign permissions directly to roles, in our framework roles are associated with a set of workflows. Permissions define the access right the subject has on the medical records when they are executing this task. The permissions define what actions can be operated on which part of a medical record by the subject who is executing the task. Permissions are derived from the enforcement of the policies defined on the task. A medical record is the container of a patient’s healthcare information. Most current electronic medical record standards define hierarchical substructures which help organising the information and make it possible for us to define fine-grained permissions on these substructures.

In our model, a permission to access a patient’s medical record is granted by combining and enforcing two separate sets of policies. The first set contains medical policies that are defined by the carers’ medical institutions that treat the patient (i.e., hospitals, sheltered houses for elderly people, GP and dentist studios). Policies in this set can be used for defining constraints related to time and location (i.e., a carer can perform a task only in a specific location during working hours) or to address separation-of-duty (i.e., a doctor prescribing a medication should not be also the pharmacist that sells that medication). The second set of policies contains policies specified by the patients for protecting the privacy of the information stored in their medical records. When a subject executes a task that requires access to the medical record of a patient, the relevant policies are chosen from each set and enforced accordingly. The overall access control mechanism can be thought of as a two-step process and is represented in Figure 2. In step (1), the Policy Enforcement Point (PEP) enforces authorisation policies defined in the subject’s institution (in this case a hospital). If authorisation is granted then the access is evaluated against the set of policies defined by the patient that are enforced by the PEP in step (2). If permission is also granted here, then in step (3) it is possible to get access to the actual data in the medical record. The implementation of our framework is realised by integrating two main systems that are described in the following.

249

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 2. Steps executed for granting a permission

YAWL Workflow System We use the YAWL system for the specification and enactment of workflows (Van der Aalst, 2004). YAWL provides a very powerful workflow language together with a workflow execution engine, and an editor for creating workflow specifications. YAWL can be customized to export to external components certain events that occur in the life-cycle of workflow instances. On receiving a task-enabled event, a component may decide to “check-out” the task from the engine. On doing so, the engine marks the task as executing and effectively passes operational control for the task to the component. When the component has finished executing the task, it will check it back in to the engine, at which point the engine will mark the task as completed, and proceed with the workflow execution. It should be realised that our framework is independent of the specific workflow language/engine used as long as the workflow system provides means for interacting with our framework.

Ponder Policy Language The other component in our framework is the policy-based system based on the Ponder policy language and interpreter developed at Imperial

250

College London (The Ponder2 Project, 2008). The language supports the specification of policies for governing the choices in the behaviour of a system (Sloman, 2002). Ponder supports the specification of authorisation policies and eventcondition-action (ECA) policies. The policy interpreter organises the entities and resources on which policies operate in hierarchical domains of Managed Objects. A managed object has a management interface that the object has to implement in order to be managed by the interpreter. Domains allow the classification and grouping of managed objects in a hierarchy. Furthermore, domain paths can be used to address managed objects in policy specifications. Domains can be used to group resources (e.g., data repositories, printers, X-ray machines, etc.), devices (e.g., sensors), and people (i.e., nurses, doctors, GPs, etc). An assisted living scenario is highly dynamic, as entities, including medical professionals, carers and sensor equipment, may frequently enter and leave a particular care domain. This dynamism means that the system must autonomously manage these entities, by identifying them, assigning the requisite privileges and triggering various events and/or workflow tasks. Another aspect of entity management, particularly important in the healthcare domain, concerns the performance of an entity. Actively monitoring and evaluating the behaviour of an entity allows for a higher quality of service, by allowing active intervention whilst functioning as a deterrent against misbehaviour. Figure 3 shows how Ponder’s domain structure may be used for organising the entities and medical data for a sheltered home scenario for a patient Bob Arkwright being visited by a nurse Jane. Carers are represented by means of Subject Managed Objects (SMO) that could be assigned to the respective domain according to the subject’s role. An SMO can be thought of as an electronic credential that identifies a specific individual working for a medical institution. The Electronic Health Record (EHR) of a patient, that

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 3. Representation of a sheltered home domain using ponder

is the digital representation of a patient medical record, is also represented as a domain structure. The leaves in this domain structure are Record Managed Objects (RMO). RMOs represent specific instances of medical documents, such as the record of allergies, the list of current and past medications, an MRI picture, and so on. It should be noted that, although Figure 3 shows Bob’s EHR within the structure of the sheltered house, the actual storage of the EHR itself could be done in a remote location. As a matter of facts, the EHR structure can be seen as a collection of distributed resources. For instance, RMOs could be stored within the organisations that created them, i.e. the X-ray images in Bob’s EHR could be stored in another hospital where Bob attended when he broke is leg. Domains in Ponder transparently support external links to point to domains and managed objects contained in domain structures residing in remote location. The sensors and devices that are deployed in the environment are represented by means of Sensor Managed Objects (SeMO). In this way, the devices can interact with other managed ob-

jects sending events and reacting to changes in the environment. The EHR represents the patient’s private view of her digitalised medical information shown as a square around Bob’s EHR in Figure 3. As such, in our framework patients are enabled to specify access control policies that govern the access to such resources. In Ponder, authorisation policies are used for controlling the rights that entities have on the resources managed in a domain structure. In our case, entities are medical personnel and resources are the patient’s medical data, represented as SMOs and RMOs, respectively. Sensors can be seen as resources but also can invoke actions of other managed objects. For instance, if a sensor detects an anomaly it can send an alarm to the nurse in charge. Authorisation policies are defined on (subject,target,action)-triples. The language also supports negative authorisation policies, that when applied negate the execution of the defined action. To be able to specify authorization policies, patients need to refer to the subjects executing the accesses. For this reason, the domain Carers in the patient’s EHR is used for containing references

251

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

to SMOs, as shown in Figure 3. This domain contains a collection of references to SMOs of medical personnel known to the patient. Actually, this domain represents an important part of the medical history of the patient because it provides an overview of the medical personnel that have provided care to a patient.

Fine-grained Access Control in Ponder An important feature of the authorisation model in Ponder is the fine-grained access control mechanism. Authorisation policies can be independently specified for controlling the subject-side and the target-side of an action. A full description of the model can be found in (Russello, 2007). Here, for brevity reasons, we just recall the details of the model that are relevant for our discussion. As shown in Figure 4 the access control mechanism provides 4 different PEPes to enforce policies. Policies can be specific for the subject and the target side of a request. The policies enforced at PEP 1 control the subject when it sends out a request. We name such policies Subject authorisation (SA) policies. The PEP 2 is used for enforcing authorisation policies for control on the target side. We name these policies Target authorisation (TA) policies. The policies enforced at PEP 4 and PEP 3 are the dual of SA and TA policies.

These policies, called respectively Subject-return authorisation (SRA) and Target-return authorisation (TRA), are used for controlling the return part of an action. SRA policies can be used for protecting the integrity of a subject (i.e. checking that the reply does not contain malicious data). TRA policies can be used for filtering the data that is returned to a subject. Using SA and TA policies (enforced at PEP 1 and PEP 2), it becomes possible to employ this mechanism for implementing our consent-based model. In particular, hospital policies are specified and enforced as SA policies. On the other hand, patients can use TA policies for controlling the access to the private view of their medical data. A patient uses the references contained in the Carers domain for specifying which SMO a TA policy is to be applied. In case of authorisation conflicts, that could happen when authorisation policies of different signs apply to the same triple, the interpreter is also able to autonomously resolve those conflicts. For more details on the rules that are applied for resolving conflicts, we refer the interested reader to (Russello, 2007). Ponder ECA policies are used to dynamically adapt the system to changes of either context or behaviour of applications. Events are trigged by such changes and are propagated using an event

Figure 4. The fine-grained access control model supported in Ponder

252

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

bus. ECA polices capture events and execute actions for adapting the system. For example, ECA policies can change the domain structure adding/removing domains and managed objects, can invoke action on managed objects, can enable/disable other policies and can trigger other ECA policies by sending more events.

ImplemenTATIion of a home a SCEenafo Edema In this section, we present the implementation of a simple healthcare application for the Edema

treatment based on situated workflows and implement using our framework. Edema refers to swelling caused by excess fluid in body tissues. Monitoring involves a carer taking various measurements and performing tests. This example allows us to show several aspects of our approach in more detail: 1. 2. 3. 4.

Authentication of the carer when entering the home healthcare domain. Assignment of careplan for Edema treatment to the carer. Carrying out treatment procedures according to patient’s consent. Departure of the carer from the home environment.

Figure 5. Authentication phase when the nurse’s device is detected in the sheltered home domain

253

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Carers are provided with portable devices, such as PDA, that helps them in performing their task. The PDA has a domain structure instantiated where an SMO representing nurse Jane is already instantiated. The domain structure for the sheltered home is instantiated on the home PC.

Entering the Home Domain and Assignment of Careplan Figure 5 shows the steps executed in the framework when a carer enters the patient’s home. On entering the patient household, the PDA carried by the nurse and the home PC discover each other (1). The discovery of the home domain will raise an event on the nurse device that triggers an ECA policy (2). This policy forces the nurse SMO on the PAD to present the electronic credential to the Authentication Service of the home domain (3). The Authentication Service verifies the credentials and activates the nurse SMO that is contained in the domain structure of the sheltered home (4). The local nurse SMO will act as a proxy for the nurse SMO instantiated on the PDA and a mutual reference is exchanged between the two SMOs. In this way, the nurse can follow the Edema treatment procedures for this particular patient using her device. The nurse SMO also instantiates the workflow for the Edema Treatment that the nurse Jane is required to follow (6). This is done by means of the WMS-MO (7), a managed object that is interfaced with the YAWL engine instantiated in the home domain.

Treatment Procedures The specification of the workflow for the Edema treatment is shown in Figure 6. The workflow is specified using the YAWL editor (shown in Figure 6) and then saved as an XML file. When an instance of the workflow needs to be instantiated, the workflow engine loads up the XML specification and enacts the first task.

254

The Edema treatment consists of the following tasks. First the carer checks the previous measurements. Following, the petting test is executed. Afterwards, a new set of measurements is collected for blood pressure, weight, and body measurements. In the end, the set of measurements is saved in the electronic medical record. These measurements are performed using devices and body sensors, such as scale, meters and the blood pressure sensor (BPS) already present in the home. In our framework, the execution of a medical workflow is associated with the Implicit Consent with Explicit Deny (ICED) policy. The main idea behind this policy is that a patient implicitly allows a subject executing a workflow concerning her health to access sensitive information contained in the EHR. However, the patient can explicitly deny access to one or more subjects involved in the current or any future workflows. Implicitly allowing subjects executing a medical workflow to access an EHR means that the patient is not required to explicitly specify permissions for the subjects. The system can derive the permissions from the context in which the access is being executed and automatically generate the required permissions. In this way, the needto-know principle is enforced without giving unnecessary burdens to the patients. However, a subject executing a medical workflow should provide information to a patient on each access to the EHR. This means that before the access is performed the subject should explain to the patient which part of the HER needs to be accessed and the motivations that justify such an access. If the patient thinks that the given motivations are not exhaustive or that more information than necessary is being accessed, the consent can be withdrawn. In our framework, the enforcement of the ICED policy is achieved using the following two mechanisms. In order to inform a patient that an access is going to be executed, the task that rep-

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 6. Specification of the workflows using the YAWL editor

resents the access to the previous measurements is divided into sub-tasks. Figure 6 shows the subnet of tasks for the “Read History”. The “Inform Patient” task requires the subject to inform the patient that an access to the record containing previous measurement is going to be executed. If the patient consents then the “Read Previous Measurements” task can be executed. However, if the patient denies the access, then alternative tasks need to be executed. For instance, in the case of Figure 6 the subject should inform her supervisor that the patient denied her access. The main workflow is then resumed and completed accordingly. It might be the case the tasks in a workflow do not capture alternative tasks when access is deny to complete a task. If no alternative tasks are available, then the subject executing the workflow can be notified by the workflow engine to manually take some actions. Related research investigating specification and handling of exceptional situations in medical workflows be found in Han et al. (Han, 2006). The automatic provision of access rights is performed by means of Ponder ECA policies. Figure 7 provides an overview of the generation of such permissions. The example shown is that of nurse Jane that wants to read the history measurements

of Bob. After nurse Jane obtains Bob’s consent to proceed, the ``Read Previous Measurements’’ task is declared executing by the YAWL workflow engine and an event with this information is sent. The event also carries context-dependent data, such as: the specific instance of the task that is activated, that the task is part of a medical workflow, the subject that is executing it, the target and action that is performed, the location and time. This event triggers an ECA policy and using the data carried by the event generates and activates a positive TA policy. This policy, called +TA1, is shown in Figure 7 as an arrow connecting nurse Jane’s SMO to the MeasurementRMO. When the nurse, via her SMO, performs the action of reading the measurements, the access control mechanism captures such an action and enforces authorisation policies at PEP1 and PEP2. The SA policies enforced at PEP1 are specified by the nurse’s organisation. We assume that the nurse complies with the organisation policies and that from the point of view of the organisation the action is allowed. Another enforcement of authorisation policies is done at PEP2. Here, the mechanism searched for TA policies. Because policy +TA1 is already in place the action can be authorised. (Although, it could be the case that

255

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 7. Generation of authorisation policies by means of ECA policies

there are conflicts with other policies previously specified by Bob; we discuss this case later in this section). Another important step that is not shown in Figure 6 is that of automatically disabling the authorisation policy. After the task is concluded, the YAWL engine sends an event that triggers another ECA policy. This ECA policy will take care of disabling policy +TA1. This use of ECA policies guarantees that the permission for accessing the record is available only for the execution of the specific task. Our framework enables a patient to define negative authorisation policies that deny subjects to access the EHR. Once the SMO reference becomes available into the Carer domain in the EHR, the patient can define a negative TA policy for that specific SMO. When the system generates the positive TA using the mechanism described above, this positive TA will be in conflict with the negative TA created by the patient. In this case, the conflict resolution mechanism will give priority to the patient’s negative TA policy. This means that the access is denied and an alternative action must be taken. The nurse can use her device for following the workflow execution. The YAWL workflow engine

256

is responsible for the enactment of tasks. Figure 8 shows how the engine communicates to the entities involved in the execution of a given instance of a workflow. Let us assume that the nurse completed all the measurement tasks. The only task left is the recording of the measurements into Bob’s EHR. The YAWL engine notifies the WMS-MO which is the next task to be executed (“Saving Measurements”) (1). The WMS-MO keeps track of which instance of an entity is involved in the execution of a workflow. In this case, the WMSMO knows that the task is to be executed by the nurse Jane’s SMO and therefore it communicates the information about the task to be completed (2). The nurse’s SMO in the home domain sends this information to the SMO instantiated in the PDA domain (3) that visualises the information to the nurse via the PDA screen. The nurse checks the measurements are correct and requests the logging of the information by pressing the `log measurements’ button that will appear on the PDA screen. Once the operation is completed, the task fulfilment is communicated back to the engine following the inverse path (steps (4), (5) and (6) in Figure 8). The WMS-MO can be also used for adapting the execution of workflows to

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Figure 8. Controlling the enactment of tasks

the actual situation. For instance, if the biometrics of the patient presents an anomaly, the sensors can raise an alarm/event that triggers ECA policies. Depending on the situation, the ECA policies can require the WMS-MO to stop the current workflow execution and switch to an emergency workflow to cater for the actual condition of the patient. The changing of the workflow is also notified to the nurse via her PDA.

Leaving the Home Domain When the nurse completes her visit and leaves the patient’s home the resources allocated for her in the home domain must be relinquished. For instance, the Nurse Entity must be removed from the home domain and the policies associated with it deactivated. These operations are executed by means of an ECA policy that is triggered by the event “NurseOutEvt”. This event is sent when the system detects that the nurse left the patient’s home. When the ECA policy is triggered it disables the policies associated with the entity managed object and invokes the remove action of the domain where the Nurse Entity is contained. The “NurseOutEvt” event can be sent in several ways. The carer can send it manually by

pressing a button on her PDA to notify that the treatment is completed (according to her) and she is ready to leave. Alternatively, the system can recognise that the nurse left the sheltered house. For instance, when the nurse’s device is out-ofrange from the home PC or after a certain amount of time allocated for the carer expires. These methods can be used in different situations. For instance, if the nurse has to leave before completing her procedures due to an emergency in another sheltered home, then either the manual disconnection or the out-of-range detection allows the system to promptly react (i.e., the system can report via an alarm that some procedures need to be completed). On the other hand, the time-out disconnection can be used by the system to recover from erroneous situation (i.e. the nurse left behind her device without notifying the system when she departed from the patient’s house).

Fuend Our framework for capturing patients’ consent is based on the use of workflow systems to express contextual information when an access is being executed. In future healthcare systems, workflow 257

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

systems will play a central role as it is analysed in (Dwivedi, 2001). However, one of the main issues of today workflow management systems is their inefficiency in handling exceptional situations. An exceptional situation refers to a state not contemplated in the workflow specification. Often exceptions require manual intervention of the subject executing the workflow. Exceptions are logged and if a particular type of exceptions happens too often then the workflow specification can be updated in order to handle it. However, such action can only be taken after execution time. This is acceptable when workflow systems are deployed in low-pace medical environments, as it is the case in the scenario of the case study presented in this chapter. In more demanding environments, such as an Emergency Room in a hospital, workflow systems may become a burden to use for the medical carers and redundant in case that exceptions have to be handle manually. As pointed out in (Han, 2006), research in this area is being investigating solutions for handling exceptions in workflows more dynamically. We also believe that improvements may derive from employing a less fixed structure for workflow specifications. Currently, a workflow specification is represented as a net of tasks that has to be strictly followed during execution. However, a specification where the execution of tasks is expressed in terms of temporal constraints (i.e., interval of time) within the different tasks could prove to be more flexible and suitable for dynamic high-pace environments.

Conlu Healthcare applications are pervasive systems that facilitate patients and carers access to medical information. In particular, healthcare applications allow electronic storage, transmission, display and analysis of healthcare information that can improve and streamline healthcare delivery. However, it also poses new challenges to individual

258

privacy. Healthcare information contains sensitive personal information that if not properly disclosed can influence decisions about an individual’s life. Therefore, it is crucial that healthcare information systems should offer adequate protections to address these concerns. In this chapter, we presented a framework for pervasive healthcare application where patients’ consent has a central role for granting permissions to carers for accessing patients’ medical data. Our framework combines a workflow system for deriving contextual information and a policy-based system for automatically generating access rights. Patients can fine tune access rights by creating their own authorisation policies and effectively control the subjects to which consent is given or withdrawn. Additionally, the use of workflows allows us to enforce the need-to-know principle whereby a subject can access the patient’s medical data only if there is a specific need. In our framework, this need is associated with the execution of specific workflows.

ACKknowledgmen This research was supported by the UK’s EPSRC research grant EP/C537181/1 and forms part of the CareGrid, a collaborative project with the University of Cambridge. The authors would like to thank the members of the Policy Research Group at Imperial College for their support.

Refeen Anderson, R. J. (1996a). A security policy model for clinical information systems. In SP ‘96: Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, USA. Anderson, R. J. (1996b). An Update on the BMA Security Policy. In Proceedings of the 1996

A Framework for Capturing Patient Consent in Pervasive Healthcare Applications

Cambridge workshop on Personal Information - Security, Engineering and Ethics. Ardissono, L., Leva, A. D., Petrone, G., Segnan, M., & Sonnessa. M. (2006). Adaptive medical workflow management for a context-dependent home healthcare assistance service. In Electronic Notes Theoretical. Computer Science, 146(1), 59–68, 2006. Atluri, V., & Huang, W. (1996). An authorization model for workflows. In ESORICS (pp. 44–64). Becker, M. Y., & Sewell, P. (2004a). Cassandra: Distributed access control policies with tunable expressiveness. In POLICY. IEEE Computer Society. Becker, M. Y., & Sewell, P. (2004b). Cassandra: Flexible trust management, applied to electronic health records. In CSFW. IEEE Computer Society. Dwivedi, A., Bali, R., James, A., & Naguib, R. (2001). Workflow management systems: The healthcare technology of the future? In the 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 4, 3887–3890. European standards on confidentiality and privacy in healthcare (2007). Retrieved October 22, 2007, from http:// www.eurosocap.org. Han, M., Thiery, T., & Song, X. (2006). Managing exceptions in the medical workflow systems. In ICSE ’06: Proceeding of the 28th international conference on Software engineering (pp. 741–750), New York, NY, USA: ACM. Hassey, A., & Wells, M. (1997). Clinical systems security – implementing the bma policy and guide-

lines. In R. Anderson (Ed.), Personal Medical Information – Security, Engineering and Ethics. Springer-Verlag. Irisys (2007). Retrieved May 13, 2007, from http://www.irisys.co.uk The Ponder2 Project (2008). Retrieved March 10, 2008 from http://www.ponder2.net. Poulymenopoulou, M., & Vassilacopoulos, G. (2002). A web-based workflow system for emergency healthcare. In Medical Informatics Erope.. Quaglini, S., Stefanelli, M., Lanzola, G., Caporusso, V., & Panzarasa, S. (2001). Flexible guideline-based patient careflow systems. Artificial Intelligence in Medicine, 22(1), 65–80. Russello, G., Dong, C., & Dulay, N. (2007). Authorisation and conflict resolution for hierarchical domains. In POLICY ’07: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (pp. 201–210), Washington, DC, USA. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47. Sloman M., & Lupu, E. (2002, March). Security and management policy specification. In IEEE Network, 16(2), 10–19. Van der Aalst, W. M. P., Aldred, L., Dumas, M., & ter Hofstede, A. H. M. (2004). Design and Implementation of the YAWL System. In CAiSE 04, Riga, Latvia, June 2004. Springer Verlag. Weiser, M. (1991). The computer for the twentyfirst century. Sci. Amer. 265, 3(Sept.), 94–104.

259

260

Chapter XIII

Technology Enablers for Context-Aware Healthcare Applications Filipe Meneses Universidade do Minho, Portugal Adriano Moreira Universidade do Minho, Portugal

ABSTRACT The increasing availability of mobile devices and wireless networks, and the tendency for them to become ubiquitous in our dally lives, creates a favourable technological environment for the emergence of new, simple, and added-value applications for healthcare. This chapter focuses on how context and location can be used in innovative applications and how to use a set of solutions and technologies that enable the development of innovative context and location-aware solutions for healthcare area. It shows how a mobile phone can be used to compute the level of familiarity of the user with the surrounding environment and how the familiarity level can be used in a number of situations.

INTRODUCTION “The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.” (Weiser, 91)

In 1991, Mark Weiser had a vision that still inspires many researchers in the ubiquitous and pervasive computing area. In a perfect world people needs would be detected and fulfilled by a set of devices that would act in the background to provide the means or data necessary to the us-

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Technology Enablers for Context-Aware Healthcare Applications

ers’ activities. Current technology does not allow to entirely fulfilling the Weiser vision but allows realizing many aspects of this pioneer vision. Continuous monitoring of the health condition of people has been desired for many years, in particular for impaired persons or for people requiring special health treatments. In certain cases, these requirements for continuous monitoring force people to stay at the hospital facilities for a few days, such as when monitoring cerebral activity, or force them to visit the hospital every few days for downloading data from portable monitoring equipment to a server, such as when monitoring the hearth rate. The increasing availability of mobile devices and wireless networks, and the tendency for them to become ubiquitous in our dally lives, creates a favourable technological environment for the emergence of new, simple, and added-value applications for healthcare. One major opportunity resulting from this technological evolution is that electronic health assistants can now be used by everyone, independently of their health condition. The technological evolution achieved during the lasts years lead to more sophisticated environments. We have more sophisticated users in the sense that more people use more technology in their living and have their lives controlled by technology, and also because more technological devices exist to assist people that search for healthcare services. WLAN, Bluetooth, mobile phones, digital diaries are among some of the most popular technologies used today by many people. Others technologies control peoples’ life individually or collectively, many times without people noticing it, like remote video surveillance or remote traffic control systems. To explore and take advantage of these new technologies it is necessary to solve a set of technical, ethical and legal problems. Pervasive and ubiquitous computing devices can be very useful to people, providing important information and establishing an infrastructure that enables

the emergence of a new kind of applications and services: the context-aware services and applications. In context-aware computing, applications adapt their behaviour accordingly to the context of its users. The context is all the information that characterizes the user in a specific moment. It may include the location, position, a list of nearby objects (e.g. people), the user’s activity, the available resources, some user’s vital signals, and even the familiarity of the user with his/hers surroundings. Among the technical problems that need to be worked out are the notion of context and the context management. Until today, many location-based and context-aware services and applications were built based on specific solutions, where location or other data was directly used from the sensors. Context management should be done through an open and generic entity capable of supporting virtually any sensor or positioning service, without imposing a specific space model and by being capable to support a context based on multiple dimensions. Context is all the dimensions (all the information) that characterize a user in a specific moment. Some basic dimensions of a context may be obtained directly from physical sensors, while some others may be calculated from raw data or may even be estimated from the information provided by other dimensions. Location and position have been the most used dimensions when creating context-aware applications and services because there are more sensors and services capable of provide this kind of data than any other dimension. Moreover, position and location are among the dimensions that, in fact, influences a lot the interaction of people with computing devices. Context-aware applications that rely primarily on location are known as location-aware. Location-aware applications provide to mobile users the possibility to access services and information that are relevant to the user in a specific moment and location.

261

Technology Enablers for Context-Aware Healthcare Applications

A number of technologies can be used to acquire the user’s position and location, inside and outside buildings. In the last decade, research in context and location-aware computing produced frameworks and solutions that enable the easy development of context-aware applications. In particular, several developments in context management frameworks provided the tools for programmers to access the context of users without the need to deal directly with the low-level technical details of the sensors used to acquire the context, and allowing the use of several technologies simultaneously to provide position and location with more precision and in more places. For example, the Place Lab system (LaMarca, 2005) exploits the beacons broadcasted by many wireless networks to estimate the geographic position of mobile users. Many of these technologies enable the development of new solutions for healthcare, improving the cares with people in a hospital, for sick persons that are at home, for an accident victim, for the doctors and for those who rescue the victims of accidents. In this chapter we discuss how context and location can be used in innovative applications and how to use a set of solutions and technologies that enable the development of innovative context and location-aware solutions for the healthcare area. This chapter is organized as follows: section 2 presents what is a user’ context and how it should be managed. Section 3 presents some technologies that can be used to acquire some of the user’ context dimensions. Section 4 shows how an ordinary mobile phone can be used to detect the user movement and the data collected by the phone can be used to create a personal space model and to infer the familiarity of the user with a place. The last section presents the conclusions of this chapter.

262

CONTEXT AND CONTEXT MANAGEMENT Considering that a user’ context is something very wide, that can contain a considerable and variable number of dimensions, we sustain that context should be represented by an unbound and dynamic list of attributes, represented by standardized and non-standardized data structures, with mandatory and optional attributes. Context is a cumulative storage of knowledge, being able to describe the current situation of a person and also remember past experiences. Context management should be done by a pervasive universal service, capable of dealing with any number of context sources. In (Meneses, 2004) we proposed a generic context manager capable of receiving data from virtually any sensor or location service, that provides an interface that allow authorized client applications to access to user’ context represented by a XML stream. The developed solution also allows some other functionalities like the use of space model servers to complete the context information and a publishsubscribe mechanism that allow applications to request to be notified by the context manager when the context (or a specific dimension of the context) changes. Figure 1 shows the context manager and the main entities that interact with it. The context manager holds and manages the context object which contains the user’ context. It receives contextual information from location services that can exist on the infrastructures (like, for example, a positioning mechanism on a wireless network or soft sensor that detects the presence of the user mobile phone nearby an Bluetooth access point) and from context handlers that run on a user device. An example of a simple context handler, to be run on the user device, is a software that detects and updates the context with the BSSID of the WiFi networks detected or a software that updates the context with the

Technology Enablers for Context-Aware Healthcare Applications

Figure 1. The context manager that manages the context and interacts with a set of external entities

geographic coordinates that retrieves from a GPS receiver. Data received by the context manager is integrated into the user context becoming available to be used by applications and services that can run on the user device or in the network. The context manager, besides integrating the data received from sensors, can also improve the user’ context using some external services capable of providing additional information about the collected data, and can also execute inference algorithms that supply new contextual dimensions. For example, the context manager can execute an algorithm that by processing the GPS coordinates is able to automatically determine if the user is at home or at his/her workplace (Moreira, 2005). Other example is the possibility of using data available at GSM phones to automatically infer high level information about the current situation of a user.

AVAILABE TECHNOLOGIES AND SLUTIONS Today, there are a wide number of technologies that can be used to acquire the user’ location and position. Some of those technologies, like the

Active Badge (Want, 1992) or Active Bat (Ward, 1997), were specifically developed to acquire the user’ location or position inside buildings. Other technologies, like WiFi networks or Bluetooth access points, were initially developed for a different proposes but can also be used to locate a user. The lack of a universal pervasive solution for location/position is one of the main problems that block the bootstrap of location-based services and applications. Even GPS receivers, that become popular in the last years, are not a universal solution because it only works in open areas and not everybody has a receiver. What is necessary is a solution that can be deployed by anyone, everywhere, and pervasive enough to not interfere on people’s life. Currently, the best possible solution is to use mobile phones. If we look to a person on the street, at home, at work, going out with friends, etc., we observe that a mobile phone is the technological device that is always present and always turned on. Unlike a laptop that only some people have and it is only turned on when it is needed, or a GPS receiver that people use mainly in car, mobile phones are almost universal (ubiquitous): almost everybody has one, it is kept turned on most of the time and the user takes it everywhere.

263

Technology Enablers for Context-Aware Healthcare Applications

Several mechanisms were developed to acquire the mobile phones’ position. Angle of Arrival (AOA), Time Difference-Of-Arrival (TDOA) and Enhanced-Observed Time Difference (EOTD) are some of the solutions developed to acquire the location of mobile devices in GSM cellular networks. These technologies provide the positioning data of mobile phones to network operators which usually do not make this information accessible to applications running outside their backbones. Hopefully, there is a basic position mechanism, known as cell-ID positioning, that is done at the mobile terminal by identifying the network cell being used in that moment by the handset. The accuracy of cell-ID method is reduced when compared with the others mechanisms but has the advantage of being possible to be done on the user handset, without depending on any network service. GSM networks are made of cells with each cell covering an area. In rural areas, with fewer users per square kilometre the cells are usually bigger, covering a wide area. In contrast, in urban areas cells are usually smaller. Each cell supports a limited number of users thus in urban areas the cells are usually smaller with more cells covering the same area in order to support the communications requirements of all the users. Each cell has a numeric unique identifier, generically called cell-id. Mapping each cell-id into a geographic position would allow finding the location of the user in a well known referential. However, this mapping is a difficult task because network operators do not make their network configuration or base station positions public. Mapping each cell manually would be a big effort considering that new cells and changes in the network configuration would have to be detected in order to keep the service updated. Medical equipment with network connectivity is also becoming available, enabling the development of integrated systems where the patient’s data

264

is available and monitored remotely. Moreover, automatic collection of data from medical devices allows more complete patient medical histories (with less mistakes introduced by manually collecting data and with more data – data collected more often). Reasoning algorithms that process this data can detect and foresee health problems based on the user history or simply remember or automatically instruct medical devices to apply certain drugs. Users’ history and scientific knowledge can be joined in data mining and machine learning algorithms to create knowledge and predict the user medical evolution. Current technology allow to locate doctors inside an hospital, access patients records automatically when a doctors gets near a patient or to locate a patient that may suffer from memory problems and get lost on a street, etc. However, smarter applications can be developed. Some health services and equipments already provide medical records in an electronic format. The next stage of the technological development should be the integration of the records into the user context. The integration would allow to simultaneous access to the medical records and to other dimensions of the user context which could benefit the user and medical staff. Information like the familiarity of the user with the surrounding environment or the user location can help medical rescue services. Information about the presence of familiars or friends nearby can provide valuable information that benefit the medical staff and also the patient, allowing to have information about what happened to the patient before the lost of conscience or to find out if any other person would be with the injured patient at the moment of a accident and it is still missing. Having a user’ context that keeps memory of the user movements will help to know easily where the user was before and to find and contact the persons that were with the ill person.

Technology Enablers for Context-Aware Healthcare Applications

IMPROVING CONTEXT WITH TDAY’S TECHNOLOGY If a person is involved in a medical emergency situation, the attitude changes according to the place where the emergency occurs, whatever the person is the victim or the rescuer that provide assistance to injured persons. A certain health problem can be less critical if the person is in a familiar place and surrounded by friends in contrast to a situation where the victim is alone in an unfamiliar place. A context management system can provide such a support for this kind of applications. The user’s context is valuable information in case of emergency because it can include the user’s position and location and also provide additional valuable information like the familiarity level with the current place, the presence of nearby friends and relatives or information about the user medical history and known problems. The context of the user can even include information that may suggest the causes of the emergency if it is feed by temperature or acceleration sensors. The ubiquity of mobile phones and networks provide a particularly rich technological environment to gather such information and enable assistance applications for the health care mass market. Most of these applications can rely on the phone’s hardware only and be easily deployed in the majority of the current mobile phones. Therefore, all the conditions for a fast dissemination of these applications are fulfilled. Mobile phones are small and people take them to everywhere, being common the presence of a mobile phone on every people’s pocket (including injured victims). Just by using the cell phone it is possible to infer when the user is moving or visiting a place and compute a familiarity level with the user’s current location. This kind of information can be computed on the mobile phone and does not need to use any network services.

Detecting the User Movement When turned on, a GSM phone is linked to a cell - the active cell - which is selected among the cells available in a certain place. The handset movement can not be detected just by analysing the changes in the cell-id because the handset changes from a cell to another when fluctuation occurs in the radio signal level, when it becomes weaker or because the user moves to another place. Thus, even if a terminal stays for a long period in a single place it may change several times the active cell. While remaining in the same place, sometimes a handset stays for hours in one cell while in other occasions it stays only some seconds or minutes in each of the available cells. By analysing the changes of the active cell during a period of time it is possible to detect the movements. When the terminal is stopped in a certain place it will change between the set of cells available on that place. When the terminal moves to a new place, new cells will become available and will be used. Thus, when the user is moving we observe the use of different cells and faster variations in the active cell. Computing a Mobility Distance and a Mobility Index makes it possible to detect the user movement (Meneses, 2006). Considering that a record has the identification of a cell being used in a certain moment and that instant timestamp, the Mobility Distance measures the distance between two records. If the user in both moments is in the same cell then the distance is zero. If not, the distance is the inverse of the time spent on each cell. For a list of records, the Mobility Index gives the sum of the mobility distance between each record and all the previous ones. Thus, the Mobility Index allows to estimate the user movement, computing the index from the current time instant back to a certain amount of time back.

265

Technology Enablers for Context-Aware Healthcare Applications

CRATING A PERSONAL SPACE MODEL Considering always the last cells used by a mobile phone it is possible to find out if the user is moving or not, computing the Mobility Index of the records collected during the last minutes (the used cells). When the user is not moving it is possible to characterize the place based on the set of cells used during that time. The place is characterized by the set of cells used and by the percentage of time spent on each cell. The characterization allows create “an image” of the GSM network in that place: we call it a fingerprint. If the user visits the same place several times then a fingerprints is created in each visit to that place. Several visits to a place result in several fingerprints, which are not necessarily equal because the user’ handset spends different amounts of time on each of the available cells (the percentage of time spent on each cell is different). Although different, the fingerprints have some similarity because they were created on the same place served by the same subset of cells. By clustering similar fingerprints it is possible to group fingerprints, creating a cluster for each place. A cluster is created by the union of fingerprints (that are created based on the cellID) and represents a place visited by a user. To measure the similarity between fingerprints and clusters two functions are used. The first function calculates the percentage of cells in a fingerprint that are also member of a cluster. This function ignores the cells of the fingerprint with less than 1% of time because so small amount of time is not representative of a place. The second function calculates the absolute difference between the percentage of time spent in that cell in each fingerprint (or in a fingerprint and a cluster). Based on the total distance the system can join a fingerprint to a cluster or create a new one. A new clustering algorithm was created to deal with this data. The new clustering algorithm deal with symbolic data (the fingerprints), supports an

266

endless number of fingerprints and can be applied as the data becomes available. The clustering process allows to create clusters that are continuous changing as new data (new fingerprints) are generated by the user movement.

Inferring the Familiarity of a User with a Place A cluster contains the same basic information that a fingerprint has. It allows to know which cells exist in the place represented by the cluster and the exact moment (timestamp) the user arrived and leaved the place. Using timestamp data it is possible to know the total amount of time spent in a cluster (place) and the time elapsed since the last visit to that place. Based on the total amount of time spent in a place it is possible to estimate how well a user knows that place – the places best know are the places where a person spends more time. The Knowledge Index represents the knowledge the user has about a place based on the total time spent in it. Places change as time goes by, with the construction of new buildings, new roads, etc. If a person does not visit a place for a long period then when he/she goes back to that place the changes will be noticed and the person will not feel so familiar with the place. Based on the time elapsed since the last time the user visited a place it is possible to calculate a Forget Index. Combining the Forget Index and Knowledge Index it is possible to obtain a Familiarity Index. The Familiarity Index expresses the familiarity with the current place and can be very useful to a number of applications. It allows applications to adapt themselves according to the familiarity of the user. For example, in a very familiar place a user will not need help from a GPS guidance (navigation) application – the user knowledge should be enough to know which direction take to go to another place. On the opposite situation, in a completely unfamiliar place, the familiarity index can be useful to trigger an application

Technology Enablers for Context-Aware Healthcare Applications

that guides a user based on GPS coordinates, or an application that provides information about local attractions or about where to get a hotel or a restaurant in the surrounding area. An injured people, in a familiar place, will fell more comfortable and eventually more capable to request help and provide information about his location or get help from a relative. In contrast, an injured people in an unfamiliar place with the anxiety of get medical help will probably fell lost and be much less capable to provide his/her location or other information describing the current situation.

Rsults The technology described in the previous section was tested by three different users, clients of two different GSM networks, during several consecutive weeks. The users kept their normal life and manually registered their activities in a diary. The computed results were them compared with the user’s diary (ground truth) to access the quality of the results achieved. The system was tested considering the cells used by the phone during the last 10 minutes, considering the user was immobile when the Mobility Index was less than 6. Results show that the user movements were well detected in most of the occasions. Table 1 summarizes the results achieved considering all the visits made by the users to the different places that took at least twenty minutes.

Between 78% and 90% of the visits made to the several places were correctly detected. The amount of errors is small and a detailed analysis of the data show that those errors occur in very specific situations or places. False positives occur when the user is moving and the system classifies the user as visiting a place while clustering errors represent visits that were correctly detected but the clustering process joined the fingerprint to a cluster that represents other place. Generally the results are very good, considering that two of the users live and work inside cities and visited places very near. If we consider also the visits that takes less than twenty minutes the results range from 70% of visits correctly detected to user B to 86% to user A. The main problem with the proposed solution are the places visited for very short period of times that sometimes are not detected and places that are very near each other that not always are distinguished. However, even some of the places geographically near and places visited for short periods of time were detected and correctly clustered. An analysis of data allows explain most of the errors detected. User A lives inside a big city and works in another city located 35 km away from his house. Everyday, he goes to work by car, crossing a rural area, travelling in a narrow and sinuous road. Analysing the user data we see that false positives are the most common error in user A data and always occur when the user is going to

Table 1. Results achieved by the three users User A

User B

User C

Visits to different places

59

123

147

Visits correctly detected

53

(89,8%)

95

(77,2%)

121

(82,3%)

Clustering errors

3

(5,1%)

12

(9,8%)

4

(2,7%)

Partially well detected

0

(0%)

11

(8,9%)

9

(6,1%)

Faults

3

(5,1%)

5

(4,1%)

13

(8,9%)

False Positives

31

10

11

267

Technology Enablers for Context-Aware Healthcare Applications

work. Because he drives in relative slow speed in a rural area (where the number of GSM cells is small and each one covers a wide area) then he uses the same set of cells for several minutes. The use of the same set of cells makes the mobility index to decrease below the threshold that defines the boundary between considering the user moving or not moving. Thus, the system considers the user is visiting a place when, in fact, he is travelling. Although this is a false positive, it is not a completely mistake because in fact the user knows the area has he travels by that road everyday. Many of false positive registered for the others users can also be explained by analysing data detailed. For example, false positives occur when user B is travelling with the family and when user C travels in a natural park, in an inhabited area. User B diary shows that the users travelled, by car, near the sea. Considering the distance and the amount of time the trip took, it is possible to conclude that the user travelled very slowly and/or stopped to visit a place. User B does not remember exactly what he has done on that afternoon but admitted that stopped visiting some beaches in the shore. User C travelling in a natural park with narrow and twisted roads experimented the some problem that occurred to user A: he drove even more slowly and for a long time inside the same cell (being an inhabited area it has only one or two GMS cells). Thus, by an analysing data it is possible to explain many of the errors. In (Maitland, 2006) it is presented a solution to detect the users’ daily activity, through the use of am unmodified mobile phone. The solution is based on an application that works detecting patterns in signal strength fluctuation and changes in the active GSM cell to infer whether the user is sitting still, walking or travelling by car. Although not completely accurate in the inference of the user’ activity and in the detection of the amount of exercises done by the users, the study shows that people are willing to accept applications that do not produce 100% accurate

268

results. Running on a mobile phone (which is a device originally developed for communications proposes) the application has the merit to also encouraged people to do more exercise which brings recognized benefits for people health. Even having knowledge of the accuracy of the application results people felt motivated to do exercise in order to be healthier (and achieve higher values in the application). In (Tsai, 2006) it is presented another solution based on mobile phone which allows users to self-monitor caloric balance in real time. There is a big set of new technologies can be applied to help patients and emergency personnel. However, apply technologies to complex, stressed and emergency situations imply some constrains. Data networks can fail, wireless systems are even more unreliable and in stressful situation the interfaces and systems must be simple and reliable. Medical and emergency equipment does no comply with unreliable, inaccurate and not easy to use systems. Location based on GSM cell-ID is not the most accurate positioning system but still produces very valuable data for the user context, which can be useful in many circumstances, including emergency situations. We do not propose a medical system based on cell-id but the use of position data to improve the context and enable a new set of applications that can use the familiarity level. All information related to an ill person is important to emergency services and, sometimes, as the result of panic or stressful situation people are not capable of provide detailed and complete information. The presented solution can be valuable for users in many circumstances, including injured people, victims of accidents or sudden illness. A simple alarm application that is executed in a mobile phone by pressing a button can trigger medical assistance providing valuable information about the user context to rescuers. By pressing the button, the user activates an application that collects information about the current situation/

Technology Enablers for Context-Aware Healthcare Applications

environment and sends an alert message based on the detected situation. The alert message can transmit information like the location of the user (available in the user context), the user familiarity with the surrounding environment, the identification of the user (which could allow access to his medical records by the emergency services) or even some dimensions of the user context that express the user medical history.

Conion The existent technology allows create a new class of applications that explores the rich technological environment that today exist almost everywhere. The pervasive and ubiquitous technologies present everywhere and the use of inference techniques enables the creation of innovative applications in the healthcare domain. The solution presented in the previous section is just an example of these inference techniques. Although it has not been tested in any specific case in the healthcare domain, we foresee that the application of the proposed system can bring important benefits to this domain.

Refeen LaMarca, A., Chawathe, Y., Consolvo, S., Hightower, J., Smith, I., Scott, J., et al. (2005). Place Lab: Device Positioning Using Radio Beacons in the Wild. Paper presented at the Third International Conference Pervasive Computing (PERVASIVE 2005), Munich, Germany. Maitland, J., Sherwood, S., Barkhuus, L., Anderson, I., Hall, M., Brown, B., Chalmers, M. & Muller, H. (2006). Increasing the Awareness of Daily Activity Levels with Pervasive Computing.

Paper presented at 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Meneses, F., & Moreira, A. (2004). A Flexible location-context representation. Paper presented at the The 15th IEEE international Symposium on Personal, Indoor And Mobile Radio Communications (PIMRC2004), Barcelona, Espanha. Meneses, F., & Moreira, A. (2006). Using GSM CellID Positioning for Place Discovering. Paper presented at the First Workshop on Location Based Services for Health Care (LOCARE’06) at the 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Moreira, A., & Santos, M. (2005). Enhancing a user context by real-time clustering mobile trajectories. Paper presented at the International Conference on Information Technology: coding and computing – ITCC 2005, Las Vegas, NV, USA. Tsai, C., Lee, G., Raab, F., Norman, G., Sohn, T., Griswold , W., & Patrick, K. (2006). Usability and Feasibility of PmEB: A Mobile Phone Application for Monitoring Real Time Caloric Balance. Paper presented at 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Want, R., Hopper, A., Falcão, V., & Gibbons, J. (1992). The Active Badge Location System. ACM Transactions on Information Systems, 10, 91-102. Ward, A., Jones, A., & Hopper, A. (1997). A New Location Technique for the Active Office. IEEE Personal Communications, 4, 42-47. Weiser, M. (1991). The computer for the 21st century. Scientific American, 265(3), 94-104.

269

270

Chapter XIV

Modelling Spatiotemporal Developments in Spatial Health Systems Björn Gottfried University of Bremen, Germany

ABSTRACT This chapter introduces spatial health systems, identifies fundamental properties of these systems, and details for specific applications the methods to be applied in order to show how problems are solved in this field. On the one hand, this chapter gives an overview of this area, on the other hand, it is written for those who are interested in designing spatial health systems. The result is that different spatial scales and purposes require different representations for describing the spatiotemporal change of objects, that is their spatiotemporal development, showing how fundamental purposes of spatial health systems are dealt with.

1. InTROoduion Spatial health systems support disabled people and the elderly in dealing with everyday life problems and concern every kinds of health related issues that develop in space and time. These systems have been introduced in (Gottfried 2006). They are to be contrasted with health information systems which focus on the management of health data

by providing access to general or individualised health information; in this way those systems support prevention, diagnosis, and disease management (Heine & Kirn 2004; Mea, Pittaro & Roberto 2004). This chapter focuses on spatial health systems. A central aspect of those systems is that they monitor the physical activity of people in order to determine how to support the monitored individu-

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Modelling Spatiotemporal Developments in Spatial Health Systems

als. Those systems try to find out for example if everything is fine, or otherwise, if something is wrong how they can help. One of the most fundamental aspects concerning the physical activities of an individual is her locomotion behaviour, i. e. the change of location by motion, giving the system information about how one behaves in space and time. This is the reason why fundamental issues concerning the locomotion behaviours of individuals and objects will be detailed later on in this chapter. Before coming to locomotion behaviours a more general overview of the field of spatial health systems is given in the first part of this chapter. Here it shows that similar fundamental issues like the activities of individuals are other spatial changes, such as in the context of the geography of diseases, i. e. their spatiotem­poral spreading, the large scale planning of health services, or at the city size scale the efficient dealing with emergency cases. The general idea of this chapter is to put forward spatial health systems as a fundamental area in which many research questions arise. In particular during the design process problems are to be solved regarding the choice of spatial concepts which are appropriate for a given spatial health problem. The analysis of different scenarios will provide designers solutions about how to represent spatiotemporal information at the conceptual level of spatial health systems. This chapter consists of three main parts: the first one introduces spatial health systems which complement a large body of work in the health care area and it provides a categorisation of sub-areas, enabling a better overview of this field (section 2). The second part identifies fundamental properties of spatial health systems and divides them up into a number of different categories (sec­tion 3). The third part motivates the importance of the monitoring of spatiotem­poral developments and details for specific applications the methods to be ap­plied in order to show how problems are solved in this field, which concern the design of

spatiotemporal representations for spatial health systems (section 4). The last two sections present future trends (section 5) and summarise the main goals of this work (section 6).

2. Spaial HEALTH SYSTEem The spatial scales at which spatial health applications have to deal with spatial information provide a fourfold categorisation scheme: details considered from the point of view of orthopaedics and similar fields in which movements of the patient’s body are of interest, we are faced with the scale of the human body; monitoring patients, and in particular the elderly, the scale of a flat or nursing home is of interest (instead of the movements of body parts, the patient’s loco­motion is observed); in rescue and emergency cases even the scale of a city has to be taken into consideration; still larger scales are of interest when consider­ing geographic variations in population and several further dimensions, such as culture and economic status for the purpose of analysing and planning health services. These four scales are summarised in Fig. 1 together with typical objects found at these scales. They are of interest for the designer of a spatial health system, who has to decide which spatial information is to be modelled for the problem to be solved. For the consideration of different spatial scales compare the survey of (Freundschuh & Egenhofer 1997).

2.1 Large Scale Space The geographic variation in population and several dimensions such as culture and economic status affect the analysis and planning of health services in a coun­try. These parameters concern the ability of people to travel to obtain health care and the types of services they are willing and able to utilise (McLafferty 2003). Geographical information systems are used to link diverse layers of population and environmental infor-

271

Modelling Spatiotemporal Developments in Spatial Health Systems

Figure 1. The four different spatial scales and typical objects found at these scales Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

mation to characterise the many dimensions of health care need (Mohan 1993). The planning of health services involves to take into account the population density in several regions, and in accordance to this, an appropriate choice of locations for health services. Traffic networks and public transportation systems influence how people can take advantage of health ser­vices. In this way the topography of health services can be defined according to needs. Significantly different is the geography of diseases which comprises the spatial analysis of pathological factors and their relationships to geographical environ­ments. Spatial databases are used to link data on disease hazards, exposures, and outcomes. Cromley (2003) identifies two major requirements: firstly, there is a need for better and on-going environmental monitoring, especially for effec­tive environmental sampling and monitoring systems for chemical and biological contaminants; secondly, disease surveillance systems are necessary which focus on distributing information for meaningful spatial aggregates. The topography of diseases needs to deal with uncertain knowledge about its spatiotemporal development.

Spatial and Temporal Dimensions Spatial representations at this scale have to deal with geographic objects, such as counties and villages as well as their spatial relations. Furthermore, geographic objects are of concern, such as specific regions and their vegetation, forests, rivers, and lakes, but also artificial objects in geography, as roads and railway networks, as well as how they spatially relate. A particular challenge is the rep­resentation of vague regions which represent chemical contaminants for example.

272

2.2 City Size Scale Space At this scale navigation aids for ambulances are of interest which make use of the available street network. On the other hand the monitoring of the locomotion of people plays an important role for different purposes: people suffering from specific diseases might need help if they have a circulatory collapse for example; for others it is of interest to monitor their behaviour in order to verify whether they make advances in walking after having had a heart attack; yet others, such as those suffering from dementia, might need help when they show getting lost behaviours (Chiu, Algase, Liang, Liu & Lin 2005). Devices already exist which have been developed to allow the tracking of relatives who might need help (Bolz, Braecklein & Moor 2005). A modern city would be equipped in a way to provide specific health services in all these cases.

Spatial and Temporal Dimensions While variations of the population density in a country and the dynamic spa­tiotemporal development of diseases are irregularly related to large scale spaces, at the city size scale a health infrastructure needs regularly to cover the whole city since help needs to be available everywhere. Another main feature of these different scales and issues is of a temporal kind: while large scale variations of the population density change slowly, the spreading of diseases is much faster; however, in the case of a circulatory collapse the patient needs help at once. From the point of view of the spatial dimension, the population density can be meaningfully described in terms of regions that expand or contract, the spread­ing of diseases by

Modelling Spatiotemporal Developments in Spatial Health Systems

directional information, and specific locations of patients in a city by points. Spatial representations at the city size scale have to model what distinguishes a city, primarily road networks and how health related buildings and services relate to the spatial layout of the city.

2.3 Indoor Scale Space Similar as at the city size scale are aids in indoor environments, although here the environment is more clearly defined and can be more easily equipped with specific devices (Gottfried, Guesgen & Hubner 2006). Hence the spatial behaviour of people can be monitored more accurately in indoor spaces (observing the elderly in a nursing home, monitoring how people behave in a large hospital, etc.). The monitoring of the physical behaviour of individuals is of interest in such diverse cases as for patients suffering from epilepsy, those having to live with an artificial leg, or those suffering from other disabilities. Especially, the many possibilities for monitoring an individual in his home enables a thorough analysis about how medication influences the patient’s physical activities. While getting lost behaviours at the city size scale occur, in indoor spaces behaviour patterns of people suffering from dementia can be observed in order to gain insights into his emotional inner (confusion or fear). Socially normative behaviour is difficult or even impossible to maintain for the ill person. There­fore, it is assumed that the shown behaviour is much more authentic than for healthy people. As a consequence, correlations between locomotion patterns and specific mental states are more likely to be found by people suffering from de­mentia (Gottfried 2006). It can be analysed how medication influences behaviour patterns and mental states, such as anxiety.

Spatial and Temporal Dimensions At the indoor level things are more clearly than at the other two larger scales. Health services at the indoor level relate to the layout of single flats or buildings (nursing homes, hospitals). The temporal recordings of behaviours can be arbi­trarily comprehensive and precise depending on how the indoor space is equipped with sensors.

2.4 Bdy Scale Space The smallest scale we shall consider here is the body of an individual. In par­ticular medical image processing techniques provide a wealth of possibilities to monitor what goes on inside the human body (Barillot, Haynor & Hellier 2004). While there is a large community of researchers who deal with imaging tech­niques and other methods for analysing the human body, we shall here focus on what can be observed from the outside of the body (and not at the microscopic scale). Another categorisation scheme closely related to the scale of the human body, is that one of proximity: health applications are divided into groups based on the distance between the user (human) and the technology (device or sensor) being used to record or capture the health related data; three different categories used are Tele, Derma, and In Vivo (Olla 2007). As opposed to the inside of the body, from the point of view of orthopaedics for instance, it is of interest how motions of body parts look like, to analyse the mobility of the body and how the mobility develops over time. Long term mon­ itoring systems for vital signs, especially by using wearable computing facilities, are already common, e. g. the blood pressure and pulse provide valuable insights into how the blood circulation works, which is however again inside the body; but for the sake of completeness we shall mention the combination of vital sign measurements with spatiotemporal behaviour patterns, enabling the

273

Modelling Spatiotemporal Developments in Spatial Health Systems

Figure 2. The four different spatial scales and typical applications Orthopaedics

Alarm System

Help for Disoriented

Diseases Surveillance

Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

analysis of correlations between body movements and healthiness.

Spatial and Temporal Dimensions Spatial and temporal characteristics of poses and gestures are of interest at the body size scale, for example for the analysis of the development of patients suf­fering from Parkinson disease or to analyse the behaviours of bodies wearing artificial limbs. Fig. 2 summarises this section by giving application examples for every spatial scale.

3. Spaioempoal Developmen Spatial health systems are designed by analysing how diseases and disabilities present themselves in space and time. Capturing spatial and temporal informa­tion about objects a vast number of data is accumulated over time. On the one hand, data mining techniques are employed in order to look for regularities in the data. On the other hand, statistical evaluations are applied for getting an idea on how to interpret the data. Without those

techniques, it seems, it is difficult to derive anything meaningfully from the data. There is however an alternative way to proceed. Since the spatiotemporal de­velopment of objects is to be captured in a way that is appropriate to form a basis for making decisions, e. g. by the authorities, physicians, or even by politicians, it is the idea of the current work to apply techniques that represent spatiotem­poral developments at the conceptual level, easily comprehensible by humans. That is to say that the methods we shall present in this section pertain to the area of qualitative spatial and temporal representations (Cohn & Hazarika 2001). Investigations in this area look for what the most fundamental representations of spatial and temporal objects are that directly link to human conceptions of spatiotemporal information. Examples at the different spatial scales have been reviewed in the previous section. It is the purpose of the current section to pick up objects described above in order to analyse how to deal with them at the conceptual level of qualitative spatiotemporal representations. Thus, the questions to be answered concern the entities, their relations, and their modes of change we should take into account in spatial health systems. Since it is for most health systems sufficient to restrict

Figure 3. The four different spatial scales and useful entities for typical applications

274

Entity: Region Reddish Parts

Entitiy: Point Approximate Location

Entitiy: Line Covered Path

Entitiy: Region Contaminated Area

Orthopaedics

Alarm System

Help for Disoriented

Diseases Surveillance

Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

Modelling Spatiotemporal Developments in Spatial Health Systems

the investigations to two dimensions, we will do so here.

3.1 Categories of Entities The entities we shall consider represent the spatial attributes of the objects of interest. The choice of these entities depends on how relevant spatiotemporal changes can be described based on them. Single objects that move can be represented by points that coincide with the locations they occupy, while extended objects, such as contaminated areas, are represented by point sets which define specific regions. The path (represented by a line) someone has covered might eventually also be of interest. We shall accordingly distinguish (a) points, (b) lines, and (c) regions. Examples are shown in Fig. 3.

3.2 Categories of Change The change of location itself can be characterised differently. The most obvious thing would be to take the absolute positions of objects into account and to compare them with target positions after a change occurred; this comparison can be carried out differently regarding the precision of description, for exam­ple by looking at whether an objects lies in a different reference region after its change of location. Using ordinal information either cardinal directions (global references) or directions

in reference to other objects (local references) can be used. Furthermore, order information can be taken into account, i. e. that an object is in between specific points which indicate landmarks. We shall accord­ingly distinguish whether the description of change relates to the level of detail at which changes are described either by (a) topology, (b) ordinal information, or (c) by a metric. Examples are shown in Fig. 4.

3.3 Categories of Motion Patterns A number of diseases and disabilities have symptoms which influence the motion patterns of patients. Three different categories of motion patterns are of interest: a. b. c.

body movements without changing the location, the way the change of location is performed, and the actual change of location.

Examples are shown in Fig. 5. Case (a) occurs when the body of the patient shows characteristic movements such as convulsions, e. g. when having a fit of epilepsy; in case (b) the way how the patient moves is of interest, e. g. when observing whether the patient makes advances using an artificial leg; case (c) appears when the change of location itself is of interest, e. g. when a patient suffers from dementia and

Figure 4. The four different spatial scales and useful levels of detail (LoD) for typical applications LoD: Topology Part being Reddish

LoD: Topology Containment in Room

LoD: Ordinal List of Visited Places

LoD: Metric Distance to Contaminated Area

Orthopaedics

Alarm System

Help for Disoriented

Diseases Surveillance

Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

275

Modelling Spatiotemporal Developments in Spatial Health Systems

Figure 5. The four different spatial scales and specific motion patterns for typical appli­cations Body Movements: Posture

Change of Location: of Room

Category of Change: Walking Behaviour

Change of Location: Direction of Development

Orthopaedics

Alarm System

Help for Disoriented

Diseases Surveillance

Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

Figure 6. The four different spatial scales and specific granularity levels for typical appli­cations Conceptual: Categories of Limbs

Conceptual: Categories of Rooms

Conceptual: Categories of Steps

Conceptual: Village versus City

Representational: Order of Limbs

Representational: Arrangement of Rooms

Representational: Step Size

Representational: Overlap with Infected Areas

Object Intrinsic: Limbs

Object Intrinsic: Rooms

Object Intrinsic: Steps

Object Intrinsic: Villages

Orthopaedics

Alarm System

Help for Disoriented

Diseases Surveillance

Body Parts

Rooms in a Flat

Buildings

Villages

Body Scale Space

Indoor Scale Space

City Size Scale Space

Large Scale Space

shows wandering behaviours. In all these cases it is crucial to determine the relevant distinctions of the motion patterns, in order to provide the physician, nurse, or patient herself information about wether the medication works as planned for example.

3.4 Categories of Granularity Entities and their relations as well as how those relations change, can be de­scribed at different granularity levels (Galton 2000). Having categorised spatial health systems according to four different spatial scales in section two, we have already considered different spatial scales which relate to specific levels of intrin­sic granularity, namely those distinguishing either geographical objects, objects and structures in a city, those structures found inside buildings, and those con­ cerning body parts. Such spatial scales at which

276

significant structures appear relate to the intrinsic granularity of objects, i. e. their structures which occur at specific spatial scales. More finer intrinsic grain-sizes can be distinguished if necessary for the health system to make relevant distinctions, e. g. to measure the change of location with an appropriate accuracy. By contrast to the intrinsic granularity of objects, the representational gran­ularity concerns how the objects are represented in the system, i.e. which level of detail or resolution is used; this has significant influence on the conclusions which can be derived giving a set of observations. The conceptual granularity eventually relates to the grain-sizes of knowledge used in the system. Buildings in a city might be simply distinguished from vehi­cles and street networks. At a finer conceptual granularity level however different buildings would be distinguished, such as a bungalow and a skyscraper making a fundamental difference for the rescue service.

Modelling Spatiotemporal Developments in Spatial Health Systems

As a summary we distinguish a. b. c.

object intrinsic, representational, and conceptual

granularity levels. Examples are shown in Fig. 6.

3.5 Overview of Spatial Concepts An overview of the concepts discussed in this section is finally given in Table 1. It helps the designer to consider all relevant distinctions when looking for an appropriate representation of the spatial health problem at hand.

4. Example SCEena Having described the relevant dimensions of spatial health systems we shall now consider a number of four example scenarios that show how to apply this frame­work. It is the aim to find representations of the spatiotemporal behaviours of people or objects that satisfy the following constraints: •

•

•

Sensor robustness constraint: the representation should be just as precise as necessary in order to solve the problem at hand; this has the advantage that the sensors to be used only have to be accordingly simple. Data reduction constraint: the representation should represent in a compact way relevant information in order to aid in reducing large quantities of data. Human computer interface constraint: the representation should link to high level concepts enabling the link to decision support and other systems re­quiring an adequate interface to users.

These constraints show that rather the qualitative end of the spectrum of dif­ferent spatial representations is of interest for our purposes, i. e. for a given application scenario we have to check whether topological or at least ordinal information suffice to solve the stated problems. While geographical information systems exist that allow to easily query and visualise the spatial and temporal developments of objects in geographic space, we shall here investigate how the design process looks like that aids in finding appropriate representations for those spatial and temporal developments. For this purpose, each of the application scenarios discusses separately the different categories from above: first of all by describing the scenario itself and to which of the motion pattern categories it is attributed to (cf. section 3.3). Since the first two categories, namely entities (cf. section 3.1) and their spatial relations (cf. section 3.2), are closely interrelated we discuss them together. Afterwards issues concerning granularity categories (cf. section 3.4) are analysed.

4.1 Scenario 1: Spreading of Diseases (Large Scale Space) In this scenario we are interested in investigating how a disease develops in space and time. The purpose is that we want to know the directions towards which a disease spreads out in order to make predictions about regions which will be infected in the near future. This scenario pertains to the second kind of motion pattern category from section 3.3, i. e. it concerns how the change of locations (of infected regions) looks like (towards which directions diseases spread out).

Entities and Relations Table 2 shows a number of possibilities for geometric entities and their relations which are distinguished by different degrees of detail. This

277

Modelling Spatiotemporal Developments in Spatial Health Systems

Table 1. Spatiotemporal concepts for describing spatial health systems Entity

Level of detail

Motion pattern

Granularity

Region

Topology

Stationary movements

Object intrinsic

Point

Ordinal

Categories of change

Representational

Line

Metric

Change of location

Conceptual

table aids the designer to find an appropriate representation. For the following scenarios we will fill the table with other examples according to what is relevant. This example also shows that it is not necessary to fill the table completely in this state of modelling, i. e. there might be combinations of entities with specific spatial details for which there are no useful examples. In the most simple case everybody suffering from this disease would be reg­istered by his location. This however is costly and the amount of data to be organised is cumbersome. The distances of infected people is unlikely to be of interest. The size of the infected region might be the only meaningful value at the metrical level concerning this scenario. It is however less important to know the precise size of the infected region than to simply know whether the size is either growing or shrinking. Of more interest is information represented at the ordinal level. The order of locations getting successively infected might allow predictions to be made. Similarly, directions towards which an infected area growth or shrinks enables predic-

tions to some extent. Even at the topological level it is possible to make meaningful inferences: it can be analysed whether infected regions intersect areas having a well developed street network as opposed to those regions which do not connect via a well developed public transportation system, making possible interesting predictions in the future, for example; or, it can simply be stated whether a specific area is already infected.

Granularities The intrinsic grain-size concerns geographical objects such as counties, villages, and towns. Other regions referring to parts of a town might be difficult to com­municate and they are probably not relevant, for it suffices to state whether the town is affected or not; more precise statements would change at a tempo­ral scale being too short to be useful. The representational granularity should accordingly concern those geographical regions, however a coarse level of detail would be sufficient instead of representing precisely the boundary of a town; a circle enclosing the town

Table 2. Entities and their spatial relations regarding a disease which spreads out in a counrty

278

Points

Lines

Regions

Metric

Precise locations of people being infected

Distance between infected and uninfected locations

Size of regions being infected

Ordinal

Order of locations getting successively infected

-

Directions of developments of infected areas

Topology

-

Intersection of infect-ed regions with spe-cific street networks

Infected areas

Modelling Spatiotemporal Developments in Spatial Health Systems

would be sufficient for the intended purposes. The conceptual granularity might distinguish towns having specific properties, for example either having a large industry or not, or a county having a well de­veloped public transportation system or not. Such distinctions might be crucial to predict how fast the disease spreads out; this might be slowly in a country that has no public transportation system. Note that these considerations can be adapted to other, geometrically similar problems such as the observation and prediction how chemical contaminants spread out.

4.2 Scenario 2: Getting Lost Behaviours (City Size Scale Space) This scenario asks for how to represent locomotion activities of someone, espe­cially in order to detect whether he got lost. This problem concerns in particular people suffering from dementia in an early stage, that is they still leave their home or the nursing home where they are living, either in order to go for a walk, to go shopping, or to visit their doctors. Such a patient sometimes suffers from a lack in his short-time memory, and thus looses his orientation. Equipping him with devices that inform relatives about his location would be helpful. In addition, the observation on how those people behave when walking through their city give the psychologist hints about their stage of health. According to the demographic shift towards a society with ever more old people, there is an increase in patients who get disoriented. This scenario pertains to the third kind of motion pattern category from section 3.3, i. e. it concerns the actual change of locations. More precisely, the order of locations is of interest, here in order to derive recurring visits of places indicating confusion for example.

Entities and Relations Table 3 shows the possibilities of how we might want to describe how a human runs through his

city. Using a metric we can determine his precise locations, the lengths of paths he has covered, and the sizes of areas he is currently visiting. The question is whether such a precise description is necessary, i. e. whether it actually helps in evaluating the behaviour of a man for whom we want to know whether he moves normally or not. This requires at least to further process the quantitative data. More directly related to questions about normal versus abnormal behaviours are relations obtained at the ordinal level. Instead of precise attributes this level represents the order of either visited locations, used paths, or visited areas. How­ever, already the topological level of relations is sufficient for deriving whether the same place is visited more than once, indicating confusion as opposed to a goal directed behaviour which shows no two places being visited twice. As the running to-and-fro might be of specific interest in this scenario the ordinal level would be chosen to be the appropriate level for this scenario.

Granularities The intrinsic granularity concerns different streets or distinguishable buildings where someone is walking. In particular the latter might be of interest allow­ing to derive whether the monitored person ever and ever again moves along the same department store which would not be possible when choosing only the granularity level of streets. The representational granularity should capture the length of buildings along the pavements in order to be able to derive how fast someone is, without having to measure his actual velocity with sophisticated measurement tools which are to be attached to his body; it is only necessary to determine his rough locations at the granularity level of buildings. Otherwise the representational granularity can be restricted to capture the order of buildings, parks, and other objects at the city size scale. Among others the conceptual granularity should involve different kinds of buildings, namely

279

Modelling Spatiotemporal Developments in Spatial Health Systems

apartment build­ings, department stores (probably different types of stores), hotels, industrial buildings, etc.. This would enable the system to infer which buildings the person is attracted to.

4.3 Scenario 3: Bulimia (Indoor Scale Space) This scenario describes how people suffering from bulimia can be monitored in order to give the physician additional information about the development of the disease. The eating and drinking behaviour of the patient, the digestion process as well as how the body probably repels food is at the centre of this disease and should therefore be carefully observed. This scenario pertains to the third kind of motion pattern category from section 3.3, i. e. it concerns the actual change of locations. More precisely, the order of locations is of interest, here in order to recognise that the monitored person visited her refrigerator, a place where she usually eats, and after that the toilet to vomit, in that order.

Entities and Relations Table 4 shows which kinds of spatial concepts might be of interest in this case. For the purpose of monitoring bulimia we assume a single person living alone in her flat. The spatial concepts relevant are therefore locations in the flat, i. e. at the metrical level we distinguish precise locations, the shapes of paths the person covers, as well as rooms

or other regions in a flat which might concern our interest. The ordinal level can distinguish either covered paths between locations, the order among locations themselves, or the order of visited rooms; in other words at this level a lot can be concluded about how active the person is. The topological level does not distinguish precise locations but approximate locations which is not only sufficient but even desirable since the person will probably sit always slightly different at her kitchen table, this being not of par­ticular importance. Similar, it might sometimes be sufficient just to know in which room she is regardless of what she is doing, or it might sometimes be sufficient just to know that she is very active indicating restlessness. Then, while it is useful to know that she is first of all at the refrigerator, then sitting at the kitchen table, and eventually in the bathroom using the toilet, we will need both approximate location information and the order of their visits.

Granularities The intrinsic granularity concerns the typical places in the flat, such as the kitchen and the bathroom. Finer granules are those of the refrigerator, table, toilet, and the wash-basin. The representational granularity should be chosen in a way that the locations of the objects of interest can be clearly distinguished; a particular precise level of detail, for example to represent the refrigerator, is not necessary; its rough location would already enable the monitoring system to

Table 3. Entities and their spatial relations regarding getting lost behaviours

280

Points

Lines

Regions

Metric

Precise locations

Lengths of paths

Sizes of areas

Ordinal

Order of visited locations

Order of used paths

Order of visited areas

Topology

Coincidence with locations

Containment in streets

Containment in areas

Modelling Spatiotemporal Developments in Spatial Health Systems

recognise that the person is either currently at the refrigerator or not. It would be of interest to chose such a fine conceptual granularity as to be able to distinguish what the person is eating or drinking. This would give the physician valuable insights into the development of the disease.

4.4 Scenario 4: Personal Records of Healthiness (Body Scale Space) This scenario is about monitoring the healthiness of an individual by correlating his physical activities with his vital signs, such as heart beat and pulse. It pertains to the first kind of motion pattern category from section 3.3, i. e. it concerns body movements without the necessity that the patient changes his location. Since the field of spatiotemporal databases (Abraham & Roddick 1999) has suggested a number of methods for effectively recording, retrieving, and present­ing spatiotemporal information, spatiotemporal databases are a fundamental tool for spatiotemporal behaviour recordings. A personal record that captures the spatiotemporal behaviour of a patient is fundamental in order to deal with the individual behaviour of the patient. The gap to be closed is a data model for the description of the spatiotemporal behaviour of an individual. Such a data model uses specific spatiotemporal concepts and enables the control whether the spatiotemporal behaviour of the patient is as expected, or if not, how it devi­ates. It is argued that it is sometimes just the individual

behaviour which gives important insights into the development of the patient, as opposed to general criteria that do not consider the activities of the patient. Recordings about the spatiotemporal behaviour of the patient give valuable insights regarding the number of fits of epilepsy, whether the patient makes advances with his artificial leg, or whether he overtaxes his body. Recordings about such parameters provide the physician additional information about her patients. While we have until now focused on diseases where the spatiotemporal information alone is of significance, combinations with non-spatial information is certainly also of interest: e. g. vital signs such as heart beet, blood pressure, etc.. For example it can be inferred whether the blood pressure changes depending on how active the patient is, this activity being measured by his body movements.

Entities and Relations Table 5 shows the spatial concepts which are of interest for this scenario. Pri­marily, specific areas of the body having specific properties might be of interest; or else, in which order body parts move, for example whether the head is always shaken as soon as the patient tries to grasp an object. Also, precise character­istics about the shapes of paths of body parts, such as of the arms, might give indications about how stable the patient’s body behaves when performing spe­cific tasks. This latter example shows that in comparison to the

Table 4. Entities and their spatial relations regarding bulimia and its observation in a flat Points

Lines

Regions

Metric

Precise locations

Shapes of paths

Rooms

Ordinal

Order of visited locations

Order of used paths

Order of visited rooms

Topology

Approximate locations (refrigerator, table, toilet)

Using a path

Being in a room

281

Modelling Spatiotemporal Developments in Spatial Health Systems

Table 5. Entities and their spatial relations regarding personal records of healthiness Points

Lines

Regions

Metric

Precise positions of limbs and joints

Shapes of trajectories of movements

Areas occupied by the body or parts

Ordinal

Order in which parts move

-

Order of areas being reddish

Topology

-

-

Areas having some property

other scenarios, more precise information might be of interest at the scale of the body.

Granularities The intrinsic granularity concerns those body parts which are taken into account while measuring the behaviour of the patient, for example single limbs. While the conceptual granularity should make a distinction regarding different limbs, the representational granularity needs only to be as precise as needed in order to count movements of limbs at different locations of the body.

5. FuTURE TREend Technological advances in sensing have ushered in an unprecedented opportu­nity for realising applications that sense what goes on in the environment, in particular regarding mobile healthcare applications. Much effort is still needed for the development of methods to integrate and exploit the available data for ad­dressing specific application areas. This chapter is devoted to this problem and focuses on the integration and exploitation of spatial and temporal information in mobile health applications. With new advances made on the sensory level, but also on the level of effectors, new ideas and technologies will be added, improving spatial health systems. However the proposed concepts are necessary means in any

282

kind of spatial health system and will therefore be found in future systems, too. While this chapter investigates representational issues of spatiotemporal in­formation, there are other topics to be addressed in specific applications. One important issue concerns the distinction between sensors attached to the patient as opposed to sensors situated in the environment. A decision between those possibilities is not a pure technological one, but also of concern for the health problem at hand: to monitor people suffering from mental disabilities it is difficult or even impossible to use wearable technologies which would be difficult to manage by those patients; or they might even feel uncomfortable having attached an alien element to their body. Conversely, in order to measure permanently the patient’s pulse it is necessary to use wearable devices. Another issue concerns the connection of spatial health systems to health information systems in order to manage large personal records of healthiness as proposed in the last scenario. Yet another topic is that of user interfaces which enable patients to use spatial health systems as easily as a stereo unit; this includes the setup of such a system as well as to handle an infrastructure that connects to facilities helping challenged people or that connects to physicians, psychologists, or others who have to analyse the acquired information. Privacy issues are eventually another important field to be taken into account carefully, for it is just the way how patients are monitored in

Modelling Spatiotemporal Developments in Spatial Health Systems

diverse environments what is peculiar to spatial health systems.

6. CONCLlu The most important goals this chapter aims at are as follows. The benefits of mobile technologies in the area of health care have been motivated by several examples for spatial health scenarios. Those scenarios can be categorised ac­cording to specific spatial and spatiotemporal concepts which have be defined in this chapter. It shows that methods from artificial intelligence research aid in designing new mobile health systems which are based on the monitoring of the spatiotemporal behaviours of humans. In this chapter we have in particular focused on the design process of spatial health systems. In this phase of development one carefully has to decide among many different possibilities on how to model environments, objects and their behaviours. Since this choice is influenced by the spatial scale one faces, the categorisation scheme in the first part does not only make sense in order to get a better overview of the field, but also by determining spatial concepts for a particular system. While the second part has introduced the general means required for modelling spatial health systems, the third part demonstrated for the different spatial scales how these means provide solutions in four case studies. Behaviours of patients and healthy people, as well as of diseases themselves, can be monitored in several ways by spatial health systems and we refer to them as to spatiotemporal behaviour recordings. They complement the area of mobile health solutions for biomedical applications in the context of diagnosis and in monitoring the evolution of diseases, giving physicians additional insights into diseases, and hence, complementing health related issues in an important way. From the point of view of the patient new means are provided by such systems helping challenged

people to cope with their everyday life. In this respect such technologies provide a benefit to society in two different ways, namely concerning medical developments and new tools for the affected individual.

Refeen Abraham, T., & Roddick, J. F. (1999). Survey of spatio-temporal databases. GeoInformatica, 3(1), 61–99. Barillot, C., Haynor, D. R., & Hellier, P. (Eds.). (2004). Medical Image Computing and Computer-Assisted Intervention – MICCAI 2004, 7th International Conference Saint-Malo, France. Springer. Bolz, A., Braecklein, M., & Moor, C. (2005). Technische Möglichkeiten des Telemonitorings physiologischer Parameter. Herzschrittmachertherapie & Elektrophysiologie, 16, 1–9. Chiu, Y.-C., Algase, D. L., Liang, J., Liu, H.-C., & Lin, K.-N. (2005). Conceptu­alization and measurement of getting lost behaviour in persons with early dementia. International Journal of Geriatric Psychatry, 20, 760–768. Cohn, A. G., & Hazarika, S. M. (2001). Qualitative spatial representation and reasoning: An overview. Fundamenta Informaticae, 43, 2–32. Cromley, E. K. (2003). GIS and Disease. Annu. Rev. Public Health, 24, 7–24. Freundschuh, S. & Egenhofer, M. (1997). Human conceptions of spaces: Impli­cations for gis. Transactions in GIS, 4, 361–375. Galton, A. (2000). Qualitative spatial change. Oxford, New York: Oxford Uni­versity Press. Gottfried, B. (2006). Spatial health systems. In J. E. Bardram, J. C. Chachques, & U. Varshney (Eds.), 1st International Conference on Pervasive Comput­ing Technologies for Healthcare (PCTH

283

Modelling Spatiotemporal Developments in Spatial Health Systems

2006), November 29 -December 1, Innsbruck, Austria. IEEE Press. Gottfried, B., Guesgen, H. W., & Hübner, S. (2006). Spatiotemporal reasoning for smart homes. In J. C. Augusto & C. D. Nugent (Eds.), Designing Smart Homes, The Role of Artificial Intelligence, 4008, 16–34. Heidelberg: Springer. Heine, C., & Kirn, S. (2004). Adapt at agent.hospital -agent based support of clinical processes. In Proceedings of the 13th european conference on information systems, the european is profession in the global networking environment, ecis 2004, Turku, Finland, June 14-16, 2004. McLafferty, S. L. (2003). GIS and Health Care. Annual Review Public Health, 24, 25–42.

284

Mea, V. D., Pittaro, M., & Roberto, V. (2004). Knowledge management and modelling in health care organizations: The standard operating procedures. In M. Wimmer (Ed.), Kmgov, 3035, 136–146. Springer. Mohan, J. (1993). Healthy indicators? applications of census data in health care planning. In A. Champion (Ed.), Population matters: The local dimension (pp. 136–149). London: Paul Chapman. Olla, P. (2007). Mobile health technology of the future: creation of an m-health taxonomy based on proximity. International Journal of Healthcare Technology and Management, 8(3/4), 370–387.

285

Chapter XV

Context-Aware Task Redistribution for Enhanced M-Health Application Performance Hailiang Mei University of Twente, The Netherlands Bert-Jan van Beijnum University of Twente, The Netherlands Ing Widya University of Twente, The Netherlands Val Jones University of Twente, The Netherlands Hermie Hermens1 University of Twente, The Netherlands

ABSTRACT Building context-aware mobile healthcare systems has become increasingly important with the emergence of new medical sensor technologies, the fast adoption of advanced mobile systems, and improved quality of care required by today’s patients. A unique feature of our mobile healthcare system is a distributed processing paradigm whereby a set of bio-signal processing tasks is spread across a heterogeneous network. As well as applying the traditional adaptation methods such as protocol adaptation and data prioritization, the authors investigate the possibility of adaptation based on dynamic task redistribution. In this chapter, the authors propose an adaptation middleware that consists of a task assignment decision mechanism and a task redistribution infrastructure. The decision mechanism represents task

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

assignment as a graph mapping problem and searches for the optimal assignment given the latest context information. Once a new assignment is identified, the member tasks are distributed accordingly by the distribution infrastructure. A prototype implementation based on the OSGi framework is reported to validate the task redistribution infrastructure.

1. Inoduion Telemedicine has been receiving more and more attention due to its potential amongst others to tackle the resource challenges to the healthcare system posed by the aging society, by improving the quality of diagnosis and treatment and by reducing the costs of delivering healthcare (TelemedicineAlliance, 2004). Being part of telemedicine, mobile healthcare (m-health) is emerging along with the fast adoption of advanced mobile technology into daily life. Several m-health systems have been developed for mobile network environments (Halteren, Bults, Wac, Konstantas, & Widya, 2004; Hung & Yuan-Ting, 2003; Rasid & Woodward, 2005; Yuan-Hsiang et al., 2004), in which an m-health platform is introduced comprising a patient Body Area Network and some back-end healthcare service facilities linked by wireless communications links. On top of the platform, multiple applications, such as tele-monitoring and tele-treatment services, can be operated to provide continuous (24/7) mobile services to patients. However, like other applications in a mobile environment, the performance of m-health systems can be seriously affected by context changes and scarcity of the platform resources, e.g. network bandwidth, battery power and computational power of handhelds (Halteren, Bults, Wac, Konstantas, & Widya, 2004; Jones, Incardona, Tristram, Virtuoso, & Lymberis, 2006). From a technical point of view, to solve this mismatch between application demand and resources, an appropriate context-aware adaptation mechanism should be embedded into the system. Satyanarayanan (Satyanarayanan, 2001) identifies

286

three approaches to building such adaptation mechanisms: (1) task adjustment - this is to automatically change task behavior to use less of a scarce resource, e.g. scalable video transmission over wireless network; (2) resource reservation this is to ask the environment to guarantee a certain level of a resource, e.g. QoS (Quality of Service) management and reservation techniques; (3) user notification - this is to suggest a corrective action to the user. The second approach assumes that it is possible to reserve sufficient resources for the task, which is sometimes unrealistic, e.g. the drop of network bandwidth could be so significant that the required data transmission quality just cannot be met. The third approach could avoid the mismatch by giving the patient suggestions or warnings, e.g. “Please stay near to a charging point to reduce the risk caused by draining battery power”. However, restricting users’ mobility in this way is a far from satisfactory solution. Therefore, we focus on the first “adjusting task demand” approach to tackle the problem in m-health of mismatch between demand and resources. Previously, adjusting tasks was often performed within an isolated device, e.g. by a local application-specific adaptor (Badrinath et al., 2000). Methods applied in the past include data compression, discarding less important information and handover to a better network connection. The fundamental model common to remote monitoring systems consists of a set of bio-signal data processing tasks distributed across a set of networked devices. Therefore, one possible adaptation scenario is to exploit the distributed processing paradigm and adjust the assignment of tasks across available devices at run-time.

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

The rationale is that, at a particular moment, if one device cannot support a task in terms of computation or data communication demands, some other devices with richer resources may be available to take over this task. The advantage over traditional methods is that the user requirements are less likely to be compromised and distributed resources can be better utilized. To realize this task redistribution based adaptation in m-health systems, two major topics are to be addressed: (1) how to determine a suitable task assignment and (2) how to reconfigure the tasks across the devices according to this assignment with minimum service disruption. Targeting m-health systems specifically, we would like to address the following questions in this chapter: 1. 2.

3.

4.

What are the requirements for task redistribution in m-health systems? What are the QoS performance measures relevant for the m-health application and which performance characteristics can be improved by a “more suitable task assignment”? How can an optimal task assignment be computed given one particular performance measure? What is the impact of the redistribution of tasks on the continuity of the services and what are the potential techniques to minimize these disruptions?

This chapter is organized as follows. Section 2 motivates our research by presenting a context-aware m-health system and its application scenario, which allows us to further study the requirements on task-redistribution and relevant performance measures. In Section 3, we formulate the problem of task assignment in m-health in order to support task redistribution. Section 4 classifies the task assignment problem into several groups based on the model setting and presents the solutions. Section 5 presents the de-

sign and implementation of a component-based infrastructure to support the task redistribution. Section 6 provides some further discussions relate to both technical outcomes and non-technical outcomes. Section 7 concludes this chapter.

2. TakRediBaed Adapion inAwa M-Healt hSYSTEem 2.1 The M-Health System The m-health system under study consists of a body-worn set of devices (Body Area Network or BAN) communicating with a remote healthcare provider via an m-health server. This distributed system incorporates the following devices in the mobile and fixed networks: one or more bodyworn sensors connected to a sensor front end (a “sensorbox”), a handheld (in this case a PDA) acting as the Mobile Base Unit (MBU) of the BAN, a back-end server and an end-terminal (Figure 1). This m-health system was developed over the course of a number of European and Dutch projects (IST MobiHealth2, eTEN HealthService243 and FREEBAND AWARENESS4). The epileptic seizure detection application presented in the next section was developed during the AWARENESS project. The data acquisition system (sensors and sensorbox) collects bio-signals of the patient and other data such as location or activity and sends the data to the MBU over a short-range wireless connection, e.g. a Bluetooth connection. The MBU acts as a processor and communications gateway and thus can process the data and send it to the back-end server of the healthcare portal over a wireless link (currently WiFi, GPRS or UMTS). Thereafter, the data can be streamed to (or stored for future access by) a healthcare professional using his end-terminal, e.g. his laptop or desktop PC. In this distributed and mobile environment, application context including user situation, de-

287

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

vice capacity and network connection changes from time to time. M-health applications need to adapt to these context changes in order to provide timely and adequate services. Such context awareness is illustrated through a scenario in the next section.

an upcoming seizure. The m-health monitoring service constantly runs an epileptic seizure detection algorithm (Figure 2) which analyses the ECG signals in combination with context information about John’s current activity levels derived from the activity sensor.

2.2 Context-Aware Epileptic Seizure Detection

When John is at home, a broadband network is available to transfer his raw ECG and activity information to the remote monitoring centre, e.g. the back-end server in (Figure 1). In this case, all tasks in the detection algorithm are deployed on the back-end server and the doctor can be warned if a seizure is likely to occur. One afternoon, John is out jogging, following his usual route through the forest. Since there is no broadband network available in the forest, John’s bio-signals cannot be transmitted due to insufficient network bandwidth. Therefore, some processing tasks are reassigned from the remote server to his MBU and his biosignals are processed locally. During his run, the signal processing algorithm detects a possible imminent epileptic seizure. John is immediately warned by his BAN, and stops running. At the same time, an alarm and John’s GPS position are sent to the monitoring centre via a narrow band connection, e.g. GPRS or GSM. The alarm triggers the monitoring service to take appropriate action; for instance, depending on the circumstances, the

Epilepsy is a serious chronic neurological condition characterized by recurrent unprovoked seizures. If detection or even prediction of seizures by a few seconds were possible this would give the patient a chance to prepare and for appropriate medical assistance and/or advice to be given. Since seizures may happen anywhere and at any time, providing a mobile monitoring service for epilepsy patients can be very beneficial. The scenario below illustrates the AWARENESS vision of the context-aware mobile monitoring services for epileptic seizure detection to be provided by the m-health system and shows why the system needs to adapt to changing contextual factors. John is an epilepsy patient who had been seizurefree for several years. He wears a mobile monitoring system which monitors his health state and can give him a few seconds’ advance warning of

Figure 1. The M-health system enables a remote health professional to view processed bio-signals and take appropriate action for the patient

288

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Figure 2. Distributed bio-signal processing tasks in a epileptic seizure detection algorithm studied in the AWARENESS project (Tönis, Hermens, & Vollenbroek-Hutten, 2006): Raw ECG and movement information (obtained by accelerometers) are processed in distinguished steps to estimate the chance of a seizure attack Se

R aw E C G

ECG F ilter

R - top detec tion

Interp olation

HPF

HRI

A c tiv ity Inc reas e

Sx

A c c elerom eter s ignal

LP F

emergency services or an informal caregiver can be dispatched to the exact location where John is to render emergency assistance.

2.3 MADE – A Middleware Layer Supporting Task Redistribution Bsed Adaptation As illustrated in the scenario, it is desirable that the m-health system can respond to context changes by properly redistributing the biosignal processing tasks at runtime. To achieve this, we propose a so-called MADE middleware consisting of four parts: Monitoring, Analysis, Decision and Enforcement shown in Figure 3. The monitoring part includes registration of the m-health application, device discovery, resource monitoring, and context discovery/registration. The analysis part takes this information on the m-health application and system as input and runs a task assignment algorithm to determine the assignment with optimal system QoS performance under these circumstances. The task assignment algorithm can be executed based on a predetermined schedule or triggered by a “significant” context change, e.g. John moves out of an area of WLAN coverage into a GPRS only area. The decision part compares the computed optimal assignment with the current sys-

H R e v ent detec tion

C om bine ev ents

s eiz ure ! T

pos ture detec tion

tem configuration to determine the actual cost of reconfiguration. If the reconfiguration cost can be covered by the enhanced performance of the new configuration, the new assignment plan will be executed. The Enforcement part controls the m-health system to adjust its configuration according to the new assignment.

2.4 Performance Enhancement by Task Redistribution Different assignments of application tasks to system devices result in different system configurations and each configuration exhibits different QoS performance characteristics. The main goal of the MADE middleware layer is to identify a system configuration with optimal QoS performance and reconfigure the m-health application/system by means of task redistribution. From the perspective of the end user, e.g. the doctor in Figure 1, we focus on the following QoS characteristics that are critical to the success of the m-health mission. There are certainly other critical performance measures not covered here, in particular data security and privacy. We investigate here only the QoS performance measures that can be improved based on the task redistribution approach.

289

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Figure 3. MADE – a task redistribution based adaptation middleware that can dynamically redistribute the application tasks across platform resources M - health app lic ation

M onitoring

A naly s is

D ec is ion

E nforc em ent

T as k r e -dis tribution m iddlew are M - health pl atform r es ourc e

`

1.

2.

290

“End-to-end delay” is defined as the elapsed time between the m-health system receiving a frame of patient’s bio-signal information and sending the corresponding processed result of this particular bio-signal frame to the decision point. This parameter indicates how quickly the bio-signal and processed result can be delivered by the m-health system. The faster the real-time bio-signal information is delivered, the higher the chance that the patient’s emergency situation can be dealt with in time, e.g. in the time critical epileptic seizure detection application. “M-health application availability level”. The availability measure we consider here is the steady state availability as defined in (Muppala, Fricks, & Trivedi, 2000), that is the application mean uptime divided by the sum of the mean uptime and mean downtime. Failures may potentially occur during either data processing or communication.

3.

“System battery lifetime” is defined as the minimum battery lifetime of all the battery powered devices in the m-health system. Some devices in the m-health system are powered by batteries; if the remaining battery energy is lower than a certain level, the node cannot perform bio-signal processing operations anymore, and thus, the m-health system cannot provide the necessary information to the decision point. This parameter indicates the maximum operating time of the m-health system.

2.5 Task Redistribution Based Adaptation Requirements Based on the scenario described above, we can derive two non-functional requirements on the task redistribution based adaptation in order to make it effective:

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

•

•

The adaptation should be agile, that is the speed at which the system detects and adapts to context changes should be fast in order to minimize service interruption. The adaptation should be cost effective: system reconfiguration by task redistribution consumes additional platform resources, so if the aim of adaptation is to reduce the usage of a certain resource, e.g. battery energy, it is important that the reconfiguration does not cost more than what can be saved.

3. TASK ASSIGNMENT PROBLEMlem Semen The core of the MADE middleware layer is the “analysis” part where a task assignment algorithm is required to compute the optimal task assignment given the application/system context information. In this section, we discuss this task assignment problem in more detail and present the mathematical model of the problem.

3.1 Definitions We define an m-health remote monitoring application as a partial order of bio-signal streaming tasks. In our model we distinguish two types of streaming tasks: stream processing tasks (c.f. Figure 2) and stream transmission tasks. Processing tasks typically perform some operation on the bio-signal stream such as filtering, transcoding, or other m-health relevant signalor data processing operations. Each processing task consumes one or more data streams and produces one or more data streams. Transmission tasks are the glue between processing tasks and have two functions: firstly they allow us to easily characterize properties of the data stream (for instance the data rate of the stream); and secondly, as we will see later, transmission tasks can be mapped onto a communication path (such a path may be a stream pipe within a device, or

it may be a networked path between different devices). An m-health application consisting of distributed tasks can be defined as a tuple of (P, T, At, LP, LT), where P is a set of stream processing tasks {p1,p2,…}, T is a set of transmission tasks {t1,t2,…}, At is a set of precedence relations between tasks, such that At ⊆ P × T ∪ T × P, LP is a set of labels over each processing task, LT is a set of labels over each transmission task. LP and LT indicate the resource demand of processing tasks and transmission tasks respectively, a detailed overview is given in Table 1. The structure (P, T, At) is a (bipartite) directed acyclic graph (DAG) termed a task DAG. An example of a task DAG is given in Figure 4. Similarly, an m-health system is defined as a tuple of (D, C, Ar, LD, LC), where D is a set of device resources {d1,d2,…}, C is a set of (communication) channel resources {c1,c2,…}, Ar is a set of precedence relations between resources, such that Ar ⊆ D × C ∪ C × D, LD is a set of labels over each device resource, LC is a set of labels over each channel resource. LD and LC model the resource supply of devices and channels respectively, further details of this context information are given in Table 1. The structure (D, C, Ar) is a directed acyclic graph termed a resource DAG, an example of such a graph is shown in Figure 4. We assume that device resources in an mhealth system can relay bio-signal data streams, therefore a transmission task may be assigned to a communication path. A communication path is defined as follows. Given two device resources di and dj, a communication path cp is a path in the resource graph starting at di and ending at dj. In general there may exist multiple paths from di to dj, the set CPdi,dj denotes the set of all paths from di to dj. Note that when i=j the communication path is the empty path, denoted ε, and CPdi,dj ={ε}. Both task DAGs and resource DAGs are bipartite graphs in which each type of vertex forms

291

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

a disjoint set, i.e. there is no connection between two vertices of the same type. In a task DAG, each transmission task has exactly one predecessor processing task and one successor processing task, while a processing task may have multiple predecessor transmission tasks and multiple successor transmission tasks. A similar property holds for a resource DAG. Regarding the semantics of the task DAG, we have one important assumption namely that whenever a processing task has multiple successor transmission tasks, the bio-signal stream transfers over each of these transmission tasks. Whenever a processing task has multiple predecessor transmission tasks, the bio-signals entering from all these transmission tasks are synchronized. In effect, we only allow bio-sig-

nal forking and joining with AND semantics (as known from workflow theory). Based on the two graph models, a task assignment is a mapping of tasks onto resources such that: each processing task is mapped to one device resource and each transmission task is mapped to a communication path. In general, many different task assignments exist, and the objective is to find the best task assignment based on a QoS performance evaluation function. A formal treatment of the task assignment problem is presented next.

3.2 Problem Formulation We formulate the task assignment problem in mhealth as follows:

Figure 4. Model of task assignment from an m-health application, i.e. task DAG (Directed Acyclic Graph), to an m-health system, i.e. resource DAG Task DAG p1

p5

t1

t2

p3

t3

t4

p4

t5

t7

p7

t8

p2

t6

p6

p8

Assignment

d1

c1

c3

d2

c2

d3

c4

d4 1

292

Processing

2

c5 Transmission

a

Device

d5

Resource DAG e

Channel

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Table 1. Notations for labeling Notation B

elongs to

Meaning

op pi

LP

the number of operations per second at processing task pi

rrpi

LP

required resource for processing, e.g. minimum required CPU, minimum required memory, etc.

av pi ,di , avti ,ci or

LP / LT

n

avti ,di

availability measure of running a processing or transmission task at 5 a particular resource .

ntitr

LT

the number of transmitted data units per second at transmission task ti

edito

LD

total available battery energy at device di 6

hk di

LD

energy consumption of device’s “housekeeping” activities per second, e.g. CPU, display, powering network interface cards

ediop

LD

energy consumption per operation on the device di

rs di

LD

available resource supply for processing at device di , e.g. CPU type, available memory, etc.

bwci

LC

available bandwidth at channel ci

loci

LC

Current load information at channel ci

e

se ci

LC

energy consumption for sending one data unit through channel ci

e

re ci

LC

energy consumption for receiving one data unit through channel ci

e

Table 2. List of Symbols (exclude labeling symbols) Notation

Meaning

D

a set of device resources

C

a set of (communication) channel resources

P

a set of processing tasks

T

a set of transmission tasks

CP

a set of communication paths in the resource DAG

At

a set of precedence relations between tasks

Ar

a set of precedence relations between resources

Ω

end-to-end delay

de

Ω av

availability

Ω

battery lifetime

li

Ω

overall performance measure

de pipr,dj

processing delay for processing task pi to process one frame of bio-signal data at device dj

detitr,cpj

transmission delay for transmission task ti to transfer one frame of bio-signal data over the communication path cpj

detitr,dj

transmission delay for transmission task ti to transfer one frame of bio-signal data at device dj

detitr,cj

transmission delay for transmission task ti to transfer one frame of bio-signal data at channel cj

ediP

energy consumption for processing at device di

ediS

energy consumption for sending data stream at device di

ediR

energy consumption for receiving data stream at device di

293

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

•

Given: (1) an m-health application (P, T, At, LP, LT); (2) an m-health system (D, C, Ar, LD, LC); (3) A QoS performance evaluation function Ω for task assignments. Goal: To find the optimal task assignment Ψopt among all possible task assignment {Ψ1, Ψ2,…} such that ∀i∈[1,2,…] Ω(Ψopt) ≥ Ω(Ψi). Subject to: three assignment constraints namely type constraint, local constraint and reachability constraint.

3.3 QoS Performance Evaluation for a Given Task Assignment

∀pi∈P: Ψ (pi)∈D, and ∀ti∈T: Ψ (ti)∈CP

The purpose of the task assignment problem is to find (i.e. compute) the optimal assignment relative to a QoS performance evaluation function. In this section we detail this QoS performance evaluation function further. In general, optimization may be desired for either one specific QoS performance measure, or it may be some QoS performance metric composed from multiple QoS performance measures. In the following we define three different QoS performance measures, and define one QoS performance metric from these three. The definitions rely on the task labeling and resource labeling defined previously in Table 1.

The local constraint comprises two parts:

End-to-End Delay

1.

For every processing task pi in P, its assigned device resource must provide the task’s required resources, e.g. minimal CPU speed, library support, special hardware requirement, etc. That is, assuming we have a Boolean function satisfy(rr, rs) to evaluate whether a required resource, rr, can be satisfied by a resource supply, rs. Hence:



∀pi∈P: satisfy (rrpi,rsΨ (pi))

2.

For each channel resource, the total assigned transmission tasks must not exceed its offered bandwidth:

In general, given an m-health application, there may exist multiple paths between any two tasks in the m-health application. For a task DAG, there exist multiple task paths connecting a source task and a sink task. Every path is a sequence of processing tasks and transmission tasks denoted as tp ⊆ {P, T} and the ith task in tp is denoted as tp(i). Upon different task assignment Ψ, a task path can exhibit a different endto-end delay, i.e. the summation of processing delay and transmission delay along the path:

•

•

The type constraint specifies that each processing task must be mapped to one device resource and each transmission task must be mapped to a communication path, hence:



∑

∀ ci ∈C ntitr ci ∈Ψ (ti )

< bwci

The reachability constraint specifies that for each processing task pi assigned to device resource Ψ(pi), its predecessor transmission task must be assigned to a communication path ending at Ψ(pi), and its successor transmission task must be assigned to communication path starting at Ψ(pi).

294

Ω de (tp ) =

∑ de

tp ( i )∈P

pr tp ( i ),Ψ ( tp ( i ))

+

∑ de

tp ( i )∈T

tr tp ( i ),Ψ ( tp ( i ))

where de pipr,dj is defined as the processing delay for processing task pi to process one frame of bio-signal data at device dj, detitr,cpj is defined as the transmission delay of transmission task ti to transfer one frame of bio-signal data over a communication path cpj. detitr,cpj can be computed based on the transmission delay occurred at device dj, detitr,dj, and at channel cj as detitr,cj. de pipr,dj, detitr,dj and detitr,cj can be estimated from the profiltr ing information, e.g. nop pi , nti , bwci and loci based

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

on the knowledge from real measurements, e.g. (Catalan et al., 2005; Xiao, Rosdahl, Center, Linear, & Draper, 2002). The end-to-end delay of a given assignment Ψ, Ωde(Ψ), is then defined as the maximum of all task paths’ end-to-end delays:

({

})

Ω de ( )= max Ω (tp ) de

Application Availability Level Since we assume only “AND” semantics in task DAG, the availability of the whole application depends on all the included tasks: Only when all tasks perform successfully can the application perform successfully. Therefore, the application availability level for a given assignment, Ωav(Ψ), can be computed as: Ω av (Ψ ) = ∏ av pi ,Ψ ( pi ) pi∈P

∏ av

ti ,α ti∈T ,α ∈Ψ ( pi )

Battery Lifetime Based on the power consumption model of a mobile device (Rahmati & Zhong, 2007), we estimate the battery life time Ωli(di) for a specific (mobile) device di given a particular task assignment Ψ as follows: Ω li (di ) =

edihk

edito + ediP + ediR + ediS

Where edito is the total available battery energy at device, edihk is energy consumption of device’s “housekeeping” activities per time unit, e.g. CPU, display, powering network interface cards, ediP is the energy consumed by local data processing; ediR is the energy consumption for receiving data stream; ediS is the energy consumption for sending data stream. Based on the aforementioned profiling information, these can be calculated per device given Ψ:

ediP = ediop

∑n

Ψ ( pj ) = di

∑

ediS =

( di ,cj )∈ A

ediR =

∑

op pj

(ecjse r

(ecjre

( cj , di )∈ A r

∑n

tr tk

)

∑n

tr tk

)

cj∈Ψ ( tk )

cj∈Ψ ( tk )

Once the battery lifetime of all devices are estimated, the minimum of all device’s battery lifetime determines the overall system battery lifetime for a given assignment:

({

})

Ω li (Ψ ) = min Ω li (di) di ∈ D

Overall Performance Evaluation Similar to our earlier work (Widya, Beijnum, & Salden, 2006), the overall QoS measure, Ω, for a particular assignment Ψ across these three dimensions is defined as: Ω( Ψ ) =

( w de ) 2 + ( w av ) 2 ⋅ (Ω av (Ψ )) 2 + ( w li ) 2 ⋅ (Ω li (Ψ )) 2 (Ω de (Ψ )) 2

where wde, wav and wli are the weighting factors among the three QoS measures and should be tuned based on specific applications. After adjusting the “direction” on end-to-end delay, we define the optimal assignment as the one that has highest score on Ω.

4. SOLUTIONS TO TASKk ASSIignmenlem Earlier work (Norman & Thanisch, 1993) has shown that finding the optimal task assignment is a NP-hard problem. Our problem belongs to this same category. Hence, we may expect only that restricted forms on the general problem can be solved in polynomial time. The model and

295

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

problem formulation that we have developed in the previous sections differs from others as explained in the following. •

•

•

The underlying heterogeneous m-health system has to be considered as a general graph with asymmetric orientations while most earlier models consider a fully connected network with homogenous symmetric connections (Amini, Jain, Sehgal, Silber, & Verscheure, 2006; Ma, Chen, & Chung, 2004; Ucar, Aykanat, Kaya, & Ikinci, 2006). Therefore, many task assignments permitted in earlier work become invalid in our model subject to the new reachability constraint. The search for optimal task assignment is thus required to include an extra validity check on this new assignment constraint. The possibility of relaying data stream by devices further complicates the representation of a task assignment. In earlier work, relaying data stream is not really an issue since fully connected networks are often considered; therefore, the earlier assignment function is defined only between processing tasks and devices (Kafil & Ahmad, 1998; Lee & Shin, 1997). We model performance measures at a much lower abstraction level, i.e. measures related with energy consumption, delays, etc, while other work merely considers the more abstract measures of computation cost and communication cost (Lo, 1988; Norman & Thanisch, 1993; Ucar, Aykanat, Kaya, & Ikinci, 2006).

4.1 Towards a General Solution A general approach to search for the optimal task assignment can be summarized as follows: 1. 2.

3. 4.

Find or construct a model to represent a task assignment Ψ:{P,T}→{D,CP}. Construct a search space consisting of all possible assignments, e.g. a search tree (Franken, 1996; Kafil & Ahmad, 1998). Apply the QoS performance evaluation function for a task assignment found. Identify a search algorithm (which could be brute force) to search for the optimal task assignment, e.g. A* algorithm (Kafil & Ahmad, 1998), branch and bound (Ma, Chen, & Chung, 2004) or graph partitioning.

For some m-health applications and m-health systems, the task assignment problem can be modeled with reduced complexity. In particular, we have studied three specializations of the general “DAG-DAG” task assignment problem: (1) “DAG-tree” where the m-health application is a directed acyclic graph and the m-health system has a tree structure; (2) “Chain-chain” where both the m-health application is a tree and the mhealth system is a chain; (3) “Tree-star” where the m-health application has a tree structure and the m-health system has a star structure. Subtype-supertype relations exist among these four types as shown in Figure 5, e.g. “DAG-DAG” is

Figure 5. Task assignment taxonomy D A G -D A G

In the next subsections we go into further details on the computation of the optimal solution, and we discuss the computation of the optimal solution for two restricted forms of the general problem.

D A G- tre e

tre e -sta r

296

ch a in- ch a in

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

allows us to distinguish these two different task assignments. However, if the model of some mhealth systems has a tree structure, then there is only one unique path between any two vertices. Consequently, we can simplify the m-health application model and the m-health system model by eliminating transmission tasks and channel resources, as shown in Figure 6. Based on this simplified model, a task assignment is a mapping of processing tasks to device resources. We can use an m by n matrix Ф, where m is the number of processing tasks and n is the number of devices, to represent one task assignment using the following interpretation: if “pi” is assigned to device “dp”, then Фip is “1”; otherwise Фip is “0”. An example task assignment for Figure 6 is shown in Figure 7.c. In the following sections, we present the algorithm to compute the optimal assignment matrix, Фopt.

a supertype of “DAG-tree”. The solutions available for the supertype problem can be also applied to the subtype problem. However, due to the specialization of the subtype problem, there may exist more efficient algorithms to compute the solution for the subtype problem. We discuss the solutions for two out of these four types in the following sections: “DAG-tree” and “chainchain”. For the algorithm to find the solution of “tree-star” model, interested readers are referred to (Mei, Pawar, & Widya, 2007).

4.2 “DAG-Tree” Task Assignment In our model of an m-health system we model communication between device resources explicitly by channel resources. This way, we can model alternative communication paths between two consecutive device nodes. Additional flexibility is achieved by allowing transmission tasks to be assigned to a communication path. For example, when considering the m-health system given in Figure 4, there are two paths connecting “d1” and “d5”. Now if “p1” is assigned on “d1” and “p2” is assigned on “d5”, modeling “t1” explicitly and assigning it to one of the two paths

4.2.1 Formulation We formulate the “DAG-tree” task assignment problem based on the adjacency matrix graph representation method as follows:

Figure 6. Task assignment from an m-health application with a DAG structure to an m-health system with a tree structure Task DAG p1

p2

p6 p3

p7

p4

p9

p5

p10

p8

Assignment

d1

d3 d4 d2

p4

Processing ta sk

device tre e d2

device

297

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

•

Given: (1) A task connection matrix is a m by m matric Θ captures the topology of a task DAG and represents the amount of data units transferred per time unit between connected processing tasks as shown in Figure 7(a): If there is a directed arc from pi to pj, then Θij in the matrix contains the data units sent from pi to pj every time unit. If there is no directed arc from pi to pj, then Θij is “0”. (2) A n by n device link matrix Κ captures the topology of a device tree as shown in

•

•

Figure 7(b): If there is a directed arc from dp to dq, then Κpq is “1”; otherwise, it is “0”. (3) A performance measure Ω is a measure for a particular task assignment corresponds to the assignment matrix Ф. Goal: To find the optimal task assignment matrix Фopt among all possible task assignments {Ф1 ,Ф2, ...} such that ∀i∈[1,2,…] Ω(Фopt) ≥ Ω(Φi). Subject to: Local constraint and reachability constraint (c.f. Section 3.2).

Figure 7. Relative to the task assignment problem given in Figure 6: (a) A data throughput matrix Θ, (b) a device link matrix Κ, and (c) an assignment matrix Ф

298

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

4.2.2 Validity of Assignment

∀p, q ∈ {1,n} Λpq ≠ 0 ⇒ Κ*pq = 1

A valid assignment Ф must satisfy both local and reachability constraints. To verify the validity of an assignment Ф according to the local constraint is relatively simple: we can go through every processing task to check whether the assigned device can support it or not. For example, due to the local constraint, p2 has to be assigned to d2, therefore all the assignment matrices that violate this are considered non-valid. To verify the validity of an assignment according to the reachability constraint, we need to ascertain that the assignment is such that the data transmission between two device resources can be realized by a communication path between the respective device resources. This can be computed as follows. Given an assignment Ф, we calculate the amount of data unit transmitted between all pairs of devices by calculating ФTΘФ. We name the resulting node data transmission matrix Λ, where Λpq indicates the number of data units sent from dp to dq per time unit as shown in Figure 8(a). The reachability of devices can be represented by the transitive closure of Κ, denoted Κ*, as shown in Figure 8(b). If there is a direct path from dp to dq, then Κ*pq is “1”; otherwise, Κ*pq is “0”. Given an assignment Ф, if the following rule holds true, then Ф is valid according to the reachability constraint:

The rationale behind this is that if there is a required data transmission from device dp to device dq as indicated in Λ, then dq has to be reachable from dp in order to make Ф as a valid assignment matrix.

4.2.3 A Sketch of the Algorithm to Search for the Optimal Assignment The DAG-tree assignment problem in its general form is NP-hard. So, for small problems, small in terms of the number of tasks and number of devices resources, an exhaustive search may still be viable. Such an exhaustive search comprises the following steps: 1. 2.

3. 4.

5.

Generate a candidate Ф (for instance by permutation). Check if Ф is valid based on the validity verification method presented in Section 4.2.2. If Ф is valid, calculate Ω(Ф); otherwise, go back to step 1. If Ω(Ф) is better than previous best one, record this new Ω(Ф) and the corresponding Ф as temporary Ф opt. Go back to step 1 until no further candidate Ф.

Figure 8. (a) the node data transmission matrix Λ, (b) the transitive closure Κ*. Both are derived from the matrices shown in Figure 7

299

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Although this exhaustive approach is able to find the optimal assignment in the “DAG-tree” task assignment problem, it is far from efficient since every task assignment needs to be checked. Nevertheless, we argue its advantage in the low implementation complexity: the matrix representations of task DAG and device tree allow a structural way to represent the application and platform information; the proposed verification procedures for local constraints and reachability constraints can be supported well by a number of matrix computation tools or libraries.

the task assignment problem with 6 processing tasks and 4 devices as shown in Figure 9 and reusing the definitions given earlier in Table 2, the end-to-end delay can be computed as follows Ω de = de ppr1,d 1 + de ppr2,d 1 + de ppr3,d 3 + de ppr4,d 3 + de ppr5,d 3 + de ppr6,d 4 + dettr1,d 1 + dettr2,c1 + dettr2,d 2 + dettr2,c 2 + dettr3,d 3 + dettr4,d 3 + dettr5,c 3

However, similar to the “DAG-tree” assignment problem, it is sufficient to model the assignment of processing tasks onto device resources: We formulate the problem of optimally assigning a processing task chain onto a device chain as:

4.3 “Chain-Chain” Task Assignment When both the m-health application and system form a chain as illustrated in Figure 9 and the goal of the task assignment is to find an optimal assignment with minimal end-to-end delay, the optimal task assignment can be found in polynomial-time. This section explains an algorithm achieving this.

Given: A directed task chain containing m processing tasks, {pi,p2,…,pm} connecting in a chain fashion (with m-1 transmission tasks). A directed device resource chain containing n device resources, {dj, d2,…,dn} (with n-1 channels). A performance measure on end-to-end delay of a particular assignment of task across devices, Ωde. Goal: To find an assignment function Ψα among all possible assignments Ψ: {pi}→ {dj} that Ωde (Ψα) is minimized. To find the task assignment with minimal end-to-end delay Ψopt among all possible task assignments {Ψ1, Ψ2, ...}, hence: ∀i∈[1,2,…] Ω(Ψopt) ≤ Ω(Ψi).

•

4.3.1 Problem Formulation • Starting with the general model, an example of a “Chain-chain” task assignment is given in Figure 9. Once two adjacent processing tasks are assigned to device resources, the transmission task in between can only be assigned to the communication path connecting the two host devices (this may potentially be the empty path). Given

Figure 9. An example of assigning a directed task chain containing 6 tasks onto a directed resource chain containing 4 devices p1

t1

d1

1

300

p2

t2

c1

Processing

p3

d2

2

t3

p4

c2

Transmission

t4

d3 a

Device

p5

t5

c3

p6

d4

e

Channel

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

•

Subject to: The local constraint, type constraint and reachability constraint.

4.3.2 Solution We first build a layered assignment graph consisting mn+2 nodes (Figure 10). In this graph, each row (excluding nodes <S> and ) corresponds to a processing task and each column corresponds to a device. The label on each node corresponds to a possible (i.e. satisfying the local constraint) assignment of processing task “pi” to device “dj”. A node labeled is connected by arcs to all nodes , … in the layer below. All nodes in the first (last, respectively) layer are connected to the node <S> (, respectively). Therefore, any directed path connecting nodes <S> to corresponds to an assignment of processing tasks to devices fulfilling the type constraint and reachability constraint (e.g. the

thick path in Figure 10 which corresponds to the assignment shown in Figure 9). Each arc of this layered assignment graph is then labeled with a weight representing the sum of processing delays and transmission delays such that: (1) the arcs connecting node <S> to node till have weight 0; (2) In layer i (except for the last layer), the arc connecting node to node has a weight equal to the sum of processing delay (the delay for “pi” to process one frame at device resource “dj”, i.e de pipr,dj) and the transmission delay (the delay caused the transmission over the channel connecting di and dk);. (3) For the last layer, each arc connecting node to node the weight equals the processing delay (for the delay for “pm” to process one frame pr at device “dj”, hence de pm , dj). As an illustration, the weights associated with the thick edges are shown in Figure 10. In the last step, by applying a shortest-path search algorithm (e.g. Dijkstra’s algorithm), we

Figure 10. The 6-task-4-device assignment graph. The thick path corresponds to the assignment illustrated in Figure 9

301

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

can identify a path connecting <S> and in this weighted graph that corresponds to the optimal assignment Ψopt. The space complexity (defined as the number of nodes in the assignment graph) of this method is O(mn). Thus the time complexity of shortest-path search step is O(m2n2) if the Dijkstra algorithm is used. If a labeling method as proposed by Bokhari (Bokhari, 1988) is used for search, the time complexity can be reduced to O(mn).

Windows XP machine with Intel Pentium 2.4G CPU and 1.5G RAM. 10 different pairs of m and n, e.g. (20,10), (40,10), … (100,20), were tested and the number of assignment graph nodes ranges from 200 to 2000.

5. Tas k Redi str ib ut ion Infr astr uct ur e

As presented earlier (Mei et al., 2007), we design the bio-signal processing tasks as software components, named BSPUs (Bio-Signal Processing We implemented a Java prototype of the proUnits), whose execution location may vary durposed assignment. We recorded the CPU time of ing the life-time of the m-health application. A 4.3.3 Performance analysis two steps in this method: the assignment graph possible architecture of our proposed MADE construction (includes weighting) and shortestmiddleware consists of a Coordinator, a BSPU We implemented a Java prototype of the proposed assignment. We recorded the CPU path search. For the “search” step, we used an Repository and a set of Facilitators (Figure 12). time of two steps in this method: the assignment graph construction (includes weighting) open source library7 which implemented Di(which hosts the assignment and shortest-path search. For the “search” step,The weCoordinator used an open source library6 whichaljkstra algorithm. The program was tested on a gorithm), can make decisions reconfigure implemented Dijkstra algorithm. The program was tested on a WindowstoXP machinethe

4.3.3 Performance Analysis

with Intel Pentium 2.4G CPU and 1.5G RAM. 10 different pairs of m and n, e.g. (20,10), (40,10), … (100,20), were tested and the number of assignment graph nodes ranges from 200 to 2000.

Figure 11. The CPU time of the proposed optimal assignment algorithm for task-chain to device-chain assignment 00 construction search total

00

time (milliseconds)

00

00

00

00

0 00

00

00

00 000 00 00 00 number of assignment graph nodes

00

000

Figure 11: The CPU time of the proposed optimal assignment algorithm for task-chain to device302

chain assignment

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Figure 12. Architectural components of BSPU redistribution infrastructure

m-health system, e.g. redistribute some BSPUs across the Facilitators. The reconfiguration can be either stateful (transferring state information) or stateless (discarding state information), depending on application specific requirements. Each node has a Facilitator to manage the resident BSPUs. It can be instructed by the Coordinator to execute the BSPU configuration commands. The BSPU Repository stores BSPU implementations that can be provided on request. To realize the Facilitator, we have adopted the OSGi technology8, which is a service oriented, component-based software container that, as apposed to other container platforms such as J2EE, standardizes the lifecycle management of components and services. In addition, OSGi technology is lightweight and can run on for instance mobile devices such as Smart Phones and PDAs. For networked communication between OSGi containers we have used the so called ROSGi9 service. Each BSPU is implemented as a single OSGi bundle, which we name a BSPU bundle. This means that we can benefit from the life-cycle

management facilities in the OSGi framework: the bundled BSPU can be installed, started, stopped and uninstalled by OSGi bundle management commands. Both the Facilitator and the Coordinator are also implemented as OSGi bundles. As shown in Figure 13, the Coordinator bundle can connect to various remote Facilitators using the “R-OSGi” service. At the moment, we adopted a “break-before-make” strategy in the implementation: the current configuration is terminated first and then new BSPUs are distributed and formed into a new configuration. In addition, the reconfiguration is assumed stateless. To test the performance of the task redistribution infrastructure, we built an experimental system containing 4 computers (PC1, PC2, PC3 and PC4) within the same LAN. Each of PC1 and PC2 hosts one Facilitator, PC3 is the Coordinator node and PC4 is the BSPU repository. The measured application interruption time resulted by the “break-before-make” BSPU redistribution ranges from tens to hundreds of milliseconds depending on the code size of the BSPU and network conditions. Further experi-

303

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Figure 13. Coordinator node connecting Facilitator node through R-OSGi service interface

ments are planned on mobile systems with the aim to analyze the adaptation’s agility according to the targeted scenario.

6. DiSCUSSIion With the development of mobile and high capacity personal computing devices, miniature wearable sensors and ever improving wireless communication infrastructures, m-health is becoming a realistic prospect from the technical point of view. However, challenges remain for providing timely and adequate services in real world mhealth applications (Jones, Incardona, Tristram, Virtuoso, & Lymberis, 2006). We argue in this chapter that context awareness should be an essential feature in the design and implementation of m-health systems. Typical scenarios that we investigate address the remote monitoring and treatment of patients. In particular, we have addressed an epileptic seizure detection application based on m-health systems. Patient monitoring sessions are often long lasting, in extreme cases it may be 24/7. To cope with the dynamics of the ICT infrastructure under consideration, we proposed a task redistribution based middleware, MADE, and investigated several assignment algorithms to obtain the optimal system configuration. Our research on task assignment algorithm benefited from earlier research in the area of

304

parallel and distributed computing (Norman & Thanisch, 1993). In particular, we have adopted graph-based techniques to model the assignment problem. We have identified three different categories of constraints (type, local and reachability constraints) that allow us to build realistic models of the assignment problem. Because of the generic nature of our model, it may be very well applicable to distributed stream processing in general, for instance (Amini, Jain, Sehgal, Silber, & Verscheure, 2006; Gu & Nahrstedt, 2006; Pietzuch et al., 2006; Xing, Hwang, Çetintemel, & Zdonik, 2006).

7. Conlu In this chapter, we propose a task redistribution based adaptation middleware (MADE). It consists of a task assignment decision mechanism and a task redistribution infrastructure. The task assignment decision mechanism models the task assignment as a graph mapping problem and searches for the optimal assignment given the latest context information. In particular, we identify three assignment constraints in the mobile healthcare system: the type constraint distinguishing between computation and communication, the local constraint capturing the computation heterogeneity and the reachability constraint capturing the communication heterogeneity. Although the problem in its general

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

form is NP-hard, some cases with specific topologies can be tackled efficiently in polynomial time. We illustrate a general approach to solving “DAG-tree” problems and a polynomial-time algorithm for “chain-chain” problems. Once a new assignment is found, the member tasks are distributed accordingly by the redistribution infrastructure. A prototype implementation based on the OSGi framework, which has been used to validate the task redistribution infrastructure, is also reported. The future research agenda for improving the MADE middleware may consist of: (1) applying various techniques, e.g. A* and branch and bound, to design more efficient task assignment algorithms, (2) proposing performance metrics (including reconfiguration time, power consumed by reconfiguration) on the redistribution infrastructure to evaluate the reconfiguration, and (3) experimenting with the MADE middleware in a real world mobile healthcare system to evaluate the feasibility of task redistribution based adaptation.

ACKknowledgmen This work is part of the Freeband AWARENESS Project. Freeband is sponsored by the Dutch government under contract BSIK 03025. (http:// awareness.freeband.nl)

Refeen Amini, L., Jain, N., Sehgal, A., Silber, J., & Verscheure, O. (2006). Adaptive Control of Extremescale Stream Processing Systems. Paper presented at the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). Badrinath, B., Fox, A., Kleinrock, L., Popek, G., Reiher, P., & Satyanarayanan, M. (2000). A Conceptual Framework for Network and Client

Adaptation. Mobile Networks and Applications (MONET). Bokhari, S. H. (1988). Partitioning problems in parallel, pipelined, and distributed computing. IEEE Transactions on Computers, 37(1), 48-57. Catalan, M., Gomez, C., Viamonte, D., Paradells, J., Calveras, A., & Barcelo, F. (2005). TCP/IP analysis and optimization over a precommercial live UMTS network. Wireless Communications and Networking Conference, 2005 IEEE, 3. Franken, L. (1996). Quality of Service Management: a Model-Based Approach. Gu, X., & Nahrstedt, K. (2006). On Composing Stream Applications in Peer-to-Peer Environments. Parallel and Distributed Systems, IEEE Transactions on, 17(8), 824-837. Halteren, A. v., Bults, R., Wac, K., Konstantas, D., & Widya, I. (2004). Mobile Patient Monitoring: The MobiHealth System. The Journal of Information Technology in Healthcare, 2(5). Hung, K., & Yuan-Ting, Z. (2003). Implementation of a WAP-based telemedicine system for patient monitoring. Information Technology in Biomedicine, IEEE Transactions on, 7(2), 101. Jones, V., Incardona, F., Tristram, C., Virtuoso, S., & Lymberis, A. (2006). Future challenges and recommendations. In R. S. H. Istepanian, S. Laxminarayan & C. S. Pattichis (Eds.), M-health Emerging Mobile Health Systems (pp. 267-270): Springer. Kafil, M., & Ahmad, I. (1998). Optimal task assignment in heterogeneous distributed computing systems. Concurrency, IEEE [see also IEEE Parallel & Distributed Technology], 6(3), 42. Lee, C.-H., & Shin, K. G. (1997). Optimal task assignment in homogeneous networks. Parallel and Distributed Systems, IEEE Transactions on, 8(2), 119-129.

305

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

Lo, V. M. (1988). Heuristic algorithms for task assignment in distributed systems. Computers, IEEE Transactions on, 37(11), 1384. Ma, Y.-C., Chen, T.-F., & Chung, C.-P. (2004). Branch-and-bound task allocation with task clustering-based pruning. Journal of Parallel and Distributed Computing, 64(11), 1223 - 1240. Mei, H., Pawar, P., & Widya, I. (2007, March 26 2007). Optimal Assignment of a Tree-Structured Context Reasoning Procedure onto a Host-Satellites System. Paper presented at the 16th Heterogeneity in Computing Workshop (HCW 2007), Long Beach, California. Mei, H., Widya, I., Broens, T., Pawar, P., Halteren, A. v., Shishkov, B., et al. (2007). A Framework for Smart Distribution of Bio-signal Processing Units in M-health. Paper presented at the 2nd International Conference on Software and Data Technologies (ICSOFT 2007), Barcelona, Spain. Muppala, J. K., Fricks, R. M., & Trivedi, K. S. (2000). Techniques for Dependability Evaluation. In W. Grasman (Ed.), Computational Probability (pp. 445-480): Kluwer Academic Publishers. Norman, M. G., & Thanisch, P. (1993). Models of machines and computation for mapping in multicomputers. ACM Computing Surveys, 25(3), 263-302. Pietzuch, P., Ledlie, J., Shneidman, J., Roussopoulos, M., Welsh, M., & Seltzer, M. (2006). Network-Aware Operator Placement for StreamProcessing Systems. Paper presented at the 22nd International Conference on Data Engineering (ICDE’06). Rahmati, A., & Zhong, L. (2007). Context-forWireless: Context-Sensitive Energy-Efficient Wireless Data Transfer. Paper presented at the 5th international conference on Mobile systems, applications and services (Mobisys).

306

Rasid, M. F. A., & Woodward, B. (2005). Bluetooth telemedicine Processor for multichannel biomedical signal transmission via mobile cellular networks. Information Technology in Biomedicine, IEEE Transactions on, 9(1), 35. Satyanarayanan, M. (2001). Pervasive computing: vision and challenges. IEEE Personal Communications, 8(4), 10-17. TelemedicineAlliance. (2004). Telemedicine 2010: Visions for a Personal Medical Network. from http://www.esa.int/esapub/br/br229/br229.pdf Tönis, T., Hermens, H. J., & Vollenbroek-Hutten, M. (2006). Context aware algorithm for discriminating stress and physical activity versus epilepsy: AWARENESS deliverables (D4.18). Ucar, B., Aykanat, C., Kaya, K., & Ikinci, M. (2006). Task assignment in heterogeneous computing systems. Journal of Parallel and Distributed Computing, 66(1). Widya, I., Beijnum, B.-J. v., & Salden, A. (2006). QoC-based Optimization of End-to-End M-Health Data Delivery Services. Paper presented at the 14th IEEE International Workshop on Quality of Service (IWQoS). Xiao, Y., Rosdahl, J., Center, S. L. D., Linear, M., & Draper, U. T. (2002). Throughput and delay limits of IEEE 802.11. Communications Letters, IEEE, 6(8), 355-357. Xing, Y., Hwang, J.-H., Çetintemel, U., & Zdonik, S. B. (2006). Providing Resiliency to Load Variations in Distributed Stream Processing. Paper presented at the 32nd International Conference on Very Large Data Bases. Yuan-Hsiang, L., Jan, I. C., Ko, P. C. I., Yen-Yu, C., Jau-Min, W., & Gwo-Jen, J. (2004). A wireless PDA-based physiological monitoring system for patient transport. Information Technology in Biomedicine, IEEE Transactions on, 8(4), 439.

Context-Aware Task Redistribution for Enhanced M-Health Application Performance

EndNo 2 3 4 1

http://www.mobihealth.org/ http://www.healthservice24.com/ http://awareness.freeband.nl/ The value can be zero, i.e. meaning it is not possible to run a task on certain resource due to a violation of a hard QoS requirement,



5

8 6 7

e.g. device CPU type or channel’s bandwidth cannot support the to-be-assigned task. If a device has a fixed line power supply, then its eto has a value of +∞. http://rollerjm.free.fr/pro/graphs.html http://www.osgi.org http://r-osgi.sourceforge.net/

307

308

Compilation of References

Abidi, S. (2001). Knowledge management in healthcare: towards “knowledge-driven” decision-support services. International Journal of Medical Informatics, 63(1)2 , 5-18. Abidi, S., & Goh, A. (2000). A personalised Healthcare Information Delivery System: pushing customised healthcare information over the WWW. Studies in health technology and informatics, 77, 663-667. Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-0034574134&partnerID=40&rel=R7. 0.0. Aboba, B., & Simon, D. (1999). Rfc 2716 ppp eap tls authentication protocol. IETF. Retrieved from http://tools. ietf.org/html/rfc2716. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Rfc 3748 extensible authentication protocol (eap). IETF. Retrieved February 8, 2008, from http://tools.ietf.org/html/rfc3748. Abraham, T., & Roddick, J. F. (1999). Survey of spatiotemporal databases. GeoInformatica, 3(1), 61–99. Acht, van V., Bongers, E., Lambert, N., & Verberne, R. (2007). Miniature Wireless Inertial Sensor for Measuring Human Motions. In Proceedings of Engineering in Medicine and Biology Society, 2007 (EMBS 2007). 29th Annual International Conference of the IEEE EMBC 2007 (pp. 6278-6281). Lyon, France. Ackerman, M. (2007). The personal health record. The Journal of medical practice management: MPM, 23(2), 84-85. Retrieved from http://www.scopus.com/scopus/ inward/record.url?eid=2-s2.0-38449122521&partnerID =40&rel=R7.0.0.

Adatia, F., & Bedard, P. (2003). Palm reading: 2. Handheld software for physicians. Canadian Medical Association Journal, 168(6), 727-734. Adler, K. (2006). Web portals in primary care: An evaluation of patient readiness and willingness to pay for online services. Journal of Medical Internet Research, 8(4). Adler, R. E. (2004). Medical Firsts: From Hippocrates to the Human Genome (1st ed.): Wiley. Administration on Aging. (2002). Profile of older Americans. Administration on Aging, U.S. Department of Health and Human Services. Retrieved March 25, 2008, from http://www.aoa.gov/prof/Statistics/profile/ 2002profile.pdf. Agha, Z., Schapira, R. M., & Maker, A. H. (2002). Cost effectiveness of telemedicine for the delivery of outpatient pulmonary care to a rural population. Telemedicine Journal and E-Health, 8, 281-291. Agrawal, R., & Johnson, C. (2007). Securing electronic health records without impeding the flow of information. International Journal of Medical Informatics, 76(5-6), 471-479. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-3394762111 3&partnerID=40&rel=R7.0.0. Aharonovich, E., Hatzenbuehler, M., Johnston, B., O’Leary, A., Morgenstern, J., Wainberg, M., Yao, P., Helzer, J., & Hasin, D. (2006). A low-cost, sustainable intervention for drinking reduction in the HIV primary care setting. AIDS Care, 18(6), 561-568. Aiemagno, S. A., Cochran, D., Feucht, T. E., Stephens, R. C., Butts, J. M., & Wolfe, S. A. (1996). Assessing

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Compilation of References

substance abuse treatment needs among the homeless: a telephone-based interactive voice response system. Am J Public Health, 86(11), 1626-1628. Alavi, M., & Leidner, D. E. (2001). Review: Knowledge management and Knowledge Management Systems: Conceptual Frameworks and Research Issues. MIS Quarterly, 25(1), 107-136. Alban, R., Feldmar, D., Gabbay, J., & Lefor, A. (2005). Internet security and privacy protection for the health care professional. Current Surgery, 62(1), 106-110. Retrieved from http://www.scopus.com/scopus/inward/ record.url?eid=2-s2.0-13844266517&partnerID=40&r el=R7.0.0. Albright, B. (2007). Prepping for PHRs. The growing trend of consumer empowerment includes the speedy rise of personal health records. Healthcare informatics: the business magazine for information and communication systems, 24(2). Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-34247121143 &partnerID=40&rel=R7.0.0. Alhaqbani, B., & Fidge, C. (2008). Access control requirements for processing electronic health records, 4928, 371-382. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-4054912901 5&partnerID=40&rel=R7.0.0. Al-Salqan, Y. Y., Jagannathan, V., Davis, T., Zhang, N., & Reddy, Y. (1995). Security and confidentiality in health care informatics. In Proceedings of the ACM Workshop on Role-Based Access Control (pp. 47-51). Retrieved from http://www.scopus.com/scopus/inward/ record.url?eid=2-s2.0-0029427930&partnerID=40&rel =R7.0.0. American Heart Association (2007). Heart Disease and Stroke Statistics – 2004 Update. Dallas, Texas: A.H. Association. Amft, O., & Troster, G. (2006). Methods for detection and classification of normal swallowing from muscle activation and sound. In Pervasive Health Conference and Workshops, 2006, (pp. 1-10).

Amini, L., Jain, N., Sehgal, A., Silber, J., & Verscheure, O. (2006). Adaptive Control of Extreme-scale Stream Processing Systems. Paper presented at the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). Aminian, K., Robert, P., Jequier, E., & Schutz, Y. (1995). Estimation of speed and incline of walking using neural network. IEEE Transactions on Instrumentation and Measurement, 44(3), 743–746. Andersen, J., & Bardram, J. E. (2007). BLIG: A New Approach for Sensor Identification, Grouping, and Authorisation in Body Sensor Networks. In Proceedings of 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007) (pp. 223-229). Aachen, Germany. Anderson, R. J. (1996). Security policy model for clinical information systems. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy (pp. 30-43). Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-0029697680 &partnerID=40&rel=R7.0.0. Anderson, R. J. (1996). A security policy model for clinical information systems. In SP ‘96: Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, USA. Anderson, R. J. (1996). An Update on the BMA Security Policy. In Proceedings of the 1996 Cambridge workshop on Personal Information - Security, Engineering and Ethics. Arbogast, J., & Dodrill, W. (1984). Health maintenance and the personal computer. Journal of Family Practice, 18(6), 947-950. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-0021234056 &partnerID=40&rel=R7.0.0. Ardissono, L., Leva, A. D., Petrone, G., Segnan, M., & Sonnessa. M. (2006). Adaptive medical workflow management for a context-dependent home healthcare assistance service. In Electronic Notes Theoretical. Computer Science, 146(1), 59–68, 2006.

309

Compilation of References

Armitage, J., Souhami, R., Friedman, L., Hilbrich, L., Holland, J., Muhlbaier, L., et al. (2008). The impact of privacy and confidentiality laws on the conduct of clinical trials. Clinical Trials, 5(1), 70-74. Retrieved from http:// www.scopus.com/scopus/inward/record.url?eid=2-s2.040949122714&partnerID=40&rel=R7.0.0. ASN.1 Information site. (2008). Retrieved March 28, 2008, from http://asn1.elibel.tm.fr. Atluri, V., & Huang, W. (1996). An authorization model for workflows. In ESORICS (pp. 44–64). Badrinath, B., Fox, A., Kleinrock, L., Popek, G., Reiher, P., & Satyanarayanan, M. (2000). A Conceptual Framework for Network and Client Adaptation. Mobile Networks and Applications (MONET). Bai, J., Zhang, Y., Shen, D., Wen, L., Ding, C., Cui, Z., et al. (1999). A portable ECG and Blood Pressure Telemonitoring System. IEEE Engineering in Medicine and Biology, 18(4), 63-70. Baker, D. B. (2003). Wireless (in) security for healthcare. In Advocacy White Paper. Science Applications International. Baldus, H., Klabunde, K., & Müsch, G. (2004). Reliable Set-Up of Medical Body-Sensor Networks. First European Workshop on Wireless Sensor Networks (EWSN 2004) (pp. 353-363). Berlin, Germany: LNCS, 2920, Springer. Ball, M., & Gold, J. (2006). Banking on health: Personal records and information exchange. Journal of healthcare information management: JHIM, 20(2), 71-83. Retrieved from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-33744500251&partnerID=40&rel=R7. 0.0. Bao, L., & Intille, S. (2004). Activity recognition from user-annotated acceleration data. in Pervasive. Vienna, Austria. Bardram, J. E. (2005). The Trouble with Login -- On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6), 357-367.

310

Bardram, J. E., & Bossen, C. (2003). Moving to get aHead: Local Mobility and Collaborative Work. In ECSCW. Helsinki, Finland: Kluwer Academic Publishers. Bardram, J. E., & Bossen, C. (2005). Mobility Work: The Spatial Dimension of Collaboration at a Hospital. In ECSCW. 2005. Paris, France: Kluwer Academic Publishers. Barillot, C., Haynor, D. R., & Hellier, P. (Eds.). (2004). Medical Image Computing and Computer-Assisted Intervention – MICCAI 2004, 7th International Conference Saint-Malo, France. Springer. Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2006). Recommendation for Key Management – Part 1: General. NIST Special Publication (800-57). BASUMA Project. Retrieved March 12, 2008, from http://www.basuma.de/. Becker, M. Y., & Sewell, P. (2004). Cassandra: Distributed access control policies with tunable expressiveness. In POLICY. IEEE Computer Society. Becker, M. Y., & Sewell, P. (2004). Cassandra: Flexible trust management, applied to electronic health records. In CSFW. IEEE Computer Society. Benson, T. (2002). Why general practitioners use computers and hospital doctors do not---part 2: scalability, BMJ, 325(7372), 1090-1093. doi: 10.1136/bmj.325.7372.1090. Bent, P., Bolsin, S., Creati, B., Patrick, A., & Colson, M. (2002). Professional monitoring and critical incident reporting using personal digital assistants. Medical Journal of Australia, 177(9), 496-499. Retrieved from http://www. scopus.com/scopus/inward/record.url?eid=2-s2.00037020972&partnerID=40&rel=R7.0.0. Berek, B., & Canna, M. (1994). Telemedicine on the move: healthcare heads down the information superhighway. AHA Hospital Technology Series, 13, 1-55. Berger, S. A. (2001). GIDEON: A Computer Program for Diagnosis, Simulation, and Informatics in the Fields of Geographic Medicine and Emerging Diseases. Paper presented at the 2000 Emerging Infectious Diseases Conference.

Compilation of References

Bernardi, P., Cavagnaro, M., Pisa, S., & Piuzzi, E. (2000). Specific Absorption Rate and Temperature Increases in the Head of a Cellular-Phone User. IEEE Trans. MTT, 48(7). Berner, E. S. (Ed.). (2007). Clinical Decision Support Systems. Theory and Practice (2nd ed.): Springer. BeWell Mobile Technology Inc. (2006). Better health well in hand: Cell phones have the capacity to more frequently and efficiently connect chronically ill patients with caregivers. Healthc Inform. 23(4), 56-57. Bhuyan, K. (2004). Health promotion through self-care and community participation: Elements of a proposed programme in the developing countries. BMC Public Health, 4, 1-31. Blair, G., & Stefani, J-B. (1998). Open Distributed Processing and Multimedia. Addison-Wesley. Blobel, B. (2004). Authorisation and access control for electronic health record systems. International Journal of Medical Informatics, 73(3), 251-257. Blobel, B., Pharow, P., Spiegel, V., Engel, K., & Engelbrecht, R. (2001). Securing interoperability between chip card based medical information systems and health networks. International Journal of Medical Informatics, 64(2-3), 401-415. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-0035188372 &partnerID=40&rel=R7.0.0. Blom, R. (1984). An Optimal Class of Symmetric Key Generation Systems. Advances in Cryptology in Proceedings Eurocrypt’84 (pp. 335-338). Blundo, C., Santis, A. D., Herzberg, A., Kutten, S., Vaccaro, U., & Yung M. (1992). Perfectly-Secure Key Distribution for Dynamic Conferences. In E.F. Brickell (Ed.), Proceedings Conference Advances in Cryptology (Crypto’92) (pp. 471-486). Bokhari, S. H. (1988). Partitioning problems in parallel, pipelined, and distributed computing. IEEE Transactions on Computers, 37(1), 48-57. Bolz, A., Braecklein, M., & Moor, C. (2005). Technische Möglichkeiten des Telemonitorings physiologischer

Parameter. Herzschrittmachertherapie & Elektrophysiologie, 16, 1–9. Boncella, R. J. (2002). Wireless Security: an overview. Communication of the Association for Information System, 9, 269-282. Bønes, E., Hasvold, P., Henriksen, E., & Strandenaes, T. (2007). Risk analysis of information security in a mobile instant messaging and presence system for healthcare. Int J Med Inform, Sep. 76(9), 677-87. Epub 2006 Aug 23. Booch, G., Rumbaugh, J., & Jacobson, I. (1999). The Unified Modeling Language: User Guide. AddisonWesley. Bose, R. (2003). Knowledge management-enabled health care management systems: capabilities, infrastructure, and decision-support. Expert Systems with Applications, 24, 59-71. Bossen, C. (2002). The Parameters of Common Information Spaces: The Heterogeneity of Cooperative Work at a Hospital Ward. In CSCW. New Orleans, Lousiana: Kluwer Academic Publishers. Brandt, E., Björgvinsson, E., Hillgren, P.-A., Bergqvist, V., & Emilson, M. (2002). PDA’s, barcodes and videofilms for continuous learning at an intensive care unit. Paper presented at the NordiCHI ‘02: Proceedings of the second Nordic conference on Human-computer interaction. Bray, J., & Sturman, C. F. (2002). BLUETOOTH 1.1: Connect Without Cables. In J. Bray C. F. Sturman, B. Goodwin (Eds.), (pp. 12, 33, 52-53 , 112, 224-230, 320328). New Jersey. Bray, T. et al. (2004). Extensible Markup Language (XML) 1.0. 3rd edition. Retrieved 2005, from http://www. w3.org/TR/2004/REC-xml-20040204. Browns, B., Kohls, M. & Stockbridge, N. (2002), FDA XML data format design specification. Draft of the US Food and Drug Administration. Brush, B. A. J., Turner, C. T., Smith, M. A., & Gupta, N. (2005). Scanning objects in the wild: Assessing an object triggered information system. In UbiComp 2005:

311

Compilation of References

Ubiquitous Computing, 3660/2005, 305-322. Springer Berlin / Heidelberg. Burstein, F., & Holsapple, C. W. (Eds.). (2008). Handbook on Decision Support Systems 1: Basic Themes. Springer. Camacho, J., Galicia, L., Gonzalez, V., & Favela, J. (2008). mobileSJ: Managing Multiple Activities in Mobile Collaborative Working Environments. Accepted for publication in International Journal of e-Collaboration, 4(1), 60-73.

Organization, 14(3), 155-188. Retrieved from http://www. sciencedirect.com/science/article/B6W7M-4C40PF51/1/bf7efac96eb75891f0f22febc1672ffd. Chin, J., Diehl, V., & Norman, K. (1988). Development of an instrument measuring user satisfaction of the human-computer interface. Paper presented at the CHI ‘88: Proceedings of the SIGCHI conference on Human factors in computing systems. Chin, T. (2005). Untapped power: A physician’s handheld. In AMNews.

Cannataro, M., Congiusta, A., Pugliese, A., Talia, D., & Trunfio, P. (2004). Distributed data mining on grids: services, tools, and applications. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 34(6), 24512465.

Chiu, Y.-C., Algase, D. L., Liang, J., Liu, H.-C., & Lin, K.-N. (2005). Conceptu­alization and measurement of getting lost behaviour in persons with early dementia. International Journal of Geriatric Psychatry, 20, 760–768.

Catalan, M., Gomez, C., Viamonte, D., Paradells, J., Calveras, A., & Barcelo, F. (2005). TCP/IP analysis and optimization over a precommercial live UMTS network. Wireless Communications and Networking Conference, 2005 IEEE, 3.

Clarke, M., Bratan, T., Kulkarni, S., & Jones, R. (2007). The impact of remote patient monitoring in managing silent myocardial infarction in a residential home setting. Anadolu Kardiyol Derg., 7(Suppl. 1), 86-88.

CEN. (1999). Health informatics - secure user identification for healthcare - management and security of passwords. CEN. CEN/TC251 (2007). CEN website. Retrieved June 8, 2007, from http:// www.centc251.org. CEN/TC251 prEN 1064 (2002). Health Informatics – Standard Communication Protocol – Computer-assisted Electrocardiography. CEN/TC251 prEN 1064. Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In Proceedings of IEEE Symposium on Research in Security and Privacy (pp. 197-213). Chen, J., Kwong, K., Chang, D., Luk, J., & Bajcsy, R. Wearable Sensors for Reliable Fall Detection. In 27th Annual International Conference of the Digital Object Identifier. Chiasson, M. W., & Davidson, E. (2004). Pushing the contextual envelope: developing and diffusing IS theory for health information systems research. Information and

312

Cocosila, M., Coursaris, C., & Yuan, Y. (2004). M-healthcare for patient self-management: a case for diabetics. Int J Electron Healthc, 1(2), 221-41. Cohn, A. G., & Hazarika, S. M. (2001). Qualitative spatial representation and reasoning: An overview. Fundamenta Informaticae, 43, 2–32. Coiera, E. (2003). Guide to Health Informatics (2nd ed.). London: Hodder Arnold. Collins (Ed.) (2003) Collins English Dictionary. Collins. Compact Oxford English Dictionary, free internet access. Retrieved March 5, 2008, from: http://www.askoxford. com/concise_oed/trust?view=uk. Concalves, B., Guizzardi, G., & Pereira Filho, J. G. (2007). An Electrocardiogram (ECG) Domain Ontology. In Proceedings of the Second Brazilian Workshop on Ontologies and Metamodels for Software and Data Engineering (WOMSDE’07). 22nd Brazilian Symposium on Databases (SBBD)/21st Brazilian Symposium on Software Engineering (SBES). João Pessoa, Brazil.

Compilation of References

Connelly, K. H., Faber, A. M., Rogers, Y., Siek, K. A., & Toscos, T. (2006). Mobile applications that empower people to monitor their personal health. e & i Elektrotechnik und Informationstechnik, 123(4), 124-128.

Doctorow, C. (2004). Solving and Creating CAPTCHAs with free porn. Boing Boing. http://www.boingboing. net/2004/01/27/solving-and-creating.html

Coyle, G., Boydell, L., & Brown, L. (1995). Home telecare for the elderly. J. Telemed. Telecare, 1, 183-185.

Dowell, S., & Welch, J. (2006). Piloting the Use of Electronic Self Monitoring for Food and Fluid Intake. Nephrology Nursing Journal, 33(3), 271-277.

Cromley, E. K. (2003). GIS and Disease. Annu. Rev. Public Health, 24, 7–24. Freundschuh, S. & Egenhofer, M. (1997). Human conceptions of spaces: Impli­cations for gis. Transactions in GIS, 4, 361–375.

Durham, D., Boyle, J., Cohen, R., Rajan, R., & Sastry, A. (2000, January). The cops protocol. Retrieved February 14, 2008, from http://www.rfc-editor.org/rfc/rfc2748. txt.

Crude team. (2002, September 13). (c)rude - rude & crude. Retrieved February 12, 2008, from http://rude. sourceforge.net/.

Dwivedi, A., Bali, R., James, A., & Naguib, R. (2001). Workflow management systems: The healthcare technology of the future? In the 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 4, 3887–3890.

Cruz-Correia, R., Vieira-Marques, P., Costa, P., Ferreira, A., Palhares, E., Araújo, F. et al. (2005). Integration of hospital data using agent technologies - a case study. AICommunications special issue of ECAI, 18(3), 191200. Dansky, K. H., Palmer, L., Shea, D., & Bowles, K. H. (2001). Cost analysis of telehomecare. Telemedicine Journal and e-Health, 7, 225-232. Delen, D., & Pratt, D. B. (2005). An integrated and intelligent DSS for manufacturing systems. Expert Systems with Applications, 30(2), 325-336. Denley, I., & Smith, S. W. (1999). Privacy in clinical information systems in secondary care. BMJ: British Medical Journal, 318(7194). Retrieved March 10, 2008, from http://www.pubmedcentral.nih.gov/articlerender. fcgi?artid=1115718. Denton, I. (2001). Will patients use electronic personal health records? Responses from a real-life experience. Journal of healthcare information management: JHIM, 15(3), 251-259. Retrieved from http://www.scopus.com/ scopus/inward/record.url?eid=2-s2.0-0035464326&par tnerID=40&rel=R7.0.0. Dini, G., & Savino, M. (2006). S2RP: a Secure and Scalable Rekeying Protocol for Wireless Sensor Networks. In Proceedings of Mobile Adhoc and Sensor Systems (MASS) - IEEE International Conference (pp. 457-466).

Dwyer, J., Picciano, M., & Raiten, D. (2003). Estimation of Usual Intakes: What We Eat in America-NHANES. J. Nutr., 133(2), 609S-623. Ebell, M. H., Gaspar, D. L., & Khurana, S. (1997). Family physicians’ preference for computerized decision-support hardware and software. The Journal of Family Practice, 45(2), 127-128. Eddy, D. M. (2005). Evidence-Based Medicine: A Unified Approach. Health Affairs, 24(1), 9-17. Eklund, J. M., Hansen, T. R., Sprinkle, J., & Sastry, S. (2005).Information technology for assisted living at home: building a wireless infrastructure for assisted living, In Proceedings of the Twenty-Seventh Annual International Conference of the IEEE Engineering in Medicine and Biology Society. Shanghai, China. Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic V., & Khan, S. (2008). Timestamp Authentication Protocol for Remote Monitoring in eHealth. 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, IEEE Xplore. Retrieved June 15, 2008, from: http://www.google.dk/ Embi, P. (2001). Information at hand: Using handheld computers in medicine. Cleveland Clinic Journal of Medicine, 68(10), 840-853.

313

Compilation of References

Engelbart, D. (1992). Toward High-Performance Organizations: A Strategic Role for Groupware. In proceedings of the GroupWare ‘92 Conference, San Jose, CA, August 3-5, 1992, Morgan Kaufmann Publishers. Espina, J., Falck, T., & Mülhens, O. (2006). Network Topologies, Communication Protocols, and Standards. In G. Z. Yang (Ed.), Body Sensor Networks (pp. 145182), Springer. Espina, J., Falck, T., Muehlsteff, J., Jin, Y., Adan, M. A., & Aubert, X. (2008). Wearable Body Sensor Network towards Continuous Cuff-less Blood Pressure Monitoring. In Proceedings of the 5th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2008/ISSS-MDBS 2008) (pp. 28-32). Hong Kong, China. Ettercap Team. (2005, May 29). Ettercap ng. Retrieved February 12, 2008, from http://ettercap.sourceforge. net/.

Fayyad, U. M., Shapiro, G. P., Smyth, P., & Uthurusamy R. (Eds.) (1996). Advances in knowledge discovery and data mining. California: AAAi Press. Ferber, J. (1999). Multi-Agent Systems. An Introduction to Distributed Artificial Intelligence: Addison-Wesley. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3), 224-274. Ferreira, A., Correia, R., & Costa-Pereira, A. (2004). Securing a web based epr: an approach to secure a centralized epr within hospital. In 6th International on Enterprise Information Systems, 3(pp. 54-59). Ferreira, A., Correia, R., Antunes, L., Palhares, E., Farinha, P., & Costa-Pereira, A. (2005). How to start modelling access control in a healthcare organization. In 10th International Symposium for Health Information Management Research.

European Commission Information Society Directorate-General (2001). Telemedicine Glossary, 3rd Edition, Glissary of standard, concepts, technologies and users. Unit B1: Applications relating to Health, working Document.

Ferreira, A., Cruz-Correia, R., Antunes, L., Palhares, E., Marques, P., Costa, P. et al. (2004). Integrity for electronic patient record reports. In 17th IEEE Symposium on Computer-Based Medical Systems (pp. 4-9).

European standards on confidentiality and privacy in healthcare (2007). Retrieved October 22, 2007, from http:// www.eurosocap.org.

Fields, J., & Casper, L. M. (2001). America’s families and living arrangement population characteristics. P20-537. U.S. Bureau of the Census, U.S. Department of Commerce, Washington, D.C.

Evidence-based Medicine Working Group (1992). Evidence-based Medicine: A New Approach to Teaching the Practice of Medicine. Journal of the American Medical Association, 268(17), 2420–2425.

Finseth, C. (1993, July). Rfc 1492 - an access control protocol, sometimes called tacacs. Retrieved February 14, 2008, from http://www.faqs.org/rfcs/rfc1492.html.

Farmer, A., Gibson, O., Hayton, P., Bryden, K., Dudley, C., Neil A., et al. (2005). A real-time, mobile phone-based telemedicine system to support young adults with type 1 diabetes. Inform Prim Care, 13(3), 171-177. Favela, J., Rodríguez, M. D., Preciado, A., & Gonzalez, V. M. (2004). Integrating Context-aware Public Displays into a Mobile Hospital Information System. IEEE Trans. IT in BioMedicine, 8(3), 279- 286.

314

Fischer, S., Stewart, T., Mehta, S., Wax, R., & Lapinsky, S. E. (2003). Handheld computing in medicine. Journal of the American Medical Informatics Association, 10(2), 139-149. Fitzmaurice, G., Khan, A., Buxton, W., Kurtenback, G., & Balakrishnan, R. (2003). Sentient Data. Queue, 1(8), 52-62. Foerster, F., Smeja, M., & Fahrenberg, J. (1999). Detection of posture and motion by accelerometry: A validation in

Compilation of References

ambulatory monitoring. Computers in Human Behavior, 1999. 15(1): p. 571–583.

Freed, N., & Borenstein, N. (1996). Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. IETF RFC 2045. From http://www. rfc-editor.org/rfc/ rfc2045.txt.

Garcia-Morchon, O., Falck, T., Heer, T., & Wehrle, K. (2008). A Comprehensive Security System for Pervasive Medical Sensor Networks. Paper submitted to Special Issue of IEEE Journal on Selected Areas in Communications on Body Area Networking. Call for papers retrieved May 20, 2008, from http://dutetvg.et.tudelft. nl/~alex/CFP/old/20080115-200903xx-CFP-Special_Issue_of_IEEE_Journal_on_Selected_Areas_in_Communications_on_Body_Area_Networking.html

Freedman, S. B. (1999). Direct Transmission of Electrocardiograms to a Mobile Phone for Management of a Patient with Acute Myocardial Infarction. Journal of Telemedicine and Telecare, 5, 67-69.

Gellman, R. (2008). Personal Health Records and Personal Health Record Systems. The World Privacy Forum. Retrieved March 1, 2008, from http://www.worldprivacyforum.org/pdf/WPF_PHR_02_20_2008fs.pdf

Freedman, S. B. (1999). Direct Transmission of Electrocardiograms to a Mobile Phone for Management of a Patient with Acute Myocardial Infarction. Journal of Telemedicine and Telecare, 5, 67-69.

Georgopoulos, V. C., & Malandraki, G. A. (2005). A Fuzzy Cognitive Map Hierarchical Model for Differential Diagnosis of Dysarthrias and Apraxia of Speech. Paper presented at the 27th Annual International Conference of the Engineering in Medicine and Biology Society.

Franken, L. (1996). Quality of Service Management: a Model-Based Approach.

FreeRADIUS . (2008, January 22). Freeradius server. Retrieved February 12, 2008, from http://www.freeradius.org/. FreeS/WAN Project. (2004, April 22). Frees/wan. Retrieved February 12, 2008, from http://www.freeswan. org/. Friedewald, V. E., & Pion, R. J. (2001). Telemedicine/ home care. Returning home. Health Manag Technol, 22(9), 22-24, 26. Galton, A. (2000). Qualitative spatial change. Oxford, New York: Oxford Uni­versity Press. Garcia-Morchon, O., & Baldus, H. (2007). Hierarchical Key Pre-Distribution in Mobile Sensor Networks. Paper presented at 2nd Workshop on Embedded Systems Security (WESS’2007). A Workshop of the IEEE/ACM EMSOFT’2007. Garcia-Morchon, O., Baldus, H., & Sanchez, D. S. (2006). Resource-Efficient Security for Medical Body Sensor Networks. Presented at 3rd International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2006).

Glasgow, R., Bull, S., Piette, J., & Steiner, J. (2004). Interactive behavior change technology: A partial solution to the competing demands of primary care. American Journal of Preventive Medicine, 27(2, Supplement 1), 80-87. Goleniewski, L. (2002). Telecommunications Essentials. P. Education (Ed.), (pp. 28-30 & 444-449). Bosyon: Addition-Wesley Gostin, L. O. (1965). Health information privacy. Cornell Law Review, 80, 451-528. Gostin, L. O., Brezina, J. T., Powers, M., Kozloff, R., Faden, R., & Steinauer, D. D. (1993). Privacy and security of personal information in a new health care system. JAMA, 270, 2487-2493. Gostin, L. O., Lazzarini, L., Neslund, V. S., & Osterholm, M.T. (1996). The public health information infrastructure: A national review of the law on health information privacy. JAMA, 275, 1921-1927. Gott, M. (1995). Telematics for health: The role of Telemedicine in Homes and Comminities. Oxford, UK: Radcliffe Med. Press.

315

Compilation of References

Gottfried, B. (2006). Spatial health systems. In J. E. Bardram, J. C. Chachques, & U. Varshney (Eds.), 1st International Conference on Pervasive Comput­ing Technologies for Healthcare (PCTH 2006), November 29 -December 1, Innsbruck, Austria. IEEE Press. Gottfried, B., Guesgen, H. W., & Hübner, S. (2006). Spatiotemporal reasoning for smart homes. In J. C. Augusto & C. D. Nugent (Eds.), Designing Smart Homes, The Role of Artificial Intelligence, 4008, 16–34. Heidelberg: Springer. Grasso, B., & Genest, R. (2001). Clinical computing: Use of a personal digital assistant in reducing medication error rates. Psychiatric Services, 52(7), 883–886. Greenberg, S., & Fitchett, C. (2001). Phidgets: easy development of physical interfaces through physical widgets. In 14th annual ACM symposium on User interface software and technology. Orlando, Florida. Greenes, R. A. (Ed.). (2007). Clinical Decision Support. The Road Ahead: Elsevier. Gross, T. (2003). Ambient Interfaces: Design Challenges and Recommendation. Gu, X., & Nahrstedt, K. (2006). On Composing Stream Applications in Peer-to-Peer Environments. Parallel and Distributed Systems, IEEE Transactions on, 17(8), 824-837. Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., & Shantz, S. C. (2005). Sizzle: A Standards-based end-to-end Security Architecture for the Embedded Internet. In PERCOM’05 Proceedings of the third IEEE International Conference on Pervasive Computing and Communications (pp. 247-256). Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 2004). Haas, O. C. L., & Burnham, K. J. (Eds.). (2008). Intelligent and Adaptive Systems in Medicine (1st ed.): Taylor & Francis.

316

Habetha, J., & Reiter, H. (2008). MyHeart Project. Retrieved February 19, 2008, from http://www.hitechprojects.com/euprojects/myheart/ Hachisuka, K., Nakata, A., Takeda, T., Terauchi, Y., Shiba, K., Sasaki, K., Hosaka, H., & Itao, K. (2003). Development and Performance Analysis of an IntraBody Communication Device. In Proceedings of the 12th International Conference on Solid State Sensors, Actuators, and Microsystems. Hakaste, M., Nikula, E., & Hamiti, S. (2002). GSM/ EDGE Standard Evolution. In T. Halonen, J. Romero, & J. Melero, (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 3-63). West Sussex: John Wiley & Sons LTD. Halamka, J., Mandl K., & Tang, C. (2007). Early Experiences with Personal Health Records Journal of the American Medical Informatics Association, 15(1), 1-7. Halteren, A. v., Bults, R., Wac, K., Konstantas, D., & Widya, I. (2004). Mobile Patient Monitoring: The MobiHealth System. The Journal of Information Technology in Healthcare, 2(5). Han, J., & Kamber, M. (2005). Data Mining: Concepts and Techniques (2nd ed.): Morgan Kaufmann. Han, M., Thiery, T., & Song, X. (2006). Managing exceptions in the medical workflow systems. In ICSE ’06: Proceeding of the 28th international conference on Software engineering (pp. 741–750), New York, NY, USA: ACM. Han, S., Harkke, V., Mustonen, P., Seppänen, M., & Kallio, M. (2004). Mobilizing medical information and knowledge: some insights from a survey. Proceedings of the 12th European Conference on Information Systems (ECIS), Turku, Finland. Han, S., Harkke, V., Mustonen, P., Seppänen, M., & Kallio, M. (2005). Understanding physician acceptance of mobile technology: insights from two telephone interviews in Finland. International Journal of Electronic Healthcare, 1(4), 380-395.

Compilation of References

Han, S., Mustonen, P., Seppänen, M., & Kallio, M. (2004). Physicians’ behaviour intentions regarding the use of mobile technology: an exploratory study. Proceedings of the 8th Pacific Asia Conference on Information Systems (PACIS), Sanghai, China.

Heine, C., & Kirn, S. (2004). Adapt at agent.hospital -agent based support of clinical processes. In Proceedings of the 13th european conference on information systems, the european is profession in the global networking environment, ecis 2004, turku, finland, june 14-16, 2004.

Han, S., Mustonen, P., Seppänen, M., & Kallio, M. (2006). Physician’s acceptance of mobile communication technology: an exploratory study. International Journal of Mobile Communications, 4(2), 210-230.

Helzer, J., Badger, G., Searles, J., Rose, G., & Mongeon, J. (2006). Stress and Alcohol Consumption in Heavily Drinking Men: 2 Years of Daily Data Using Interactive Voice Response. Alcoholism Clinical and Experimental Research, 30(5), 802-811.

Harkins, D., & Carrel, D. (1998). Rfc 2409 the internet key exchange (ike). IETF. Retrieved from http://tools. ietf.org/html/rfc2409. Hasman, A., Albert, A., Wainwright, P., Klar, R., & Sosa, M. (1995). Education and training in health informatics in Europe, State of art, guidelines, applications. In Studies in Health Technology and Informatics, IOS Press, Amsterdam, 25. Hasman, A., Haux, R., & Albert, A. (1996). A systematic view on medical informatics. Computer methods and Programs in Biomedicine, 51, 131-139.

Herzog, R. (2004). MobiHealth Project. Retrieved February 19, 2008, from http://www.mobihealth.org/ Hightower, J., & Borriello, G. (2001). Location Systems for Ubiquitous Computing. IEEE Computer, 57-66. Hinchley, A. (2005). Understanding Version 3, A primer on the HL7 Version 3 Communication Standard. Munich: Alexander Mönch Publishing. Hinchley, A. (Ed.). (2005). Understanding Version 3 - A Primer on the HL7 Version 3 Communication Standard (3rd ed.).

Hassey, A., & Wells, M. (1997). Clinical systems security – implementing the bma policy and guidelines. In R. Anderson (Ed.), Personal Medical Information – Security, Engineering and Ethics. Springer-Verlag.

Hodges, J., & Morgan, R. (2002). Rfc 3377: lightweight directory access protocol (v3): technical specification. IETF. Retrieved from http://tools.ietf.org/html/rfc3377.

Hays, M., Irsula, B., McMullen, S., & Feldblum, P. (2001). A comparison of three daily coital diary designs and a phone-in regimen. Contraception, 63(3), 159-166.

Honeybourne, C., Suttont, S., & Ward, L. (2006). Knowledge in the Palm of your hands: PDAs in the clinical setting. Health Information and Libraries Journal, 23, 51-59.

He, W., Sengupta, M., Velkoff, V. A., & DeBarros, K. A. (2005). 65+ in the United States: 2005. Special report issued by the U.S. Department of Health and Human Services and the U.S. Department of Commerce. Washington, DC.

HostAP team. (2007, December 2). Host ap linux driver for intersil prism2/2.5/3 wireless lan cards and wpa supplicant. Retrieved February 12, 2008, from http://hostap. epitest.fi/.

Health Resources and Services Administration. Health literacy. Available at www. hrsa.gov/healthliteracy/ HealthService24 project eTEN-C517352 (2005). EC eTEN Programme. Retrieved Feb. 24, 2006, from http://www. healthservice24.com. Hehe, H. (2007). Smoking lamp. Available from: http:// hehe.org.free.fr/hehe/smokinglamp/index.html.

Hung, K., & Yuan-Ting, Z. (2003). Implementation of a WAP-based telemedicine system for patient monitoring. Information Technology in Biomedicine, IEEE Transactions on, 7(2), 101. ICNIRP (1996). Health issues related to the use of handheld radiotelephones and base transmitters. International Commission on Non-Ionizing Radiation Protection, Health Physics (pp. 70-4, 587–593).

317

Compilation of References

IEEE (1991- 1999). Standard for Safety levels with respect to human exposure to radio frequency electromagnetic fields (3 kHz to 300 GHz). ANSI/IEEE C95.1-1992, NJ 08854-1331. New York. IEEE 802.10. (1998). Ieee standards for loc a l a n d m e t r o p o li t a n a r e a n e t w o r k s: standard for interoperable lan/man security (sils). Retrieved from http://standards.ieee.org/getieee802/download/802.10-1998.pdf. IEEE 802.11g-2003 (2003). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 4: Further Higher Data Rate Extension in the 2.4GHz Band. IEEE 802.11i. (2004). Part11: wireless lan medium access control (mac) and physical layer (phy) specifications amendment 6: medium access control (mac) security enhancements . Retrieved from http://standards.ieee. org/getieee802/download/802.11i-2004.pdf. IEEE 802.15 WPAN™ Task Group 6 Body Area Networks (BAN) (2007). Retrieved February 19, 2008, from http://www.ieee802.org/15/pub/TG6.html IEEE 802.15.1™-2002 (2002). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 15.1: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Wireless Personal Area Networks (WPANs). IEEE 802.15.4-2006 (2006). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs). IEEE 802.1X. (2004). Ieee standards for local and metropolitan area networks—port-based network access

318

control. Retrieved from http://standards.ieee.org/getieee802/download/802.1X-2004.pdf. IEEE P802.15.3 (n.d.). Draft Standard for Information technology—Telecommunications and information exchange between systems—LAN/MAN Specific requirements¾Part 15.3: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specs for High Rate Wireless Personal Area Networks (WPANs). IEEE P802.15.4a (2007). Draft Amendment to IEEE Standard for Information technology—Telecommunications and information exchange between systems—Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs): Amendment to add alternate PHY. Intille, S., Kukla, C., Farzanfar, R., & Bakr, W. (2003). Just-in-time technology to encourage incremental. Iperf Team. (2005, May 3). Nlanr/dast : iperf - the tcp/udp bandwidth measurement tool. Retrieved February 12, 2008, from http://dast.nlanr.net/Projects/Iperf/. Irisys (2007). Retrieved May 13, 2007, from http://www. irisys.co.uk IRPA (1988). Guidelines on limits of exposure to radio frequency electromagnetic fields in the frequency range from 100 kHz to 300 GHz. International Radiation Protection Association, Health Physics, 54, 115-123. Ishii, H., Wisneski, C., Brave, S., Dahley, A., Gorbet, M., Ullmer, B., & Yarin, P. (1998). ambientRoom: Integrating ambient media with architectural space. In CHI. ISO 8824 (1994). Information Processing System – Open Systems Interconnection – Abstract Syntax Notation 1 Specification. ISO/IEC JTC1/SC21. ISO 8825 (1994). Information Processing System – Open Systems Interconnection – Basic Encoding Rules for Abstract Syntax Notation 1 (ASN.1). ISO/IEC JTC1/SC21. Istepanian, R. H., Woodward, B., Gorilas, E., & Balos, P. A. (1998). Design of Mobile Telemedicine Systems using GSM and IS-54 Cellular Telephone Standards. Journal of Telemedicine and Telecare, 4(Supplement 1), 80-82.

Compilation of References

Jadad, A. R., Haynes, R. B., Hunt, D., & Browman, G. P. (2000). The Internet and evidence-based decision-making: a needed synergy for efficient knowledge management in health care. Canadian Medical Association Journal, 162 (3), 362-365. Jafarinaimi, N., Forlizzi, J., Hurst, A., & Zimmerman, A. (2005). Breakaway: An ambient display designed to change human behavior. In CHI. Jasemian, Y. (2006). Security and privacy in a wireless remote medical system for home healthcare purpose. 1st International Conference on Pervasive Computing Technologies for Healthcare [CD-ROM],. s. 3, & Proceedings in IEEE Xplore, peer reviewed conference article, 29 November-1 December 2006, Innsbruck, Austria. Jasemian, Y. (2008). Elderly Comfort and Compliance to Modern Telemedicine System at home. 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, ISBN 978-963-9799-15-8. Jasemian, Y. (2008). Elderly Comfort and Compliance to Modern Telemedicine System at home, 2nd International Conference on Pervasive Computing Technologies for Healthcare, Proceedings, peer reviewed conference article, ISBN 978-963-9799-15-8. Jasemian, Y. (December 2006). Security and privacy in a wireless remote medical system for home healthcare purpose. 1st International Conference on Pervasive Computing Technologies for Healthcare [CD-ROM] s. 3, & Proceedings in IEEE Xplore, peer reviewed conference article, 29 November-1, Innsbruck, Austria. Jasemian, Y., & Arendt-Nielsen, L. (2005). Design and implementation of a telemedicine system using BLUETOOTH and GSM/GPRS, for real time remote patient monitoring. The International Journal of Health Care Engineering, 13, 199-219. Jasemian, Y., & Arendt-Nielsen, L. (2005). Design and implementation of a telemedicine system using BLUETOOTH and GSM/GPRS, for real time remote patient monitoring. The International Journal of Health Care Engineering, 13, 199-219.

Jasemian, Y., & Arendt-Nielsen, L. (2005). Evaluation of a real-time, remote monitoring telemedicine system, using the Bluetooth protocol and a mobile phone network. Journal of Telemedicine and Telecare, 11(5), 256-260. Jasemian, Y., & Arendt-Nielsen, L. (2005). Evaluation of a real-time, remote monitoring telemedicine system, using the Bluetooth protocol and a mobile phone network. J Telemed Telecare, 11(5), 256- 260. Jasemian, Y., & Arendt-Nielsen, L. (2005). Validation of a real-time wireless telemedicine system, using Bluetooth protocol and a mobile phone, for remote monitoring patient in medical practice. European Journal of Medical Research, 10(6), 254-262. Jasemian, Y., & Arendt-Nielsen, L. (2005). Validation of a real-time wireless telemedicine system, using Bluetooth protocol and a mobile phone, for remote monitoring patient in medical practice. European Journal of Medical Research, 1(6, 2)54-262. Jelena, M., Vojislav, B. M. (2007). Implementation of security policy for clinical information systems over wireless sensor networks Ad Hoc Networks, 5, 134–144. Johan, R., Skog, T., & Hallnäs, L. Informative Art: Using Amplified Artworks as Information Displays. Jones, V., Incardona, F., Tristram, C., Virtuoso, S., & Lymberis, A. (2006). Future challenges and recommendations. In R. S. H. Istepanian, S. Laxminarayan & C. S. Pattichis (Eds.), M-health Emerging Mobile Health Systems (pp. 267-270): Springer. Jovanov, E., Milenkovic, A., Otto, C., & Groen, P.C. de. (2005). A Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation. Journal of Neuroengineering and Rehabilitation, 2(1), 6. Kafil, M., & Ahmad, I. (1998). Optimal task assignment in heterogeneous distributed computing systems. Concurrency, IEEE [see also IEEE Parallel & Distributed Technology], 6(3), 42. Kammann, J. (2001). Proposal for a Mobile Service Control Protocol. Institute for Communications and Naviga-

319

Compilation of References

tion German Aerospace Centre (DLR), PDCS Anaheim (USA), Retrieved March 25, 2008, from: http://www. kn-s.dlr.de/kammann/papers/iasted/iasted.pdf

nual International Conference on Mobile and Ubiquitous Systems: Networking and Services. 2004. Boston, MA, USA: IEEE Press.

Katsuragawa, S., & Doi, K. (2007). Computer-aided diagnosis in chest radiography. Computerized Medical Imaging and Graphics, 31(4-5), 212-223.

Krumm, J., & Hinckle, J. (2004). The NearMe Wireless Proximity Server. In Ubicomp.

Kent, S., & Atkinson, R. (1998). Rfc 2402 ip authentication header. IETF. Retrieved from http://tools.ietf. org/html/rfc2402. Kent, S., & Atkinson, R. (1998). Rfc 2406 ip encapsulating security payload (esp). IETF. Retrieved from http://tools. ietf.org/html/rfc2406. Kim, H., & Afifi, H. (2003). Improving mobile authentication with new aaa protocols. Retrieved February 15, 2008, from http://citeseer.ist.psu.edu/article/kim03improving.html. Kim, M., & Johnson, K. (2002). Personal health records: Evaluation of functionality and utility. Journal of the American Medical Informatics Association, 9(2), 171180. Retrieved from http://www.scopus.com/scopus/ inward/record.url?eid=2-s2.0-0036491265&partnerID =40&rel=R7.0.0. Kirsh, I. S., Jungeblut, A., Jenkins, L., et al. (1993). Adult literacy in America: A first look at the results of the National Adult Literacy Survey. Washington DC: National Center for Education Statistics, United States Department of Education. Kismet Team. (2004). Kismet. Retrieved February 18, 2008, from http://www.kismetwireless.net/. Kraemer, R., & Ebert, J-P. (2006). BASUMA Project. Retrieved February 19, 2008, from http://www.basuma. de/index.php?lang=en Kraft, M. R., Desouza, K. C., & Androwich, I. (2003). Data Mining in Healthcare Information Systems: Case Study of a Veterans’ Administration Spinal Cord Injury Population. Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03). Jan. 6-9. Krumm, J. & E. Horvitz. LOCADIO: Inferring Motion and Location from Wi-Fi Signal Strengths. in First An-

320

Kupchunas, W. (2007). Personal health record: New opportunity for patient education. Orthopaedic Nursing, 26(3), 185-191. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-3424978868 4&partnerID=40&rel=R7.0.0. Kushniruk, A., Triola, M., Borycki, E., Stein, B., & Kannry, J. (2005). Technology induced error and usability: the relationship between usability problems and prescription errors when using a handheld application. International Journal of Medical Informatics, 74(7-8), 519-526. Kyriacou, E., Pavlopoulos, S., Berler, A., Neophytou, M., Bourka, A., Georgoulas, A., et al. (2003). Multi-purpose HealthCare Telemedicine System with mobile communication link support. BioMedical Engineering OnLine. Retrieved March 25, 2008, from http://www.biomedicalengineering-online.com/content/2/I/7, 1-12. LaMarca, A., Chawathe, Y., Consolvo, S., Hightower, J., Smith, I., Scott, J., et al. (2005). Place Lab: Device Positioning Using Radio Beacons in the Wild. Paper presented at the Third International Conference Pervasive Computing (PERVASIVE 2005), Munich, Germany. Lapinsky, S. E., Weshler, J., Mehta, S., Varkul, M., Hallett, D., & Stewart, T. (2001). Handheld computers in critical care. Critical Care, 5(4), 227–231. Lavigne, M. (1998). Interactive Voice Response in Disease Management: Providing Patient Outreach and Improving Outcomes (pp. 1-16). Le Gall, D. (1991). MPEG: A Video Compression Standard for Multimedia Applications. Communications of the ACM, 4(34). Lee, C.-H., & Shin, K. G. (1997). Optimal task assignment in homogeneous networks. Parallel and Distributed Systems, IEEE Transactions on, 8(2), 119-129.

Compilation of References

Lee, M., Delaney, C., & Moorhead, S. (2007). Building a personal health record from a nursing perspective. International Journal of Medical Informatics, 76(SUPPL. 2). Retrieved from http://www.scopus.com/scopus/inward/record.url?eid=2-s2.0-34548216363&partnerID= 40&rel=R7.0.0. Lehoux, P., Sicotte, C., & Denis, J. (1999). Assessment of a computerized medical record system: disclosing scripts of use, Evaluation and Program Planning, 22(4), 439-453. doi: 10.1016/S0149-7189(99)00034-8. Levin, E., & Levin, A. (2006). Evaluation of spoken dialogue technology for real-time health data collection. J Med Internet Res, 8(4). Lin, C. C., Chiu, M.J., Hsiao, C. C., Lee, R. G., & Tsai, Y. S. (2006). Wireless health care service system for elderly with dementia. IEEE Trans Inf Technol Biomed, 10(4), 696-704. Lin, H. (Ed.). (2007). Architectural Design of Multi-Agent Systems: Technologies and Techniques. IGI Global. Liu, A., Kampanis, P., & Ning, P. (2007). TinyECC: Elliptic Curve Cryptography for Sensor Networks V. 0.3. Retrieved May 29, 2008, from http://discovery. csc.ncsu.edu/~pning/software/TinyECC/index.html Liu, D., Ning, P., & Li, R. (2005). Establishing Pairwise Keys in Distributed Sensor Networks. In ACM Transactions on Information and System Security, 8(1), 41-77. Lo, B. P. L., & Yang, G. Z. (2005). Key Technical Challenges and Current Implementations of Body Sensor Networks. In Proc. of 2nd Intl. Workshop on Wearable and Implantable Body Sensor Networks (BSN 2005) (p. 1). London, UK. Lo, B. P. L., & Yang, G. Z. (2005). Key Technical Challenges and Current Implementations of Body Sensor Networks. In Proceedings of 2nd International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2005) (p. 1). London, UK. Lo, V. M. (1988). Heuristic algorithms for task assignment in distributed systems. Computers, IEEE Transactions on, 37(11), 1384.

Lund, A., & Wilberg. M. (2007). Ambient displays beyond conventions. In British HCI Group Annual Conference. Luo, Y., Jiang, L., & Zhuang, T. (2008). A Grid-Based Model for Integration of Distributed Medical Databases. Journal of Digital Imaging. Ma, Y.-C., Chen, T.-F., & Chung, C.-P. (2004). Branchand-bound task allocation with task clustering-based pruning. Journal of Parallel and Distributed Computing, 64(11), 1223 - 1240. MacKinnon, D., McCrum, W., & Sheppard, D. (1990). An Introduction to Open Systems Interconnection. New York: Computer Science Press. Magrabi, F., Lovell, N. H., & Celler, B. G. (1999). A Web-based approach for electrocardiogram monitoring in the home. International Journal of Medical Informatics, 54, 145-153. Maitland, J., Sherwood, S., Barkhuus, L., Anderson, I., Hall, M., Brown, B., Chalmers, M. & Muller, H. (2006). Increasing the Awareness of Daily Activity Levels with Pervasive Computing. Paper presented at 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Malan, D., Fulford-Jones, T., Welsh, M., & Moulton, S. (2004). Codeblue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care. In Proceedings of 1st International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2004) (pp. 55-58). London, UK. Malasri, K., & Wang, L. (2007). Addressing security in medical sensor networks. In Proceedings of the 1st ACM SIGMOBILE International Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (pp. 7-12). San Juan, Puerto Rico: ACM, New York, NY. Retrieved February 19, 2008, from http://doi.acm.org/10.1145/1248054.1248058 Malik, A. (2008). Design XML schemas using UML. Retrieved March 28, 2008, from http://www.ibm.com/ developerworks/xml/library/x-umlschem/.

321

Compilation of References

Malouin, F. et al. (2005). Assessment and Training of Locomotion after Stroke: Evolving Concepts (pp. 185222). Edinburgh: Butterworth Heinemann.

for Mobile Healthcare. 1st International Conference on Pervasive Computing Technologies for Healthcare 2006. Nov. 29th – Dec 1st, 2006. Innsbruck, Austria.

Mankoff, J., Dey, A. K., Hsieh, G., Kientz, J., Lederer, S., & Ames, M. (2003). Heuristic evaluation of ambient displays. In Conference on Human Factors in Computing Systems. Lauderdale, Florida, USA.

Melero, J., Wigard, J., Halonen, T., & Romero, J. (2002). Basics of GSM Radio Communication and Spectral Efficiency. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 145- 190). West Sussex: John Wiley & Sons LTD.

Markarian, A., Favela, J., Tentori, M., & Castro, L. A. (2006). Seamless Interaction among Heterogeneous Devices in Support for Co-located Collaboration. In CRIWG. Valladolid, Spain: Springer-Verlag. Marti, R., & Delgado, J. (2003). Security in a wireless mobile health care system. In Universitat Pompeu Fabra. Martin-Lester, M. (1997). Cognitive function in dialysis patients. Case study of the anemic patient. ANNA J, 24(3). McAlearney, A. S., Schweikhart, S. B., & Medow, M. A. (2004). Doctors’ experience with handheld computers in clinical practice: qualitative study. BMJ, 328(7449), 1162. doi: 10.1136/bmj.328.7449.1162. McLafferty, S. L. (2003). GIS and Health Care. Annual Review Public Health, 24, 25–42. Mea, V. D., Pittaro, M., & Roberto, V. (2004). Knowledge management and modelling in health care organizations: The standard operating procedures. In M. Wimmer (Ed.), Kmgov, 3035, 136–146. Springer. Mei, H., Pawar, P., & Widya, I. (2007, March 26 2007). Optimal Assignment of a Tree-Structured Context Reasoning Procedure onto a Host-Satellites System. Paper presented at the 16th Heterogeneity in Computing Workshop (HCW 2007), Long Beach, California. Mei, H., Widya, I., Broens, T., Pawar, P., Halteren, A. v., Shishkov, B., et al. (2007). A Framework for Smart Distribution of Bio-signal Processing Units in M-health. Paper presented at the 2nd International Conference on Software and Data Technologies (ICSOFT 2007), Barcelona, Spain. Mei, H., Widya, I., Halteren, A. van, & Erfianto, B. (2006). A Flexible Vital Sign Representation Framework

322

Meneses, F., & Moreira, A. (2004). A Flexible locationcontext representation. Paper presented at the The 15th IEEE international Symposium on Personal, Indoor And Mobile Radio Communications (PIMRC2004), Barcelona, Espanha. Meneses, F., & Moreira, A. (2006). Using GSM CellID Positioning for Place Discovering. Paper presented at the First Workshop on Location Based Services for Health Care (LOCARE’06) at the 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Menezes, A. J., van Oorschot, P. C., & Vanstone, S. C. (1996). Handbook of Applied Cryptography. Boca Raton, Retrieved February 19, FL: CRC Press, 1996. 2008, from http://www.cacr.math.uwaterloo.ca/hac/ Microsoft. (2004). Windows server 2003 active directory. Retrieved February 15, 2008, from http://www.microsoft. com/windowsserver2003/technologies/directory/activedirectory/default.mspx. Minnen, D. and T. Starner, Essa, I., Isbell, C. Discovering characteristicactions from on-body sensor data. In International Semantic Web Conference (ISWC). Athens, GA, USA: IEEE. Misic, J., & Misic, V. B. (2007). Implementation of security policy for clinical information systems over wireless sensor networks. Elsevier’s Ad Hoc Networks, 5(1), 134-144. MobiHealth Project (last update, 2008), Available at: http://www.mobihealth.org/

Compilation of References

MobiHealth project IST-2001-36006 (2002). EC programme IST. Retrieved Feb. 24, 2006, from http://www. mobihealth.org. Modarres, M., & Beheshtian-Ardekani, M. (2005). Enterprise support system architecture: integrating DSS, EIS, and simulation technologies. International Journal of Technology Management, 31(1/2), 116-128. Mohan, J. (1993). Healthy indicators? applications of census data in health care planning. In A. Champion (Ed.), Population matters: The local dimension (pp. 136–149). London: Paul Chapman. Moor, K. A., Connelly, K. H., & Rogers, Y. (2004). A Comparative Study of Elderly, Younger, and Chronically Ill Novice PDA Users (No. TR595). Moore, M. (1999). The evolution of telemedicine. Future Generation Computer Systems, 15(2), 245-254. Moran, E. B., Tentori, M., González, V. M., MartinezGarcia, A. I., & Favela, J. (2006). Mobility in Hospital Work: Towards a Pervasive Computing Hospital Environment. International Journal of Electronic Healthcare, 3(1), 72-89. Morbiducci, U., Tura, A., & Grigioni, M. (2005). Genetic algorithms for parameter estimation in mathematical modeling of glucose metabolism Computers in Biology and Medicine, 35(10), 862-874. Moreira, A., & Santos, M. (2005). Enhancing a user context by real-time clustering mobile trajectories. Paper presented at the International Conference on Information Technology: coding and computing – ITCC 2005, Las Vegas, NV, USA. Moskowitz, R. (2003, November 4). Weakness in passphrase choice in wpa interface. Wi-Fi Net News. Retrieved from http://wifinetnews.com/archives/002452.html. Muehlsteff, J., Aubert, X., & Schuett, M. (2006). Cuffless Estimation of Systolic Blood Pressure for Short Effort Bicycle Tests: The Prominent Role of the PreEjection Period. In Proceedings IEEE-EMBC 2006, 28, 5088-5092.

Mundt, J., Bohn, M., King, M., & Hartley, M. (2002). Automating Standard Alcohol Use Assessment Instruments Via Interactive Voice Response Technology. Alcoholism: Clinical and Experimental Research, 26(2), 207-211. Munoz, M., Rodriguez, M. D., Favela, J., MartinezGarcia, A. I., & Gonzalez, V. M. Context-Aware Mobile Communication in Hospitals. IEEE Computer, 36(9), 38-46. Muppala, J. K., Fricks, R. M., & Trivedi, K. S. (2000). Techniques for Dependability Evaluation. In W. Grasman (Ed.), Computational Probability (pp. 445-480): Kluwer Academic Publishers. Myotel (2008). Myofeedback based Teletreatment Service Project. EU programme eTEN – 046230. Retrieved Feb. 2008, from http://www.myotel.eu. Nack, F., Schiphorst, T., Obrenovic, Z., Tjoe, M. K., Bakker, S., Perez, A., & Aroyo, L. (2007). Pillows as adaptive interfaces in ambient environments. in Proceedings of the international workshop on Human-centered multimedia of International Multimedia Conference. New York, NY, USA. Naya, F., Noma, H., Ohmura, R., & Kogure, K. (2005). In IEEE International Symposium on Wearable Computers. Bluetooth-based Indoor Proximity Sensing for Nursing Context Awareness. NEMA (2007). Digital Imaging and Communications in Medicine (DICOM), Part 1: Introduction and Overview. Virginia: NEMA. NEMA (2007). Digital Imaging and Communications in Medicine (DICOM), Part 3: Information Object Definitions. Virginia: NEMA. Ng, H. S., Sim, M. L., & Tan, C. M. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 138-144. Retrieved February 19, 2008, from http://dx.doi.org/10.1007/s10550006-0051-8. Ng, S., & Tan. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 138-144. doi: 10.1007/s10550-006-0051-8.

323

Compilation of References

Nielsen, J. (2002). Why you only need to test with 5 users. From http://www.useit.com/alertbox/20000319.html NIST. (2001). Fips-197: advanced encryption standard. Natioanl Institute of Standards (NIST). NoMoreClipboard.com (2008). PHR Launches Cell Phone Integration. Business Wire. Oct 29, 2007. FindArticles.com. 25 Jun. 2008. http://findarticles.com/p/articles/mi_m0EIN/is_2007_Oct_29/ai_n21068069 Nonaka, I., & Takeuchi, H. (1995). The Knowledge-Creating Company — How Japanese Companies Create the Dynamics of Innovation. Oxford University Press. Norman, M. G., & Thanisch, P. (1993). Models of machines and computation for mapping in multicomputers. ACM Computing Surveys, 25(3), 263-302. Novell. (2004). Novell edirectory vs. microsoft active directory. Retrieved February 15, 2008, from http://www. novell.com/collateral/4621396/4621396.pdf. O’Connor, M. C. (2006). Testing Ultrasound to Track, Monitor Patients. RFID Journal, 1(31), 2. Oinas-Kukkonen, H. (2004). The 7C Model for Organizational Knowledge Sharing, Learning and Management. Proceedings of the Fifth European Conference on Organizational Knowledge, Learning and Capabilities (OKLC ‘ 04), Innsbruck, Austria, April 2-3. Oinas-Kukkonen, H. (2005). Towards Evaluating Knowledge Management through the 7C Model. Proceedings of the European Conference on Information Technology Evaluation, (ECITE ’05), Turku, Finland, September 29-30. Okawa, T. (1973) A personal health record for young female students. Japanese Journal for Midwife, 27(11), 36-40. Olla, P. (2007). Mobile health technology of the future: creation of an m-health taxonomy based on proximity. International Journal of Healthcare Technology and Management, 8(3/4), 370–387.

324

OMG ptc/03-10-14 (2003). UML 2.0 OCL Specification. OMG Adopted Specification (ptc/03-10-14). Retrieved in 2007, from http://www.omg.org. OpenSSL. (2007, October 19). Openssl: the open source toolkit for ssl/tls. Retrieved February 12, 2008, from http://openssl.org/. Orlov, O. I., Drozdov, D. V., Doarn, C. R., & Merrell, R. C. (2001). Wireless ECG monitoring by telephone. Telemedicine Journal and e-Health, 7, 33-38. Oxid IT Team. (2005). Cain & abel. Retrieved February 15, 2008, from http://www.oxid.it/cain.html. Parker, V. M., Wade, D. T., & Hewer, R. L. (1986). Loss of Arm Function after Stroke: Measurement, Frequency and Recovery. International Rehabilitation Medicine, 8, 69-73. Parkka, J., Ermes, M., Korpipaa, P., Mantyjarvi, J., Peltola, J., & Korhonen, I. (2006). Activity Classification Using Realistic Data From Wearable Sensors. IEEE Transactions on Information Technology in Biomedicine, 10(1), 119–128. Parsons, J. D. (2000). Fundamental of VHF and UHF Propagation. In J. D. Parsons (Ed.), the Mobile radio propagation channel (pp. 15-18). West Sussex: John Wiley & Sons LTD. Partridge, K., Dahlquist, B., Veiseh, A., Cain, A., Foreman, A., Goldberg, J., & Borriello G. (2001). Empirical Measurements of Intrabody Communication Performance under Varied Physical Configurations. In Proceedings of the 14th annual ACM symposium on user interface software and technology (pp. 183-190). Orlando, FL. Partridge, K., Newman, S., & Borriello, G. (2003). Facile: A Framework for Attention-Correlated Local Communication. In Proceedings of 5th IEEE Workshop on Mobile Computing Systems & Applications (pp. 139147). Monterey, CA. Patel, S., Kientz, J., Hayes, G., Bhat, S., & Abowd, G. (2006). Farther Than You May Think: An Empirical

Compilation of References

Investigation of the Proximity of Users to Their Mobile Phones. In UbiComp 2006: Ubiquitous Computing (pp. 123-140). Patel, U., & Babbs, C. (1992). A computer based, automated telephonic system to monitor patient progress in home setting. J. Med. Syst., 16,101-112. Pentland, A. (2004). Healthwear: Medical Technology Becomes Wearable. IEE Computer, 37(5), 42-49. Perednia, D. A., & Allen, A. (1995). Telemedicine technology and clinical applications. JAMA, 273, 483-488. Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53-57. Retrieved February 19, 2008, from http://doi.acm.org/10.1145/990680.990707 Philips Medical Systems (2005). Striving for cableless monitoring. In C. Ragil (Ed.), Philips Medical Perspective Magazine, February 2005 (pp. 24-25). Philips Medical Systems (February 2005). Striving for cable less monitoring. In C. Ragil (Ed.), Philips Medical Perspective Magazine, 8, 24-25. Piette, J. D. (2000). Interactive voice response systems in the diagnosis and management of chronic disease. Am J Manag Care, 6(7), 817-827. Piette, J. D., Weinberger, M., & McPhee, S. J. (2000). The effect of automated calls with telephone nurse follow-up on patient-centered outcomes of diabetes care: a randomized, controlled trial. Med Care, 38(2), 218-230. Pietzuch, P., Ledlie, J., Shneidman, J., Roussopoulos, M., Welsh, M., & Seltzer, M. (2006). Network-Aware Operator Placement for Stream-Processing Systems. Paper presented at the 22nd International Conference on Data Engineering (ICDE’06). Poljak, D. (2004). Human Exposure to Electromagnetic Fields. In D. Poljak (Ed.), (pp. 11-40 & 49-52). Southampton: WIT press. Pomerol, J.-C. (1997). Artificial Intelligence and human decision making. European Journal of Operational Research, 99(1), 3-25.

Poon, C., Zhang, Y., & Bao, S. (2006). A Novel Biometrics Method to Secure Wireless Body Area Sensor Networks for Telemedicine and M-Health. In IEEE Communications Magazine (pp.73-81). Pop, D., Negru, V., & Sandru, C. (2006). Multi-Agent Architecture for Knowledge Discovery. Paper presented at the Eighth International Symposium on Symbolic and Numeric Algorthms for Scientific Computing, Timisoara. Porter, R. (Ed.). (2006). The Cambridge History of Medicine (1st ed.): Cambridge University Press. Poulymenopoulou, M., & Vassilacopoulos, G. (2002). A web-based workflow system for emergency healthcare. In Medical Informatics Erope.. Preventing Chronic Diseases: A Vital Investment (2005). World Health Organization. Quaglini, S., Stefanelli, M., Lanzola, G., Caporusso, V., & Panzarasa, S. (2001). Flexible guideline-based patient careflow systems. Artificial Intelligence in Medicine, 22(1), 65–80. Raghupathi, W. (1997). Health Care Information Systems. Communications of the ACM, 40(8), 81-82. Rahmati, A., & Zhong, L. (2007). Context-for-Wireless: Context-Sensitive Energy-Efficient Wireless Data Transfer. Paper presented at the 5th international conference on Mobile systems, applications and services (Mobisys). Rakus-Anderson, E. (2007). Fuzzy and Rough Techniques in Medical Diagnosis and Medication (1st ed.): Springer. Ramnarayan, P., Roberts, G. C., Coren, M., Nanduri, V., Tomlinson, A., Taylor, P. M., et al. (2006). Assessment of the potential impact of a reminder system on the reduction of diagnostic errors: a quasi-experimental study. BMC Medical Informatics and Decision Making, 6(22). Ramnarayan, P., Tomlinson, A., Rao, A., Coren, M., Winrow, A., & Britto, J. (2003). ISABEL: a web-based differential diagnostic aid for paediatrics: results from an initial performance evaluation. Archives of diseases in childhood, 88(5), 408-413.

325

Compilation of References

Ramqvist, L. (1997). Health and Safety in Mobile Telephony. EN/LZT 123 4060, Ericsson Radio Systems AB, 164 80 Stockholm, 1-14.

Roberts, L. M. (2000). MammoNet: a bayesian network diagnosing breast cancer. Machine Perception and Artificial Intelligence, 39, 101-148.

Rangayyan, R. M. (2004). Biomedical Image Analysis (1st ed.): CRC.

Romero, J., Martinez, J., Nikkarinen, S., & Moisio, M. (2002). GPRS and EGPRS Performance. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (pp. 230248). West Sussex: John Wiley & Sons LTD.

Rasid, M. F. A., & Woodward, B. (2005). Bluetooth telemedicine Processor for multichannel biomedical signal transmission via mobile cellular networks. Information Technology in Biomedicine, IEEE Transactions on, 9(1), 35. Rekimoto, J., Ayatsuka, Y., & Kohno, M. (2003). SyncTap: An Interaction Technique for Mobile Networking. 5th International Symposium on Human-Computer Interaction with Mobile Devices and Services (pp. 104-115). Udine, Italy: LNCS, Springer, 2795. Rekimoto, J., Ayatsuka, Y., Kohno, M., & Oba, H. (2003). Proximal Interactions: A Direct Manipulation Technique for Wireless Networking. In: Proceedings of Human-Computer Interaction (INTERACT 2003). Zurich, Switzerland. Rekimoto, J., Miyaki, T., & Kohno, M. (2004). ProxNet: Secure Dynamic Wireless Connection by Proximity Sensing. 2nd Conference on Pervasive Computing (Pervasive 2004) (pp. 213-218). Vienna, Austria: LNCS, 3001, Springer. Resnicow, K., Odom, E., Wang, T., Dudley, W., Mitchell, D., Vaughan, R., et al. (2000). Validation of Three Food Frequency Questionnaires and 24-Hour Recalls with Serum Carotenoid Levels in a Sample of African-American Adults. Am. J. Epidemiol., 152(11), 1072-1080.

Romero, J., Martinez, J., Nikkarinen, S., & Moisio, M. (2002). GPRS and EGPRS Performance. In T. Halonen, J. Romero, & J. Melero (Eds.), GSM, GPRS and EDGE performance, Evolution Towards 3G/UMTS (p. 291). West Sussex: John Wiley & Sons LTD. Rothschild, J. M., Lee, T. H., Bae, T., & Bates, D.W. (2002). Clinician use of a palmtop drug reference guide. Journal of the American Medical Informatics Association, 9(3), 223–229. Ruiz Fernández, D., Garcia Chamizo, J. M., Maciá Pérez, F., & Soriano Payá, A. (2005). Modelling of dysfunctions in the neuronal control of the lower urinary tract. Lecture Notes in Computer Science, 3561, 203-212. Russello, G., Dong, C., & Dulay, N. (2007). Authorisation and conflict resolution for hierarchical domains. In POLICY ’07: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (pp. 201–210), Washington, DC, USA. Sackett, D .L., Rosenberg, W. M. C., Gray, J. A .M., Haynes, B.. & Richardson, W. S. (1996). Evidence based medicine: what it is and what it isn’t. British Medical Journal, 312(13), 71-72.

Rezazadeh, M., & Evans, N. (1990). Multichannel physiological monitor plus simultaneous full-duplex speech channel using a dial-up telephone line. IEEE Trans. Biomed. Eng., 37, 428-432.

Sackett, D. L., & Straus, S. (1998) Finding and applying evidence during clinical rounds: the evidence cart. Journal of the American Medical Association, 280(15), 1336–1338.

Rigney, C., Rubens, A., Simpson, W. & Willens, S. (1997). Rfc 2138 remote authentication dial in user service (radius). IETF. Retrieved from http://tools.ietf. org/html/rfc2138.

Sanchez, D., & Baldus, H. (2005). A Deterministic Pairwise Key Pre-Distribution Scheme for Mobile Sensor Networks. Presented at SecureComm 2005.

326

Compilation of References

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47. Satava, R., Angood, P. B., Harnett, B., Macedonia, C., & Merrell, R. (2000). The physiologic cipher at altitude: telemedicine and real-time monitoring of climbers on Mount Everest. Telemedicine Journal and e-Health, 6, 303-313. Satyanarayanan, M. (2001). Pervasive computing: vision and challenges. IEEE Personal Communications, 8(4), 10-17. Scalvini, S., Zanelli, E., Domenighini, D., Massarelli, G., Zampini, P., Giordano, A., et al. (1999). Telecardiology community: A new approach to take care of cardiac patients. Cardiologia, 921-924. Schiller, J. (2003). Mobile Communications. AddisonWesley. Schiller, J. H. (2000). Mobile Communications. In J. H. Schiller (Ed.) (pp. 24, 27, 83-92, 86, 105-113, 119-125). London, UK: Addition-Wesley. Schillinger, D., Grumbach, K., Piette, J. et al. (2002). Association of health literacy with diabetes outcomes, JAMA, 288, 475-482. Schroder, K., Johnson, C., & Wiebe, J. (2007). Interactive Voice Response Technology Applied to Sexual Behavior Self-reports: A Comparison of Three Methods. AIDS and Behavior, 11(2), 313-323. Sevick, M. A., Piraino, B., Sereika, S., Starrett, T., Bender, C., Bernardini, J., et al. (2005). A preliminary study of PDA-based dietary self-monitoring in hemodialysis patients. J Ren Nutr, 15(3), 304-311. Shimizu, K. (1999). Telemedicine by Mobile Communication. IEEE Engineering in Medicine and Biology, (pp. 32-44). Shinagawa, M., Fukumoto, M., Ochiai, K., & Kyuragi, H. (2004). A Near-Field-Sensing Transceiver for Intrabody Communication Based on the Electrooptic Effect. In IEEE Transactions on Instrumentation and Measurement, 53(6).

Shnayder, V., Chen, B., Lorincz, K., Fulford-Jones, T. R. F., & Welsh, M. (2005). Sensor Networks for Medical Care. Harvard University Technical Report TR-08-05 April 2005. Siau, K. (2003). Health Care Informatics. IEEE Transactions on Information Technology in Biomedicine, 7(1), 1-6. Siek, K. A., & Connelly, K. H. (2006). Lessons Learned Conducting User Studies in a Dialysis Ward. Paper presented at the Extended Abstracts of CHI 2006: Workshops - Reality Testing. Sintchenko, V., Iredell, J., Gilbert, G., & Coiera, E. (2005). Handheld Computer-based Decision Support Reduces Patient Length of Stay and Antibiotic Prescribing in Critical Care. Journal of the American Medical Informatics Association, 12(4), 398-402. Sittig, D. (2002). Personal health records on the internet: A snapshot of the pioneers at the end of the 20th Century. International Journal of Medical Informatics, 65(1), 1-6. Sloman M., & Lupu, E. (2002, March). Security and management policy specification. In IEEE Network, 16(2), 10–19. Smith, K. S., & Ziel, S. E. (1997). Nurses’ duty to monitor patients and inform physicians. AORN Journal, 1(2), 235-238. Song, S.-J., Cho, N., Kim, S., Yoo, J., & Yoo, H.-J. (2006). A 2Mb/s Wideband Pulse Transceiver with DirectCoupled Interface for Human Body Communications. In Proceedings of IEEE International Solid-State Circuits Conference (Session 30, Silicon for Biology, pp.558-559). Philadelphia, PA. Sosa-Iudicissa, M., Luis J., & Ferrer-Roca, O. (1998). Annex I: Standardisation Bodies. In O. Ferrer-Roca & M. Sosa-Iudicissa (Eds.), Handbook of telemedicine (pp. 197-209). Amesterdam: IOS press, Amesterdam. Sprague, L. (2006). Personal health records: the people’s choice? NHPF issue brief / National Health Policy Forum, George Washington University, (820), 1-13. Retrieved

327

Compilation of References

from http://www.scopus.com/scopus/inward/record. url?eid=2-s2.0-39049183450&partnerID=40&rel=R7 .0.0.

Tentori, M., & Favela, J. Activity-aware computing for healthcare. Accepted for publication in IEEE Pervasive Computing, to appear.

Stanford, V. (2003). Beam Me Up, Doctor McCoy. IEEE Pervasive Computing, 2(3), 13- 18.

The European Parliament and the Council of the European Union (1995). Directive 95/46/EC. Retrieved February 19, 2008, from http://www.cdt.org/privacy/eudirective/EU_Directive.html

Stone, A. A., Shiffman, S., Schwartz, J. E., Broderick, J. E., & Hufford, M. R. (2003). Patient compliance with paper and electronic diaries. Control Clin Trials, 24(2), 182-199.

The Ponder2 Project (2008). Retrieved March 10, 2008 from http://www.ponder2.net.

Strauss, A., & Corbin, J. (1998). Basics of Qualitative Research: Techniques and procedures for developing grounded theory. Thousand Oaks, CA: Sage.

The US Congress (1996). Health Insurance Portability and Accountability Act. Washington D.C.. Retrieved February 19, 2008, from http://www.hhs.gov/ocr/hipaa/

Stuart, G. W., Laraia, M. T., Ornstein, S. M., & Nietert, P. J. (2003). An interactive voice response system to enhance antidepressant medication compliance. Top Health Inf Manage, 24(1), 15-20.

Thielst, C. B. (2007). The New Frontier of Electronic, Personal, and Virtual Health Records. Journal of Healthcare Management, 52(2), 75-78.

Suomi, R. (2001). Streamlining Operations in Health Care with ICT. In T.A. Spil & R.A Stegwee (Eds.), Strategies for Healthcare Information Systems, Idea Group Publishing: Hershey, PA, 2001, 31-44. Systat Team. (2008, January 6). Sysstat. Retrieved February 12, 2008, from http://pagesperso-orange. fr/sebastien.godard/. Tang, P., Ash, J., Bates, D., Overhage, J., & Sands, D. (2006). Personal health records: Definitions, benefits, and strategies for overcoming barriers to adoption. Journal of the American Medical Informatics Association, 13(2), 121-126. Retrieved from http://www.scopus. com/scopus/inward/record.url?eid=2-s2.0-33644682163 &partnerID=40&rel=R7.0.0.

Tönis, T., Hermens, H. J., & Vollenbroek-Hutten, M. (2006). Context aware algorithm for discriminating stress and physical activity versus epilepsy: AWARENESS deliverables (D4.18). Tsai, C., Lee, G., Raab, F., Norman, G., Sohn, T., Griswold , W., & Patrick, K. (2006). Usability and Feasibility of PmEB: A Mobile Phone Application for Monitoring Real Time Caloric Balance. Paper presented at 1st International Conference on Pervasive Computing Technologies for Healthcare Innsbruck, Austria. Tsai, C., Lee, G., Raab, F., Norman, G., Sohn, T., Griswold, W., et al. (2006). Usability and Feasibility of PmEB: A Mobile Phone Application for Monitoring Real Time Caloric Balance. Paper presented at the Pervasive Health Conference and Workshops, 2006.

Taylor, A., Manatunga, A., & Garcia, E. V. (2007). Decision Support Systems in Diuresis Renography. Seminars in Nuclear Medicine, 38(1), 67-81.

Tudor-Locke, C., Bassett, D. R. Jr. (2004). How many steps/day are enough? Preliminary pedometer indices for public health. Sports medicine, 34(1), 1-8.

Teich, J. M., & Wrinn, M. M. (2000). Clinical decision support systems come of age. MD Computing, 17(1), 43-46.

Ucar, B., Aykanat, C., Kaya, K., & Ikinci, M. (2006). Task assignment in heterogeneous computing systems. Journal of Parallel and Distributed Computing, 66(1).

TelemedicineAlliance. (2004). Telemedicine 2010: Visions for a Personal Medical Network. from http://www. esa.int/esapub/br/br229/br229.pdf

Uldal, S. B., Manankova, S., & Kozlov, V. (1999). Choosing a PC-based ECG System for a Mobile Telemedicine

328

Compilation of References

unit. The Health News magazine (www.Telemedtoday. com), (pp. 30-31). USDA Palm OS Search: Health Tech (2008). http://www. ars.usda.gov/Services/docs.htm?docid=5720 van Bemmel, J. H., & Musen, M. A. (Eds.). (1997). Handbook of Medical Informatics (1st ed.). Houten, the Netherlands: Springer-Verlag.

Want, R., Hopper, A., Falcão, V., & Gibbons, J. (1992). The Active Badge Location System. ACM Transactions on Information Systems, 10, 91-102. Waraporn, N. (2007). Confidence levels for medical diagnosis on distributed medical knowledge nodes. Paper presented at the International Conference on Computer Engineering and Applications, Gold Coast, Queensland, Australia.

Van der Aalst, W. M. P., Aldred, L., Dumas, M., & ter Hofstede, A. H. M. (2004). Design and Implementation of the YAWL System. In CAiSE 04, Riga, Latvia, June 2004. Springer Verlag.

Ward, A., Jones, A., & Hopper, A. (1997). A New Location Technique for the Active Office. IEEE Personal Communications, 4, 42-47.

Ventura, H. (2002). Diameter next generation’s aaa protocol.

Weigand, C. (2005). VITAL: Use and Implementation of a Medical Communication Standard in Practice. Computers in Cardiology, 32, 319-322.

Vihinen, M., & Samarghitean, C. (2008). Medical Expert Systems. Current Bioinformatics, 3(1), 56-65. Virzi, R. A. (1992). Refining the test phase of usability evaluation: how many subjects is enough? Human Factors, 34(4), 457-468.

Weiler, K., Christ, A., Woodworth, G., Weiler, R., & Weiler, J. M. (2004). Quality of patient reported outcome data captured using paper and interactive voice response diaries in an allergic rhinitis study; is electronic data capture really better? Program and Abstracts of papers presented during Scientific Sessions - AAAAI 60th Annual Meeting, 113(2, Supplement 1), S78.

Vitenzon, A. S., Mironov, E. M., & Petrushanskaya, K. A. (2005). Functional Electrostimulation of Muscles as a Method for Restoring Motor Functions Neuroscience and Behavioral Physiology, 35(7), 709-714.

Weiser, M. (1991). The computer for the 21st century. Scientific American, 265(3), 94-104.

Vmstat man page. Retrieved December 17, 2007, from http://linuxcommand.org/man_pages/vmstat8.html.

Weiser, M. (1991). The computer for the twenty-first century. Sci. Amer. 265, 3(Sept.), 94–104.

Walker, J. (2003). 802.11 security séries part ii: the temporal key integrity protocol. Intel Corporation. Retrieved from http://softwarecommunity.intel.com/articles/eng/1905.htm.

Weiser, M., & Brown, J. S. (1995). Designing Calm Technology. PowerGrid, 1(1).

Wang, H., Jung, B., Anuaje, F., & Black, N. (2003). ecgML: Tools and Technologies for multimedia ECG Presentations. Proceedings of XML Europe Conference. London. Wang, Q., Shin, W., Liu, X., Zeng, Z., Oh, C., Bedoor, K., Li, A., Caccamo, M., Gunter, C. A., Gunter, E., Hou, J., Karahalios, K., & Sha, L. (2006). I-Living: An Open System Architecture for Assisted Living. In Proceedings of IEEE SMC 2006.

Weisz, G. (2005). Divide and Conquer: A Comparative History of Medical Specialization: Oxford University Press (USA). Whalen, S. (2001, April). An introduction to arp spoofing. Retrieved February 15, 2008, from http://www.node99. org/projects/arpspoof/. White, D. (2006). Decision Theory: Aldine Transaction. Whiting, D., Housley, R., & Ferguson, N. (2003, September). Rfc 3610 - counter with cbc-mac (ccm). Retrieved

329

Compilation of References

March 8, 2008, from http://www.faqs.org/rfcs/rfc3610. html.

sequence spread spectrum wireless lans. Wireless Telecommunications Symposium, 129-136.

WHO (Ed.). (2005). The International Statistical Classification of Diseases and Related Problems (2nd ed.). Geneva: World Health Organization.

Xiao, Y., Rosdahl, J., Center, S. L. D., Linear, M., & Draper, U. T. (2002). Throughput and delay limits of IEEE 802.11. Communications Letters, IEEE, 6(8), 355-357.

Widya, I., Beijnum, B.-J. v., & Salden, A. (2006). QoCbased Optimization of End-to-End M-Health Data Delivery Services. Paper presented at the 14th IEEE International Workshop on Quality of Service (IWQoS).

Xing, Y., Hwang, J.-H., Çetintemel, U., & Zdonik, S. B. (2006). Providing Resiliency to Load Variations in Distributed Stream Processing. Paper presented at the 32nd International Conference on Very Large Data Bases.

Willmann, R. D., Lanfermann, G., Saini, P., Timmermans, A., Vrugt, J. te, & Winter, S. (2007). Home Stroke Rehabilitation for the Upper Limbs. Paper presented at EMBC 2007. Lyon, France.

Yoo, H.-J., Song, S.-J., Cho, N., & Kim, H.-J. (2007). Low Energy On-Body Communication for BSN. In Proceedings of 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007) (pp 15-20). Aachen, Germany.

Wood, A., Virone, G., Doan, T., Cao, Q., Selavo, L., Wu, Y., Fang, L., He, Z., Lin, S., & Stankovic, J. (2006). ALARM-NET: Wireless Sensor Networks for AssistedLiving and Residential Monitoring. Technical Report CS-2006-1. Charlottesville, VA: University of Virginia, Department of Computer Science. Woodward, B., Istepanian, R. S. H., & Richards, C. I. (2001). Design of a Telemedicine System Using a Mobile Telephone, IEEE, (pp. 13-15). Wootton, R., Craig, J., & Patterson, V. (Ed.). (2006). Introduction to Telemedicine. 2nd edition. London: Royal Society of Medicine Press Ltd. Wootton, R., Craig, J., & Patterson, V. (Eds.). (2006). Introduction to Telemedicine (2nd ed.): Rittenhouse Book Distributors. World Health Organization WHO (1993). Environmental Health Criteria 137, Electromagnetic Fields (300 Hz to 300 GHz), Geneva. World Wide Web (July 2002). Retrieved March 25, 2008, from: http://www.conformity.com/0207specific.pdf). Wpa . Retrieved February 8, 2008, from http://www. wi-fi.org/knowledge_center/wpa/. Wullems, C., Tham, K., Smith, J., & Looi, M. (2004). A trivial denial of service attack on ieee 802.11 direct

330

Yu, W. D., & Jothiram, V. (2007). Security in wireless mobile technology for healthcare systems In , e-Health Networking, Application and Services, 2007 9th International Conference on (pp. 308-311). doi: 10.1109/ HEALTH.2007.381659. Yuan-Hsiang, L., Jan, I. C., Ko, P. C. I., Yen-Yu, C., JauMin, W., & Gwo-Jen, J. (2004). A wireless PDA-based physiological monitoring system for patient transport. Information Technology in Biomedicine, IEEE Transactions on, 8(4), 439. Zhang, T., Wang, J., Liu, P., & Hou, J. (2006). Fall Detection by Embedding an Accelerometer in Cellphone and Using KFD Algorithm. International Journal of Computer Science and Network Security, 6(10), 277-284. Zhao, X., Fei, D., Doarn, C. R., Harnett, B., & Merrell, R. (2004). A Telemedicine System for Wireless Home Healthcare Based on Bluetooth and the Internet. Telemedicine Journal and e-Health, 10(supplement 2), 110-116. Zhu, S., Setia, S., & Jajodia, S. (2006). LEAP+: Efficient security mechanisms for large-scale distributed sensor networks. In ACM Transactions on Sensor Networks (Vol. 2, 4, pp. 500-528). ZigBee Alliance (2007). ZigBee 2007 Specification (Release 053474r1, May 2007).

Compilation of References

ZigBee Standards Organization (January 17, 2008). Copyright © 2007 All rights reserved, ZigBee Specification, ZigBee Document 053474r17. Zimmerman, T. G. (1996). Personal area networks: Nearfield intrabody communication. IBM Systems Journal, 35(3/4), 609-617.

331

332

About the Contributors

Dr Phillip Olla is the endowed Phillips Chair of Management and Professor of MIS at the school of business at Madonna University in Michigan USA, and he is also a Visiting Research Fellow at Brunel University, London, UK. His research interests include Knowledge Management, Mobile telecommunication, and health informatics. In addition to University level teaching, Dr. Phillip Olla is also a Chartered Engineer and has over 10 years experience as an independent Consultant and has worked in the telecommunications, space, financial and healthcare sectors. He was contracted to perform a variety of roles including Chief Technical Architect, Program Manager, and Director. Dr Olla is the Associate Editor for the Journal of Information Technology Research and the Software / Book Review Editor for the International Journal of Healthcare Information Systems and Informatics, and is also a member of the Editorial Advisory & Review Board for  the Journal of Knowledge Management Practice. Dr. Phillip Olla has a PhD in Mobile Telecommunications from Brunel University in the UK, he is an accredited Press member of the British Association of Journalism, Chartered IT Professional with the British Computing Society and a member of the IEEE society. Joseph Tan, Dip., BA, MS, PhD, holds a professional diploma in civil engineering from Singapore Polytechnic, an undergraduate degree in Mathematics and Computer Science from Wartburg College, IA, a Masters Degree in Industrial & Management Engineering from the University of Iowa, and a PhD. in Management Information Systems from the University of British Columbia (UBC). He has been a tenured associate professor, teaching in the Department of HealthCare & Epidemiology at UBC for many years prior to serving as Professor and Head of Information System and Manufacturing (ISM) department, School of Business, Wayne State University.Joseph publishes widely in numerous computing, ergonomics, information systems, health informatics, health education, e-health and e-business journals and has served as guest editor and member of various journal editorial boards. He sits on key organizing committees for local, national, and international meetings and conferences. Professor Tan’s research, which has enjoyed significant support in the last several years from local, national and international funding agencies and other sources, has also been widely cited and applied across a number of major disciplines, including healthcare informatics and clinical decision support, health technology management research, human processing of graphical representations, ergonomics, health administration education, telehealth, mobile health, and e-health promotion programming. *** Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

About the Contributors

Luís Antunes obtained a PhD in Computer Science at University of Porto. Currently he is an Auxiliary Professor at the Computer Science Department at University of Porto. Most of his research is on Computational Complexity and Cryptography. He is in the Coordination Committee of the first Health Informatics Master course in Portugal and has a strong collaboration with the Medical School of Porto University. He supervises several Master and PhD students in areas such as Access Control and Information Measures for Cryptography protocols. Heribert Baldus is principal scientist at Philips Research Europe in Eindhoven (The Netherlands). He studied electrical engineering and did his PhD at RWTH Aachen University of Technology. He is with Philips Research since 1989, in Hamburg, Aachen, and Eindhoven. Since then he has been leading various internal and international research projects on different areas of communication technology, especially public networks and network management, home-networking and wireless medical systems. He has various publications and more than 20 patents and patent applications. Furthermore, he is on the Technical Program Committee of several conferences on communication technology, services, and security. Luís Barreto received the BA degree in Electrotechnical and Telecommunications Engineering from the Oporto University, Portugal, and the Master degree in networking systems and security by the same University. He is a PhD. student in Electronical Engineering at the Aveiro University, Portugal. He is currently a Professor, Vice-President of the direction board of Business Science Superior School, Polytechnic University of Viana do Castelo (Escola Superior de Ciências Empresariais- Instituto Politécnico de Viana do Castelo) and Coordinator of the Business Computing Course. He is, also, the manager of different R&D projects, namely: NetStart (http://www.netstart.pt), CSI- Cooperation Servicing Innovation and SeeLe (Seeking Learning Evaluation- http://seele.ipvc.pt). The following subjects are Luís Barreto main interests: Networking Protocols, Wireless Security, Ad-hoc and Wireless Networks, E-learning, Web 2.0, Informal and Formal Learning. Pedro Brandão is an assistant lecturer at the Faculdade de Ciências da Universidade do Porto and a member of the Instituto de Telecomunicações – Porto group NIP. Currently, he is at the University of Cambridge on the Opera Group pursuing a PhD on body sensor networks . He is partially funded by Fundação para a Ciência e a Tecnologia from Portugal. In 2002 he received an ECE MsC from the Engineering School of University of Porto, where he also got his diploma. In his past he has worked on network security and ad hoc networks research, subjects that still drive some of his interests. As part of this work he was involved in the identity management system of the European FP6 IP Daidalos. His main research areas are sensor/actuators networks and protocols; middleware for sensor networks and network security. Beenish Chaudry is a doctorate student in the Computer Science Department at Indiana University. She is working on developing a Dietary Input Monitoring Application on PDA for low literacy dialysis population under the guidance of Prof. Kay Connelly. Kay H. Connelly is an Assistant Professor in the Computer Science Department at Indiana University where she leads the Security for Ubiquitous Resources Group (SURG). She is the Associate Director of IU’s Center for Applied Cybersecurity Research and a member of the Pervasive Technology Labs.

333

About the Contributors

Dr. Connelly’s research focuses on user acceptance of ubiquitous and mobile computing technologies where there is a delicate balance between such factors as convenience, control and privacy. Ricardo João Cruz Correia is an assistant lecturer and researcher at the Department of Biostatistics and Medical Informatics at the Faculty of Medicine of the University of Porto. His research interest is the electronic patient records and on the integration of heterogeneous healthcare information systems. He received his MSc in computer science from the University of Porto, and is currently a PhD student at the University of Porto. Rodrigo de Oliveira received a BSc degree in Computer Science from Federal University of Lavras, Brazil in 2002, and both MSc and DSc degrees in Computer Science from State University of Campinas, Brazil in 2004 and 2008 respectively. In 2007, he was awarded a Microsoft Research Fellowship and worked as a Research Intern in Microsoft Research, Redmond, USA. His research interests include Human-Computer Interaction, Mobile Computing, Machine Learning, and Health Monitoring Systems. He can be contacted at [email protected]. Changyu Dong received his BSc from Fudan University, China, in 1999 and his MSc from Imperial College London, UK, in 2005. Since then, he has worked as a research assistant in Imperial College London, on the project CareGrid. His research interests include trust and privacy management, applied cryptography, access control and policy-based management. Naranker Dulay is a senior lecturer in the Department of Computing at Imperial College London were he obtained his PhD. His research interests include architectures and runtime systems for security, privacy, trust, and context-awareness in distributed, mobile and pervasive systems. Dr. Dulay has over 60 publications in international conferences and journals and has served on numerous program committees. He currently leads research projects in autonomous trust domains for healthcare applications, validation of ubiquitous systems, urban design and pervasive systems, and pervasive workflows. Javier Espina is a research scientist at Philips Research Europe. He studied electrical engineering, specializing in telecommunications, at UPC in Barcelona (Spain) and graduated in 2002. Since then he has been with Philips Research Europe, first in Aachen (Germany) and currently in Eindhoven (The Netherlands), where he has worked on wireless connectivity middleware in the fields of mobile ad-hoc networks, wireless sensor networks and body area networks. His current research interests include body-centric wireless communications as well as time synchronization, interference management and medical applications of wireless sensor networks. Javier holds 9 patents and patent applications and has published several papers, and two book chapters. Thomas Falck studied computer science and graduated summa cum laude from RWTH Aachen University of Technology. Since 1992 he is with Philips Research Europe working on connectivity solutions for business communication, consumer electronics and medical systems. His current research interests include wireless body sensor networks, mobile ad hoc networks, and pervasive healthcare. Thomas is member of the Technical Program Committee of several conferences on communication technology for medical applications and acts as reviewer and guest editor for leading journals. He organized the 4th International Workshop on Wearable and Implantable Body Sensor Networks in 2007 in cooperation with RWTH Aachen. Thomas is author of various papers, book chapters, and patents. 334

About the Contributors

Jesús Favela is a professor of computer science at Cicese, where he leads the Mobile and Ubiquitous Healthcare Laboratory and heads the Department of Computer Science. His research interests include ubiquitous computing, medical informatics, and computer-supported cooperative work. He received his PhD from the Massachusetts Institute of Technology. He’s a member of the ACM and the American Medical Informatics Association. Contact him at the Computer Science Dept., Centro de Investigación Científica y de Educación Superior de Ensenada (Cicese), Km. 107 Carretera Tijuana-Ensenada, Ensenada, B.C., 22860, Mexico; [email protected]. Daniel Ruiz Fernández received his Bachelors degree in Computer Science from the University of Alicante (Spain) in 1998 and his Ph degree in Computer Science from the same university in 2003. Between 1999 and 2004 he worked as a lecturer at the University of Alicante. Since 2004, he has been an Associate Professor in the Department of Computer Technology and Information at the University of Alicante. Additionally, he is a founding member of the IBIS research group of the University of Alicante, and a member of IEEE and Computer Society. He has been a leader of several national projects related to medical informatics. His research interests are focused in medical informatics, computer architectures, distributed computing and computer networks. Ana Ferreira is an IT specialist at Porto Faculty of Medicine; she is a CISSP and is pursuing a PhD in Computer Science with a joint supervision between the University of Porto and the University of Kent, aiming at improving access control to healthcare information systems. Other main interests include information security for healthcare, wireless networks, usability, users’ awareness and education. Fernando Flores-Mangas received a double BSE degree in computer Engineering and Telematics Engineering from Instituto Tecnolgico Autnomo de Mexico, Mexico City in 2002 and a MSc degree in Computer Sciences from Universidad Nacional Autnoma de Mexico, in 2005. During that year, he also worked as a Research Intern with Microsoft, Redmond, USA. He is currently pursuing a PhD in Computer Science at University of Toronto, Canada. His research interests include various Computer Vision topics such as segmentation and registration, shape priors and structure from motion, but he is also interested in Machine Learning. His website can be found at http://www.cs.toronto.edu/˜mangas. Oscar Garcia-Morchon is a research scientist at Philips Research Europe. He studied electrical engineering, specializing in telecommunications, at Higher Engineering School in Zaragoza (Spain) and graduated in 2005. Since then he has been with Philips Research in Aachen (Germany) while working towards his PhD. in collaboration with the Distributed Systems Group at RWTH Aachen University of Technology. His research interests focus on networking and systems security, applied cryptography, security for mobile computing, and sensor networks. BjÄorn Gottfried works at the Centre for Computing Technologies in the Department of Mathematics and Computer Science at the University of Bremen, Germany, where he received his doctoral degree in the context of spatial reasoning. He is research scientist and lecturer in the context of artificial intelligence, spatial and diagrammatic reasoning, and image processing. Over the last ten years he published about fifty papers, mainly about spatial and temporal reasoning,image processing, and ambient intelligence. He is member in the programme committees of several workshops about ambient intelligence, smart homes and related fields and organises the annual BMI workshop on behaviour monitoring and interpretation. 335

About the Contributors

Hermie J. Hermens did his master in biomedical engineering at the University of Twente, the Netherlands. His PhD was on surface EMG simulation, processing and clinical applications. Currently, he is Professor in neuromuscular control at the University of Twente and cluster manager in the area of non-invasive assessment at Roessingh Research and Development, a research institute in the area of rehabilitation. He became recently head of a research group at the University, focused on remote monitoring and remotely supervised training. He is (co)-author of over 100 peer reviewed scientific journal publications (pubmed), 8 scientific proceedings/text books and over 250 congress contributions. He coordinated three European projects and participated in over 15 other international projects. He is fellow and past president of the International Society of Electrophysiology and Kinesiology (ISEK), editor in chief of the JBMR. His present research is focused especially on combining Biomedical Engineering with Information and Communication Technology to enable remote monitoring and remotely supervised treatment. Markku Kallio, PhD., MBA, is physician at Medical Society Duodecim. He does clinical work as well as helps develop tools to support physicians’ work. Karin Klabunde studied Computer Science and Linguistics at University Koblenz, Germany and University of Edinburgh, Scotland. She received her diploma in Computer Science in 1989. Since 1990 she is with Philips Research Europe, first in Aachen and now in Eindhoven (The Netherlands) working in the field of middleware and protocols for distributed systems. Her current research interests include wireless ad-hoc communication and body area networks, especially focusing on applications in the medical domain like monitoring of people’s vital signs in hospitals or at home. Val Jones received her PhD in Computational Sociolinguistics from the University of Newcastle upon Tyne in 1979. Since then she has conducted research at the Universities of Newcastle, Stirling, Aberdeen and Twente, in the areas of Computational Linguistics, Health Services Research and Computer Science. In 1992 she was appointed project leader of a health telematics evaluation project in Scotland and conducted a randomized controlled trial involving 15000 patients. Her experience in computer science includes research in the areas of Functional Programming, Software Engineering, Formal Methods, Knowledge Based Systems and mobile applications enabled by wireless technologies. In 2001 she initiated a new research theme at Twente relating to the use of Body Area Networks (BANs) for remote health monitoring and treatment. She was jointly responsible for the scientific coordination of the MobiHealth project. Current research interests include: application of modelling approaches to the design and development of e-health and m-health applications, the ICT research challenges raised by these applications and future m-health possibilities enabled by emerging technologies such as Ambient Intelligence and nanotechnologies. Desiree Lambert is a Registered Dietitian who has worked with dialysis patients at the Indiana University Medical Center in Indianapolis. She is currently President of the Indiana Council on Renal Nutrition, which organizes quarterly educational meetings for Renal Dietitians. She is also an active member of the National Kidney Foundation of Indiana. Katja Leiviskä is a doctoral student at the University of Oulu, Finland. Her research focuses on healthcare information systems.

336

337

Hailiang Mei received his BSc degree in 2001 from Beijing University of Technology, China and his MSc degree from the Delft University of Technology, the Netherlands in July, 2003. Both are in Electrical Engineering. Since July 2005, he works towards his PhD degree at the Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, the Netherlands. His PhD topic is on Smart Distribution of Bio-Signal Process in Mobile Healthcare. His current research interests include task assignment, dynamic reconfiguration and component based software engineering. Filipe Meneses is an invited lecturer of the Department of Information Systems, University of Minho. He received the “Licenciatura” degree in Computer Management, the Master degree in Information Systems, and the PhD. degree respectively in 1998, 2001 and 2008, from the University of Minho – Portugal.His research interests are in location and context management and in mobile and context-aware computing. His research activities have been developed within the ubicom@uminho research group at the University of Minho. He is a member of IEEE, the Computer Society and the Communications Society. Adriano Moreira is an Associate Professor in the Department of Information Systems, University of Minho, since 1996. He received the “Licenciatura” degree in Electronics and Telecommunications Engineering and the PhD. degree in Electrical Engineering, respectively in 1989 and 1997, from the University of Aveiro - Portugal. He has been a voting member of the IEEE 802.11 working group where he participated in the specification of the infrared physical layer. His research interests are in wireless local area networks and mobile and context-aware computing. His research activities have been developed within the ubicom@uminho research group at the University of Minho, which has been focusing its research in the creation of technologies for smart places. In the past few year he participated in many research projects funded by national and European programs, such as Supporting Location Based Internet Services (AROUND, FCT), Easy and friendly access to geographic information for mobile users (HYPERGEO, IST), Value Added Environments for Dynamic Support to Location-Based Services in UMTS Networks (VADE, FCT), Environmental Policy via Sustainability Indicators On a European-wide NUTS-III Level (EPSILON, IST), Location contexts for location-aware applications (LOCAL, FCT), and USability-drivEn open platform for MobilE GOVernment (USE-ME.GOV, IST). He is a member of the IEEE and the Communications Society. Harri Oinas-Kukkonen, PhD., is Professor of information systems at the University of Oulu, Finland. His current research interests include the next generation of the Web, electronic business, social and organizational knowledge management, network awareness and human attitude and behaviour change. His research has been published in journals such as ACM Computing Surveys, Communications of the ACM, The DATA BASE for Advances in Information Systems, European Journal of Information Systems, Information and Software Technology, Information Technology and Management, International Journal of Human-Computer Studies, International Journal of Networking and Virtual Organizations, Journal of Digital Information, Netnomics: Economic Research and Electronic Networking and Software Process Improvement and Practice. In 2005, he was awarded The Outstanding Young Person of Finland award by the Junior Chamber of Commerce. Nuria Oliver received the BSc (honors) and MSc degrees in Electrical Engineering and Computer Science from the ETSIT at the Universidad Politecnica of Madrid (UPM), Spain, in 1992 and 1994

338

respectively. She received her PhD degree from the Massachusetts Institute of Technology (MIT), Cambridge, MA, in June 2000. From July 2000 until October 2007, she was a researcher at Microsoft Research in Redmond, WA. In November 2007, she returned to Spain to create a research group in the scientific team of Telefonica R&D in Barcelona. Her research interests –where she has extensively published-- include smart environments, context awareness, statistical machine learning, artificial intelligence, health monitoring and human computer interaction. She has received a number of awards, including MIT’s ‘TR100 Young Innovators Award’ (2004) and the First Spanish Award of EECS graduates (1994). Besides her scientific publications, she is very interested in making science available to the general public. Her work has been featured on newspapers, magazines, radio and TV stations both in Spain and the US. Her website can be found at http://www.nuriaoliver.com. Antonio Soriano Payá received his Bachelors degree in Computer Science from the University Polytechnic of Valencia (Spain) in 1993 and his Ph degree in Computer Science from the University of Alicante (Spain) in 2001. Since 2002 he is an Assistant Professor in the Department of Computer Technology and Information at the University of Alicante. He coordinates the division of medical bioengineering in the Department and he is also a founding member of the IBIS research group of the University of Alicante. His research interests are focused in cybernetics, computer architectures and computer networks. Teppo Räisänen is a doctoral student at the University of Oulu, Finland. His research interests include Web 2.0 functionalities, social and organizational knowledge management and persuasive technology. Currently he is a Visiting Researcher at Stanford University. Giovanni Russello is a research associate in the Department of Computing at Imperial College working on the CareGrid project. He obtained is PhD form the Department of Mathematics and Computer Science at the Eindhoven University of Technology (TUE). Part of his PhD was conducted at the Software and Architecture (SwA) Group of Philips Research Laboratories in Eindhoven. Giovanni’s research interests focus on trust management, access control mechanisms and policy-based management. Daniela Segura is a graduate student in computer science at Cicese. Her research interests include ambient information systems, ambient displays, mobile and ubiquitous computing, human-computer interaction and software engineering.Contact her the Computer Science Dept., Centro de Investigación Científica y de Educación Superior de Ensenada (Cicese), Km. 107 Carretera Tijuana- Ensenada, Ensenada, B.C., 22860, Mexico; [email protected] Susana Sargento graduated in Electronics and Telecommunications Engineering from the University of Aveiro, in 1997 and concluded her PhD in 2003. In September of 2002 she joined the Department of Computer Science in the Sciences Faculty of the University of Porto, where she lead the Computers Networks research group, and in February 2004 she returned to the University of Aveiro. Her main research interests are in the areas of next generation heterogeneous networks (infrastructure and adhoc, including broadcast), more specifically in QoS, mobility, routing and charging issues, with more than 100 papers published in the area. She is currently involved in several European IST projects on

339

next generation architectures (Daidalos, EuroNF, WIP, C-Cast). She has leadership responsibilities of self-organizing activities and QoS 4G architectures inside the Daidalos project. Matti Seppänen, MD, is physician at Medical Society Duodecim. Katie A. Siek is an Assistant Professor in Computer Science at the University of Colorado at Boulder. She is interested in integrating pervasive technologies in health and wellness environments to study how technology affects interventions. Her research interests include human computer interaction, ubiquitous computing, health informatics, and performance support systems. Monica Tentori is a doctoral student in computer science at Cicese and a lecturer in computer science at the University of Baja California. Her research interests include ubiquitous computing, human-computer interaction, and medical informatics. She received her MSc in computer science from Cicese. She’s a student member of ACM-Sigchi. Contact her at the Computer Science Dept., Centro de Investigación Científica y de Educación Superior de Ensenada (Cicese), Km. 107 Carretera TijuanaEnsenada, Ensenada, B.C., 22860, Mexico; [email protected]. Bert-Jan van Beijnum received his MSc and PhD in Electrical Engineering from the University of Twente. He is an assitent professor of the Remote Monitoring and Treatment research group at the University of Twente, the Netherlands. His research is embedded in the projects of the Centre for Telematics and Information Technology (CTIT) and the Institute of Biomedical Technology (BMTI). His research interests include Autonomic Computing, Mobile Virtual Communities, Telemedicine information systems, ICT Management, Task Assignment Systems and algorithms, Application layer mobility handover mechanisms and QoS. Janet L. Welch is an Associate Professor and Chair of Adult Health at the Indiana University School of Nursing. Her program of research focuses on self-management of diet and fluid intake among adults receiving hemodialysis. Ing Widya has a PhD in Stochastic Signal Processing and is an assistant professor at the Faculty of Electrical Engineering, Mathematics and Computer Science of the University of Twente in the Netherlands. He is a member of the “Remote Monitoring & Treatment” group of the chair Biomedical Signal and Systems. His research is embedded in the projects of the Centre for Telematics and Information Technology (CTIT) and the Institute of Biomedical Technology (BMTI) of the university. His current research is on internet protocols & QoS control for telemedicine system adaptivity. Jacqueline Wijsman has a BSc in Biomedical Engineering and currently is a Master student in Biomedical Engineering at the University of Twente in the Netherlands. She wrote her bachelor thesis in the field of investigation and modeling of different ECG standards, equivalencies and differences among the standards and ways to deal with storage and conversion of ECG records. Jasemian, Yousef, Ass. Prof., project mgr. for knowledge Ctr., Leader of pervasive healthcare lab., Aarhus Engring Coll., Denmark, 2007- ; b. Abadan, Iran, Dec. 20, 1954; Diploma in El. & Telecomm. Engring., Engring. Coll., Iran, 1975; BSc. in Biomed. Engring., Aarhus Engring Coll., Denmark, 1991;

340

MS in Biomed. Engring., Denmark Tech. U., 1998; Diploma in TCM, Acupuncture and Manual Therapy, Physical Therapy Sch. Fredericia, Denmark, 2002; PhD in Health Sci. and Tech. Aalborg U., Denmark, 2005; MSc. in Health Sci., Aarhus U., Denmark, 2008; Leader Iranian Oil Refinery and Nat. Iranian Petroleum, Abadan, 1975-83; Iranian Offshore Oil Co., Dep. Telecomm., Lavan Island, Parsian Gulf, 1983-85; lectr. project devel., communication, mktg. and promotion Fedn. Free Info., Aarhus, Denmark, 1992-94; Rsch. Asst. Royal Dental Coll., 1992-94; Rsch. Asst. prof. Dep. Info. Tech., Denmark Tech. U., Lyngby, 1998-99; Software designer Ericsson Mobile Co., Aalborg, 1999-2002; project mgr., Ericsson Mobile Co., Aalborg, 2002-05; acupuncturist and manual therapist, pvt. Practice, 2002-; asst. rsch. Prof. Ctr. Sensory-Motor Interaction, Dep. Health Sci. & Tech., Aalborg U., 2005-07; Achievements include invention of Wireless Telemedicine System applying Bluetooth tech. & Cellular Communication Network: New Approach for Real-time Remote Patient Monitoring; Publishing scientific booklets; received rsch. & travel grants from Ericsson & two U.; Contbr. scientific, articles, abstract to international journals; oral & poster presentations in health sci. & biomedical engineering; organized scientific workshops within pervasive healthcare; Expert reviewer Rsch. Grants diff. Com.; Expert reviewer for international journals; member of diff. scientific communities including IEEE, DSKT, IASP, ANMP, IBRO and SASP.

341

Index

Symbols 7C model 111,  112,  115,  116,  118,  123 802.1X 30,  31,  32,  33,  43 α-secure Key Distribution Schemes (α-sKDSs) 170,  171

A abstract syntax 73,  74,  77,  78,  79,  80,  81,  86,  88,  89,  90 access control 29,  30,  31,  35,  41,  42,  43,  63,  103,  138,  192,  247,  248,  249,  251,  252,  255,  259 access control lists (ACLs) 139, 247 access points (APs) 31 access to medical literature 112,  113 active digital aura (ADA) 167 active digital aura (ADA) module 167 activities of daily care 148,  149,  150 activities of daily living (ADL) 143,  151 activity-aware server 153,  154 ad hoc network 139,  140,  166 adopted information 71 advanced encryption standard (AES) 33,  173,  192 Aiemagno, Sonia A. 4,  21 alcoholism 4 ambient displays 143,  144,  145,  147,  148,  151,  156,  157,  158 ambulatory cardiac monitoring 131 America’s Health Insurance Plans (AHIP) 59 American College of Radiology (ACR) 84

American National Standards Institute (ANSI) 59,  84 AMON prototype 210,  211 angle of arrival (AOA) 264 anonymity 134,  139,  140,  200 anorexia nervosa 129,  132 application availability 290,  295 apraxia 93 arp spoofing option 37 artificial entities 92,  100,  101,  102,  103,  104,  105,  106,  107,  108 artificial objects 272 assignment constraint 296 asynchronous connection less (ACL) 191 asynchronous transfer mode (ATM) 185 audio-visual data 71 audit log 63 authentication, authorization and accounting (AAA) protocols 32 authentication header (AH) 34 authorisation policy 247,  256 average heart-rate 219,  220 awareness 145,  158,  212,  269

B back filled entries 11 barcode 1,  2,  3,  5,  6,  7,  8,  9,  11,  12,  16,  17,  20,  169 barcode ed application 5,  8,  9,  12 barcode ed skills 8 base station controller (BSC) 193 battery-powered entities 130

Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.

Index

battery lifetime 290,  295 blood glucose 58,  67,  182 blood oximetry 211 blood pressure sensor (BPS) 254 Blue Cross and Blue Shield Association (BCBSA) 59 BMA policy model 246,  247 body-coupled communication (BCC) 159,  160,  166 body area network (BAN) 164, 176, 210, 287 body sensor network (BSN) 165,  167 bulimia 280,  281

consumer subscription model 50 context 20,  31,  72,  75,  79,  80,  82,  94,  122,  131,  145,  146,  153,  165,  168,  171,  174,  232,  245,  246,  248,  252,  254,  255,  259,  260,  261,  262,  263,  264,  265,  268,  269,  271,  283,  285,  286,  287,  288,  289,  291,  304 context-aware 157,  261 context management 261,  262 cooperative clinical decision support system (CCDSS) 98 cryptographic functions 33

C

D

cell-ID 264,  268 central repository (CRep) 26 chaining message authentication code protocol (CCMP) 33 chronically ill 1,  2,  4,  13,  19,  141,  160 chronic kidney disease (CKD) 2, 20 chronic obstructive pulmonary disease (COPD) 130, 182 chronic pain 129,  132 cipher protocol 33 circulatory collapse 272 CKD patients 2,  6,  7,  17,  19,  20 clinical decision support system (CCDSS) 95, 98, 108 clinical usage 173 clustering algorithm 266 Cochrane Library 117 code division multiple access (CDMA) 67 collective intelligence 111,  112,  115,  116,  120,  123 competition 208,  209,  210,  211,  212,  220,  221,  222,  223,  231,  232,  233,  234,  235,  236,  237,  238,  239,  240,  243 Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) 20 computer-based applications 47 computer-based tools 211 conceptual structure 72,  78,  89 consumer purchase 49 consumer purchase model 50 consumer subscription 49

data security 129,  130,  132,  135,  185,  195,  200,  203,  289 decision support system (DSS) 95, 97, 98, 108 denial of service (DoS) 36,  37 departmental information systems (DIS) 26 Department of Health and Human Services (DHHS) 51 Deterministic Key Pre-Distribution Scheme (DPKPS) 172 diagnosis-related tasks 92 diagnosis algorithm 102 diagnostic module 102 digital form 78 Digital Music Library (DML) 212,  218 disarthria 93 disease monitoring 131 drug interaction database 117

342

E e-activity 153 ECG model 77,  84 Egyptian era 92 electrocardiogram (ECG) 131,  160,  213 electromagnetic compatibility (EMC) 200 electronic health record (EHR) system 45, 247 electronic monitoring 9 electronic patient record 24 electronic pharmacopoeias 112,  113 emergency flowers 154,  155 employee support model 50 encapsulating security payload (ESP) 34 end-to-end delay 290

Index

end of study compliance 18 enhanced-observed time difference (EOTD) 264 epileptic seizure detection 287,  288,  289,  290,  304 equivalency 82 ettercap tool 36 evaluation model 58 event-condition-action (ECA) 250 event-condition-action (ECA) policies 250 event-driven model 160 evidence-based medical guidelines (EBMG) 117 evidence-based medical procedures 248 evidence-based medicine 112,  113,  114 extensible authentication protocol (EAP) 30

F familiarity 13,  260,  261,  262,  264,  265,  266,  268,  269 free model 50 frequency hop synchronization (FHS) 191 fundamental challenge 130,  203

G general practitioner 72,  122 geographic objects 272 getting lost behaviour 283 glanceable interface 208,  209,  210,  212,  220,  223,  231,  236,  239 global system for mobile communication (GSM) 185 group ad-hoc network (GN) 189 GSM cell 268 GSM networks 264,  267 GSM phone 265

H health-related quality 4 Health 2.0 46,  52 healthcare applications 43,  52,  72,  75,  76,  80,  83,  165,  170,  178,  179,  245,  246,  258 healthcare environment 25,  45,  135

healthcare information 24,  25,  47,  57,  68,  69,  111,  112,  113,  115,  117,  120,  123,  246,  247,  248,  249,  258 healthcare information system 111,  112,  113,  117,  120,  123 healthcare institution 25,  30,  41 healthcare professionals 24,  25,  26,  28,  35,  75,  76,  99,  108,  183,  187,  237,  246,  248 healthcare provider 46,  53,  287 healthcare system 56,  75,  76,  77,  83,  137,  140,  159,  160,  161,  182,  184,  192,  200,  285,  286,  304,  305 healthcare treatment 24 health informatics 5,  113,  124 Health Insurance Portability and Accountability Act (HIPAA) 170 health level seven (HL7) 46,  58 health monitoring 25,  58,  160,  166,  174,  203,  208,  209,  210,  211,  237,  241,  288 healthy lifestyle 2 heart rate 149,  214,  217,  218,  220,  226,  229,  241 Helzer, John E. 4,  20,  21 hospital-based 5,  59,  182 hospital patient record (SAM) 28 host controller interface (HCI) 190 hypertension 129,  132,  142 hyper text transfer protocol (HTTP) 104

I ICT environment 73 iHospital 145,  146 individual-social dichotomy 119 industrial scientific medical (ISM) 189 information model 104 information systems 24,  27,  42,  63,  67,  68,  69,  108,  111,  112,  113,  114,  115,  116,  120,  123,  177,  246,  258,  270,  271,  277,  282,  284 Information technology (IT) 45 infra-red cameras 246 Infrared Data Association standard (IrDA) 186 Institute of Electrical and Electronics Engineers (IEEE) 32,  200

343

Index

integrated services digital network (ISDN) 185 integrated voice response system (IVRS) 1,  2,  12 integration model 27 integrity 28,  29,  34,  41,  44,  62,  100,  129,   130,  132,  134,  170,  173,  186,  203,   252 International Organization for Standardization (ISO) 73 internet key exchange (IKE) 34 intervention 2,  3,  4,  5,  58 IP security 33 IP security (IPSec) 33 IVR-based data collection 5

K key distribution 173 key distribution center (KDC) 171 key management 175 knowledge management 114,  123,  284

L lightweight directory access protocol (LDAP) 32 link control and adaptation protocol (L2CAP) 190,  191 link manager (LM) 190 literacy skills 5,  7,  9,  10,  18 local syntax 77,  78,  89 location-based 261,  263 longitudinal data 122

M m-health 45,  65,  178,  180,  182,  185,  187,  188,  285,  287,  306 m-health system 180,  287,  288,  289,  290,  291,  292,  294,  296,  297,  303 MADE middleware 289,  291,  302,  305 man-in-the-middle (MITM) 36 Medical Implant Communication Service (MICS) 163 medical literature 112,  113,  114 medical records 48,  62,  64,  129,  130,  150,  246,  248,  249,  264,  269 medical system 142,  205,  268

344

medical team 92,  105 Medicine Working Group 114,  124 medium access control (MAC) 31,  176,  177 memorandum of understanding (MOU) 59 message integrity check (MIC) 31 methodology 2,  98,  148,  161,  233,  243 Metronome condition 225,  229,  230 Microsoft 3,  32,  43,  44,  46,  49,  52,  64,  66,  214,  243 mobile computing module 212 mobile healthcare information 111,  112,  113,  117,  120,  123 mobile healthcare information system 111,  112,  117,  120,  123 mobile personal health record (MPHR) 45 mobile PHR 60 mobile PHR system 63 mobility 146,  157,  158,  265,  266,  267 Mobility Index 265,  266,  267 multi-media 71 Mundt, James C. 4,  22 musical feedback 208,  209,  212,  213,  223,  225,  226,  231,  239 music finding module 213

N National Committee on Vital and Health Statistics (NCVHS) 47 National Health Information Network (NHIN) 59 National Health Service (NHS) 247 Network Access Point (NAP) 187, 188, 189,  191,  201 network attacks 25,  36 network connectivity 264 network formation 168 next action module 213 non-intrusive 209,  210 NP-hard 295,  299,  305 nutrition monitoring systems 20

O off-line processing 210 open systems Interconnections (OSI) 73 OSGi framework 286,  303,  305

Index

OSI presentation layer model 77 outpatient dialysis unit 5

P pace information 212 parking lot compliance 18 PDA technology 3 personal area network (PAN) 189,  210 personal digital assistant (PDA) 2,  20,  161,  183,  188 personal health information (PHI) 51 personal health record (PHR) 45, 60 personal health record system functional model (PHR-S FM) 58 personal identifier (PI) 166 personal records of healthiness 282 persuasive interfaces 238 persuasive technologies 211 pervasive 21,  22,  90,  141,  142,  143,  157,  158,  176,  178,  183,  202,  205,  242,  245,  261,  269,  283,  306 pervasive computing systems 245 pervasive healthcare application 258 pervasive technologies 143 Pharmaca Fennica 117,  118,  121,  126 pharmacology database 117 pharmacopoeias 113 photoplethesmography (PPG) 186 photoplethysmogram (PPG) 161 PHR functional model 67 PHR systems 45,  46,  48,  49,  52,  53,  55,  59,  60,  62,  64,  67,  68 physiological state 212 Piette 3,  4,  21,  22 Piette, John D. 3,  4,  21,  22 place lab system 262 plain old telephone service (POTS) 185 policy enforcement point (PEP) 35, 249 Ponder policy language 250 post-study interview 11 professional mobile radio (PMR) 196 public-key cryptography 172,  173 public switched packet data network (PSPDN) 193

Q quality of care 180,  181,  285 quality of service (QoS) 183,  187,  286,  305,  306 Questionnaire for User Interface Satisfaction (QUIS) 8

R radio frequency (RF) 195 Rand, C. S. 18 real-life environment 129,  132 real-time analysis 210 real-time physiological monitoring 208,  209 record managed objects (RMO) 251 remote access dial-in user service (RADIUS) 32 remote monitoring systems 182,  286 research prototype 208 role-based access control (RBAC) 29, 246 rule-based DSS 95

S scanner input 2 score function 221,  222,  240,  243 secure digital (SD) card 213 secure logical network 35 secure socket layer (SSL) 67,  104 secure socket layer (SSL) protocol 104 secure wireless architecture 25,  35 security domain (SD) 170 security protocols 25,  30,  31,  34,  35,  134,  174 sensing module 212 sensor managed objects (SeMO) 251 service discovery protocol (SDP) 191 short message service (SMS) 67, 198 SIM card 63 simple object access protocol (SOAP) 104 situation flowers 154,  155 smart body-worn medical sensors 160 smart environment 145,  153 spatial health system 271,  282 spatial representations 272,  273 spatial scale 274,  283 spatiotemporal behaviour patterns 273

345

Index

spatiotemporal developments 271,  274 spreading of diseases 272 stakeholder 75 Stephen Intille 3 storage capacity 56 Stuart, Gail W. 4,  22 subject-return authorisation (SRA) 252 subject managed objects (SMO) 250 symbolic data 266

T target-return authorisation (TRA) 252 task assignment 296,  297,  306 task redistribution 285,  286,  287,  289,  290,  291,  303,  304,  305 technical committee (TC) 84,  196 telemedicine 91,  110,  133,  135,  141,  142,  178,  181,  186,  187,  204,  205,  206,  238,  243,  286,  306 telemedicine solutions 129,  130 temporal key integrity protocol (TKIP) 31 testbed 36 time difference-of-arrival (TDOA) 264 time division multiple access (TDMA) 193,  194,  196,  200 time division multiplexing frame (TDM) 193,  200 tobacco use 2 training zones 218,  224,  235,  236,  237 transfer syntax 73,  75,  77,  78,  86,  87,  88,  89 transport layer security (TLS) 31 trend sign 74 TripleBeat’s Digital Music Library (DML) 218 TripleBeat system 208,  210,  214,  223,  231,   239 trusted computing (TC) 140,  141 typical running 220

U unified modeling language (UML) 74,  81 United States Department of Agriculture (USDA) 3 universal mobile telecommunications system (UMTS) 185,  201

346

universal serial bus (USB) 55,  187 user-centric systems 210 user identification 29,  42,  159,  160,  167,  168,  171,  173,  175,  179

V VEPR architecture 25 virtual competition 208,  209,  212,  220,  223,   231,  233,  234,  239 virtual electronic patient records (VEPR) 24 virtual LAN access control lists (VACL) 34 virtual LANs (VLANs) 32 virtual private networks (VPNs) 34 vital sign 71,  72,  73,  74,  75,  76,  77,  79,  80,  81,  82,  83,  87,  89,  129,  130,  132,  144,  149,  150,  160,  173,  182,  183,  187,  188,  203,  211,  242,  273,  281

W wearable physiological monitoring 210,  211 web-based interface 26 web-services 27 web interfaces 27 Weiler, Kay 4,  22 Wi-Fi protected access 31 wireless architecture 25,  29,  35,  41 wireless body area networks (WBANs) 163 wireless body sensor networks (BSNs) 159 wireless local area network (WLAN) 30 wireless medical telemetry systems (WMTS) 163 wireless personal networks (WPANs) 163 wireless technology 24,  25,  28,  29,  165,  183,  186,  189,  194,  200 wireless version 25 work community 111,  112,  120,  123,  126 workflow 94,  112,  114,  245,  247,  248,  249,  250,  254,  255,  256,  257,  258,  259,  292 workout goal 221,  224,  227,  229,  234 World Wide Web Consortium (W3C) 104

Y YAWL system 250

Index

Z ZigBee 163,  173,  179,  196,  197,  198,  201,  202,  203,  207 ZoneAccur 221,  222,  243

347