Projects and Components

SHARPS is organized around three major environments: Electronic Health Records (EHR), Health Information Exchanges (HIE), and Telemedicine (TEL).

SHARPS research projects in these strategic areas are interconnected through three cross-cutting themes: conceptual and policy foundations, service models, and open validation. Research directed at each environment will develop security foundations, policies and technology tools, and concrete approaches supporting electronic use and exchange of health information while assuring and enhancing individuals’ safety and privacy.

The SHARPS projects are organized as a set of three to four components, each with a multi-institutional, interdisciplinary team consisting of researchers at universities in collaboration with industrial partners, consultants, and advisors with proven track records of collaboration and impact.

Each component includes three to seven milestones. Short-term research milestones will be completed within two years, and long-term milestones will be completed within four years.

Electronic Health Records (EHR)

The EHR project focuses on issues related to the security and privacy of health records within a single care delivery organization (CDO), such as a hospital or doctor’s office. The EHR project includes three components:

  • Self-Protecting EHR (EHR-PROT) addresses defense-in-depth protection of records within an enterprise or in outsourcing by using attribute-based encryption to enforce SHARPS-developed protection requirements.
  • Policy Terrain and Implications of HIT (EHR-POL) addresses the inadequacy of existing frameworks for formulating and understanding privacy policies by developing contextual integrity underpinnings for application-enabling privacy practices.
  • Privacy-Aware Health Information Systems (EHR-PAHIS) meets needs for highly assured conformance to privacy policies by developing new strategies for building such systems based on trust management systems.

Health Information Exchange (HIE)

The HIE project is concerned with the security and privacy of health records as they are exchanged between CDOs and/or individuals. The HIE project has three components:

  • Responsive, Secure Health Information Exchange (HIE-RSHIE) addresses the inadequacy of current service models for exchanges by demonstrating how model-based design can be applied to HIT.
  • Experience-Based Access Management (HIE-EBAM) addresses the need for an engineering model for the evolution of access controls limiting insider threats with a lifecycle model based on strategies from attribute-based rule sets and machine learning.
  • Personal Health Records (HIE-PHR) addresses the inadequacy of privacy standards for third-party PHRs through policy exploration with PHR stakeholders, leading to development and transition of supporting technology.

Telemedicine (TEL)

The TEL project addressed the security and privacy of implantable medical devices, remote monitoring, tele-immersion, and safety. Patient Safety Assessment — Increase patient confidence regarding the safety and security of telemedical devices by offering accurate technological risk assessments grounded in a review of FDA data.  The TEL project has four components:

  • Implantable Medical Devices (TEL-IMD) addresses control operations on implanted medical devices without proper authorization by developing techniques for achieving measurable security for such devices relative to specified infrastructure.
  • Remote Monitoring for Mobile and Assisted Living (TEL-REMOTE) addresses usable security for remote monitoring and home healthcare with an mHealth security framework and service model.
  • Tele-immersion (TEL-IMMERSE) addresses the need for efficient provisioning for security and privacy in tele-immersion by linking classification to encryption.
  • Patient Safety Assessment (TEL-SAFETY) addresses inadequate quantification of safety risks for medical devices in the face of security threats with a plan based on using Food and Drug Administration (FDA) adverse event reports to develop risk assessments.