Collaborative services for eHealth and Ambient Assisted Living (AAL) Use Case
Most modern societies are facing challenges caused by demographic changes, ageing populations and a rise in the prevalence of chronic diseases. At the same time financial and operational pressures on the health sector requires a substantial increase in efficiency. Advances in technology (e.g. Ambient Assisted Living, TeleCare, etc.) allow elderly people to live independent of residential care homes and lead a self-determined life. As a result, provision of health and home care services will experience major changes. Depending on the specific situation of an individual, a tailored portfolio of services has to be provided by a multitude of organisations (e.g. health and home care service providers, doctors, hospitals, home system providers, facility management and maintenance services, health insurance, etc.). The orchestration of these services requires dynamic collaboration and information exchange across all these different organisations with heterogeneous IT infrastructures in order to safely share sensitive information relevant to the respective individual and care situation (e.g. personal health records (PHR), blood pressure and pulse meter readings, etc.). This results in challenges in the areas of provisioning, access control, management, trust, accounting, traceability, data security, privacy, and compliance with legal requirements.
Provisioning of trusted, dynamic collaborative services, where organisations can join collaborations when required/needed, calls for a scalable eAuthentication and eAuthorisation framework with efficient identity and access management and access control mechanisms, reputation management, mobile medical device and data security mechanisms, and data anonymization.
The eAuthentication and eAuthorisation framework developed within this project will also be applied to a specific instance of a collaborative eHealth and Ambient Assisted Living (AAL) service scenario and tested for its suitability with respect to security and privacy requirements under real-life conditions. The German Red Cross, Heidelberg (DRK) is a major regional home emergency call and social service provider in the Rhine-Neckar Metropolis region. The DRK is collaborating with several regional emergency and social care providers, as well as third party health and home care service providers in order to deliver tailored social care services to their customers.
In its Home Emergency Call Service Centre (HEC) in Heidelberg the DRK coordinates 24h/7d emergency response and home care services as well as 3rd party service procurement (e.g. Menu-Services, Assisted Mobility /Travel- Services, Housekeeping and Nursing Assistance, etc.) for customers equipped with a home emergency call system and connected via analogue telephone networks, broadband IP-networks, or mobile networks to the HEC. An overview of the DRK Home Emergency Call Service portfolio is given in the figure below. As a social care service provider the DRK has major responsibility for the safety and confidentiality of sensitive personal data, needed to implement reliable service structures, safeguard customer privacy, and strengthen the trust relationship with customers. Intrinsic security and safety of all data transfer, authentication, and authorisation mechanisms therefore are essential. A reliable and efficient architecture for access control has to be established.
For this pilot approximately 20 homes of DRK HEC customers will be equipped with AAL system infrastructure and hardware components, e.g. various sensors for in-home activity and status monitoring. Typically customer data gathered from these installations is transferred to a dedicated server, where the data is analysed. Depending on the analysis results either an active or a reactive intervention by care service providers is triggered to assist the home customers. While the care coordination service provider (DRK) is the primary user of the data, it is planned depending on situational necessities to provide limited access – time and content wise - to selected data to third parties that are involved in the home-care/emergency service handling, e.g. doctors, home care service providers, care givers, relatives, etc. This would allow providing more flexible, efficient and personalised care services. In order to leverage such complex service interactions and enable cross-domain data exchange and access to sensitive customer data in a transparent and controlled manner with the required level of security, privacy and trust, the eAuthentication and eAuthorisation framework will be adopted to support the pilot scenario. The framework will be integrated with the existing HEC and AAL service infrastructure so that it can be tested and evaluated in real-life settings, by real customers.
Overview DRK HEC Service and Collaboration Scenario