Protecting patient confidentiality in the Internet of Medical Things through confidential computing

Abstract

The Internet of Medical Things (IoMT) provides a network of distributed devices that generate a wealth of data for clinicians and medical researchers. The global COVID-19 pandemic has demonstrated the benefits that IoMT data has brought about for remote medical services and clinical diagnosis. While the security of remote IoMT devices is an established area of concern, enforcing the privacy of the data that they both generate and process requires a data-first approach to network design. How can a distributed IoMT network simultaneously ensure the integrity of distributed devices and maintain the privacy and confidentiality of protected healthcare information (PHI)? In this positioning paper, we outline the issues that must be addressed by manufacturers of IoMT devices and those responsible for the system architectures that process gathered healthcare and contextual data. We consider how the nascent technology of confidential computing addresses the dual requirements of systemic security and data confidentiality, and we provide a conceptual architecture based on current developments within the field. Our analysis of the practical considerations associated with IoMT deployment reveals a fundamental requirement for a data-first approach to security that is governed by patient consent and zero-trust principles.

Ähnliche Arbeiten