Security and Privacy Issues in Ehealthcare Systems : Towards Trusted Services

Recent years have witnessed a widespread availability of electronic healthcare data record (EHR) systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics, or other institutions. To improve the quality of healthcare service, EHRs could be potentially shared by a variety of users. This results in significant privacy issues that should be addressed to make the use of EHR practical. In fact, despite the recent research in designing standards and regulations directives concerning security and privacy in EHR systems, it is still, however, not completely settled out the privacy challenges. In this paper, a systematic literature review was conducted concerning the privacy issues in electronic healthcare systems. More than 50 original articles were selected to study the existing security approaches and figure out the used security models. Also, a novel Context-aware Access Control Security Model (CARE) is proposed to capture the scenario of data interoperability and support the security fundamentals of healthcare systems along with the capability of providing fine-grained access control. Keywords—Electronic health records; Systematic review; Privacy; Security regulations; Interoperability


INTRODUCTION
The widespread availability of ubiquitous medical wearable devices such as smart medical sensors and the using of medical management software systems led the revolution of collecting healthcare data.In this context, sensors and medical systems can be operated by very diverse organizations to continuously sensing patient data during the medical process.However, only authorized users such as medical stuff should have access to the collected health data as it almost always contains confidential and sensitive data.
In fact, several pieces of regulations and standards have been proposed to protect individual privacy.One can consider, the HIPAA (Health Insurance Portability and Accountability Act of 1996) that provides data privacy for personal health care information, the European Data Protection Directive 95/46/EC, the GLBA (Gramm-LeachBliley Act, the Sarbanes-Oxley Act, and the EUs Safe Harbour Law [1].These laws usually require strict security measures for sharing and exchanging health data, and failure to comply with them is strongly sanctioned, with severe penalties being imposed. In this context, electronic healthcare systems (EHRs) employee such rules and thus were categorized as security critical systems [2].These systems are differentiated in one important aspect to other systems: The balancing between confidentiality and availability.The tension between these goals is clear: while all the patient's data should be available to be shared and monitored to deliver professional healthcare services; for security reasons, part of the data may be considered confidential and must not be accessible.Clearly, reconciling between the pair goals should be achieved to provide the best possible care for patients.Indeed, EHRs are real-time, patient-centered systems that make data available and managed by authorized providers in a digital format.In fact, EHR was built upon the standards of collecting data from patients and is composed of three main components: A set of intelligent physiological sensors with a personal server to gather the vital signs, a heterogeneous network, and a remote health care server.In EHRs, users may be a health data owner (i.e., patients) or a requester (i.e., doctors or pharmacists), servers, in turn could be local or cloud servers that store, process and analyze the gathered health data [3,4].Networks, on the other hand, act as the bridge connecting between patients and the medical staff to support the transmitting and sharing of data [4].Fig. 1 illustrates the typical architecture of EHR system.
Although of many benefits provided by healthcare systems, nevertheless, there are vulnerable to a wide range of security threats because of their portability and design [10].Specifically, threats were emerged at each level of the system, for instance: At data collection level [5][6][7][8][9][10], At transmission level [11][12][13][14], and At storage level [15][16][17][18][19].These threats were described in Section III.In addition to the aforementioned threats, some patients worry while using healthcare systems applications.So, it is necessary to ensure patients feel fully confident to use the system and have their own privacy control over it [11].To this end, in this paper, we conduct an in-depth survey study to analyze the healthcare system's security and privacy threats.Then, we propose a novel security model that captures the scenario of data interoperability and supports the security fundamental of EHR along with the capability of providing fine-grained access control [20].The remainder of the paper was organized as follows.In Section II, we discuss the privacy requirements of healthcare systems; its security attacks were then presented in detail in Section III.Section IV presents a set of exiting security models.The proposed model was discussed in Section V. Final conclusions, and the future work was offered in Section VI.

II. PRIVACY REQUIREMENTS IN HEALTHCARE SYSTEMS
Several general security and privacy requirements should be satisfied to provide the appropriate level of privacy in EHR system.Authors defined more than twenty security requirements that were found on surveys such as [3,[15][16][17][18][21][22][23][24][25][26].Due to space limitations, we list the most important requirements: 1) Access control is the ability to limit and control the access to resources by authorized users [3,21].It makes use of three different security and privacy requirements: identification, authentication, and authorization.Identification is not an original security issue in itself, but its purpose is to identify users.Thus, it is used to affect the way a user can be authenticated [22,23,24].Authentication, in turn, provides assurance that the requesting data access is authentic and valid [3] and has the identity claims before accessing [21].It also ensures that the communication is with an authorized party on the other side [22].Finally, the authorization process determines which part of data can be restricted to an external requester upon the security policy.It is important to mention that a proper access control mechanism should ensure patient privacy and also provide a good balance between availability and confidentiality [15,23] security goals.
2) Availability is the property of a system and resource being accessible, usable and available upon demand by authorized users [15,18,21] anytime anywhere in the healthcare system [25].Ensuring availability also involves preventing service disruptions due to hardware failures, power outages, and system upgrade [16,22].
3) Dependability guarantees easily retrievable of medical data at any time even if there are some threats caused by the network dynamic or failure node [18,26].Usually in most medical cases, unable to retrieve accurate data is due to threats caused by the network dynamics, threaten the patient's life.Fault tolerance is a necessary requisite for dependability.
4) Flexibility is to enable unauthorized participant who is not on the permissible list to access specific data in an emergency case to save the patient's life.Inability or prevention the access rules may threaten a patient's life [18].

III. SECURITY ATTACKS IN HEALTHCARE SYSTEM
Healthcare systems are vulnerable to penetration by malicious attacks or intentionally from users for profit.This damages the effectiveness or deterioration the performance of healthcare systems [4,27,28].Specifically, insulin pump sensors, hospital networks, or the personal health data can be hacked or stolen by malicious users [19,26].

1) Attacks at data collection level
These attacks may cause several threats to data collection level such as altering information, dropping some important data, or resending data messages.
Jamming Attack: refers to interference attacker's radio signal with frequencies of the BAN (Body Area Networks).Resulting in isolating and preventing sensor node within the range of the attacker signals for giving or receiving any message among the affected nodes and other sender nodes as long as the jamming signal continues [5,7].
Data Collision Attack: takes place when two or more nodes attempt to transmit simultaneously.Also, it refers to jamming attacks when a foe may strategically generate extra collisions by sending repeated messages on the channel [6,7].When the frame header is changed due to a collision, the error checking mechanism at the receiving end detects that as an error and rejects received data.Thus, a change in the data frame header is a threat to data availability in the BAN [5].
Data Flooding Attack: the attacker repeatedly broadcast many requests to the victim node for connection until using all the power of its resources reach a maximum limit, causing a flooding attack [8].
Desynchronization Attack: in this type of attack, the attacker's tampers messages between sensor nodes by copy it many times using a fake sequence number to one or both endpoints of an active connection, which leads the WBAN to an infinite cycle, resulting in causing the sensor nodes transmits massages again and wastes their energy [6,8].
Spoofing Attack: where the attacker targets the routing information to perform several disruptions such as spoofing, altering, or replay the routing information, leading to complicate the network by creating routing loops [9].
Selective Forwarding Attack: it takes place when the attacker malicious node in a data flow path forwards selected messages and drops the others.The damage becomes serious when these malicious nodes were located proximity to the base station [13].
Sybil Attacks: in Sybil, the attacker malicious node represents more than one identity in the network [6].It has important effect in geographic routing protocols.Where the location information is required to be exchanged between the nodes and their neighbors to route the geographically addressed packets efficiently [6,13].Unfortunately, detecting Sybil attackers are not easily captured due to the unpredictable paths and high mobility they use [4,27].

2) Attacks at transmission level
These attacks may cause several threats to transmission level such as spying, altering information, interrupting communication, sending extra signals to block the base station and networking traffic.

Eavesdropping of Patient's Medical Information:
Monitoring system will record patient's health data from BANs to be transmitted to the healthcare providers.Unprincipled developers can easily build systems with the ability to spy on the patient's data through wireless technology.Thus the developer needs to apply controlling authority whenever they develop a system, which protects the patient's information against eavesdroppers and reduces the number of people who try to take and breach the patient's privacy [8,11].
Man in the Middle Attacks: the attacker intercepts a communication between the end points and exchange messages between them.The communication is completely controlled by the attacker enable him being able to read, insert and modify the data in the intercepted communication [5,12].
Data Tampering Attack: where a tampering attacker may damage and replace encrypted data by authorized network nodes [6,13].
Scrambling Attacks: is a kind of jamming attack on radio frequency for short intervals of time during transmission of control or management information WiMAX frames to affect the normal operation of the network.It interrupts the communication that can prevent the patient's smartphone from sending data causing availability issue [5].
Signaling Attacks: Before patient's smartphone starts transmitting data, there is some preliminary signaling operation need to be performed with the serving base station.Signaling operations contain authentication, key management, registration, and IP-based connection establishment.The attacker can initiate a signaling attack on the serving base station by actuating extra state signals that block the base station.Thus, the excessive load on the base station results in DoS attacks, and the patient's smartphone cannot send data due to base station unavailability [5].
Unfairness in allocation: it lacks the network performance by interrupting the Medium Access Control (MAC) priority schemes [13,14].

Message Modification Attack:
In this type of attack, the attacker can capture the patient wireless channels and extract the patient medical data to be tampered later, which can mislead the involved users (doctor, nurse, family) [8].
Hello Flood Attack: these types of attacks are used to fool the network.Where the attacker sends a hello message with a high powered radio transmission to the network to convince all nodes to choose the attacker for routing their messages [6,13].
Data Interception Attack: this type of attack can take place via interception the patient's information by the attacker during exchanging them between computers of healthcare system through hospital LAN [5].
Wormhole Attack: this type of attack known as a silent and severe type of attack because it copies the packet at one location and replays them at another location or within the same network without any changes in the content.It aimed to damage the network topology and traffic flow through creating a tunnel between the two attackers to be used for transmitting between them [10,13].
3) Attacks at storage level These attacks may cause several threats to storage level such as modifying patient medical information or changing the configuration of system monitoring servers.
Inference Patient's Information: Attackers try to combine authorized information and combine them with other available data, which leads them to identify sensitive patient data such as diseases [8,11,17].Thus, patient's data should be anonymous to cover their identities or data before publishing/posting the data [3].
Unauthorized access of Patient Medical Information: this type of attack can take place by unauthorized Individual without valid authentication, so patient's data will be accessed then it might cause problems such as damaging significant data [18].Thus, it is necessary to protect patient privacy against breaching, capturing, and misusing by unauthorized users [11,16].
Malware Attack is a malicious software program designed to perform harmful actions [19].This type of attacks has the ability to infect and propagate to the whole hospital server that can cause unavailability and disruption.Whereas, Changing and updating in software configuration of patient monitoring servers making system configuration unstable, resulting in system malfunctioning and communication interruption [5,12].
Social Engineering Attacks: in this type of attack, a third party attacker can gain access to the system by fooling either the patient or authorized user to access the information.Here, authorized users can also disclose patient's data to concerned parties such as Health Insurance Company for unethical personal intends [5,12].
Removable Distribution Media Attack: In this type of attacks it is possible to theft or loss computer or data storage medium, such as a USB flash drives, can be used to steal information and to propagate viruses in a healthcare monitoring system [5].
Others issues: several hardware and software issues can cause an interruption in the healthcare system.Hackers may develop new techniques or discover new software vulnerabilities.It is possible also that the system can be exposed to various types of software attacks such as viruses, worms, Trojans, and spyware attacks [19].

IV. E-HEALCARE SECURITY MODELS
To improve the quality of healthcare delivery, patient's data could be shared across a variety of users, which may lead to privacy disclosure.So, e-Health systems need to be protected through convenient security models to ensure proper access controls [29,49,50,51].In fact, encryption is the traditional solution used.Although it provides a simple access control, it is not applicable for complex EHR systems that require various access requirements.That is, keeping the e-Health data secured is a big challenge due to two main reasons: the significant computational overhead when encryption techniques were used, and the sensitivity of personal medical information from changing when modification techniques are employed [30].In this section, a detailed description of a set of security models, along with their corresponding levels, are presented.

1) Security Models for Data Collection Level
O. G. Morchon and K. Wehrle in [31] present a modular access control system for pervasive healthcare applications.The system extends the traditional RBAC model for two main issues: Firstly, to assign and distribute access control policies to sensor nodes.Secondly, to store the current medical context (location, time, health information) that influences access control decisions upon patient's medical situation (critical, emergency or normal situation).The modular design makes the system's configuration more effective and simplifies the composition of policies to deploy safer and more secure medical sensor networks.However, when a critical or emergency case raised, the medical stuff can override the restrictions to access sensitive data that was restricted in normal condition.One of the limitations of this model is that there is no detection mechanism for unauthorized access when critical situations occur.S. Amini et al. [32] examined a set of security protocols such as TinySec, MiniSec, LLSP, and RC4-based along with different ciphers algorithms (Skipjack, AES, and RC4) to proposed an approach to design a lightweight security model.To this end, authors combined different types of attacks (data loss, spoofing of sensors, and eavesdropping and replay) and applied the ciphers algorithms.They found that RC4 and Skipjack cipher algorithms are the most efficient to fulfill confidentiality regarding of RAM, ROM, and clock cycles per byte (CPB).Despite the advantages of such study, they did not consider other types of security threats.H. A. Maw et al. [33] proposed an Adaptive Access Control model that provides fine-grained access control for medical data in BSNs and WSNs.The model considers privilege overriding and behavior, so users might be able to override a denial of access when unexpected events occur.Here, there is no need for a human effort to pay pass authorizations and policies since users initialize their sessions in behavior trust model based on users, location, time, and action.However, the main limitation of this model is that there is no prevention or detection mechanism to check user's data access when the critical situation occurs.
Authors of [34] and [35] proposed a three-tier security framework based on pairwise key pre-distribution schema.The framework has two separate key pools: one for the mobile sink to access the network, and the second for pairwise key establishment between the sensors.To further improve the network resilience and reduce the damages caused by stationary access node replication attacks, they have strengthened the authentication technique between the sensor and the stationary access node in the proposed framework.However, in basic key predistribution schemes, an attacker can gain a number of keys by catching a small fraction of nodes, and hence, can gain control of the network by deploying a replicated mobile sink preloaded with some compromised keys.S. N. Ramlil et al. [36] proposed a biometric-based security framework for data authentication within WBAN.In particular, signals like sender's Electrocardiogram (ECG) feature can be utilized as a key to ensuring that patients' data will not be mixed since each patient has his/her own specific biometrics, which results in reducing computational complexity and improving the efficiency over the using of cryptographic key distribution.Thus, it saves resources while convenient security measures are employed.The main limitation of this work is that the authentication process was based on the sensors themselves, which restricts the process with their limited resources.
M. Kun and L. Li. [37] proposed an efficient key management scheme for WSNs group-based key predistribution scheme.The proposed scheme consists of three phases which are initialization phase; share-key discover phase and path-key establishment phase.Here, every sensor node has a given security level (high to low), where a lowsecurity level node cannot access the collected data for a higher-level security sensor.Thus, a compromised sensor node (e.g., with a low-security) cannot disclose the key information in the sensor node (with high-security).The analysis of their proposed scheme offers a stronger resilience against node capture attack.

2) Security Models for Data Transmission Level
A. Boonyarattaphan et al. [30] proposed a secure framework for authentication and data transmission using Encryption techniques for implementing two mechanisms: Data and Channel security.The channel security was provided by utilizing the SSL on the HTTP layer, while the data security is provided on the SOAP layer constructed above the HTTP.They emphasized that RBAC should be used along with multi-factor authentication to guarantee proper authorization and authentication.Depend on the roles of stakeholders and data sensitivity; communication was divided into different layers where different authentication and encryption settings can be adapted.The only limitation here is that it is dealt only with the web-based eHealth services.N. Kahani et al. [38] proposed a new and secure scheme that supports both secure authentication and scalable finegrained data access control.The scheme is based on a zeroknowledge protocol to verify and maintain the anonymity of the user's identity.This approach uses combination of a system public key and a secret session key generated by Derive Unique Key Per-Transaction (DUKPT) scheme to establish secure communication between different interacting entities.The access control mechanism was implemented in two phases: the first one utilizes a static authorization method to determine the highest access rights of users.And, the second one grants the user the minimum access permissions on the required data according to the user's intention of access and the maximum rights determined by the first phase.To keep user's data confidential against malicious users and to decrease computational and communication overhead on data owners, data were stored in encrypted format in the cloud.However, by storing patient's health data in the cloud, patients loss the control over their data.Moreover, because of using encryption technique, it is difficult to achieve fine-grained access control to patient's data in a scalable and wellorganized way.
Z. Guan et al. [39] considered the data security and privacy for cloud-integrated body sensor networks.They proposed a novel encryption outsourcing scheme named Mask-Certificate Attribute-Based Encryption (MC-ABE) by combining seven encryption algorithms.In this schema, data owner (patient) encrypts the outsourcing data to mask the row data before storing it securely in storage service provider (cloud servers).Furthermore, to achieve more effective access control, a unique authentication certificate is introduced for each user, which was verified before accessing data.Experimental results showed that the proposed scheme has less computation cost and storage cost compared with other common models.However, because of using encryption technique, it is difficult to achieve fine-grained access control, and still it requires some degree of computational overhead.M. A. Simplicio et al. [40] proposed SecureHealth lightweight security framework based on very lightweight mechanisms such as (TLS/SSL) for securing the data exchanged with the server without needing an extra security layer.SecureHealth provides security services for both stored and transmitted data.Moreover, it includes many security features such as user authentication, data confidentiality, and the lack of connectivity.This framework depends on Even the SecureHealth was designed to prevent an outsider from illegally accessing or tampering with the system's data; it also gives managers the ability to identify misbehavior from insiders.

3) Security Models for Data Storage and Access Level
Lili Sun and Hua Wang [29] considered the notion of purpose to design a comprehensive usage access control model.Specifically, purpose notation was used for specifying privacy policies and giving the privilege to access private data.The proposed model consists of eight core components which are, subject attributes, objects, object attributes, rights, authorizations, obligations, and conditions.Whereas, authorizations, obligations, and conditions are components of usage control decisions used to determine whether a subject is allowed to access an object.The existence of obligations and conditions helped in solving certain shortcomings that have been common in access controls.That being said, the main limitation of this model is that it represents only a first step for authorization model in purpose data with usage control.M. Barna et al. [1] proposed a security scheme based on different privacy levels.In short, the access control process was done in the centralized infrastructures.Here, the attributebased encryption (ABE) was used rather standard way; privileges were mapped into roles and roles into ABE access structures.The data then is moved to the cloud-based storage, which enables the e-Health care service providers to decrease the overall maintaining cost of data and allows data to be online anytime and anywhere.However, because the data was stored in a centralized server, it becomes like a bottleneck when data requests were issued from different users.
To solve the aforementioned problem, L. Guo et al. [41] took into account the distributed nature of eHealth system when designing a privacy-preserving authentication system.In this system, instead of letting centralized infrastructures take care of authentication, the two end users (patients and physicians) do the authentication process.In particular, users are allowed to authenticate each other without disclosing their attributes and identities, which solves the problem of maintaining privacy and variability of each user's attributes.R. Gajanayake et al. [42] proposed a privacy oriented access control model for satisfying eHealth's requirements.The model was designed by combining three existing access control models (DAC, MAC, and RBAC) into a novel module that enables patients and healthcare professionals to determine and setting the access privileges.The module has been tested to demonstrate different scenarios of policy settings and data access.It proves that it can be used as a standalone security model to achieve HER requirements.M. Barua et al. [43] Proposed a secure patient-centric personal health information schema for sharing and providing access control in cloud computing based on Proxy Reencryption Protocol.The proposed schema has five main phases: transmitting patient's data to the Health-Service Provider, defining access policy, storing patient's data at cloud, validating data-access requester, and finally auditing the stored encrypted data.Their schema exploits attributebased encryption to ensure patient-centric access control.The performance analysis shows that the proposed schema is extremely efficient to resist several possible attacks and malicious behaviors.
In the same vein, M. R. Kumar et al. [44] suggest a new patient-centric framework based on the same encryption technique (ABE).Here, the users were categorized into two main domains namely: public and personal domains to face the key management complexity.In the public domain, users utilize multi-authority ABE (MA-ABE) to improve the finegrained security countermeasures.While, in the personal domain, an owner is permitted to access/encrypt the data under his attributes.The limitations of this model is that integration ABE into large scale PHR system, required significant issues such as key management scalability, efficient on demand revocation, and lively policy updates which are nontrivial to resolve and remains up-to-date.
H. Zhu et al. [45] also proposed a secure and efficient personal scheme based on the attribute-based encryption (ABE) and re-encryption under the attribute group keys using RSA-Based proxy encryption.The proxy encryption technology is used to introduce an efficient privilege separation mechanism to ensure the validity of patients' data.Here, the write privilege keys were distributed to professional people and the read privilege keys to patients, so that the data is not only fully controlled by the patient to authorize access, but also have the great validity.As a result, the computational overhead was reduced, and the key escrow problem was solved by employing re-encryption under the attribute group keys.Thus, the health provider could be prevented from obtaining the read keys without multiple-authority ABE.
V. Sunagar and C. Biradar [46] proposed a secured framework based on advanced encryption standard (AES) algorithm to encrypt every patient's data according to the security policy.AES enables the users to maintain data in a secured cloud environment.Ultimately, the framework consists of three modules: PHR Owner/patient module, Data confidentiality module, and Cloud Server module, which provides a high level of security.Finally, W. Liu et al. [47] proposed a generic framework that depends on hierarchical identity-based encryption (HIBE) schema and the role-based access control (RBAC).While the HIBE is used to encrypt patients' data before outsourcing them to the storage server, the RBAC facilitates forwarding users' privileges.The experimental results of this model show that it is a practical solution to keeping data secure and confidential.However, the framework does not provide accurate access control requirements, as in some specific situations, patients might not have access to their own sensitive data (e.g., psychotherapy notes) without proper authorization according to HIPAA regulations.Such approaches suffer from the well-known encryption drawbacks [48].

V. CARE SECURITY MODEL
The Context-aware Access Control Security Model (CARE) architecture is based on the scenario of data interoperability and supports the security fundamentals of healthcare systems along with the capability of providing finegrained access control.Specifically, the CARE model could be located on the healthcare server, which serves as an access point for users' requests.Fig. 2 depicts the architecture of CARE.In CARE, policies were defined by using the User Interface Module (UIM), which could be a website or a mobile application.Patients and physician define the policies together to save patients privacy.All the defined policies are then parsed into its components (e.g., constraints) and stored in a centralized security database, which is represented using an Extended-RBAC model.The ERBAC consists of roles, permissions, and users.Roles were created for various job functions, with permissions for specific operations.Users are assigned particular roles, and through those role assignments acquire permissions to perform certain operations.The consolidation of access control for many users into a single role entry allows for much easier management of the overall system and much more effective verification of security policies.Three different types of context-data were considered in this model.The Environmental context refers to location or time, the Personal information context regarding age, status, or medical record and finally, the current medical data such as Heart rate or blood pressure [31].
Upon a user's request data, a session was established between the requester and the server side by the Session Handler Module (SHM).The requester's credentials (e.g., digital certificate, or user-name/password) were then extracted to be verified against a list of valid user accounts stored in the security database.The established session may involve more than one message, and are secured since secured transmission protocols were employed in all communications.It is important to mention here that session's information were saved to be able to communicate later.To this end, the Auditing Session Manger (ASM) takes this responsibility and www.ijacsa.thesai.orgstates all the established sessions that could be used to retrieve multiple data for the subsequent access requests.This is opposed to stateless communication where it consists of independent requests (needs multiple authentications).
After establishing the session, the Users Verifier Module (CAV) verifies the requester credentials and then determines if the user is allowed to access the requested data or not.This is done by contacting the security database and retrieving the applicable policies and requester's assigned roles.CAV also classifies the request's cases as critical, emergency, or normal depending on the context-aware information and then adjusts the final access decision.In particular, when the patient's life is in danger the security settings are adapted by removing the need for user authentication to access the data.

VI. CONCLUSION AND FUTURE WORK
Patient's data should be kept securely in medical provider servers so that physicians can provide proper treatments.To ensure secure storage and access management, in this paper, we argue the security attacks in healthcare system along with the proposed security models that aim to prevent such attacks.Specifically, threats were categorized into three types depending on the its emerged level of the healthcare system, for instance: at data collection level; at transmission level; and at storage level.These attacks may cause several threats such as altering information, dropping some important data, interrupting communication, or sending extra signals to block the base station and increasing networking traffic.
After that, we briefly discussed a novel context-aware access control security model that supports the security fundamentals of healthcare systems and providing finegrained access control.The model consists of multiple modules, each of which is in charge of taking a different type of task.This modular design aims at simple and efficient access control decision depending on the patient's situation and the requester's assigned roles.

Fig. 1 .
Fig. 1.The architecture of Healthcare Monitoring System