Search Results (64)

The Internet of Medical Things (IoMT) improves healthcare delivery through many medical applications. Because of medical data sensitivity and limited resources of wearable technology, privacy and security are significant challenges. Traditional encryption does not provide secure computation on encrypted data, and many blockchain-based IoMT solutions partially rely on centralized structures. IoMT with dynamic encryption is an innovative privacy-preserving system that combines sensitivity-based classification and advanced encryption to address these issues. The study proposes privacy-preserving IoMT framework that dynamically adapts its cryptographic strategy based on data sensitivity. The proposed approach uses a hybrid SDAIPA (SDAIA-HIPAA) classification model that integrates Saudi Data and Artificial Intelligence Authority (SDAIA) and Health Insurance Portability and Accountability Act (HIPAA) guidelines. This classification directly governs the selection of encryption mechanisms, where Advanced Encryption Standard (AES) is used for low-sensitivity data, and Fully Homomorphic Encryption (FHE) is used for high-sensitivity data. The Whale Optimization Algorithm (WOA) is used to maximize cryptographic entropy of FHE keys and improves security against attacks, resulting in an Optimized FHE that is conditionally used based on SDAIPA outputs. This proposed approach provides a novel scheme to dynamically align cryptographic intensity with data risk and avoids the overhead of uniform FHE use while ensuring strong privacy for critical records. Two datasets are used to assess the proposed approach with up to 806 samples. The results show that the hybrid OHE-WOA outperforms in the percentage of sensitivity of privacy index with dataset 1 by 78.3% and 12.5% and with dataset 2 by 89% and 19.7% compared to AES and RSA, respectively, which ensures its superior ability to preserve privacy. Full article

The proliferation of electronic health records necessitates secure and privacy-preserving data sharing frameworks to combat escalating cybersecurity threats in healthcare. Current systems face critical limitations including centralized data repositories vulnerable to breaches, static consent mechanisms, and inadequate audit capabilities. This paper introduces an integrated blockchain and federated learning framework that enables privacy-preserving collaborative AI across healthcare institutions without centralized data pooling. The proposed approach combines federated distillation for heterogeneous model collaboration with dynamic differential privacy that adapts noise injection to data sensitivity levels. A novel threshold key-sharing protocol ensures decentralized access control, while a dual-layer Quorum blockchain establishes immutable audit trails for all data sharing transactions. Experimental evaluation on clinical datasets (Mortality Prediction and Clinical Deterioration from eICU-CRD) demonstrates that our framework maintains diagnostic accuracy within 3.6% of centralized approaches while reducing communication overhead by 71% and providing formal privacy guarantees. For Clinical Deterioration prediction, the framework achieves 96.9% absolute accuracy on the Clinical Deterioration task with FD-DP at $ϵ$ = 1.0, representing only 0.14% degradation from centralized performance. The solution supports HIPAA-aligned technical safeguards, mitigates inference and membership attacks, and enables secure cross-institutional data sharing with real-time auditability. This work establishes a new paradigm for privacy-preserving healthcare AI that balances data utility, regulatory requirements, and protection against emerging threats in distributed clinical environments. Full article

Healthcare collaborative processes still encounter major challenges, particularly regarding the interoperability of heterogeneous information systems, the traceability of medical interventions, and the secure sharing of patient data under strict privacy regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). This paper presents a patient-centric, blockchain-based framework designed to overcome these limitations. The proposed solution integrates smart contracts and non-fungible tokens (NFTs) within the Ethereum blockchain to ensure data integrity, traceability, and privacy preservation. Furthermore, a compliance-by-design mechanism is embedded into the smart contracts to enable self-supervision of collaborative workflows without third-party intervention. A Proof-of-Authority (PoA) consensus protocol is also adopted to optimize validation efficiency and significantly reduce computational and energy costs. Full article

Background: The widespread adoption of digital systems in healthcare has produced large volumes of unstructured text data, including outpatient messages sent through electronic medical record (EMR) portals. Efficient classification of these messages is essential for improving workflow automation and enabling timely clinical responses. Methods: This study investigates the use of large language models (LLMs) for classifying real-world outpatient messages collected from a healthcare system in central Illinois. We compare general-purpose (GPT-4o) and domain-specific (BioBERT and ClinicalBERT) models, evaluating both fine-tuned and few-shot configurations against a TF-IDF + Logistic Regression baseline. Experiments were performed under a HIPAA-compliant environment using de-identified and physician-labeled data. Results and Conclusions: Fine-tuned GPT-4o achieved 97.5% accuracy in urgency detection and 97.8% in full message classification, outperforming BioBERT and ClinicalBERT. These results demonstrate the feasibility and validity of applying modern LLMs to outpatient communication triage while ensuring both interpretability and privacy compliance. Full article

Privacy harms have expanded alongside rapid technological change, challenging the adequacy of existing regulatory frameworks. This systematic review (1990–2025) systematically maps documented privacy harms to specific legal mechanisms and observed enforcement outcomes across jurisdictions, using PRISMA-guided methods and ROBIS risk-of-bias assessment. We synthesize evidence on major regimes (e.g., GDPR, COPPA, CCPA, HIPAA, GLBA) and conduct comparative legal analysis across the U.S., E.U., and underexplored regions in Asia, Latin America, and Africa. Key findings indicate increased recognition of data subject rights, persistent gaps in cross-border data governance, and emerging risks from AI/ML/LLMs, IoT, and blockchain, including data breaches, algorithmic discrimination, and surveillance. While regulations have advanced, enforcement variability and fragmented standards limit effectiveness. We propose strategies for harmonization and risk-based, technology-neutral safeguards. While focusing on the U.S. sectoral and E.U. comprehensive models, we include targeted comparisons with Canada (PIPEDA), Australia (Privacy Act/APPs), Japan (APPI), India (DPDPA), Africa (POPIA/NDPR/Kenya DPA), and ASEAN interoperability instruments. This review presents an evidence-based framework for understanding the interplay between evolving harms, emerging technologies, and legal protections, and identifies priorities for strengthening global privacy governance. Full article

Background: Healthcare data interoperability faces significant barriers, including regulatory compliance complexities, institutional trust deficits, and technical integration challenges. Current centralized architectures demonstrate inadequate mechanisms for balancing data accessibility requirements with patient privacy protection, as mandated by HIPAA and GDPR frameworks. Traditional compliance approaches rely on manual policy implementation and periodic auditing, which are insufficient for dynamic, multi-organizational healthcare data-sharing scenarios. Objective: This study develops and proposes a blockchain-based healthcare data management framework that leverages Hyperledger Fabric, IPFS, and the HL7 FHIR standard and incorporates automated regulatory compliance mechanisms via smart contract implementation to meet HIPAA and GDPR requirements. It assesses the theoretical system architecture, security characteristics, and scalability considerations. Methods: We developed a permissioned blockchain architecture that employs smart contracts for privacy policy enforcement and for patient consent management. The proposed system incorporates multiple certification authorities for patients, hospitals, and research facilities. Architectural evaluation uses theoretical modeling and system design analysis to assess a system’s security, compliance, and scalability. Results: The proposed framework demonstrated enhanced security through decentralized control mechanisms and cryptographic protection protocols. Smart contract-based compliance verification can automate routine regulatory tasks while maintaining human oversight in complex scenarios. The architecture supports multi-organizational collaboration with attribute-based access control and comprehensive audit-trail capabilities. Conclusions: Blockchain-based healthcare data-sharing systems provide enhanced security and decentralized control compared with traditional architectures. The proposed framework offers a promising solution for automating regulatory compliance. However, implementation considerations—including organizational readiness, technical complexity, and scalability requirements—must be addressed for practical deployment in healthcare settings. Full article

The Zero Trust Architecture (ZTA) model has emerged as a foundational cybersecurity paradigm that eliminates implicit trust and enforces continuous verification across users, devices, and networks. This study presents a systematic literature review of 74 peer-reviewed articles published between 2016 and 2025, spanning domains such as cloud computing (24 studies), Internet of Things (11), healthcare (7), enterprise and remote work systems (6), industrial and supply chain networks (5), mobile networks (5), artificial intelligence and machine learning (5), blockchain (4), big data and edge computing (3), and other emerging contexts (4). The analysis shows that authentication, authorization, and access control are the most consistently implemented ZTA components, whereas auditing, orchestration, and environmental perception remain underexplored. Across domains, the main challenges include scalability limitations, insufficient lightweight cryptographic solutions for resource-constrained systems, weak orchestration mechanisms, and limited alignment with regulatory frameworks such as GDPR and HIPAA. Cross-domain comparisons reveal that cloud and enterprise systems demonstrate relatively mature implementations, while IoT, blockchain, and big data deployments face persistent performance and compliance barriers. Overall, the findings highlight both the progress and the gaps in ZTA adoption, underscoring the need for lightweight cryptography, context-aware trust engines, automated orchestration, and regulatory integration. This review provides a roadmap for advancing ZTA research and practice, offering implications for researchers, industry practitioners, and policymakers seeking to enhance cybersecurity resilience. Full article

As more machine learning models are used in sensitive fields like healthcare, finance, and smart infrastructure, protecting structured tabular data from privacy attacks is a key research challenge. Although several privacy-preserving methods have been proposed for tabular data, a comprehensive comparison of their performance and trade-offs has yet to be conducted. We introduce and empirically assess a combined defense system that integrates differential privacy, federated learning, adaptive noise injection, hybrid cryptographic encryption, and ensemble-based obfuscation. The given strategies are analyzed on the benchmark tabular datasets (ADULT, GSS, FTE), showing that the suggested methods can mitigate up to 50 percent of model inversion attacks in relation to baseline models without decreasing the model utility (F1 scores are higher than 0.85). Moreover, on these datasets, our results match or exceed the latest state-of-the-art (SOTA) in terms of privacy. We also transform each defense into essential data privacy laws worldwide (GDPR and HIPAA), suggesting the best applicable guidelines for the ethical and regulation-sensitive deployment of privacy-preserving machine learning models in sensitive spaces. Full article

Artificial intelligence (AI) enhances anesthesiology by introducing adaptive systems that improve clinical precision, safety, and responsiveness. This review examines the integration of AI in anesthetic practice, with a focus on closed-loop systems that exemplify autonomous control. These platforms integrate continuous physiologic inputs, such as BIS, EEG, heart rate, and blood pressure, to titrate anesthetic agents in real time, providing more consistent and responsive management than manual methods. Predictive algorithms reduce intraoperative hypotension by up to 40%, and systems such as McSleepy demonstrate greater accuracy in maintaining anesthetic depth and shortening recovery times. In critical care, AI supports sedation management, reduces clinician cognitive load, and standardizes care delivery during high-acuity procedures. The review also addresses the ethical, legal, and logistical challenges to widespread adoption of AI. Key concerns include algorithmic bias, explainability, and accountability for machine-generated decisions and disparities in access due to infrastructure demands. Regulatory frameworks, such as HIPAA and GDPR, are discussed in the context of securing patient data and ensuring its ethical deployment. Additionally, AI may play a transformative role in global health through remote anesthesia delivery and telemonitoring, helping address anesthesiologist shortages in resource-limited settings. Ultimately, AI-guided closed-loop systems do not replace clinicians; instead, they extend their capacity to deliver safe, responsive, and personalized anesthesia. These technologies signal a shift toward robotic anesthesia, where machine autonomy complements human oversight. Continued interdisciplinary development and rigorous clinical validation will determine how AI integrates into both operating rooms and intensive care units. Full article

Blockchain is an emerging technology that is being used to create innovative solutions in many areas, including healthcare. Nowadays healthcare systems face challenges, especially with security, trust, and remote data access. As patient records are digitized and medical systems become more interconnected, the risk of sensitive data being exposed to cyber threats has grown. In this evolving time for healthcare, it is important to find a balance between the advantages of new technology and the protection of patient information. The combination of blockchain–InterPlanetary File System technology and conventional electronic health record (EHR) management has the potential to transform the healthcare industry by enhancing data security, interoperability, and transparency. However, a major issue that still exists in traditional healthcare systems is the continuous problem of remote data unavailability. This research examines practical methods for safely accessing patient data from any location at any time, with a special focus on IPFS servers and blockchain technology in addition to group signature encryption. Essential processes like maintaining the confidentiality of medical records and safe data transmission could be made easier by these technologies. Our proposed framework enables secure, remote access to patient data while preserving accessibility, integrity, and confidentiality using Ethereum blockchain, IPFS, and group signature encryption, demonstrating hospital-scale scalability and efficiency. Experiments show predictable throughput reduction with file size (200 → 90 tps), controlled latency growth (90 → 200 ms), and moderate gas increase (85k → 98k), confirming scalability and efficiency under varying healthcare workloads. Unlike prior blockchain–IPFS–encryption frameworks, our system demonstrates hospital-scale feasibility through the practical integration of group signatures, hierarchical key management, and off-chain erasure compliance. This design enables scalable anonymous authentication, immediate blocking of compromised credentials, and efficient key rotation without costly re-encryption. Full article

The Internet of Medical Things (IoMT) is a rapidly expanding network of medical devices, sensors, and software that exchange patient health data. While IoMT supports personalized care and operational efficiency, it also introduces significant privacy risks, especially when handling sensitive health information. Data Identification and Classification (DIC) are therefore critical for distinguishing which data attributes require stronger safeguards. Effective DIC contributes to privacy preservation, regulatory compliance, and more efficient data management. This study introduces SDAIPA (SDAIA-HIPAA), a standardized hybrid IoMT data classification framework that integrates principles from HIPAA and SDAIA with a dual risk perspective—uniqueness and harm potential—to systematically classify IoMT health data. The framework’s contribution lies in aligning regulatory guidance with a structured classification process, validated by domain experts, to provide a practical reference for sensitivity-aware IoMT data management. In practice, SDAIPA can assist healthcare providers in allocating encryption resources more effectively, ensuring stronger protection for high-risk attributes such as genomic or location data while minimizing overhead for lower-risk information. Policymakers may use the standardized IoMT data list as a reference point for refining privacy regulations and compliance requirements. Likewise, AI developers can leverage the framework to guide privacy-preserving training, selecting encryption parameters that balance security with performance. Collectively, these applications demonstrate how SDAIPA can support proportionate and regulation-aligned protection of health data in smart healthcare systems. Full article

Electronic health record (EHR) data breaches create severe concerns for patients’ privacy, safety, and risk of loss for healthcare entities responsible for managing patient health records. EHR systems collect a vast amount of user-sensitive data, requiring integration, implementation, and the application of essential security principles, controls, and strategies to safeguard against persistent adversary attacks. This research is an exploratory study into current integrated EHR cybersecurity attacks using United States Health Insurance Portability and Accountability Act (HIPAA) privacy and security breach reported data. This work investigates if current EHR implementation lacks the requisite security control to prevent a cyber breach and protect user privacy. We conduct descriptive and trend analysis to describe, demonstrate, summarize data points, and predict direction based on current and historical data by covered entity, type of breaches, and point of breaches (examine, attack methods, patterns, and location of breach information). An Autoregressive Integrated Moving Average (ARIMA) model is used to provide a detailed analysis of the data demonstrating breaches caused by hacking and IT incidents show a significant trend (coefficient 0.84, p-value < 2.2 × 10⁻¹⁶ ***). The findings reveal a consistent rise in breaches—particularly from hacking and IT incidents—disproportionately affecting healthcare providers. The study highlights that EHR data breaches often follow recurring patterns, indicating common vulnerabilities, and underlines the need for prioritized, data-driven security investments. These findings validate the hypothesis that most EHR cybersecurity attacks are concentrated using similar attack methodologies and face common vulnerabilities and demonstrate the value of targeted mitigation strategies to strengthen healthcare cybersecurity. The findings highlight the urgent need for healthcare organizations and policymakers to prioritize targeted, data-driven security investments and enforce stricter controls to protect EHR systems from increasingly frequent and predictable cyberattacks. Full article

Volumetric video streaming holds transformative potential for telemedicine, enabling immersive remote consultations, surgical training, and real-time collaborative diagnostics. However, transmitting sensitive patient data (e.g., 3D medical scans, surgeon head/gaze movements) raises critical privacy risks, including exposure of biometric identifiers and protected health information (PHI). To address the above concerns, we propose SecureTeleMed, a dual-track encryption scheme tailored for volumetric video based telemedicine. SecureTeleMed combines viewport obfuscation and region of interest (ROI)-aware frame encryption to protect both patient data and clinician interactions while complying with healthcare privacy regulations (e.g., HIPAA, GDPR). Evaluations show SecureTeleMed reduces privacy leakage by 89% compared to baseline encryption methods, with sub-50 ms latency suitable for real-time telemedicine applications. Full article

Digital transformation in healthcare has introduced data privacy challenges, as hospitals struggle to protect patient information while adopting digital technologies such as AI, IoT, and cloud more rapidly than ever before. The adoption of powerful third-party Machine Learning as a Service (MLaaS) solutions for disease prediction has become a common practice. However, these solutions offer significant privacy risks when sensitive healthcare data are shared externally to a third-party server. This raises compliance concerns under regulations like HIPAA, GDPR, and Australia’s Privacy Act. To address these challenges, this paper explores a decentralized, privacy-preserving approach to train the models among multiple healthcare stakeholders, integrating Federated Learning (FL) with Homomorphic Encryption (HE), ensuring model parameters remain protected throughout the learning process. This paper proposes a novel Homomorphic Encryption-based Adaptive Tuning for Federated Learning (HEAT-FL) framework to select encryption parameters based on model layer sensitivity. The proposed framework leverages the CKKS scheme to encrypt model parameters on the client side before sharing. This enables secure aggregation at the central server without requiring decryption, providing an additional layer of security through model-layer-wise parameter management. The proposed adaptive encryption approach significantly improves runtime efficiency while maintaining a balanced level of security. Compared to the existing frameworks (non-adaptive) using 256-bit security settings, the proposed framework offers a 56.5% reduction in encryption time for 10 clients and 54.6% for four clients per epoch. Full article

The Internet of Medical Things (IoMT) is revolutionizing healthcare by enabling continuous monitoring and real-time data collection through interconnected medical devices such as wearable sensors and smart health monitors. These devices generate sensitive physiological data, including cardiac signals, glucose levels, and vital signs, that are integrated into electronic health records (EHRs). Machine Learning (ML) and Deep Learning (DL) techniques have shown significant potential for predictive diagnostics and decision support based on such data. However, traditional centralized ML approaches raise significant privacy concerns due to the transmission and aggregation of sensitive health information. Additionally, compliance with data protection regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR), restricts centralized data sharing and analytics. To address these challenges, this study introduces FED-EHR, a privacy-preserving Federated Learning (FL) framework that enables collaborative model training on distributed EHR datasets without transferring raw data from its source. The framework is implemented using Logistic Regression (LR) and Multi-Layer Perceptron (MLP) models and was evaluated using two publicly available clinical datasets: the UCI Breast Cancer Wisconsin (Diagnostic) dataset and the Pima Indians Diabetes dataset. The experimental results demonstrate that FED-EHR achieves a classification performance comparable to centralized learning, with ROC-AUC scores of 0.83 for the Diabetes dataset and 0.98 for the Breast Cancer dataset using MLP while preserving data privacy by ensuring data locality. These findings highlight the practical feasibility and effectiveness of applying the proposed FL approach in real-world IoMT scenarios, offering a secure, scalable, and regulation-compliant solution for intelligent healthcare analytics. Full article