Method for Privacy-Protecting Display and ... - Semantic Scholar

27 downloads 52482 Views 2MB Size Report
the app's features for ease of use. ... and offer a stickers or ID wallet cards, but do not offer any ... Here we have reduced the idea to an iOS platform app,.
Method for Privacy-Protecting Display and Exchange of Emergency Information on Mobile Devices Salvador Aguinaga & Christian Poellabauer Department of Computer Science and Engineering University of Notre Dame Notre Dame, Indiana, USA [email protected], [email protected]

POSTER PAPER Abstract—First responders and emergency care providers make life or death decisions with little to no information about patient’s medical problems. Access to a person’s medical record could greatly improve the medical care they receive. Challenges to proving this information include finding the correct platform and protecting the patient’s privacy. Current solutions are lacking in both these areas. Here we propose leveraging smartphone sensor and matrix barcode technology to allow users to securely encode sensitive information using the widely accepted Quick Response code standard. Placing this code on the phone’s lockscreen removes the need to unlock the phone and search for it. Our solution lets users decode information, automatically notify authorized contacts of the nature of the emergency, and location where the patient is being cared for. Future research work will explore utilizing near field communication interfaces to augment the app’s features for ease of use. Keywords—Smartphone; emergency; privacy; security; 2Dbarcode

I. INTRODUCTION Trends in the rise of smartphone adoption and usage by the young and old in the United States [1], [2] provide a new frontier for computer science and engineering to develop applications that allow the sharing of life-saving information during an emergency in ways that were not possible before. One of the new ways is to embed emergency information on a smartphone’s lock screen in the form of a two-dimensional barcode. This method preserves the privacy of the users’ information and does not require unlocking the phone to search for it. The code is scanned and decoded using the same smartphone app or any QR code scanner. This app aims to provide hierarchical levels of privacy so that emergency medical responders (paramedics, firefighters, police, etc.) can access more details than the average smartphone user can. Emergency medical responders and medical care providers are able to instantly retrieve a patient’s medical history in order to provide more informed medical care. This work explores the use QR codes and smartphone sensors to publish

and access personal emergency information, while preserving patient privacy of sensitive information. Related efforts that provide access to such information are available in a variety forms, but that have flaws such as they may be difficult to access (locked phone) and do not protect the privacy of the information. Smartphone apps (smart-ICE, iEmergency+, Emergency Info++, ICE In Case of Emergency, and others) require unlocking the phone, do not provide privacy or security of the information, offer limited information details and features. Global campaigns and nonfor profit organizations highlighting awareness to ICE suggest creating phone number entries in the phone’s contacts list and offer a stickers or ID wallet cards, but do not offer any other information. ICE medical ID alert bracelets and ID dog tag jewelry offer an alternative form of making information available that works, but offers limited information and do not provide security nor sufficient privacy. QR codes are two-dimensional matrix codes that differ from the conventional barcodes, because a QR code is capable of storing up to several hundred times more information [3]. QR codes are one of the most popular types of two-dimensional barcodes used across different sectors having, but gained wide acceptance in press advertising and product marketing. Standards defining the requirements and structure of QR codes are available from the International Organization for Standardization specifying symbology characteristics, data character encoding methods, formats, dimensions, quality requirements, etc [4], [5]. This work presents a solution to the limited amount of information most solutions currently offer and lets individuals share medical history with emergency medical responders to enable medical personnel deliver more informed medical care. In addition, this solution offers a secure method of notifying emergency contacts when the personal medical record is accessed through the app providing location information.

II. IMPLEMENTATION Here we have reduced the idea to an iOS platform app, QRCScan. This app makes and scans QR code images. It lets users create a code by encoding the user’s emergency and medical contacts information (such as the name and phone number of there user’s spouse, parent, primary care physician, etc). Other information can be encoded including a list of allergies, medications and blood type. Once the code image is created it can be overlaid on any other image from the user’s photo library or on a standard wallpaper image provide by the app. Fig. 1 shows the different views to encode information, overlay the code, and how it looks after setting it as the phone’s lock-screen wallpaper image. The QR code created allows anyone to scan the code without unlocking the phone, as it might be the case when users set password protection. The iOS implementation uses open-source libraries to encode and decode QR codes. The library used for encoding is an implementation of QR Code encoder for Objective-C from Psytec library [6] and the QR decoder uses ZXing(”Zebra Crossing”) library [7]. Different types of two-dimensional barcodes are now available that differ from QR code in many ways. Standard QR codes are generally black-and-white square shaped, but others, such as Microsoft Tag codes, are colorized and Shot codes are round shaped [8], [9].

A

B

C

D

III. INFORMATION ENCODING Creating a QR codes is easy using the form provided in the app. Users can choose a background or wallpaper image on which to overlay the code. After saving the newly created image to the photo library, users can set it as the phone’s lock-screen wallpaper. Displaying the code in this way will preserve basic privacy at all times. Anyone getting ahold of the phone without scanning the code cannot read sensitive information (such as who the user’s emergency contacts are or what medications the user is taking). Password protection on the information encoding part ensures that the emergency information is kept confidential. Fig. 2 shows the views that follow the steps to add a QR code to the lock-screen wallpaper image. Table I shows the list of table entries that individuals can use to share information. TABLE I Q RC S CAN E NCODING I NFORMATION Personal Information Name Phone number Email Address Medical Information Physician’s name Physician’s phone number Bood type Medication Allergies

Emergency Contacts Contact Name Contact phone number

Figure 1. A) QRCScan Home-view, B) Information Encoding Form, C) Overlaying QR Code on Background Image, D) Set New image as Lockscreen

IV. INFORMATION ACCESS Scanning and decoding a QR code containing emergency contact information can be accomplished with any standard QR Code reader, but when read with QRCScan, additional information is retrieved and revealed. This helps emergency medical responders to enable them to provide medical care with a more informed baseline. The additional information, potentially in the form a of a personal health record, can be retrieved with proper authentication. Fig. 4 shows the different types of data access. At the system level, access to a patient’s medical history personal health record triggers automatic alert notification. This notification takes the form of text messages or email to the personal contacts programmed and authorized to receive information on the nature of the emergency and the location where the patient is being cared for. Fig. 3 shows how a QR code is scanned and how basic or detailed information

is accessed.

Figure 2.

to encode useful information during a medical emergency in a way that isn’t human-readable if the phone is casually held or overseen by anyone, and 2) retrieval of a health/medical record will not be store on the emergency responders’ phone. Protecting individually identifiable health information is a significant feature of the app. Health information, i.e. medical history or medical record, retrieved and displayed by the app is decoupled from the individual to properly protect their privacy. The information retrieved is temporarily cached while displaying it, but it can time-out and the cache is deleted automatically.

Information Encoding and Code Image Overlay

Figure 4.

Decoding Data with Standard QR Code Readers and QrcScan

V. FUTURE RESEARCH DIRECTION Areas of future research opportunity include 1) implementations that allow scanning the individuals’ emergency information using near field communications, 2) a comprehensive authentication protocol for QrcScan emergency responders, and 3) fail-safe measures to details information access. These optional features are briefly described below. Finally, this work will develop a comprehensive plan to tie in with QRCScan a personal health record and users’ medical history. A collaborative partnership with other researchers working in this space will look at how this system performs. It will also aim to answer the question of how its use contributes to improving medical care and how more access to patients’ medical history enables emergency medical care providers make more informed decisions in situations of life or death. A. Emergency Responders’ Authentication

Figure 3.

Information Access

A. Security Measures This implementation offers two levels of privacy protection: 1) QR code image on the lock-screen gives users the flexibility

A significant feature of proper authentication is assuring individuals that access to medical records occurs both by the right medical first responders and in the right context. The app provides a method that insures that the app has the rights to access health information through the use of a security code. With out the code the health information retrieval feature is disabled. The active state of this security feature is managed by the app user’s supervisors and by the online health-record provider.

B. Guaranteed Information Access Individuals can use the app to enter the information they want to encode and and quickly generate a basic code image to place on their locks-screen. Health and medical records are maintained online and offer a feature to generate a more comprehensive code image to replace the basic one. The objective is to offer individuals the option to have a code image that contains all of the the health and medical information they choose to share. This feature of the app assures individuals that in case of an emergency access to their information isn’t hindered by lack of access to a communications network. C. Near Field Communication Today many phone manufacturers are integrating near field communication (NFC) [10] short range wireless interfaces. This technology is opening a new range of applications, from point-of-sale check out systems that use NFC in card emulation mode functioning as credit cards, to reader mode (scan tags at a retail store). NFC usage differs from the QR code scanning, because it allows access to data without having to touch the patients’ phone to get to the lock-screen. Our research will investigate using NFC technology to make easier access to information while enhancing the security and privacy of the patients’ personal and medical information. R EFERENCES [1] K. Purcell. (2011, Nov.) Half of adult cell phone owners have apps on their phones. Available: http://pewinternet.org/Reports/2011/Apps-update. aspx [2] A. Smith. (2011, Dec.) Americans and mobile computing: Key trends in consumer research. Available: http://pewinternet.org/Presentations/2011/ Dec/Government-Mobility-Forum.aspx [3] About 2d code. Available: http://www.denso-wave.com/qrcode/aboutqr-e. html [4] Information technology automatic identification and data capture techniques qr code 2005 bar code symbology specification. Available: http: //www.iso.org/ [5] Qr code. Available: http://en.wikipedia.org/wiki/QR code [6] M. Yang. Qr-code-encoder-for-objective-c. Available: https://github.com/ myang-git/QR-Code-Encoder-for-Objective-C [7] Zxing (Zebra Crossing). Available: http://code.google.com/p/zxing [8] S. Moore. Overview - 2d barcodes. Available: http://www.public.asu.edu/ ∼skmoore2/2d codes/overview.html [9] What is tag. Available: http://tag.microsoft.com/what-is-tag/home.aspx [10] About NFC? Available: http://www.nfc-forum.org/aboutnfc/