Security approaches for electronic health data handling through the Semantic Web: a scoping review

Tracking #: 2997-4211

Authors: 
Vinicius Costa Lima
Filipe Andrade Bernardi
Domingos Alves
Rui Pedro Charters Lopes Rijo

Responsible editor: 
Sabrina Kirrane

Submission type: 
Survey Article
Abstract: 
Integration of health information systems are crucial to advance the effective delivery of healthcare for individuals and communities across organizational boundaries. Semantic Web technologies may be used to connect, correlate, and integrate heterogeneous datasets spread over the internet. However, when working with sensitive data, such as health data, security mechanisms are needed. A scoping review of the literature was undertaken to provide a broad view of security mechanisms applied to, or along with, Semantic Web technologies that could allow its use with health data. Searches were conducted in the most relevant databases for the scope of this work. The findings were classified according to the main objective and features presented by each solution. Twenty-six studies were included in the review. They introduced mechanisms that addressed several security attributes, such as authentication, authorization, integrity, availability, confidentiality, privacy, and provenance. These mechanisms support access control frameworks, semantic and functional interoperability infrastructures, and privacy compliance solutions. The findings suggest that the application and use of Semantic Web technologies is still growing, with the healthcare area being particularly interested. The main security mechanisms for Semantic Web technologies, the key security attributes and properties, and the main gaps in the literature were identified, helping to understand the technical needs to mitigate the risks of handling personal health information over the Semantic Web. Also, this research has shown that complex and robust solutions are available to successfully address several security properties and features, depending on the context that the electronic health data is being managed.
Full PDF Version: 
Tags: 
Reviewed

Decision/Status: 
Minor Revision

Solicited Reviews:
Click to Expand/Collapse
Review #1
Anonymous submitted on 15/Feb/2022
Suggestion:
Minor Revision
Review Comment:

I would like to thank the authors for considering the suggested revisions. I have just a few of more of them that I believe would further enhance the quality of the paper.

In the introduction, presenting what is the target of a scoping review would somehow set the exact expectations of this specific paper.

I would expect the definitions of confidentiality, integrity etc. to be more explicitly mentioned so that the reader can easily identify them. Further a definition should also be provided for the remaining of the 7 features in detail e.g. authentication, authorization etc.

Finally a second table presenting some advantages/disadvantages of each work would make this paper really useful when trying to decide which approach to adopt.

Review #2
Anonymous submitted on 28/Feb/2022
Suggestion:
Accept
Review Comment:

Thank authors for considering and addressing most of my previous comments in the prevision review round. The current version includes additional Background section, the search method, the significance in the introduction section, and limitation of the study. Review results table is better presented now and made accessible for other researchers. I think the current manuscript looks suitable to publish and will contribute to the field. However, there are some changes or improvement need to be made:

The quality (resolution) of Fig 1. PRISMA flow diagram is too low to read.
In the result section, the reviewed papers were presented in detail but I miss the connections. Can they be compared or contrasted with each other (differences or similarities?)
The General Recommendations will be very helpful for the researchers in the field. In my opinion, it can be more explicit and elaborate on more concrete actions. For example, according to “confidentiality, privacy and provenance mechanisms should coexist in favor of an in-depth privacy compliance solution for health data handling”, what is recommended to do then?
It would be better if “The limitation of the study” goes to the Discussion section. What are the potential impacts of these limitations?
In general, the current manuscript is much more complete and structured after revision. I think it can be published after minor changes. Thanks.