h-MAS |
health-related Multicontext-Aware System |
h-MAS (health-related Multicontext-Aware System) is a trusted third party aimed at providing a privacy-preserving and context-aware solution oriented to health scenarios for managing the privacy of the users' information in multicontext (intra- and inter-context) scenarios, incorporating the user consent to reveal his/her personal information. To this end, h-MAS sends the users several sets of privacy policies, called profiles, aware to the context in which they are located. The users of h-MAS then choose the most suitable profile according to their interests in the surrounded context. After that, users will be able to update the selected profile adding, deleting, or modifying some of the policies that shape it. These policies protect the privacy of the users' health records, locations, or context-aware information being accessed from others without their consent. The intra- and inter-context policies form the privacy profiles that allow users to protect their location, personal information, activities they are doing at any given time, and the information oriented to the context in which they are located. It is important to note that users are called in a different way depending on the context in which they are located; for example, users could be patients, doctors, or hospital staff in the health scenario. Information about patients and the health context is managed by using semantic web techniques, which provide a common infrastructure that makes possible to represent, process, and share information between independent systems more easily. In this sense, the context-aware and the space information are provided by h-MAS through a set of ontologies represented in the OWL 2 language. These ontologies are described below, with which users will able to allow sharing (revealing) their personal information. The h-MAS ontology models the information common for all contexts (users' personal information and location), and a set of ontologies that control the privacy of the users' records in the health scenario. Figure 1 shows the set of ontologies managed by h-MAS within the health scenario required in this paper. It is important to note that, in order to model the medical context, we have defined the set of ontologies explained below in the last block.
The h-MAS ontology models the information common for all contexts and is categorized into two different topics: user and location. User is the top-level class of the user topic, which refers to persons who use the system to obtain context-aware information in a privacy-preserving way. Users can have several Roles and Activities, which can be used to receive customized information (e.g., privacy profiles). The PersonalInformation element models the users' information common for all contexts. As a proof of concept, this class has four predefined subclasses: Name, Age, Telephone, and Address. In order to model the users' location, Space is the top-level class of the location topic. More information about how the space is represented in the h-MAS ontology can be found in PRECISE. The entities of the h-MAS ontology are related each other by properties. Some of these properties are generated by the privacy-preserving policies that contain the users' profiles. In this sense, the hasRevealing property establishes a relationship between two users to share parts of their information. On the other hand, the hasDisclosure property relates a user to the PersonalInformation, Space, Activity, or context-aware information that he/she wants to release.
The complete definition of the h-MAS ontology can be downloaded below.
In order to extend the h-MAS ontology for a health scenario, three new ontologies have been defined: the NHS (National Health Service) ontology, the Health Insurance company ontology, and the Embassy ontology of a given country. The NHS ontology is composed of four main classes: NHS Service, NHS Staff, Patient, and Health Record. The NHS Service can be a Hospital or a Clinic, and both can have Doctors and Nurses as members of their staff. In that sense, users in the NHS context can be NHS Staff or Patients. Patients has a Health Record, which contains information about the Personal Health Record (PHR) and Electronic Health Record (EHR). The PHR and EHR are the electronic versions of patient health information. The main difference between them is that the former is controlled by the patients themselves, whereas the latter is managed by the healthcare providers. As a proof of concept, the EHR class has two predefined subclasses (Immunization and Medication Order) and the PHR class has one (SocialHistory). The EHR is registered by the NHS staff. In order to model the Embassy context, we have defined the Embassy ontology. In this ontology, a given user can be a Traveler or a Civil Servant. Travelers have several Trips, which are registered by the Civil Servant and contains information such as Purpose, Itinerary, and Date of the trip. Finally, the Health Insurance company context is shaped by the Health Insurance ontology. In this ontology, a user can be an Insurance Agent or a Client. Clients have a Health Insurance that contains their Cover. The complete definition of the ontologies commented earlier can be downloaded from the next links.
We have designed and implemented the architecture of h-MAS in order to protect the users' privacy, which is composed of the following three layers: the Plug-ins layer, where contextual information is obtained; the h-MAS layer in charge of modeling and storing that information, which also protects the privacy of the context and users' information; and, finally, the Context-aware Applications layer that provides information to their users. Figure 2 shows the components forming this multi-layered architecture.
The upper layer contains context-aware applications that provide users with specific information about the spaces in which they are located. As an example, the NHS application allows doctors and nurses to ask about the patients' information. On the other hand, this layer also contains the Privacy application, which is the interface that allows users to choose the desired privacy-preserving and context-aware profiles and manage them in a friendly way (next section shows examples about how users can manage it). Our solution models the contextual information by using the previous ontologies. In this sense, the middle layer is in charge of managing both the information gathered from the lower layer and the privacy-preserving profiles formed by their policies. In addition, this middle layer also manages the semantic reasoning with which to infer new knowledge, which is provided to the corresponding applications of the upper layer through predefined queries. To perform all these tasks, the Engine component is composed of three modules: Query, Reasoner, and Update. The Query module provides the Context-aware Applications layer with a number of predefined queries. When a new context-aware application is deployed, its predefined queries are provided to the h-MAS layer. Queries are applied on the knowledge inferred by the Reasoner module, which takes as input the ontological model, formed by the union of the ontologies updated according to the information provided by the Update module, and the privacy policies defined through their corresponding administration components. The Plug-in Manager module is in charge of managing the plug-ins that receive information from the lower layer. Finally, the h-MAS layer has two managers, the Privacy Manager and the Application Manager. The former is in charge of allowing application administrators, owners of the information, or users authorized by some of the previous ones to create, delete, and modify the policies that form the privacy-preserving and context-aware profiles. The latter is the module used by application administrators to manage the behavior of the context-aware applications located at the upper layer. The lower layer obtains the space and context information about the elements that form part of the environment, their locations, as well as further information from these elements depending on the environment. This layer is composed of different plug-ins that interact, on one hand, with the Middlewares (which in turn communicate with sensors or other devices to receive context information) and, on the other hand, with the Location Systems to obtain information about the space.
|