Regulations and Standards Aware Framework for Recording of mHealth App Vulnerabilities

Zornitza Prodanoff, Cynthia White-Williams, Hongmei Chi

OAI: oai:igi-global.com:270900 • DOI: 10.4018/IJEHMC.20210501.oa1

The authors describe a standards-based security framework for the purposes of recording security and privacy vulnerabilities discovered in mHealth apps. The proposed framework is compliant with the international standard for software architecture descriptions, ISO/IEC/IEEE 42010, relevant state-agency regulations, and US federal healthcare mandates, as well as computing standards for data interchange formats. Future real-life implementations are envisioned to consists of three key components: (1) design and implementation of a repository that links vulnerabilities to concepts from the taxonomy used by legislative and standardization bodies; (2) population of the repository with security vulnerability descriptions that follow a standard format, such as JavaScript Object Notation (JSON); and (3) implementation of a searchable user interface (e.g., Google's Firebase UI), which allows for aggregation statistics, data analytics, as well as public access to the repository. The proposed framework design promotes timely updates of regulations, standardization drafts, and app development platforms.

Health Information Systems Medical, Healthcare, and Life Sciences Health Information Systems