A robust and simple security extension for the medical standard SCP-ECG

This paper proposes a SCP-ECG security extension after having analyzed the features of this standard, its security requirements and the current measures implemented by other medical protocols. Our approach permits SCP-ECG files to be stored safely and proper access to be granted (or denied) to users for different purposes: interpretation of the test, consultation, clinical research or teaching. The access privileges are scaled by means of role-based profiles supported by cryptographic elements (ciphering, digital certificates and digital signatures). These elements are arranged as metadata into a new section which extends the protocol and protects the remaining sections. The application built to implement this approach has been extensively tested, showing its capacity to authenticate users and to protect the integrity of files and the privacy of sensitive data, with a low impact on file size and access time. In addition, this solution is compatible with any version of the SCP-ECG and can be easily integrated into e-health platforms.

Graphical abstractFigure optionsDownload full-size imageDownload high-quality image (105 K)Download as PowerPoint slideHighlights► We analyze the security measures implemented by the major standards of ECG. ► The SCP-ECG gives little consideration to data security and privacy of the patient. ► Features, security needs of the SCP and relevant protection policies are studied. ► Our extension includes role-based access, ciphering, signature and secure exchange. ► The availability of protected SCP files is guaranteed at good levels.