Securing Medical Data in Smart Patient-Centric Healthcare Systems

Context and motivation

In order to achieve high quality healthcare provision, it is increasingly important to collect highly confidential and personal medical data that has been obtained from a variety of sources, including personal medical devices and to share this through a variety of means, including public networks and other systems whose security cannot be implicitly trusted. Patients rightly expect full privacy, except where permission has been explicitly given, but they equally expect to be provided with the best possible medical treatment. Evidence suggests that integrating home-based healthcare into a holistic treatment plan is more cost effective, reduces travel-associated risks and costs, and increases the quality of healthcare provision, by allowing the incorporation of more frequent home-, work- and environment based monitoring and testing into medical diagnostics.


There is thus a strong and urgent demand to deliver better, more efficient and more effective healthcare solutions that can achieve excellent patient-centric healthcare provision, while also complying with increasingly strict regulations on the use and sharing of patient data. This provision needs to be multi-site, crossing traditional physical and professional boundaries of hospitals, health centres, home and workplace, and even national borders. It needs to engage hospitals, medical practitioners, consultants and other specialists, as well as incorporating patient-provided data that is produced by personal monitoring devices, healthcare apps, environmental monitoring etc. This creates huge pressures. The goal of the Serums project is to put patients atthe centre of future healthcare provision, enhancing their personal care, and maximizing the quality of treatment thatthey can receive, while ensuring trust in the security and privacy of their confidential medical data.


In order to realize the project's vision, extension of existing and invention of new methods and technologies in many different areas is crucial.

  • We need to develop new technologies for security and protection of the shared personal medical data across untrusted networks. Therefore we will develop access control methods that will provide end-point protection for the medical devices that will collect potentially sensitive personal information. Existing technologies for data cloaking and data fabrication that will enable both secure communication of the data across networks will be extended, as well as stress-testing the medical systems with realistic data to identify any potential vulnerabilities. We will also develop techniques for semantic-preserving encryption of personal data.
  • In order to integrate personal medical data, coming from various sources, into coherent and structured smart patient records, we will develop new formats for the data in the patient records, taking into account different views of the same data that might be presented to different parties. Additionally, we will develop new machine-learning based techniques for extracting metadata from the raw data, allowing construction of the patient records from data with various degree of structure. We will also develop a blockchain solution to track the lineage and provenance of the data.
  • We will develop new data analytics techniques that will be able to deal with distributed data that cannot be moved to a central location. Therefore, we will develop novel deep-learning data analytic techniques that will be distributed in nature, thus allowing analytics on the data that resides on peripheral devices. At the same time, we will ensure that our learning models are privacy preserving when operating on remote data, thus not allowing any leakage of sensitive information.
  • Additionally, we need to extend existing and develop new authentication and trust mechanisms that will ensure that only properly authorised agents have access to the required part of personal and medical data. We will develop new technology that will support a combination of multiple different authorisation methods and that will be able to automatically adapt the authorisation process to the needs of patients or medical institutions.
  • Finally, we will provide integration of the individual technologies into a coherent Smart Medical Centre system, using testing and formal verification methods to test and prove (where feasible) compliance of the system as a whole to the required standards. Selected use cases will allow us to ensure compliance to standard in realistic settings

Expected impact

Serums aims to achieve significant impact in each area that has been identified in the SU-TDS-02-2018 call, providing significantly more secure smart health care provision, with significantly reduced potential for data breaches, and significantly improved patient trust and safety.

  • Quantifiable improvement in secure provision of health and care, evidenced by reduced vulnerability of the Smart Health Centre to common cyber-attacks, as measured by standard indexes determining system resilience, robustness and availability during and after the attacks.
  • Significantly reduced risk of data privacy breaches (at least 75%), evidenced by quantitative metrics showing the quantity of private data that is revealed through a number of common cyber-attacks.
  • Quantifiable improvement in levels of patient trust in the provision of smart health care evidenced by patient surveys and questionnaires.
  • Quantifiable improvement in patient safety evidenced by reduced risk of harm through incorrect treatments or medicines mediated by reduced risk of tampering with medical records, and measured vulnerabilities of connected medical systems


Project title

Securing Medical Data in Smart Patient-Centric Healthcare Systems

Partners from

  • University of St. Andrews, UK (Coordinator)
  • Stichting Zuyderland Medisch Centrum, Netherlands
  • Accenture BV, Netherlands
  • IBM Israel - Science and Technology Ltd, Israel
  • Sopra Steria Group, France
  • University of Louvain (UCL), France
  • University of Cyprus, Cyprus
  • Fundacio Privada Clinic Per a la Recerca Biomedica, Spain
  • Software Competence Center Hagenberg (SCCH), Austria


3 years

Total cost

€ 4,370,059

EC Contribution

€ 4,370,059


H2020-SC1-FA-DTS-2018-2020; Trusted digital solutions and Cybersecurity in Health and Care

Further information


Michael Roßbory

Roßbory Michael

Researcher Data Analysis Systems
Phone: +43 50 343 860