Regulations and standards aware framework for recording of mhealth app vulnerabilities

Authors

Zornitza Prodanoff, University of North FloridaFollow
Cynthia White-Williams, University of North Florida
Hongmei Chi, Florida Agricultural and Mechanical University

Document Type

Article

Publication Date

5-1-2021

Abstract

The authors describe a standards-based security framework for the purposes of recording security and privacy vulnerabilities discovered in mHealth apps. The proposed framework is compliant with the international standard for software architecture descriptions, ISO/IEC/IEEE 42010, relevant state-agency regulations, and US federal healthcare mandates, as well as computing standards for data interchange formats. Future real-life implementations are envisioned to consists of three key components: (1) design and implementation of a repository that links vulnerabilities to concepts from the taxonomy used by legislative and standardization bodies; (2) population of the repository with security vulnerability descriptions that follow a standard format, such as JavaScript Object Notation (JSON); and (3) implementation of a searchable user interface (e.g., Google’s Firebase UI), which allows for aggregation statistics, data analytics, as well as public access to the repository. The proposed framework design promotes timely updates of regulations, standardization drafts, and app development platforms.

Publication Title

International Journal of E-Health and Medical Communications

Volume

12

Issue

3

First Page

1

Last Page

16

Digital Object Identifier (DOI)

10.4018/IJEHMC.20210501.oa1

ISSN

1947315X

E-ISSN

19473168

Citation Information

Prodanoff, Z., White-Williams, C., & Chi, H. (2021). Regulations and Standards Aware Framework for Recording of mHealth App Vulnerabilities. International Journal of E-Health and Medical Communications (IJEHMC), 12(3), 1-16. http://doi.org/10.4018/IJEHMC.20210501.oa1