{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T02:56:32Z","timestamp":1763348192729,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T00:00:00Z","timestamp":1560124800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"In light of the need for Extramural Hospital Information System (HIS) access through mobile devices outside the hospital, this research analyzes situational information security threats, including the circumstances in which a mobile device may get lost and personal data may be stolen. Moreover, the system needs to be implemented in accordance with the regulations. Based on the security threat analysis, it is proposed to use a security control module to provide a security-enabled HIS proxy module, two-way authentication module, and One-Time Password (OTP). The sending module and cryptographic technology computing module with Micro SD encryption card form a set of HIS extension system, which includes the SMS OTP method to simultaneously verify the two-way authentication mechanism of a user and the device that the user owns.<\/jats:p>","DOI":"10.3390\/s19112628","type":"journal-article","created":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T11:39:47Z","timestamp":1560166787000},"page":"2628","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Study of Out-Of-Hospital Access to HIS System: A Security Perspective"],"prefix":"10.3390","volume":"19","author":[{"given":"Chih-Yung","family":"Chen","sequence":"first","affiliation":[{"name":"Department of Multimedia Design, St. John\u2019s University, New Taipei City 251, Taiwan"},{"name":"Department of Information Management, National Defense University, Taipei City 112, Taiwan"}]},{"given":"Yi-Chang","family":"Hsu","sequence":"additional","affiliation":[{"name":"Department of Multimedia Design, St. John\u2019s University, New Taipei City 251, Taiwan"},{"name":"Department of Information Management, National Defense University, Taipei City 112, Taiwan"}]},{"given":"Chang-Ching","family":"Lin","sequence":"additional","affiliation":[{"name":"Department of Management Sciences, Tamkang University, New Taipei City 251, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8085-1937","authenticated-orcid":false,"given":"Jeyhun","family":"Hajiyev","sequence":"additional","affiliation":[{"name":"Department of Information Management, Chang Gung University, Taoyuan City 333, Taiwan"}]},{"given":"Chia-Rong","family":"Su","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Takming University of Science and Technology, Taipei City 114, Taiwan"}]},{"given":"Ching-His","family":"Tseng","sequence":"additional","affiliation":[{"name":"Department of Information Management, Chang Gung University, Taoyuan City 333, Taiwan"}]}],"member":"1968","published-online":{"date-parts":[[2019,6,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1016\/j.invent.2018.12.001","article-title":"Reviewing the data security and privacy policies of mobile apps for depression","volume":"15","author":"Neary","year":"2019","journal-title":"Internet Interv."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"27","DOI":"10.7309\/jmtm.7.2.4","article-title":"Use of Personal Devices in Healthcare: Guidelines from a Roundtable Discussion","volume":"7","author":"Vearrier","year":"2018","journal-title":"J. Mob. Technol. Med."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1016\/j.hsag.2017.03.002","article-title":"Utilisation of mobile health by medical doctors in a Zimbabwean health care facility","volume":"22","author":"Marufu","year":"2017","journal-title":"Health SA Gesondheid"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"73","DOI":"10.3991\/ijim.v11i6.7265","article-title":"A Survey on Trend, Opportunities and Challenges of mHealth Apps","volume":"11","author":"Jusoh","year":"2017","journal-title":"Int. J. Interact. Mob. Technol."},{"key":"ref_5","unstructured":"Hyunsoo Chung, J.M., and White, A. (2019, June 06). How Smartphone Technology Is Changing Healthcare in Developing Countries. Available online: https:\/\/www.ghjournal.org\/how-smartphone-technology-is-changing-healthcare-in-developing-countries\/."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Zahra, F., Hussain, A., and Mohd, H. (2016, January 11\u201313). Usability Factors of Mobile Health Application for Chronic Diseases. Proceedings of the International Conference on Applied Science and Technology, Kedah, MY, USA.","DOI":"10.1063\/1.4960948"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"215824401558037","DOI":"10.1177\/2158244015580372","article-title":"A Review of Bring Your Own Device on Security Issues","volume":"5","author":"Olalere","year":"2015","journal-title":"SAGE Open"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Hayes, D.F., Markus, H.S., Leslie, R.D., and Topol, E.J. (2014). Personalized medicine risk prediction, targeted therapies and mobile health technology. BMC Med.","DOI":"10.1186\/1741-7015-12-37"},{"key":"ref_9","unstructured":"Li, Q., Zhu, H., Xiong, J., Mo, R., Ying, Z., and Wang, H. (2018). Fine-grained multi-authority access control in IoT-enabled mHealth. Ann. Telecommun., 1\u201312."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1530","DOI":"10.1109\/JIOT.2018.2842773","article-title":"Enhancing privacy and availability for data clustering in intelligent electrical service of IoT","volume":"6","author":"Xiong","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_11","first-page":"39","article-title":"The centrifuge of cloud service: Separated cryptographic and cipher-storage services","volume":"22","author":"Zhuang","year":"2016","journal-title":"Commun. CCISA (Chin. Cryptol. Inf. Secur. Assoc.)"},{"key":"ref_12","unstructured":"Zhuang, Z.-Y., Hsu, Y.-C., Nurmi, K., Chen, C.-Y., Liu, H.-H., and Tseng, T.-S. (2016). A Hybrid Session Key Exchange Algorithm for Highly-sensitive IP-based Institutional Communications. Microsyst. Technol., in press."},{"key":"ref_13","unstructured":"The Identity Theft Resource Center (2009). Data Breach Totals Soar, The Identity Theft Resource Center. ITRC Surveys & Studies."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/S1361-3723(09)70131-9","article-title":"Finding security in the cloud","volume":"2009","author":"Hawthorn","year":"2009","journal-title":"Comput. Fraud Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","article-title":"A survey on security issues in service delivery models of cloud computing","volume":"34","author":"Subashini","year":"2011","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1016\/j.cose.2006.02.007","article-title":"Design of an enhancement for SSL\/TLS protocols","volume":"25","author":"Elgohary","year":"2006","journal-title":"Comput. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"581","DOI":"10.1016\/j.sbspro.2014.03.716","article-title":"Analysis of insiders attack mitigation strategies","volume":"129","author":"Yusop","year":"2014","journal-title":"Procedia Soc. Behav. Sci."},{"key":"ref_18","unstructured":"Schneier, B. (1996). Applied Cryptography, John Wiley & Sons. [2nd ed.]."},{"key":"ref_19","unstructured":"(2019, June 06). Statistics Department, Ministry of Health and Welfare, National Health Insurance Statistics, Available online: http:\/\/www.mohw.gov.tw\/CHT\/DOS\/DisplayStatisticFile.aspx?d=6345."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ferguson, J.K.N., Lucks, S., Schneier, B., Stay, M., Wagner, D., and Whiting, D. (2001). Improved Cryptanalysis of Rijndael. Seventh Fast Software Encryption Workshop, Springer.","DOI":"10.1007\/3-540-44706-7_15"},{"key":"ref_21","unstructured":"US National Institute of Standards and Technology (2001). Advanced Encryption Standard, Federal Information Processing Standard (FIPS) Publication."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"3323","DOI":"10.1016\/j.ins.2009.05.013","article-title":"Online data storage using implicit security","volume":"179","author":"Parakh","year":"2009","journal-title":"Inf. Sci."},{"key":"ref_23","unstructured":"Calderbank, M. (2019, June 06). The RSA Cryptosystem: History. Available online: http:\/\/math.uchicago.edu\/~may\/VIGRE\/VIGRE2007\/REUPapers\/INCOMING\/REU%20paper.pdf."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password Authentication with Insecure Communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Bellare, P.R.M. (1993, January 3\u20135). Random Oracles are Practical: A Paradigm for Designing E Cient Protocols. Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, VA, USA.","DOI":"10.1145\/168588.168596"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/11\/2628\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:57:15Z","timestamp":1760187435000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/11\/2628"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,10]]},"references-count":25,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2019,6]]}},"alternative-id":["s19112628"],"URL":"https:\/\/doi.org\/10.3390\/s19112628","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2019,6,10]]}}}