The Next Generation of eHealth: A Multidisciplinary Survey

Over the past two years, the spread of COVID-19 has spurred the use of information and communication technologies (ICT) in aid of healthcare. The need to guarantee continuity to care has promoted research and industry activities aimed at developing solutions for the digitalization of the procedures to be performed to provide health services, even in emergency scenarios. Digital collection, transmission, and processing of health data represent the starting point for fulfilling this innovation process but also bring heterogeneous challenges. These motivations led to the elaboration of this work, which analyzes innovative and technological tools for the development of digital health (eHealth) through the collection of multisectoral literature, produced thanks to the cooperation of varied research groups, thus providing a multidisciplinary survey. Since digital health is expected to be one of the leading applications of the sixth-generation (6G) wireless cellular networks, this paper covers the related telecommunications aspects. Furthermore, the exploitation of artificial intelligence paradigms to elaborate massive amounts of biological data is examined. Given the extreme sensitivity of health data, this paper also investigates security and privacy issues. In particular, the main techniques and approaches to guarantee security properties (i.e., anonymity, responsibility, authentication, confidentiality, integrity, non-repudiation, and revocability) are studied. Applications involving innovative electromagnetic systems for healthcare and assisted living services are described to provide an example of an eHealth scenario leveraging ICT. Finally, the telemedicine-related regulations of the European Commission are analyzed, with particular reference to the General Data Protection Regulation (GDPR).


I. INTRODUCTION
The worldwide and uncontrolled spread of COVID-19 infection has changed, for some years now, both the impact of technological progress on the quality of life of the worldwide The associate editor coordinating the review of this manuscript and approving it for publication was Qingli Li . population and the vision that the latter has of the digitalization of several activities affecting everyday life. In particular, the healthcare sector has been hit by a wave of change fostered by the need to guarantee continuity of care and health assistance during the lockdowns imposed in the different countries of the world, which have made in-person meetings between the doctor and the patient impracticable. Currently, VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ the digitalization process of the healthcare sector is not at the same point in different parts of the world. However, it has undergone an acceleration everywhere. Data play a significant role in the provision of health services, and their effective digital treatment must be the basis of the innovation process. When digital health (eHealth) services are provisioned, technologies and paradigms from different fields can play critical functions in health data processing, including telecommunications for the collection and transmission of data, artificial intelligence for data elaboration, and security for the protection of data and people. With regards to telecommunications, existing network infrastructures are insufficient to support the full achievement of a radically digitalized healthcare sector. This is confirmed by the authors of [1] and [2], who describe the trends that will lead to the development of the sixth generation (6G) of wireless mobile networks, placing healthcare among the driving applications of the next decade. The continuous growth in the percentage of the world's elderly population is among the factors that will spur the digitalization process of the medical field, leading to an increasingly pervasive presence of the eHealth paradigm among cellular network applications. The need to monitor chronic and old-age diseases will thrive over the years, thus fostering the tendency to resort to information and communication technologies (ICT) to support the remote execution of services, such as monitoring and medical assistance. The Internet of Things (IoT) technology has contributed to the digitalization process that has changed our current world and is considered disruptive and essential to provide connectivity to heterogeneous objects deployed for collecting data [3]. In particular, although the use of the Internet of Medical Things (IoMT) is already underway for the collection and transmission of data in healthcare scenarios, only the deployment of the Internet of Everything (IoE) paradigm (expected concurrently with the evolution of networks towards 6G) will enable the execution of many cuttingedge services. The discussion of how IoE and other 6G paradigms will empower eHealth will be addressed throughout the paper.
Advanced artificial intelligence (AI) algorithms for biological data elaboration are increasingly needed to aid the evolution of the eHealth sector. Biological data, by their nature, are very complex and originate from different application fields (e.g., neurophysiological signals, magnetic resonance imaging, blood oxygenation values) and sources (e.g., hospitals, telemedicine platforms), which determine their wide variety in terms of structure and availability. Therefore, properly elaborating these data implies a preliminary analysis of intrinsic characteristics, such as structure and amount. At an engineering design level, three macro-groups can be identified for the structure of the data: time series, images, and sequences [4]. The origin of data determines the type and, thus, a possible optimal elaboration pipeline, which could involve many algorithms of diverse complexity. Defining a tight cluster of sources is not trivial since they are very wide and related to the target application [5]. The amount of biological data determines the approach to use for their proper management. Biological data collected sporadically and in limited quantities can be processed by the physician or analyzed using standard signal elaboration methods. When quantity and frequency of acquisition far exceed the available elaboration capacity and time, it is essential to entrust autonomous systems equipped with AI to process or label them automatically. A considerable amount of data is also advantageous and necessary for training AI systems, but always considering that data must be adequately structured to be well-processed without human support.
The diverse stages of the data lifecycle present privacy and security concerns, especially if data contain highly sensitive information on users and come from heterogeneous sources. The benefits introduced by innovative paradigms and technologies have the side effect of increasing the attack surface for malicious adversaries. As a consequence, a dramatic number of cybersecurity attacks [6] have been conducted, also recently [7], [8], [9]. Applying security patches to existing solutions is not enough from this perspective, but it is very important to follow security-by-design methodologies.
When dealing with the digital treatment of health data, another aspect that should not be overlooked is that understanding the regulations of health law that govern the various processes is crucial. Without uniform legislation, eHealth services are governed by sectoral regulations, including best practices and guidelines, which should be approached with prudential criteria in light of the principle of self-determination and patient empowerment. Consequently, standards for the efficiency of the digital public health system should be adopted [10]. The security of personal and sensitive data used in the provision of services is a tool to realize the right to health, both in its individual and collective dimensions. There is a functional link, in the health sector, between the issue of security in the training, conservation, use, and circulation of clinical data and the one of privacy. According to the General Data Protection Regulation (GDPR), the strategy for the security of personal data is focused on the ''general principle of processing''. Therefore, a personal data protection approach emerges based on overall risk management and on the proactive accountability of the Data Controller, in charge of concretely modulating the implementation of the principles enshrined in the Regulation. With a view to accountability, the security of personal data, involving the application of different measures, requires an integrated vision of multiple competencies (including legal, IT, and organizational ones) in a balanced integration dimension between human and technological advancement in healthcare [11].

A. MOTIVATIONS AND TARGET AUDIENCE
The primary motivation that led to the elaboration of this work is to contribute with a multidisciplinary survey to the process of analyzing the role of data and their treatment in the context of eHealth.
To the best of our knowledge, there are no investigations of this type in the literature, but only works that individually face some of the aspects we examine. An in-depth review of security and privacy challenges can be found in [12], where no data transmission or elaboration aspects are treated. Another interesting discussion about security in eHealth is provided in [13], where we can find the same security properties presented in our paper in a slightly different meaning; the authors of [13] also mention biometric cryptography as a means of authentication, but there is no reference to blockchain technology. On the contrary, we have devoted much effort to discussing blockchain-based approaches, as it is a mature technology already implemented in several real-life eHealth applications. Likewise, a state-of-the-art review of the fifthgeneration (5G) cellular networks and Internet of Things (IoT) enabled smart healthcare is in [14], which is very focused on 5G and communication technologies, neglecting the topics of artificial intelligence and regulations and lightly treating the security, trust, and privacy challenges. The work in [15] deals with themes similar to our paper despite the point of view of the proposed analysis and the insight provided for the various topics being different, and it does not mention the regulatory aspect that is fundamental for the success of the digitalization of health services. Our work provides an original approach as it introduces a classification of technologies linked to the use that they have in the processing of health data and proposes innovative electromagnetic systems for eHealth as an application example of the collection/elaboration/security paradigm described. Even the authors of [16] discuss the role of 6G in healthcare systems but, unlike our work, their study focuses on communication technologies suitable to emergency scenarios and disaster management. The authors of [4] thoroughly investigate different deep learning (DL) architectures and applications for processing biological data, but they do not address the complementary processes of data transmission and protection. The work in [17] provides an overview of the current and future potential of AI in medicine applications, including a historical outline of AI in medicine, deep neural network components, and different AI approaches; however, it does not address the benefits of integrating AI with efficient and secure transmissions for better accessibility and legal protection of biological data in medical workflows, which are necessary for decentralized eHealth services. Table 1 highlights the differences between our paper and others similar in the recent literature, reporting which topics are covered in each work and to what extent; the ''partial'' value is to be understood with respect to how much the topic is deepened in our work.
We opine that in the future new professional profiles will arise in the eHealth sector, and they will require transversal competencies in different fields. Therefore, unlike other reviews that offer predominantly single-viewpoint analysis, we propose a cross-sectoral overview that could be very useful for the physician/scientist of the future, who, beyond traditional medical skills, should be characterized by highly technological and multidisciplinary knowledge. This paper is intended both for expert readers (interested in investigating a particular approach or technology) and non-expert readers (interested in a high-level vision of eHealth) who might benefit from this paper to acquire a multidisciplinary view of eHealth.
The multidisciplinarity in our work is achieved thanks to the collaboration of different research groups gathered within the iCare project (it is a University project funded within POR FESR FSE 2014/2020 of Calabria Region with the participation of European Community Resources of FESR and FSE, of Italy and of Calabria), which has the dual purpose of strengthening research infrastructures and enriching the healthcare sector. In detail, this project will contribute to the realization of a state-of-the-art telemedicine research laboratory within the university, which will foster the cooperation of worldwide researchers to conduct activities targeted at studying innovative solutions for the management of health services. The latter aspect is directly addressed by the project, since, also thanks to the collaboration with external consultants from the industrial and business sectors, it aims to create a telemedicine system that integrates the procedures that are currently implemented by some local health facilities with others that leverage ICT for remote management of services. Therefore, the synergy between University, Industry, and Hospital represents the backbone of the iCare project, promoter of research and development activities supporting the healthcare sector. Almost at the end of the first year of the project, this work has been produced to reap the benefits of the research activities on the topics of telecommunications, artificial intelligence, information technology, electromagnetism, and health law, which can contribute to providing different viewpoints on the analysis of the digital processing of health data.
A taxonomy of the topics subject of the multidisciplinary survey on eHealth we provide is illustrated in Figure 1.

B. CONTRIBUTIONS
Based on these considerations, the main contribution of this work is to address the matter of data processing in the provision of eHealth services by offering a multidisciplinary survey, which provides insight into the fields of artificial intelligence, electromagnetism, health law, security, and telecommunications, for the first time in literature to the best of our knowledge. This is articulated in the delivery of the following micro-contributions: 1) The central role that data play in eHealth services is emphasized by dealing with a thorough technical analysis of the different steps necessary for their processing.
In particular, the three steps of (i) collection and transmission, (ii) elaboration, and (iii) security are identified and individually addressed through the gathering and analysis of the related literature. A Readiness to Adopt (RTA) value is indicated to provide a qualitative estimate of the readiness to be adopted in eHealth applications for each technology or technique mentioned for  the three data processing steps. It can take on a high, medium, or low value based on how much we believe the rapid use of the technology/technique in eHealth is likely. Mainly, the study of the most recent literature and the knowledge of the mentioned paradigms are the basis for the RTA evaluation that will be discussed later.
2) The 6G technologies expected as enablers in health data processing are investigated, and a collection of diverse classifications related to IoMT devices in the literature is provided to demonstrate the heterogeneity of these devices. 3) AI techniques proposed in the literature for analyzing biological data are explored and given the telemedicine-focused focus of our review, AI clinical applications to evaluate their potential impact are also proposed. 4) The main security properties that an eHealth solution should guarantee are introduced. Furthermore, the leading techniques and approaches offering security features in the eHealth ecosystem are surveyed, showing how they can ensure the above security properties. 5) As an example of the application of the defined data processing paradigm (collection/elaboration/security), research proposals concerning innovative electromagnetic systems applied to the remote and safe monitoring of patient status are described.
6) An in-depth analysis of telemedicine-related regulations is provided, particularly dwelling on some specific articles of GDPR (this research work has been funded by the European Community). Besides, a critical discussion of the reliability that should legally be granted to machines and algorithms is addressed through an example based on the use of AI.
The paper is structured as follows. The next section introduces three technological perspectives on health data processing: collection and transmission, elaboration, and security. Section III discusses the applications of electromagnetic systems in eHealth. In Section IV, a juristic vision of the current challenges related to the healthcare sector is given. Open issues and future research directions are discussed in Section V. Finally, Section VI draws conclusions.
We summarize the meaning of all acronyms used in the paper in Table 2.

II. DIGITAL PROCESSING OF HEALTH DATA: A MULTISTEP METHOD
Nowadays, health data may be efficiently and securely collected, transmitted, and elaborated through the exploitation of ICT, thanks to recent technological advances. In this section, we analyze three different data processing steps (i.e., collection, elaboration, and security), focusing on the technological and innovative tools in the literature that can help digitalize the operations to be accomplished so that the data can be detected on the patient and elaborated by the healthcare professionals in the best possible way. Table 3 collects all the technologies/techniques and works cited in this section grouped by data processing steps and reports the RTA value for each technology/technique.

A. COMMUNICATIONS PARADIGMS FOR DATA COLLECTION
The authors of [2] point out that digital healthcare applications will require increasingly stringent data rate, latency, and reliability requirements, thus making the support of pioneering technologies necessary. IoE, Device-to-Device (D2D), Edge Computing, AI, Digital Twin, Holography, Robotics, Tactile Internet, and Non-Terrestrial Networks (NTNs) are among the technologies that will play a pivotal role in the 6G era and can help in meeting the strict requirements of future applications. In the following, we discuss recent works in the literature that propose using some of these technologies to support the collection and transmission of data on 6G-oriented networks for eHealth services. For each cited technology, a description is provided supported by the advantages, disadvantages, and challenges deriving from its use in the eHealth context. Figure 2 provides a graphical representation of the mentioned technologies.

1) INTERNET OF EVERYTHING (IoE)
IoE is defined, in [18], as the paradigm able to enable the connection on a wireless channel of a plethora of heterogeneous devices, mostly portable and featuring low energy resources. According to [19], IoE belongs to the revolutionary tide of the fifth generation (5G) that includes the most innovative and forward-looking trends. Furthermore, the authors place telemedicine among the IoE applications that will foster the birth of 6G, whose hallmarks will be mainly set based on the performance requirements of IoE services, increasingly imposing in the panorama of current and future cellular networks. In [20], the origin of the term ''IoE'' is attributed to CISCO that, in 2012, defined it as a network of networks connecting people, processes, data, and things, thus being an evolution of the Internet of Things (IoT). To date, the IoT affects many of the most widespread everyday-life applications, and the IoE, as its evolution, will guarantee requirements never yet explored to the services expected for the future 6G cellular networks. Moreover, the cooperative use of IoE with other technologies, such as machine learning, could favor the emergence of new consumer services increasingly oriented towards improving the quality of life of the world population. Representing the evolution of the IoT, the IoE inherits some challenges, including the need to be combined with energy-saving techniques, as it will mainly affect portable and low-power devices; besides, being a revolutionary technology expected for 6G, the IoE is not fully utilized by the current generations of cellular networks, and only some of its ''subsets'' are. For example, in the healthcare field, the IoMT paradigm has made its way, which consists of the use of ''medical things'' to collect and transmit biomedical signals over a network for monitoring patients' diseases [21]. Literature provides several classifications based on different criteria concerning the IoMT systems. As one of the contributions of this work, we have collected in Table 4 some of the most noteworthy IoMT-related taxonomies in the literature. The authors of [21] rank the different sensors that can be used in eHealth environments according to the type of remote monitoring that must be carried out, distinguishing between the five categories shown in Table 4. Two different classifications can be drawn from [22], both related to IoMT but one about the sensors and the other about the general smart healthcare systems: the first distinguishes categories based on the positioning of the sensors inside or outside the patient's body; the latter characterizes systems based on their purpose and function. The macro-categories that can be identified thanks to these classifications are illustrated in Table 4. IoMT devices are classified according to where they are used in [23]; Table 4 portrays the detected macrocategories. Also, in [24], two distinct criteria are considered to classify IoMT sensors, both reported in Table 4: one based on the operating principle of the sensor, the other on the type of medical application in which it is employed. The collection of these taxonomies presented in the literature mainly aims to demonstrate the growing importance that IoMT devices are assuming in the panorama of wireless network applications, given the numerous criteria that can be used to classify them.

2) DEVICE-TO-DEVICE (D2D)
D2D communications enable data transmissions among devices in mutual proximity, thus bringing gains mostly in terms of high data rate and low latency [25]. In the literature, D2D falls within the enabling technologies for smart healthcare applications [26]. In particular, the telemonitoring service could significantly benefit from the exploitation of D2D. For example, IoMT devices can be employed to remotely detect medical parameters and vital signs (e.g., temperature, pressure, oxygen, pulse oximetry, and electrical biosignals) on patients. Personal wireless devices (e.g., smartphones) may receive the gathered data through D2D links (i.e., sidelinks) and forward them to the doctor via the cellular network. A similar application of D2D is presented in [27], where it is considered a valuable solution to support reliable healthcare monitoring services; the authors list enhancements in data rate, latency, coverage, and system capacity among the advantages that D2D could offer to eHealth services. A strong point of [27] is that the major research challenges of D2D communication in wireless networks are highlighted, among which security stands out. Although the more general aspects of the ''security for eHealth data'' topic will be treated later, in this section, we want to emphasize the key challenge of the security issues deriving from the use of D2D communications in healthcare. Thus, in the following, some research proposals introducing solutions for the security of D2D-aided eHealth systems are briefly described. In [28], an escrow-free identity-based aggregate signcryption scheme is proposed to secure a D2D communication protocol in a cloud-centric IoMT-enabled smart healthcare system. In [91], a lightweight and robust security-aware D2D-assist data transmission protocol exploiting a generalized signcryption technique without a certificate has been designed for health systems. Recently, in [1], a novel eHealth system architecture, integrating D2D communications and Multi-access Edge Computing (MEC) and supporting security mechanisms, has been introduced for handling sensitive health data gathered by IoMT devices.

3) DIGITAL TWIN
The digital twin is a virtual representation of elements and dynamics of a physical system [30] that, if exploited in future 6G networks, could help meet the requirements of upcoming applications (including healthcare). It could be considered as closely related to the IoE since it requires the deployment of several sensors to create a replica of the physical object.
The potential for utilizing the digital twin in eHealth and wellness applications has increased since its concept has been extended to the reproduction of living and nonliving entities [31]. It is generally agreed that the realization of the digital twin requires the support of various sensing algorithms, communications technologies, data analysis techniques, and security paradigms to make the virtual copy a faithful and updated replica of the physical entity. In this regard, the great success that the use of wearables has recently enjoyed makes the adoption of the digital twin easier and more user-friendly in the health and well-being contexts [31]. For example, personal digital twins (PDTs) are mentioned in [32] as valid applications in healthcare for developing virtual replicas of human organs. According to the authors, PDTs can offer numerous profits in this field, among which self-generation of alerts, better personal awareness, quicker feedback, and faster triage emerge. The role of the digital twin as a game-changer in the healthcare field is investigated in [33], which introduces a framework for the predictions of heart anomalies through the analysis of electrocardiogram models. Three phases characterize the data collection process for monitoring the medical conditions of patients and for the early detection of anomalies: (1) processing and prediction, (2) monitoring and correction, and (3) comparison. Given the sensitivity of the data collected, the digital-twin-related problems highlighted by the authors mainly concern trust, security, and privacy, since the devices used to create and update the virtual replica can be vulnerable to attacks by malicious actors. Despite the great potential, in [92], besides the problems related to data security, the novelty of technology, time and cost, lack of standards and regulations, and life-cycle mismatching are outlined as challenges to the digital twin implementation. Another aspect that emerges from [92] concerns the numerous definitions that in the literature refer to the same concept of the ''digital twin'', among which the ''virtual object'' lacks.
In fact, a noteworthy observation we want to bring out matters the correlation between the digital twin and virtual object concepts, whose distinction seems a bit fuzzy. An indepth analysis of the virtualization of objects in the IoT world is provided in [34], where the virtual object is defined as the digital counterpart of any real entity in the IoT. The same authors dwell on the definitions and characteristics of the virtual object, pointing out that there is confusion about the use of the term ''virtual'', given the disproportionate use that has been made of it since the 70s. They claim that the functionalities obtainable through virtualization can change according to the considered architecture, except for some common ones and for the goals of the virtual object, which must offer benefits to improve consumers' quality of life.
We believe this makes the distinction between the virtual object and digital twin unclear and opens the way for further study on the topic.

4) ROBOTICS
The potential of applying robotics to the healthcare sector has emerged especially following the outbreak of COVID-19. The authors of [35] collect and describe some compelling robot applications developed during the height of the pandemic emergency to help ensure the health system's resilience. In detail, robotics can be leveraged in favor of: (i) diagnostics, both by facilitating the automation of some equipment and by interacting with patients to measure vital parameters; (ii) interventions, since robots can be used to perform surgery procedures instead-of or together-with doctors; (iii) rehabilitation, which has shown promising results for some years now and could enable telerehabilitation, allowing patients to receive therapy from home; (iv) assistance to patients and healthcare professionals, to improve the well-being of the former and reduce the workload on the latter. It is worth underlining that some of the systems mentioned above are not yet mature enough to be adopted. However, they VOLUME 10, 2022 represent outstanding solutions that could be implemented thanks to technological progress and the evolution of mobile networks towards 6G. Also, in [32], the role of robotics in the healthcare sector, particularly during public health emergencies, is handled. In addition to the previous functionalities, the authors cite disease prevention, for example, through the robotic ultraviolet (UV) disinfection of surfaces performed during COVID-19, and the use of drones and Unmanned Aerial Vehicles (UAVs), to reach patients in remote areas.

5) NON-TERRESTRIAL NETWORKS (NTNs)
Thanks to the implementation of eHealth services, the in-person meeting between patient and doctor can be avoided in all cases in which the latter deems it appropriate. People living in areas away from hospitals or clinics can prevent long travels if the requirements are in place to provide them with access to all the medical care they need. Space communications and the Internet of Space Things (IoST) can ensure the ubiquity of eHealth services by offering their availability anywhere and anytime [36]. NTN is considered one of the key technologies of 6G wireless systems since global connectivity can be achieved owing to the satellite's large footprint (i.e., coverage area) and/or thanks to the implementation of constellations of Low-Earth Orbit (LEO) satellites [37], [38], which can also provide eHealth services with low latency due to their low altitude. To sum up, reaching places unserved or under-served by the terrestrial network is feasible through the exploitation of NTN systems, which represent an excellent wireless component to access 6G eHealth services by meeting ubiquity and low latency requirements.

6) RTA EVALUATION
A MEDIUM RTA value is assigned to the IoE in Table 3 because, although IoMT is already widely used (e.g., for remote monitoring of patient's health conditions), IoE can not be considered highly ready to be adopted since it represents something more complex and broad in comparison to IoMT. 5G was supposed to be the enabler of the IoE; however, its actual application is currently far. 6G will represent the means to overcome the challenges related to the activation of heterogeneous IoE services since it will be designed to fulfill the performance requirements of IoE applications. Considering that the IoE has already been cited in the literature as a revolutionary 5G technology but that it needs 6G (expected to be released approximately in 2030) to be enabled [19], we believe that its RTA value is MEDIUM. Once implemented, the IoE will highly impact eHealth services, fostering personalized care, and continuity of care for chronic patients, improving their quality of life.
D2D technology was introduced in Release 12 of the 3rd Generation Partnership Project (3GPP), but it could have a notable impact on the efficiency of communications between future medical devices. One of the main challenges of using D2D in eHealth concerns communications security. As already discussed, many works in the literature propose possible solutions that, if applied, could allow the success of D2D technology in eHealth services. This justifies the HIGH RTA value we have attributed to the D2D in Table 3.
NASA provided the first definition of the digital twin around the 1960s to indicate a kind of living model in the Apollo missions. Nonetheless, the idea of the digital twin began to seem successful in several fields only with the growing importance gained by the virtualization trend [93]. As highlighted in [92], the digital twin is an emerging paradigm that could bring significant benefits to the healthcare industry but whose evolution is blocked by the current absence of technologies sufficiently advanced to support it; this is why it was assigned a LOW RTA value in Table 3.
Although the use of robotics to support medicine is not yet feasible for some specific applications, due to the technology immaturity, a HIGH RTA value can be assigned to its general employment in eHealth since several services already implement it [35].
Finally, NTNs could bring numerous benefits to eHealth services, especially in terms of connectivity extension. However, their application in this field is far away and is expected to be achieved only when 6G technologies will be widely used. Therefore, the RTA level of NTNs in eHealth is assessed as LOW.

B. ARTIFICIAL INTELLIGENCE FOR eHealth DATA
AI improves healthcare professionals' ability to catch better the day-to-day patterns and needs of the people they care for to optimize available resources and provide a higher quality of service and care to stay healthy. According to the authors of [4], [94], AI tools have revolutionized diagnostic methods in the healthcare system. AI algorithms employ mathematical-computational techniques to learn information directly from data, without mathematical models and predetermined equations [95]. In eHealth, a typical advantage of these algorithms is their flexibility to learn complex patterns that are often impossible to model with standard mathematical approaches (e.g., in identifying biomarkers in time series such as electroencephalograms or magnetic resonance images). Despite AI algorithms having gained impressive progress and far outstripped traditional approaches, biological data elaboration still represents an open challenge.
In this section, we investigate how AI, in particular DL, can play a key role in eHealth to meet the rigorous requirements and future demands of services. We explore the knowledge-learning methodology to train models from data. Comparative investigations of these tools from qualitative and quantitative perspectives are also provided. Finally, open research challenges in using DL for biological data mining are outlined and some possible future perspectives are proposed. are the basis for training algorithms able to extract knowledge from data, exploitable for resilient eHealth solutions.
Supervised learning systems use pre-labeled data as a source of knowledge. The name recalls the idea of a 'supervisor' who instructs the learning system on the labels to be assigned to training instances [96]. Class labels are the possible classification outputs (i.e., diseases or specific associated conditions). Thanks to previous diagnoses made by doctors, it is possible to create well-structured datasets that are very useful for training new models. According to [4], this approach is the most widely used and will provide increasing help in eHealth. Many methods related to supervised learning have been proposed in recent years, including Artificial Neural Network [97], Convolutional Neural Networks [98], Recurrent Neural Network [99], Support Vector Machines [100], k-Nearest Neighbours [101], and Decision Trees [102].
Unsupervised learning is increasingly becoming a key paradigm for analyzing large amounts of biological data as it overcomes the complexity of annotating health datasets during or after collection, being laborious, time-consuming, and expensive [103]. It determines patterns among the entities in a dataset with unknown annotations or characteristics and applies the acquired knowledge to classify the leftover data [5]. In unsupervised learning, we only have input data without any expected output. The objective is to classify and organize a set of inputs that the computer system will reclassify based on common characteristics to make reasoning and predictions about the subsequent inputs. Therefore, unsupervised learning could be employed to overcome limitations and improve the efficiency of eHealth. The most popular unsupervised methods include: Autoencoders [104], Self-Organizing Maps [105], k-Means [106], and Densitybased Clustering [107]. Several of these techniques have been employed to analyze data from numerous biological sources with great results.
Reinforcement learning systems can automatically discover interesting and useful patterns in data. It aims to find a solution to a problem by attempting and checking whether it produces the desired effect. If this occurs, the attempt constitutes a solution to the problem. Otherwise, a different attempt has to be done [108]. It is widely used in robotics; therefore, it could be used for telemedicine applications for remote surgery or home care assistance [109].

2) DEEP NETWORK ARCHITECTURES
Architectures that support biological data processing, including for potential eHealth applications, are now being investigated, especially those that can fully automate data-driven processes by learning directly from raw data.
According to [4], which offers an in-depth survey of the most important algorithms for different data, biological data can be classified into images, signals, and sequences; this classification can be graphically learned in Figure 3. Standard algorithms, such as support vector machines (SVMs), Linear classifiers, or random forests have achieved interesting results over the years; the authors of [110], [111], and [112] explore the literature on these algorithms. They can still be used, but we do not explore them in depth because they require manual extraction of characteristics, which is time-consuming and needs domain-specific know-how. As a result, we discuss the most widely used deep algorithms that solve the aforementioned problems.
• Artificial neural networks (ANNs) have a strong impact in the domain of eHealth. They consist of layers of nodes that include an input layer, one or more hidden layers, and an output layer. Hence, every node or artificial neuron links to another and has an associated weight and threshold. If the output of a node is higher than the specified threshold value, this node is activated, sending data to the next layer in the network. Otherwise, no data is transmitted to the next network layer [113]. There are many clinical applications where ANNs are helpful, such as assisting physicians in medical image interpretation [39], [40], [41], [42], detection of Epilepsy [114], breast cancer [115], lung cancer [116], coronary artery disease [117], Alzheimer's disease [118], etc. The authors of [119] analyze how decisive ANNs have been in the exponential growth of data processing capabilities for present and future health applications. Several studies have been carried out in the literature with highly accurate results [120], [121], [122], [123]. Their remarkable flexibility in modeling complex problems gives more them advantages as compared to standard algorithms. The structures are directly based on studies of existing complex biological neural networks [124], [125], [126].
• Convolutional neural networks (CNNs) are the most widely used architectures with the greatest potential for automated Image-based diagnosis. The complexity of learnable patterns has increased significantly the fields of application providing excellent learning capabilities and enabling classification of challenging healthcare disorders, such as neurological disease [127], [128], [129], cardiac diseases [130], [131], [132], cancer [133], [134], [135], genetic diseases [136], [137], etc. Their architecture can be described as a series of feed-forward layers with convolutional filters that are intermixed with convolutional layers, pooling layers, and fully-connected layers. The first two levels provide an automated feature extraction. The third block is analogous to normal ANNs. The combination of these layers carries an unheard-of flexibility in the input. This is precisely why it is the most extensively used architecture for bio-signal analysis, as described above, of the huge variety in structure and complexity.
• Recurrent neural networks (RNNs) use training data to learn (supervised learning) and are distinguished by their 'memory' that take information from previous inputs to influence current input and output [138].
The output of RNNs depends on previous elements within the sequence, unlike feedforward neural networks (i.e., ANNs, CNNs) that assume input and output are independent of each other. RNNs can analyze time series data, as ordinal or temporal problems such as language translation, natural language processing (NLP), speech recognition, and image subtitling. They can be used in eHealth to analyze medical texts such as anamnesis, and they can be of great help, e.g., in scanning thousands of text documents and finding similarities to support a physician in diagnosing a disease. In general, RNNs can be used in clinical applications requiring time correlation, such as recognition of abnormalities in the electrocardiogram (ECG), electroencephalogram (EEG) monitoring, etc., [139], [140].

3) EXPLAINABILITY AI
AI, specifically DL, offers extraordinary opportunities in eHealth. However, its systematic application is hampered by the lack of trust in the decisions made due to the low interpretability of deep architectures, which represents a severe problem in the clinical field. The validation of models with explainable AI (xAI) tools helps quantify the generated output's resilience and improve security and confidence over black-box models. XAI helps users understand and trust machine learning models by describing how certain features used in the model contribute to its prediction. Furthermore, xAI can be used to validate extracted features, confirm heuristics, identify patient subgroups, and discover new biomarkers [141]. By identifying avenues for model performance improvement, xAI can support research conclusions and guide research advancement. For example, if a network model predicts a heart disease patient's health risk, a clinician would want to understand how strongly the patient's heart rate data influences that prediction [142]. To solve this problem, xAI has been developed to make models transparent. XAI describes the behavior of the neural network and the decisionmaking process. It involves two approaches: • Globally, which aims at a general explanation of the behavior of the model. It identifies how data features collectively influence the result and provides an overview of the model.
• Locally, which identifies how features individually influence the result and independently evaluates each instance and feature of the data (e.g., specific image pixels) [143].
Although this approach is very recent and has been a hot topic only in recent years, researchers have populated the literature to solve this decisive challenge that will transform the future of eHealth [144], [145], [146], [147].

4) RTA EVALUATION
Several AI technologies have been analyzed in detail so far, and their relevance in eHealth has been shown by citing the existing literature. In the following, an evaluation of the RTA of clinical applications exploiting some of these technologies is conducted to provide insight into the adoption rate of AI implementations in the medical field. The RTA values assigned to each application are summarized in Table 3. It is worth mentioning that some limitations to the implementation of the applications are not due to technological constraints but to regulatory limits or an incomplete integration of the technological platforms.
Automated Image-based diagnosis is the most successful and high-impact area of AI applications in the medical field [39], [40], [41], [42]. Indeed, image-based diagnoses are used in many medical specialties, including radiology, neurology, dermatology, and oncology; therefore, we believe that the RTA value of automated medical image diagnosis is HIGH. CNNs are the most successful architectures in automated Image-based diagnosis.
Genome interpretation allows scientists to understand how DNA changes between people and whether or not genetic variations play a role in the development of disease. According to [43], [44], and [45], high-performance algorithms, such as CNNs and RNNs, are decisive in analyzing high-throughput sequencing methods since they generate terabytes of complex raw data. In addition, this application enables accurate clinical interpretation of biological data, which is essential for recognizing the individual differences underlying precision medicine. We thus assigned a HIGH RTA value as it represents a mature technology already in use.
Biomarkers discovery is the building block of precision medicine. It is an emerging area of research and ANNs, CNNs, RNNs, according to [46], [47], [48], [49], and [50], are improving and expanding its diagnostic capabilities. Furthermore, clinicians can benefit from xAI by gaining insight into how the AI models reach solutions from clinical data. We assigned HIGH RTA value in Table 3 because the innovative AI tools of bio-informatics allow the interpretation of large amounts of data, moving the global scientific trend from assumption to data-driven approaches. This adds significant value in different medical fields, gaining insights into molecular pathological mechanisms of disease, identifying new drug targets, or designing emerging economic assays to improve diagnosis, prognosis, or response prediction, readily available for clinical application.
Patient monitoring and clinical care prediction are allowed by the exploitation of electronic health records that provide large amounts of data to predict the most efficient treatments (such as the classification of cancer patients with different responses to chemotherapy [148]) and post-operative prognosis [149] or mortality [150]. RNNs can provide much help to monitor the treatment or progress of medical history because they take information from previous inputs to influence current input and output. RNNs can detect clinically relevant predictors with good accuracy and lead physicians in finding an optimized treatment strategy [51], [52], [53], [54]. After an analysis of the existing adoption rate we have assigned a MEDIUM RTA value in Table 3.
Health assessment using wearable devices and AI algorithms has been the subject of numerous studies [55], [56], [57]. The accessibility of smartphones and wearable sensor technology is causing a rapid accumulation of human subject data. Machine learning and DL, in particular with CNNs, are emerging as techniques to map those data into medical predictions. Clinical decision-making may be directly impacted by such applications that could boost patient care quality while lowering costs. Although wearable devices record a plethora of biomedical signals, including heart rate, voice, tremor, limb movement, and saturation, in an extended recording time, they still lack medical certification or accurate performance. Despite wide margins for development we have assigned a MEDIUM RTA value in Table 3 for the above-mentioned reasons.
Autonomous robotic surgery promises improved safety, efficacy, and access to surgical procedures. Reinforcement learning in this field covers a key role as as an up-andcoming approach for simulating an autonomous agent. The ability to mimic human learning behaviors to maximize the long-term reward enables a robot to learn on its own and partially replicate the work of experts. The trial-and-error learning approach can use complex input data, such as text, image, and temporal data, in the decision-making process and recommends specific actions at predetermined intervals. Due to technological limitations, such as a lack of intelligent algorithms and vision systems that can recognize and track the target tissues in dynamic surgical environments to carry out complex surgical tasks, surgeries have not been completely performed autonomously [58], [59], [60], [61], [62]. Thanks to future developments in AI, robots could one day run the operating room, with surgeons supervising their movements but, to date, the development and adoption of autonomous robots in medical interventions have been remarkably slow. Therefore, a LOW RTA value has been assigned in Table 3.

C. PROPERTIES, TECHNIQUES, AND APPROACHES FOR DATA SECURITY
The quantity and variety of patients' health and wellness data reflect how, where, why, and by whom they are collected [151], [152]. The healthcare data domain involves diversified information related to the patient's life and their links with healthcare facilities and entities. The authors of [153] show how several kinds of data, such as demographic, clinical, wellness, and administrative attributes, VOLUME 10, 2022 concur to create every patient's medical profile and the corresponding electronic health record (EHR). The collection, storage, processing, and sharing of EHRs are key performance indicators for developing and maintaining an efficient healthcare system. However, the attributes of the EHRs may reveal extremely sensitive information; this is the reason why dedicated security measures must be applied for the protection of data and users [154]. Furthermore, the GDPR [155] plays a crucial role in healthcare environments, indicating six principles that must be guaranteed on the data: i) lawfulness, fairness, and transparency; ii) purpose limitation; iii) data minimization; iv) accuracy; v) storage limitations; vi) integrity and confidentiality.
In this section, we focus on the security properties and measures investigated to protect data in the healthcare domain.

1) SECURITY PROPERTIES
In the following, the main security properties are presented as the starting point in individuating, developing, and maintaining a secure eHealth solution. These properties are shown in Figure 4.
• Anonymity. The concept of anonymity is not absolute but depends on the domain. A well-consolidated definition, coming from the field of anonymous communications is provided in [156], which claims that anonymity for a subject is the state of being not identifiable within a set of subjects. In the healthcare domain, we particularly refer to the anonymity of users' data. In this context, a typical example is provided by the concept of k-anonymity [157]. Suppose we assume that we have a dataset containing clinical data on users. In that case, we can say that this dataset satisfies the k-anonymity property if the information associated with a user can not be distinguished from the information associated with other k − 1 users.
• Accountability. This property refers to the possibility of identifying and attributing responsibility to an entity for a given action. For example, when a doctor draws up a medical report on a patient, this action should be notarized so that anyone can verify who the report's author is (even without knowing its content). An effective way to achieve accountability is the blockchain technology [158], [159].
• Authentication. Authentication proves that a given user owns the digital identity they claim. For example, before accessing medical reports, interested users must perform an authentication procedure proving their identities. This can be done using a well-consolidated framework such as electronic IDentification Authentication and Signature (eIDAS) [160].
• Confidentiality. It concerns that data must not be disclosed to not-authorized parties. Again, it is very important that a medical report containing sensitive data about a user can not be accessible by other users. Effective ways to achieve confidentiality are encryption [161], access control mechanisms [162], or a combination of both [163].
• Integrity. This property means that unauthorized parties must not alter the data. Indeed, if a user manages to alter another user's medical report, even if confidentiality is preserved, this can dramatically impact the victim. Like confidentiality, integrity can be achieved through encryption. However, more lightweight approaches exist, such as Message Authentication Code (MAC) [164]. The concept of Integrity is strictly related to that of Immutability, which is a stronger property. By guaranteeing integrity, we mean that even though the data can be altered, there is a public way to check this alteration. On the other hand, immutability requires just the impossibility to alter the data. This can be obtained, for example, by storing them on the blockchain.
• Non Repudiation. It is related to the accountability property and refers to the fact that an entity can not deny having performed a certain action. For example, when a doctor writes a medical report, everyone can verify this (accountability), but at the same time, the doctor can not repudiate the report. Again, blockchain represents the most effective way to achieve this property.
• Revocability. This property consists of the possibility to revoke some privileges or capabilities to some entities. For example, access to the clinical data of patients must be revoked for a doctor who is fired from a hospital upon dismissal. Achieving revocability can be a hard task that depends on the privilege to invalidate. Some specific solutions have been proposed in the literature when dealing with advanced access control methods [165].

2) SECURITY TECHNIQUES
The aforementioned properties should be guaranteed in any solution offering eHealth services to citizens and doctors.
However, in practice, it is challenging to offer all of them simultaneously. Therefore, according to the specific eHealth service to provide and the needs of the involved actors, only a subset of the above properties usually is guaranteed. For example, a tradeoff can exist between anonymity and accountability [166].
When dealing with EHR, achieving at least confidentiality is a necessary condition. Several solutions in the literature pursue this goal [12]. In the following, we briefly discuss the evolution of cryptographic approaches to obtain confidentiality by highlighting their limitations that lead to the introduction of new solutions.
Traditional approaches to ensure confidentiality are based on symmetric encryption or public-key encryption [167].
The main problem of the symmetric encryption schemes is that a key has to be preliminary exchanged between the two communicating actors. This makes these schemes impractical in eHealth environments, considering that a doctor can have many patients and should exchange a key with everyone; furthermore, other keys should be used to communicate between doctors.
Public-key encryption can solve this problem. Indeed, each actor owns a public and a private key, and anyone can encrypt the data by relying on the public key; only those who own the associated private key can decrypt the message. However, also public-key encryption is not conclusive. The public key is a sequence of bytes not associated with the identity of a user. If we assume that a patient wants to share their EHR with a particular doctor (whose identity is known), how can the patient be sure that a given public key belongs to the intended doctor?
Identity-based encryption (IBE) [168] can help in this situation since, in IBE, the public key is represented by some unique information associated with the user's identity (e.g., the e-mail address). This way, the patient can encrypt a message without requiring the public key to any external party, such as a Public Key Infrastructure (PKI) [169]. A price to pay for these benefits is represented by introducing a third-trusted party, called Private Key Generator (PKG), which manages and distributes to the users the private keys associated with the identities. Even though is possible to reduce the trust in the PKG by splitting its competence among multiple PKGs [170], the complete removal of the PKG is an open problem. More advanced IBE schemes allow obtaining confidentiality and anonymity by hiding the identity of the recipient [171], [172]. The advantages of the introduction of IBE in the healthcare domain are witnessed by several proposals in the literature [71], [72], [73], [74].
An IBE extension that can guarantee confidentiality and access control is based on attribute-based encryption (ABE), introduced for the first time in [173]. In ABE, the ciphertext and the key are associated with some attributes and a policy. If the attributes satisfy the policy, the decryption of the ciphertext is allowed.
In particular, in the Key-Policy attribute-based encryption (KP-ABE) [174], the policy is associated with the key, and the attributes are associated with the ciphertext. A user owning a given key can decrypt only those ciphertexts whose attributes match the policy associated with their key.
In Cipher-Policy attribute-based encryption (CP-ABE) [175], [176], the policy is associated with the ciphertext, and the attributes are associated with the key. In this case, which is also the most applied in the healthcare sector, a user has to own the right attributes to decrypt the ciphertext. IBE can be viewed as a particular case of ABE by treating the identity as an attribute.
CP-ABE can introduce several benefits in eHealth applications. Indeed, patients can encrypt their EHRs with a particular policy so that only authorized doctors can access them. For example, data about mental illness can be encrypted under a policy requiring that only Psychiatrists or Psychologists of a given hospital can decrypt them. Another benefit is that the patient does not need to know in advance the specific Psychiatrists and Psychologists (and then their public keys) who have access to the data. Similarly to IBE, a drawback of ABE is represented by the introduction of a PKG that manages and distributes to the users the private keys associated with the attributes or policies. In practical terms, the PKG releases the keys through the collaboration of some attribute providers certifying the ownership of the involved attributes.
An enhancement of CP-ABE is represented by Cipher-Policy attribute-based proxy re-encryption (CP-ABPRE) [177], [178]. In CP-ABPRE, an honest-but-curious proxy is introduced to reduce the computational workload on a user who wants to change the policy associated with a ciphertext. In particular, the proxy receives a re-encryption key from the user to replace the policy associated with a ciphertext with a new one. The advantage of this approach is that the proxy performs this transformation of the ciphertext without learning anything about the plaintext. To understand the benefits of CP-ABPRE in eHealth, we refer to the example reported in [68]. Suppose a user encrypts an EHR under a given policy P 1 , satisfied by some doctors of a clinic C 1 . Furthermore, suppose that the clinic C 1 needs the collaboration of other clinics with additional competencies to make a diagnosis. To do this, C 1 would decrypt the EHR and re-encrypt it with a new policy P 2 , requiring further attributes. If several EHRs have to be translated from the policy P 1 to P 2 , the computational effort required to C 1 may be high (many decryptions and encryptions). Then, it can take advantage of CP-ABPRE, delegating a proxy on the cloud, with high computational power, to re-encrypt all the ciphertexts encrypted under P 1 into new ciphertexts encrypted under P 2 . This can be done by providing the proxy with a single re-encryption key from P 1 to P 2 . It is worth underlining that the proxy can not access the content of the medical records. As a final remark about ABE, we want to observe that, in the eHealth setting, a revocation mechanism should be implemented in case of users lose ownership of some attributes. It is not a trivial task but ad-hoc solutions are available in the literature [69], [70].
As previously stated, the presented encryption techniques (e.g., IBE and ABE) are well-known for protecting EHRs in the medical cloud or servers at a data storage phase. In addition, during the data processing phase, privacy-preserving data publishing (PPDP) approaches are highly required to conceal or obfuscate any sensitive data on the patients to limit their re-identification [63]. Each EHR typically is made of a number of distinct attributes classified as: i) explicit identifier, namely a set of attributes that uniquely identifies a patient (e.g., national ID, name and surname, mobile number); ii) quasi-identifier, which potentially can identify the patient with some additional information (e.g., gender, address, date of birth); iii) sensitive attribute, consisting of personal information that can reveal a particular state iv) non-sensitive attribute, which can not violate patient privacy if disclosed and that are not categorized in the previous groups [64].
In the literature, some privacy protection models have been proposed to handle the challenge of guaranteeing a certain level of anonymity. The technique called k-anonymity aims to make the tuple distinguishable from one another by assuring that each value in a given dataset is indistinct from a minimum of k − 1 records [179]. However, due to its simplicity, k-anonymity is vulnerable to several attacks such as Homogeneity attacks and Background knowledge-based attacks [63]. A different approach to reaching anonymity is ldiversity, which is an extension to k-anonymity given that it is based on the concept that attributes belonging to each relevant group, called equivalence classes, must be well-represented. Instead, the t-closeness introduces the concept of a threshold. Indeed, it is obtained when the sensitive attribute distance in an equivalence class is not greater than this threshold. These techniques have also been investigated in the healthcare sector to assure the privacy of patients' data by providing a suitable patient anonymity level. The authors of [65] analyze some security frameworks able to face the existing challenges of the healthcare industry. In [66] and [67], a clusteringbased anonymization approach has been proposed for cloud healthcare users, while in [180], an anonymity-based solution is developed to generate anonymous tuples for both the client and server side.

3) EXISTING APPROACHES
The protection of EHRs is quite tricky since it needs a balance between privacy and utility: data need to be used and analyzed by several entities, but, at the same time, sensitive information must be kept away from unauthorized actors [181]. We have analyzed the most popular cryptography techniques in an eHealth scenario. Besides, some higher-level deployment approaches have been explored in the literature to manage and organize EHRs.
In [181], authors explore the cloud deployment models and divide the approaches into three categories: i) public cloud model, where the infrastructure is accessible to public users and participating entities (e.g., hospitals, pharmacies, laboratories); ii) private cloud model, an infrastructure administered by one healthcare organization; iii) hybrid cloud model, which is a unification of the previous models since the health organization exploits outsourced resources but controls the data. Each of these models needs to achieve privacy and secure the confidentiality of EHRs data.
Recently, the potentiality of blockchain technology has been harnessed to meet the urgent and strict security requirements in the eHealth environment. Thanks to its immutability, transparency, data integrity, and decentralized nature, blockchain technology can represent an effective approach to managing EHRs [75], [76], [77], [78], [79]. For example, in [80], the authors propose a blockchain-based system in which only authenticated participants can outsource data on the cloud. This way, their integrity is guaranteed also when the medical institution and the cloud collude. Here, Ethereum [81] has been selected as a public blockchain.
Other solutions that rely on consortium and/or private blockchain are available in the literature, like [82], [83], and [84]. Among these, [84] is a very recent proposal designed to exchange health information between different providers. It offers secure storage, rapid access and update of medical records. The system was implemented on Hyperledger Fabric [85].
When dealing with blockchain technology, the interplanetary file system (IPFS) [182] represents a reference solution to store data in a decentralized way. IPFS is a distributed file system in which data are stored and retrieved by content (instead of by location). Currently, a lot of healthcare solutions adopt blockchain in combination with IPFS [86], [87], [88], [89], [90]. Even though several differences (in scope and implementations) exist between these solutions, a common element is the reduction of the cost of storing data. Indeed, in traditional approaches, medical data are stored directly on the blockchain in an immutable way. Often, this results in prohibitive costs. On the other hand, IPFS does not introduce costs to store data and allows the owner to ''unpin'' them so that a garbage collector can remove them from the network. However, no guarantee is provided about removing data, for example, if a node previously hosting a file decides to re-host it. Currently, data removal from IPFS is an open issue. Then, data should be encrypted before being stored on IPFS.

4) RTA EVALUATION
To evaluate the applicability of the security approaches above mentioned, we group them into three categories as reported in Table 3. Before entering into the details, we want to highlight that the limitation of the adoption of these solutions is not necessarily due to technological lack. Indeed, often, security solutions may require an effort to be used that a user or operator is not available to spend. Therefore, to speed up their adoption, these solutions should be developed as transparently as possible for the users.
Concerning blockchain-based approaches, we classify their RTA as HIGH since this represents a mature technology already employed in real-life scenarios. For example, the Guardtime KSI Blockchain [183] adopted in Estonia stores the eHealth records of patients by guaranteeing integrity and privacy. Another interesting project with similar objectives is Medicalchain [184].
Concerning ABE/IBE-based solutions, we rate their RTA as MEDIUM. Indeed, even though their practical adoption in eHealth scenarios is limited (apart from research demonstrators [185]), a lot of cryptographic schemes are already available and ready to be adopted in real-life contexts. This is also witnessed by some ETSI standards (TS 103 458 and TS 103 532). Probably, a small gap to overcome is the presence of a fully trusted party, i.e., the PKG, that potentially may access data by colluding with other entities. The benefits introduced by these approaches have already been discussed in the previous section and concern mainly confidentiality and access control.
Finally, as regards the implementation of privacypreserving methods in the healthcare domain, several challenges and pressing question marks are still unsolved, which made our choice of a LOW RTA. First, researchers and industries strive to find the proper trade-off between utility and privacy in their necessarily GDPR-compliant solutions [186]. The prominent drawback relates to the difficulty of applying these models to medical datasets [187]. Then, again, a downside and a possible research challenge is the absence of a clear standardization of policy compliance plan where the privacy models and protection level are indicated for the healthcare dataset [64].
To conclude, we would like to point out that even if the introduction of these security solutions does not have a direct impact in terms of data usability, it might have an indirect impact. Indeed, the ability to manage data in a privacy-preserving way may incentivize users to increase the amount of data shared (which can be used, for example, to develop AI algorithms).

III. INNOVATIVE ELECTROMAGNETIC SYSTEMS FOR HEALTHCARE AND ASSISTED LIVING SERVICES
The data processing paradigm illustrated in Section II can be applied to different eHealth scenarios and, therefore, to different data types. An example is described in this section, which concerns the application of the data collection/elaboration/security paradigm to monitor indoor patient status. One of the key points in chronic and old-age diseases is remote and safe monitoring of patient status and physiological parameters (e.g., temperature, heartbeat, and breath), without affecting their everyday life. In this respect, localization and tracking are of high interest, and several innovative electromagnetic systems and techniques have been proposed in literature [188], [189], [190].
Among the very many available localization techniques, active systems imply that the targets are equipped with a transmitting/receiving tag, and they actively contribute to the localization process [191]. However, active systems have some drawbacks related to cost issues. For this reason, passive systems have also been proposed, wherein the targets are device-free, and the localization techniques exploit their interaction with the transmitted signal. Several passive systems and approaches have been recently proposed, exploiting electromagnetic waves from optical frequencies to radiofrequency and sound waves [192]. Among them, radiofrequency detection techniques are usually based on the analysis of features such as the time of arrival, the direction of arrival, and the received signal's strength or the channel state information [193]. On the other hand, new non-cooperative device-free techniques for target tracking and localization in the radiofrequency regime exist, which take advantage of the peculiar feature of the electromagnetic waves to penetrate non-metallic objects and exploit inverse scattering approaches [194]. For instance, the main idea of [195] is to image the investigated area by measuring the scattered field generated by the interaction of the electromagnetic waves with the targets and by retrieving the electromagnetic properties by solving an inverse scattering problem [196].
As far as patient cardio-respiratory activities are concerned, the continuous monitoring of breathing and inhalation volumes is essential for diagnosing many respiratory systems, both during hospital confinement and in-home care. Microwave systems demonstrated their potentialities for noninvasive monitoring of vital signs such as heartbeat and breathing. In particular, these systems are usually based on continuous-wave doppler radar and can correctly identify the heartbeat and breathing rate with a reasonable degree of accuracy [197], [198], [199], [200]. For instance, in [201] a simple microwave interferometer capable of measuring displacements of wavelength fractions has also been proposed with an accuracy measurement of chest wall displacement less than 2mm. On the other hand, ultra-wide band radars have also been proposed to quickly detect small movements of the chest wall while breathing [202], [203], [204], [205]. They are based on detecting ultra-wide band pulses reflected by the human body in the time domain. First, the radar transmits short impulses and are reflected by the human body. Then, amplitude variations as well as the time of arrival of the reflected pulse are used to evaluate the thorax and heart movements. These systems radars have some advantages with respect to continuous-wave radars, such as ability to work with low signal-to-noise ratio thus offering high performances in noisy environments, low transmission power, high performance in multipath channels, and simple transceiver architectures enabling low production costs [206].

IV. AN IN-DEPTH ANALYSIS ON THE REGULATIONS
Starting with the communication COM (2008) 689 of 4 November 2008 ''Telemedicine for the benefit of patients, health systems and society'' [207], European Commission has encouraged the Member States to increase their efforts in the field of eHealth, highlighting how telemedicine can be able to significantly improve healthcare efficiency as well as the quality of patient care. Definitely, the pandemic caused by COVID-19 has shown the potential of digital health, for the development of which a unitary regulatory framework is required, capable of harmonizing digital applications, in order to ensure the interoperability of the systems. Above all, the unitary regulatory framework must ensure a robust and VOLUME 10, 2022 safe infrastructure to preserve the assets of patients' health data [208].

A. DATA SECURITY IN THE HEALTH SECTOR: CONSIDERATIONS ON ART. 9 GDPR
Pursuant art. 4 GDPR [209], the ''relative data health'' are personal data related to a natural person's physical or mental health, including the provision of healthcare services that reveal information regarding their state of health. The following art. 9 GDPR includes these data among the particular categories of personal data whose processing is prohibited, according to any limitations that the Member States may even implement [210].
Legislative Decree 10 August 2018, n. 101, issued for the adaptation of Italian legislation to the provisions of the GDPR, has inserted in the legislative decree 30 June 2003 n. 196 (Privacy Code), the art. 2-septies, titled ''Guarantee measures for the processing of genetic, biometric and related to health''. According to co. 1 and 2 of this article, health-related data can be subject to treatment in accordance with the guarantee measures arranged by the Guarantor for the protection of personal data, to be adopted taking into account not only the indications provided by the European Data Protection Board and Best Practice on the processing of personal data but also those pertaining to the scientific development and technology in the sector covered by the measures.
Pursuant the guarantee measures of paragraph 4 of art. 9 GDPR, they concern the precautions to be taken with respect to organizational and management profiles in the health sector and the communication methods directed to the person receiving the medical diagnosis. Pursuant the following paragraph 5 of art. 9 GDPR, it identifies the security measures, also from the technical point of view, the minimization measures, and the specific methods for the selective access to the data. There is a strong correlation between training safety and security of the conservation and circulation of health data [211]. Art. 9, par. 2, GDPR lists the cases in which the prohibition of treatment of health data does not apply, including that in which the interested party has given explicit consent to the processing pursuant lett. a) of the same article. The importance of informed consent in the health context is connected to the issues arising from the rules contained in art. 22 GDPR. Pursuant this article, the interested party has the right not to be subjected to a decision solely based on the automated processing, including profiling, that produces legal effects concerning them or that significantly affects them in a similar way on their person.
An exception to this rule consists in the fact that the decision ''is based on the explicit consent of the interested party'' (paragraph 2, letter a)). In this case ''the owner of the processing implements appropriate measures to protect freedoms and legitimate rights of the interested party, at least the right to obtain human intervention by the data controller, to express their opinion and to contest the outcome''. Therefore, deciding to produce legal effects based on such treatment is crucial. Moreover, this places the discipline in a more advanced security perspective [212]. These regulations concern a problematic issue that currently animates the debate among administrative law scholars, and that refers to the limits where it is possible to delegate the decision-making, in particular of nature, to a procedural or administrative algorithm. In this regard, there is a path traced by some recent rulings by the administrative judge of the first and second instance. However, not all Member States of the European Union (EU) have yet absorbed this path; for example, the Italian Digital Administration Code, despite its repeated changes and the spread of the phenomenon, has not yet done so. The Italian administrative jurisprudence [213] has highlighted the indispensability of the search for the technical rule that governs each algorithm, with a motivation focused on EU law and art. 22 GDPR. Since it is always possible to find a sort of Anthropomorphic principle, administrative discretion can not be delegated to the software, manifesting its persistent relevance when the technical rule is concretely elaborated and applied. There is no radical incompatibility between computerization and administrative discretion, since new technologies determine the redefinition and reallocation of discretion, not its disappearance. The decision entrusted to technology is a human decision: its innovation and creativity depend on human's ability to understand.
An analysis follows in which this concept is examined in detail by taking as a concrete example the application of AI to support the diagnosis. The starting question is: what is the concrete possibility of guaranteeing the transparency of the operation of AI systems? For example, it could be ensured by introducing suitable certification and control procedures with respect to their reliability. It is worth highlighting that AI is never mentioned in the GDPR, though many of the data processed by the AI-connected decision-making mechanisms are classifiable as personal and, therefore, attributable to the protection of the European regulations. Furthermore, as part of the European strategy for AI, the EU published on 21 April 2021, the proposal for a Regulation on the European approach, which resulted in the first European legal framework on AI. This proposal, in addition to prohibiting possible uses of some AI systems, such as those using subliminal techniques or exploiting an age-related vulnerability or a specific disability to distort a person's behaviour, provides for a specific regulation on ''high'' risk for AI systems used as security components of products are subject to evaluation by compliance according to European regulation, such as medical devices. The introduced rules include, in particular, the obligation to create and keep active a risk management system, the obligation to ensure that the AI systems can be supervised on the part of natural persons, the obligation to ensure the reliability, accuracy and safety of the same and specific transparency obligations towards users on the functioning of AI systems [214]. The progressive pervasiveness of algorithms is of great interest in the healthcare context.
In fact, it is connected to the increasing reduction of the role of the human in making decisions with significant consequences for the patient's health. In terms of data security [215], this question pertains not only to the circulation and conservation of health data but to its formation. It is about generating the formation of a relevant and safe decision for the patient's health. In the analysis focused on art. 22 GDPR, it is essential to clarify the meaning of the sentence ''decision solely based on processing automated'', since the term ''solely'' acts as a distinction between decisions eligible and not. The reasoning carried out in the light of the aforementioned administrative jurisprudence has led to assume that the human component can not be replaced by one presumed objectivity of the algorithms. Therefore, there is a reaffirmation of the centrality of the role that the human dimension retains even in the era of smart technologies. However, the majority doctrine assumes that in the case considered by art. 22 GDPR, there must be human intervention to review the results generated by the automated process. Therefore, the art. 22 GDPR could be interpreted in the sense of configuring the right for patients to be recipients of decisions also obtained thanks to the participation of the human component. There will be a difference between the visit carried out by a doctor opposed to confirming a decision made by an algorithm, compared to that performed by a doctor prepared to select the most suitable option to support the choices of the machine due to the lack of availability of information inherent to the huge amount of data that constituted the prerequisite for the decision of the machine. The authoritative doctrine has found that ''the automatic system tends, over time, to capture the decision itself'' [212]. This generates two consequences: first of all, the demonstration that an injurious decision is based only on an automated process represents a ''Probatio diabolica''; in addition, the excessive reliance that the doctor places on the results produced by intelligent machines leads to the so-called phenomenon of ''Professional deskilling'', i.e., the progressive reduction of the skills of health professionals, who can become so unfamiliar with analytics evaluation to be no longer able to detect errors more or less serious. Finally, the presence of explicit consent by the interested party introduces an exception to the rule established in art. 22, par. 1, GDPR.
The key point consists in identifying the characteristics that the human intervention must have in terms of technical preparation, given that the data controller has to guarantee human intervention anyway. This will be even more relevant in the transition towards cutting-edge technologies, whose complex logic requires a technical evaluation, which is by its nature questionable.

V. OPEN ISSUES AND FUTURE RESEARCH DIRECTIONS
The outbreak of the COVID-19 pandemic has given rise to new needs related to the digitalization of various sectors globally. Although digital medicine seems a fairly widespread reality, several shortcomings have emerged in recent years, and the total absence of services remotely provided has weighed heavily on some countries, bringing attention to the Digital Divide issue. As our work shows, the challenges associated with the implementation of eHealth services are many and depend on plenty of factors.
Concerning the telecommunications sector, the technologies are not sufficiently mature for the fulfillment of the requirements of many eHealth services, in particular those relating to latency, connectivity availability, and transmission management of huge amounts of data. 6G is expected as the solution to the problem as it could guarantee the fulfillment of the most stringent requirements of eHealth services, also by leveraging the technologies mentioned in Section II-A. To provide some examples, in the next generation of eHealth, wearable devices are expected as useful means in the remote care of patients. The digital twin can help improve medical care, organizational systems, precision medicine, and advanced modeling of the human body. By exploiting NTNs, connectivity can be guaranteed even in the most remote and disadvantaged areas. Surgical and diagnostic robots can be used to support the human interventions of specialized doctors. These are just a few examples of what telecommunications can do to improve the way medicine will be used not only to ensure the survival of patients but also to improve their quality of life.
In the AI field, developments in algorithm processing capabilities can not keep pace with the evolution of eHealth services. Cloud systems generally lack sufficient processing capabilities for efficient data management, and the methods of storing significant amounts of health data often do not allow their adequate analysis by automated algorithms. In the next generation of eHealth, AI algorithms will provide advanced diagnoses in real time. The training of complex neural networks will be granted via cloud systems capable of handling large amounts of data and xAI techniques to ensure the reliability of results, both through the improvement of the models and the verification of the output.
Regarding security and privacy aspects, even though several technologies are already ready to be used, their adoption is struggling to take hold. This can be explained by two reasons. First, security and privacy risks are misperceived (and underestimated) by the users and eHealth operators. Second, often security comes at a price in terms of usability and/or efficiency. Therefore, two main challenges that we can identify are: (1) increasing the awareness about security risks through the education of users and eHealth operators and (2) developing new security solutions as much transparent as possible.

VI. CONCLUSION
In the next decade, innovative information and communication technologies will benefit various fields, such as the healthcare sector. In particular, eHealth could revolutionize the conventional methods to offer medical services to patients owing to the remote monitoring of diseases and provision of medical assistance, thus guaranteeing continuity and availability of care in every situation, including emergency times. This paper has investigated the literature related to different VOLUME 10, 2022 approaches aimed at collecting, transmitting, elaborating, and protecting health data, being these operations functional to the innovation process towards eHealth. In particular, we survey the research proposals on the following aspects: the 6G technologies that can be leveraged to gather and transmit health data; the AI algorithms and applications useful for the elaboration of biological data; the approaches and techniques for the assurance of the security properties of such sensitive medical data; the application of innovative electromagnetic systems for healthcare and assisted living services; the European Commission's regulations for secure data treatment. The RTA metric for estimating the readiness to be adopted of the technologies and techniques analyzed in this survey has been introduced to highlight their application utility in eHealth. The multidisciplinary facet that characterizes this work has been developed thanks to the collaborations activated within the iCare project, which aims to the empowerment of research infrastructures and the improvement of health services management. By writing this paper, we want to convey that the success of telemedicine and the diffusion of eHealth paradigms could be achieved if heterogeneousby-competence working groups collaborate to define the hallmarks of the future technologies and approaches. Most currently usable paradigms can not adequately support the digital transformation of healthcare. Furthermore, the knowledge of the current regulations can not be neglected since the diffusion and use of technologies in the daily life of citizens inevitably depend on it. This should also make the legislators think, as their decisions can promote or, on the contrary, thwart the digitalization of the health sector. degree in information engineering from the Uni- VINCENZO DE ANGELIS received the B.S. degree in information engineering and the master's degree in telecommunication engineering, in 2017 and 2019, respectively. He is currently pursuing the Ph.D. degree in information engineering with the University Mediterranea of Reggio Calabria, Italy. He is the author of a number of papers published in international journals and conference proceedings. His research interests include information security, blockchain, cloud, and applied cryptography. He was a PC member of a number of conferences and a guest editor of a special issue in an international journals.
GIUSEPPINA LOFARO received the degree (cum laude) in law, in 2008. She received the Ph.D. degree in law and economics, curriculum public economic law, in 2020. Since 2010, she has been a Specialist for the Legal Professions. Since 2012, she has been a Lawyer. In 2017, she was a Technical-Legislative Innovator at the Chamber of Deputies on University, Research, and Health. She is currently a Research Fellow in administrative law with the Department of Information, Infrastructure and Sustainable Energy (DIIES), Mediterranean University of Reggio Calabria. She has authored on Anvur Class A Scientific Journals on: Administrative Procedures and Processes, health law, publicly owned companies, federalism, and sustainable development. She is a member of the editorial board of scientific journals and a speaker at academic conferences. He has authored or coauthored over 400 papers in international journals/conference proceedings in various fields of engineering (machine/deep learning, biomedical signal processing, radar data processing, nuclear fusion, nondestructive testing and evaluation, and computational intelligence). He has coauthored less than 20 international books (mostly focused on neural networks and machine learning) and held five international patents. He has been a Foreign Member of the Royal Academy of Doctors, GIUSEPPE ARANITI (Senior Member, IEEE) received the Laurea and Ph.D. degrees in electronic engineering from the University Mediterranea of Reggio Calabria, Italy, in 2000 and 2004, respectively. He is currently an Associate Professor of telecommunications with the University Mediterranea of Reggio Calabria. His major research interests include 5G/6G networks and it includes personal communications, enhanced wireless and satellite systems, traffic and radio resource management, multicast and broadcast services, device-to-device (D2D), and machine-type communications (M2M/MTC).