Computer Laboratory


The aim of CareGrid is to develop, in collaboration with Imperial College London, software to realise trust domains, scalable from body-area networks through to grid applications, in which decisions are based on evidence, mitigated by trust and privacy requirements.

The project will investigate the interdependencies between trust, privacy, and security. Future large-scale health-care will involve many different organisations cooperating in patient care, for example, hospitals, GPs, dentists, pharmacies, drug companies, and insurance companies. With the advent of new wireless healthcare products, it is becoming feasible to contemplate new applications that offer real-time healthcare to patients, and involve complex interactions between many services in many organisations.

This scenario is ideal for investigating near-future pervasive computing environments in general. We will use healthcare as our application driver as we are involved in other Healthcare projects, but the concepts and tools developed will be applicable to many e-science applications. Key to such environments is the issue of trust, in that decisions relating to the interactions between entities are trust-based: which entity to interact with, what resources should the entity have access to, what information should be released to the entity, how to configure the mechanisms needed to make the interaction secure and how trust levels change over time, based on experience and reputation.

Large-scale applications cannot rely on the traditional person in the trust decision loop, but must make use of automated trust decisions. A trust domain is a set of collaborating entities capable of making autonomous trust-based decisions and could correspond to the set of care workers responsible for a patient, a body-area network monitoring the health of a patient, a hospital or a regional health authority. We will investigate techniques for the organisation, management, and interoperation of trust domains as the basis for building large-scale trust-based applications.

Suppose a patient with an acute heart condition subscribes to a monitoring service that provides wearable sensors and a small wireless controller. The controller sends monitored information to a service centre where feedback can be provided to the patient from a medic. If the monitoring service detects an emergency it calls an ambulance and liaises with the hospital to which the patient will be taken for treatment. The hospital acquires the patient's cardiac history from his GP and from hospitals where he previously had treatment.

There may not be local expertise to evaluate patient information such as X-rays, ECG readings and so these are sent to a remote expert over the network. Perhaps the patient's usual consultant is not available and a new trusted one has to be chosen. A consultant evaluating an X-ray or ECG may wish to search for similar examples via a medical services grid, but then the question of trust in the source of the examples arises. All the services must, by law, provide records for audit, and anonymised data may be made available for future research.

There are many different aspects of trust in the above interactions. Will the monitoring service detect problems without false alarms? Can the wireless infrastructure be trusted to transmit confidential data, or should the data be communicated over a secure channel? Can the services be trusted to pass on information for audit and research, and can they guarantee that the information will be used only for medical research. In cases of emergency, should privacy policies be over-ruled? Trust between organisations (e.g. a hospital using a blood analysis service) services and people will change over time based on experience (evidence), recommendations, or reputations. There is a need to collect and share evidence for use in making decisions based on trust but there is an inevitable tension between this information sharing and meeting personal and legal requirements for privacy.

More information can be found on the CareGrid website


EPSRC grant EP/C53719X/1: October 2005 - September 2008


  • Cambridge: Jean Bacon and Ken Moody
  • Imperial: Naranker Dulay, Morris Sloman, Emil Lupu