Change search
Link to record
Permanent link

Direct link
BETA
Fischer-Hübner, SimoneORCID iD iconorcid.org/0000-0002-6938-4466
Alternative names
Publications (10 of 160) Show all publications
Iwaya, L. H., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2019). Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats. JMIR mhealth and uhealth, 7(3), 1-16, Article ID e11642.
Open this publication in new window or tab >>Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
2019 (English)In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, no 3, p. 1-16, article id e11642Article in journal (Refereed) Published
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Place, publisher, year, edition, pages
JMIR Publications, 2019
Keywords
Mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70212 (URN)10.2196/11642 (DOI)
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2019-03-21Bibliographically approved
Fischer-Hübner, S., Martucci, L., Fritsch, L., Pulls, T., Herold, S., Iwaya, L. H., . . . Albin, Z. (2018). A MOOC on Privacy by Design and the GDPR. In: Lynette Drevin, Marianthi Theocharidou (Ed.), Information Security Education: Towards a Cybersecure Society. Paper presented at 11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings (pp. 95-107). Cham, Switzerland: Springer
Open this publication in new window or tab >>A MOOC on Privacy by Design and the GDPR
Show others...
2018 (English)In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2018
Series
IFIP Advances in Information Technology (AICT) ; 531
Keywords
privacy, teaching, mooc, course design
National Category
Engineering and Technology Humanities and the Arts
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69413 (URN)10.1007/978-3-319-99734-6_8 (DOI)978-3-319-99734-6 (ISBN)
Conference
11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings
Projects
WISR
Funder
Knowledge Foundation, NU16
Available from: 2018-09-27 Created: 2018-09-27 Last updated: 2018-10-19Bibliographically approved
Fischer-Hübner, S. (2018). Anonymity (2ed.). In: Ling Liu och M. Tamer Özsu (Ed.), Encyclopedia of Database Systems: (pp. 4). Springer-Verlag New York
Open this publication in new window or tab >>Anonymity
2018 (English)In: Encyclopedia of Database Systems / [ed] Ling Liu och M. Tamer Özsu, Springer-Verlag New York, 2018, 2, p. 4-Chapter in book (Refereed)
Place, publisher, year, edition, pages
Springer-Verlag New York, 2018 Edition: 2
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65655 (URN)978-1-4614-8266-6 (ISBN)978-1-4614-8265-9 (ISBN)
Available from: 2018-01-18 Created: 2018-01-18 Last updated: 2018-06-11Bibliographically approved
Fritsch, L. & Fischer-Hübner, S. (2018). Applications of Privacy and Security Research in the Upcoming Battlefield of Things. In: Audun Jøsang (Ed.), Proceedings of the 17th European Conference on Cyber Warfare and Security: . Paper presented at The 17th European Conference on Cyber Warfare and Security. Reading: Academic Conferences and Publishing International Limited
Open this publication in new window or tab >>Applications of Privacy and Security Research in the Upcoming Battlefield of Things
2018 (English)In: Proceedings of the 17th European Conference on Cyber Warfare and Security / [ed] Audun Jøsang, Reading: Academic Conferences and Publishing International Limited, 2018Conference paper, Published paper (Refereed)
Abstract [en]

This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

Place, publisher, year, edition, pages
Reading: Academic Conferences and Publishing International Limited, 2018
Keywords
internet of things, autonomous systems, digital warfare, transfer of research, information privacy, information security, trend scouting, cyberwar, cybersecurity, weaponization of smart systems
National Category
Information Systems Human Computer Interaction Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-68386 (URN)978-1-911218-85-2 (ISBN)978-1-911218-86-9 (ISBN)
Conference
The 17th European Conference on Cyber Warfare and Security
Available from: 2018-07-04 Created: 2018-07-04 Last updated: 2018-07-05Bibliographically approved
Fischer-Hübner, S. & Hermann, D. (2018). Benutzbare Lösungen für den Datenschutz. In: Dr. Christian Reuter (Ed.), Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (pp. 119-138). Wiesbaden, Tyskland: Springer Vieweg
Open this publication in new window or tab >>Benutzbare Lösungen für den Datenschutz
2018 (English)In: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement / [ed] Dr. Christian Reuter, Wiesbaden, Tyskland: Springer Vieweg , 2018, p. 119-138Chapter in book (Refereed)
Place, publisher, year, edition, pages
Wiesbaden, Tyskland: Springer Vieweg, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-66470 (URN)10.1007/978-3-658-19523-6 (DOI)9783658195229 (ISBN)9783658195236 (ISBN)
Available from: 2018-02-23 Created: 2018-02-23 Last updated: 2018-03-01Bibliographically approved
Alaqra, A., Fischer-Hübner, S. & Framner, E. (2018). Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients. Journal of Medical Internet Research, 20(12), Article ID e10954.
Open this publication in new window or tab >>Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
2018 (English)In: Journal of Medical Internet Research, ISSN 1438-8871, E-ISSN 1438-8871, Vol. 20, no 12, article id e10954Article in journal (Refereed) Published
Abstract [en]

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Place, publisher, year, edition, pages
JMIR Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70971 (URN)10.2196/10954 (DOI)000454351700001 ()30578189 (PubMedID)
Note

This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions

Available from: 2019-02-07 Created: 2019-02-07 Last updated: 2019-02-21Bibliographically approved
Karegar, F., Pettersson, J. S. & Fischer-Hübner, S. (2018). Fingerprint Recognition on Mobile Devices: Widely Deployed, Rarely Understood. In: ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018).: . Paper presented at The 3rd SECPID Workshop in the 13th International Conference on Availability, Reliability and Security (ARES 2018), August 27-30, 2018, Hamburg, Germany.. New York, NY, USA: ACM Digital Library, Article ID 39.
Open this publication in new window or tab >>Fingerprint Recognition on Mobile Devices: Widely Deployed, Rarely Understood
2018 (English)In: ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018)., New York, NY, USA: ACM Digital Library, 2018, article id 39Conference paper, Published paper (Refereed)
Abstract [en]

Only a few studies have addressed the users' conception of how fingerprint recognition used for different purposes on mobile devices works. This study contributes by investigating how different groups of individuals think that the fingerprint recognition works, why they think so, and also by pointing out differences in pin code and fingerprint issues. The study furthermore yields some results concerning individuals' attitudes towards how sensitive the use of fingerprint sensors is: non-users tended to be more afraid of third-party access than users. On the other hand, users tended to regard the fingerprint pattern as more sensitive than non-users.

This study also manages to give some methodological contributions, namely that mockup user interfaces do not bias the parameters studied in this paper (e.g. understanding of access to fingerprint data), and that self-estimation of knowledge in Computer Security is not a good indicator of respondents' understanding of fingerprint security and privacy. Moreover, people who connected a low degree of sensitivity to fingerprint patterns gave very different reasons for their estimation of sensitivity. This prompts for more research, as it is unclear if different groups would benefit from different information and modes of visualisation to understand what are the issues involved in fingerprint recognition on mobile devices.

Place, publisher, year, edition, pages
New York, NY, USA: ACM Digital Library, 2018
Keywords
Fingerprint Pattern, User Perception, Sensitive Information, Data Privacy
National Category
Computer Sciences Human Computer Interaction
Identifiers
urn:nbn:se:kau:diva-70227 (URN)10.1145/3230833.3234514 (DOI)978-1-4503-6448-5 (ISBN)
Conference
The 3rd SECPID Workshop in the 13th International Conference on Availability, Reliability and Security (ARES 2018), August 27-30, 2018, Hamburg, Germany.
Projects
CREDENTIAL
Funder
EU, Horizon 2020, 653454
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2019-03-07Bibliographically approved
Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. (2018). Helping John to Make Informed Decisions on Using Social Login. In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018: . New York: ACM Publications
Open this publication in new window or tab >>Helping John to Make Informed Decisions on Using Social Login
2018 (English)In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018, New York: ACM Publications, 2018Chapter in book (Other academic)
Place, publisher, year, edition, pages
New York: ACM Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65743 (URN)10.1145/3167132.3167259 (DOI)000455180700169 ()
Projects
Credential (4896)
Funder
EU, Horizon 2020
Available from: 2018-01-19 Created: 2018-01-19 Last updated: 2019-02-14Bibliographically approved
Kosta, E., Hansen, M., Nai-Fovino, I. & Fischer-Hübner, S. (2018). Preface. In: : . Paper presented at 12th Annual IFIP Summer School on Privacy and Identity Management, 2017; Ispra; Italy; 4 September 2017 through 8 September 2017 (pp. VI). Springer, 526
Open this publication in new window or tab >>Preface
2018 (English)Conference paper (Refereed)
Place, publisher, year, edition, pages
Springer, 2018
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69003 (URN)2-s2.0-85048972421 (Scopus ID)978-3-319-92925-5 (ISBN)
Conference
12th Annual IFIP Summer School on Privacy and Identity Management, 2017; Ispra; Italy; 4 September 2017 through 8 September 2017
Available from: 2018-09-05 Created: 2018-09-05 Last updated: 2019-02-25Bibliographically approved
Hansen, M., Kosta, E., Nai-Fovino, I. & Fischer-Hübner, S. (Eds.). (2018). Privacy and Identity Management: The Smart Revolution. Paper presented at 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017. Springer
Open this publication in new window or tab >>Privacy and Identity Management: The Smart Revolution
2018 (English)Conference proceedings (editor) (Refereed)
Abstract [en]

This book contains selected papers presented at the 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, held in Ispra, Italy, in September 2017.The 12 revised full papers, 5 invited papers and 4 workshop papers included in this volume were carefully selected from a total of 48 submissions and were subject to a three-phase review process. The papers combine interdisciplinary approaches to bring together a host of perspectives: technical, legal, regulatory, socio-economic, social, societal, political, ethical, anthropological, philosophical, and psychological. They are organized in the following topical sections: privacy engineering; privacy in the era of the smart revolution; improving privacy and security in the era of smart environments; safeguarding personal data and mitigating risks; assistive robots; and mobility and privacy.

Place, publisher, year, edition, pages
Springer, 2018. p. 371
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 526
Keywords
access control, artificial intelligence, authentication, data protection, General Data Protection Regulation (GDPR), Human-Computer Interaction (HCI), information security, Internet, personal data, privacy, privacy concerns, privacy preservation, robotics, robots, security, user interfaces, web services
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69748 (URN)10.1007/978-3-319-92925-5 (DOI)978-3-319-92924-8 (ISBN)978-3-319-92925-5 (ISBN)
Conference
12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017
Available from: 2018-10-19 Created: 2018-10-19 Last updated: 2018-10-19Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6938-4466

Search in DiVA

Show all publications