Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 27) Show all publications
Wairimu, S., Iwaya, L. H., Fritsch, L. & Lindskog, S. (2024). On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review. IEEE Access, 12, 19625-19650
Open this publication in new window or tab >>On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review
2024 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 19625-19650Article, review/survey (Refereed) Published
Abstract [en]

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices. 

Place, publisher, year, edition, pages
IEEE, 2024
Keywords
Privacy impact assessment, data protection impact assessment, general data protection regulation, privacy by design, privacy, review, threat modeling, privacy risks, validity, maturity.
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-98433 (URN)10.1109/access.2024.3360864 (DOI)001161062400001 ()2-s2.0-85184332904 (Scopus ID)
Projects
Digital Health Innovation (DHINO) ProjectDigitalWell Arena Project
Funder
Region Värmland, RUN/220266Vinnova, 2018-03025
Available from: 2024-02-09 Created: 2024-02-09 Last updated: 2024-09-25Bibliographically approved
Iwaya, L. H., Alaqra, A. S., Hansen, M. & Fischer-Hübner, S. (2024). Privacy impact assessments in the wild: A scoping review. Array, 23, 1-20, Article ID 100356.
Open this publication in new window or tab >>Privacy impact assessments in the wild: A scoping review
2024 (English)In: Array, E-ISSN 2590-0056, Vol. 23, p. 1-20, article id 100356Article in journal (Refereed) Published
Abstract [en]

Privacy Impact Assessments (PIAs) offer a process for assessing the privacy impacts of a project or system. As a privacy engineering strategy, they are one of the main approaches to privacy by design, supporting the early identification of threats and controls. However, there is still a shortage of empirical evidence on their use and proven effectiveness in practice. To better understand the current literature and research, this paper provides a comprehensive Scoping Review (ScR) on the topic of PIAs “in the wild,” following the well-established Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) guidelines. This ScR includes 45 studies, providing an extensive synthesis of the existing body of knowledge, classifying types of research and publications, appraising the methodological quality of primary research, and summarising the positive and negative aspects of PIAs in practice, as reported by those studies. This ScR also identifies significant research gaps (e.g., evidence gaps from contradictory results and methodological gaps from research design deficiencies), future research pathways, and implications for researchers, practitioners, and policymakers developing and using PIA frameworks. As we conclude, there is still a significant need for more primary research on the topic, both qualitative and quantitative. A critical appraisal of qualitative studies revealed deficiencies in the methodological quality, and only four quantitative studies were identified, suggesting that current primary research remains incipient. Nonetheless, PIAs can be regarded as a prominent sub-area in the broader field of empirical privacy engineering, in which further scientific research to support existing practices is needed.

Place, publisher, year, edition, pages
Elsevier, 2024
Keywords
Privacy, Data protection, Privacy impact assessment, Data protection impact assessment, Privacy by design, Scoping review
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-100977 (URN)10.1016/j.array.2024.100356 (DOI)001270263800001 ()2-s2.0-85198335026 (Scopus ID)
Projects
Digital Health Innovation (DHINO) ProjectDigitalWell Arena Project
Funder
Region Värmland, RUN/220266Vinnova, 2018-03025Knowledge FoundationKnut and Alice Wallenberg Foundation
Available from: 2024-07-15 Created: 2024-07-15 Last updated: 2024-08-06Bibliographically approved
Iwaya, L. H., Nordin, A., Fritsch, L., Børøsund, E., Johansson, M., Varsi, C. & Ängeby, K. (2023). Early Labour App: Developing a practice-based mobile health application for digital early labour support. International Journal of Medical Informatics, 177, 105139-105139, Article ID 105139.
Open this publication in new window or tab >>Early Labour App: Developing a practice-based mobile health application for digital early labour support
Show others...
2023 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 177, p. 105139-105139, article id 105139Article in journal (Refereed) Published
Abstract [en]

Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner’s preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project’s Randomised Control Trial, which is already ongoing.

Place, publisher, year, edition, pages
Elsevier, 2023
Keywords
Mhealth, Mobile health, Mobile app, Early labor, Midwifery, Pregnancy, Prenatal care
National Category
Health Sciences Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-96158 (URN)10.1016/j.ijmedinf.2023.105139 (DOI)001036408000001 ()37406571 (PubMedID)2-s2.0-85164245277 (Scopus ID)
Funder
Vinnova, 2018-03025Region Värmland, RUN/220266
Available from: 2023-07-27 Created: 2023-07-27 Last updated: 2023-08-10Bibliographically approved
Knoche, H., Abdul-Rahman, A., Clark, L., Curcin, V., Huo, Z., Iwaya, L. H., . . . Ziadeh, H. (2023). Identifying Challenges and Opportunities for Intelligent Data-Driven Health Interfaces to Support Ongoing Care. In: Albrecht Schmidt, Kaisa Väänänen (Ed.), CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems: . Paper presented at CHI Conference on Human Factors in Computing Systems, Hamburg, Germany, April 23-28, 2023. (pp. 1-7). Association for Computing Machinery (ACM), Article ID 354.
Open this publication in new window or tab >>Identifying Challenges and Opportunities for Intelligent Data-Driven Health Interfaces to Support Ongoing Care
Show others...
2023 (English)In: CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems / [ed] Albrecht Schmidt, Kaisa Väänänen, Association for Computing Machinery (ACM), 2023, p. 1-7, article id 354Conference paper, Oral presentation with published abstract (Refereed)
Abstract [en]

This workshop will explore future work in the area of intelligent, conversational, data-driven health interfaces both from patients’ and health care professionals’ perspectives. We aim to bring together a diverse set of experts and stakeholders to jointly discuss the opportunities and challenges at the intersection of public health care provisioning, patient and caretaker empowerment, monitoring provisioning of health care and its quality. This will require AI-supported, conversational decision-making interfaces that adhere to ethical and privacy standards and address issues around agency, control, engagement, motivation, and accessibility. The goal of the workshop is to create a community around intelligent data-driven interfaces and create a road map for their future research.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
data-driven interfaces, patient journey, data sharing, agency, trust, patient engagement, healthcare professionals, clinical settings, patient-clinician interaction, decision support, care pathways, conversational user interfaces, NLP
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-94645 (URN)10.1145/3544549.3573798 (DOI)978-1-4503-9422-2 (ISBN)
Conference
CHI Conference on Human Factors in Computing Systems, Hamburg, Germany, April 23-28, 2023.
Funder
Region Värmland, RV2018-678EU, Horizon Europe, 101057603, CA18118
Available from: 2023-05-13 Created: 2023-05-13 Last updated: 2023-05-19Bibliographically approved
Iwaya, L. H., Babar, M. A., Rashid, A. & Wijayarathna, C. (2023). On the privacy of mental health apps: An empirical investigation and its implications for app development. Empirical Software Engineering, 28(1), Article ID 2.
Open this publication in new window or tab >>On the privacy of mental health apps: An empirical investigation and its implications for app development
2023 (English)In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 28, no 1, article id 2Article in journal (Refereed) Published
Abstract [en]

An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an unprecedented growth in the adoption of mental health services, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps’ development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among 3rd-parties and advertisers in the current apps’ ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. We conclude that while developers ought to be more knowledgeable in considering and addressing privacy issues, users and health professionals can also play a role by demanding privacy-friendly apps. 

Place, publisher, year, edition, pages
Springer, 2023
Keywords
Privacy, Security, Mobile health, Mental health apps, Privacy by design, Android, Empirical study
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-92445 (URN)10.1007/s10664-022-10236-0 (DOI)000880336500004 ()36407814 (PubMedID)2-s2.0-85141641230 (Scopus ID)
Projects
Cyber Security Cooperative Research Centre (CSCRC, Australia)European Commission’s H2020 Programme via the CyberSec4Europe project (Grant: 830929)Swedish Knowledge Foundation via the TRUEdig projectRegion Värmland via the DigitalWell Arena project (Grant: RV2018-678)
Funder
EU, Horizon 2020, 830929Knowledge Foundation, TRUEdig projectRegion Värmland, RV2018-678Swedish Foundation for Strategic Research
Available from: 2022-11-10 Created: 2022-11-10 Last updated: 2022-11-30Bibliographically approved
Iwaya, L. H., Babar, M. A. & Rashid, A. (2023). Privacy Engineering in the Wild: Understanding the Practitioners' Mindset, Organisational Aspects, and Current Practices. IEEE Transactions on Software Engineering, 49(9), 4324-4348
Open this publication in new window or tab >>Privacy Engineering in the Wild: Understanding the Practitioners' Mindset, Organisational Aspects, and Current Practices
2023 (English)In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 49, no 9, p. 4324-4348Article in journal (Refereed) Published
Abstract [en]

Privacy engineering, as an emerging field of research and practice, comprises the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems. For that, software practitioners and other stakeholders in software companies need to work cooperatively toward building privacy-preserving businesses and engineering solutions. Significant research has been done to understand the software practitioners' perceptions of information privacy, but more emphasis should be given to the uptake of concrete privacy engineering components. This research delves into the software practitioners' perspectives and mindset, organisational aspects, and current practices on privacy and its engineering processes. A total of 30 practitioners from nine countries and backgrounds were interviewed, sharing their experiences and voicing their opinions on a broad range of privacy topics. The thematic analysis methodology was adopted to code the interview data qualitatively and construct a rich and nuanced thematic framework. As a result, we identified three critical interconnected themes that compose our thematic framework for privacy engineering “in the wild”: (1) personal privacy mindset and stance, categorised into practitioners' privacy knowledge, attitudes and behaviours; (2) organisational privacy aspects, such as decision-power and positive and negative examples of privacy climate; and, (3) privacy engineering practices, such as procedures and controls concretely used in the industry. Among the main findings, this study provides many insights about the state-of-the-practice of privacy engineering, pointing to a positive influence of privacy laws (e.g., EU General Data Protection Regulation) on practitioners' behaviours and organisations' cultures. Aspects such as organisational privacy culture and climate were also confirmed to have a powerful influence on the practitioners' privacy behaviours. A conducive environment for privacy engineering needs to be created, aligning the privacy values of practitioners and their organisations, with particular attention to the leaders and top management's commitment to privacy. Organisations can also facilitate education and awareness training for software practitioners on existing privacy engineering theories, methods and tools that have already been proven effective.

Place, publisher, year, edition, pages
IEEE, 2023
Keywords
Privacy, security, data protection, privacy engineering, privacy by design, software engineering, qualitative research
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-96159 (URN)10.1109/tse.2023.3290237 (DOI)2-s2.0-85163793581 (Scopus ID)
Funder
EU, Horizon 2020, 830929Knowledge FoundationRegion Värmland, 830929Vinnova, 2018-03025
Available from: 2023-07-27 Created: 2023-07-27 Last updated: 2023-12-11Bibliographically approved
Iwaya, L. H., Iwaya, G. H., Fischer-Hübner, S. & Steil, A. V. (2022). Organisational Privacy Culture and Climate: A Scoping Review. IEEE Access, 10, 73907-73930
Open this publication in new window or tab >>Organisational Privacy Culture and Climate: A Scoping Review
2022 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 10, p. 73907-73930Article, review/survey (Refereed) Published
Abstract [en]

New regulations worldwide are increasingly pressing organisations to review how they collect and process personal data to ensure the protection of individual privacy rights. This organisational transformation involves implementing several privacy practices (e.g., privacy policies, governance frameworks, and privacy-by-design methods) across multiple departments. The literature points to a strong influence of the organisations’ culture and climate in implementing such privacy practices, depending on how leaders and employees perceive and address privacy concerns. However, this new hybrid topic referred to as Organisational Privacy Culture and Climate (OPCC), remains poorly demarcated and weakly defined. In this paper, we report a Scoping Review (ScR) on the topic of OPCC to systematically identify and map studies, contributing with a synthesis of the existing work, distinguishing core and adjacent publications, research gaps, and pathways of future research. This ScR includes 36 studies categorised according to their demographics, research types, contribution types, research designs, proposed definitions, and conceptualisations. Also, 18 studies categorised as primary research were critically appraised, assessing the studies’ methodological quality and credibility of the evidence. Although published research has significantly advanced the topic of OPCC, more research is still needed. Our findings show that the topic is still in its embryonic stage. The theory behind OPCC has not yet been fully articulated, even though some definitions have been independently proposed. Only one measuring instrument for privacy culture was identified, but it needs to be further developed in terms of identifying and analysing its factors, and evaluating its validity and reliability. Initiatives of future research in OPCC will require interdisciplinary research efforts and close cooperation with industry to further propose and rigorously evaluate instruments. Only then OPCC would be considered an evidence-based research topic that can be reliably used to evaluate, measure, and embed privacy in organisations.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
Keywords
Privacy, data protection, organisational culture, organisational climate, privacy culture, privacy climate, reviews
National Category
Computer Sciences Applied Psychology Business Administration
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-91382 (URN)10.1109/access.2022.3190373 (DOI)000838550500001 ()2-s2.0-85134228480 (Scopus ID)
Projects
TRUEdig
Funder
Knowledge Foundation
Available from: 2022-07-26 Created: 2022-07-26 Last updated: 2023-07-05Bibliographically approved
Haque, M. U., Iwaya, L. H. & Ali Babar, M. (2020). Challenges in Docker Development: A Large-scale Study Using Stack Overflow. In: ESEM '20: Proceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM): . Paper presented at IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) (pp. 1-11). ACM Digital Library, 7, Article ID 3410693.
Open this publication in new window or tab >>Challenges in Docker Development: A Large-scale Study Using Stack Overflow
2020 (English)In: ESEM '20: Proceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), ACM Digital Library, 2020, Vol. 7, p. 1-11, article id 3410693Conference paper, Published paper (Refereed)
Abstract [en]

Background: Docker technology has been increasingly used among software developers in a multitude of projects. This growing interest is due to the fact that Docker technology supports a convenient process for creating and building containers, promoting close cooperation between developer and operations teams, and enabling continuous software delivery. As a fast-growing technology, it is important to identify the Docker-related topics that are most popular as well as existing challenges and difficulties that developers face. Aims: This paper presents a large-scale empirical study identifying practitioners' perspectives on Docker technology by mining posts from the Stack Overflow (SoF) community. Method: A dataset of 113, 922 Docker-related posts was created based on a set of relevant tags and contents. The dataset was cleaned and prepared. Topic modelling was conducted using Latent Dirichlet Allocation (LDA), allowing the identification of dominant topics in the domain. Results: Our results show that most developers use SoF to ask about a broad spectrum of Docker topics including framework development, application deployment, continuous integration, web-server configuration and many more. We determined that 30 topics that developers discuss can be grouped into 13 main categories. Most of the posts belong to categories of application development, configuration, and networking. On the other hand, we find that the posts on monitoring status, transferring data, and authenticating users are more popular among developers compared to the other topics. Specifically, developers face challenges in web browser issues, networking error and memory management. Besides, there is a lack of experts in this domain. Conclusion: Our research findings will guide future work on the development of new tools and techniques, helping the community to focus efforts and understand existing trade-offs on Docker topics.

Place, publisher, year, edition, pages
ACM Digital Library, 2020
Keywords
Docker, natural language processing, software engineering, miningsoftware repositories
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-88224 (URN)10.1145/3382494.3410693 (DOI)978-1-4503-7580-1 (ISBN)
Conference
IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)
Projects
Cyber Security Cooperative Research Centre
Available from: 2022-01-27 Created: 2022-01-27 Last updated: 2022-05-12Bibliographically approved
Iwaya, L. H., Ahmad, A. & Ali Babar, M. (2020). Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study. IEEE Access, 8, 150081-150112
Open this publication in new window or tab >>Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study
2020 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 8, p. 150081-150112Article in journal (Refereed) Published
Abstract [en]

An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research, (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation. In contrast, areas of data governance, security and privacy policies, and program management are under-represented, although these are critical to most of the organizations that employ m/uHealth systems. Most research proposes new solutions with limited validation, reflecting a lack of evaluation of security and privacy of m/uHealth in the real world. Empirical research, development, and validation of m/uHealth security and privacy is still incipient, which may discourage practitioners from readily adopting solutions from the literature. This SMS facilitates knowledge transfer, enabling researchers and practitioners to engineer security and privacy for emerging and next generation of m/uHealth systems.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Security, privacy, mobile computing, ubiquitous computing, medical information systems, health information management, reviews
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-88223 (URN)10.1109/access.2020.3015962 (DOI)000562099200001 ()2-s2.0-85090292898 (Scopus ID)
Projects
Cyber Security Cooperative Research Centre (CSCRC), Australia
Available from: 2022-01-27 Created: 2022-01-27 Last updated: 2022-04-07Bibliographically approved
Iwaya, L. H., Li, J., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2019). E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance. In: Lucila Ohno-Machado, Brigitte Séroussi (Ed.), MEDINFO 2019: Health and Wellbeing e-Networks for All. Paper presented at MEDINFO 2019, the 17th World Congress on Medical and Health Informatics, Lyon, France, 25-30 August 2019 (pp. 1224-1227). IOS Press, 264
Open this publication in new window or tab >>E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Show others...
2019 (English)In: MEDINFO 2019: Health and Wellbeing e-Networks for All / [ed] Lucila Ohno-Machado, Brigitte Séroussi, IOS Press, 2019, Vol. 264, p. 1224-1227Conference paper, Published paper (Refereed)
Abstract [en]

Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

Place, publisher, year, edition, pages
IOS Press, 2019
Series
Studies in Health Technology and Informatics, ISSN 0926-9630, E-ISSN 1879-8365
Keywords
mobile health, privacy, public health surveillance
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70211 (URN)10.3233/SHTI190421 (DOI)000569653400246 ()978-1-64368-002-6 (ISBN)978-1-64368-003-3 (ISBN)
Conference
MEDINFO 2019, the 17th World Congress on Medical and Health Informatics, Lyon, France, 25-30 August 2019
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2020-11-05Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-9005-0543

Search in DiVA

Show all publications