12 2 of 2
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security)ORCID-id: 0000-0001-9005-0543
2019 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC). In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches. Although MDCSs improve the efficiency of CBPHC, existing solutions lack adequate privacy and security safeguards.

To bridge this knowledge gap between the research areas of mHealth and privacy, we start by asking: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, an engineering approach is chosen to analyse and design privacy and security mechanisms for MDCSs.

Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: SecourHealth, a security framework for data encryption and user authentication; an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, an electronic consent (e-Consent) tool for obtaining and handling informed consent.

sted, utgiver, år, opplag, sider
Karlstad: Karlstads universitet, 2019. , s. 55
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2019:1
Emneord [en]
Privacy, data protection, information security, mobile health, community-based primary care, privacy impact assessment, consent management, anonymisation
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-70216ISBN: 978-91-7063-900-5 (tryckt)ISBN: 978-91-7063-995-1 (digital)OAI: oai:DiVA.org:kau-70216DiVA, id: diva2:1266242
Disputas
2019-01-31, 1A305, Lagerlöfsalen, Karlstad, 10:00 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2019-01-08 Laget: 2018-11-27 Sist oppdatert: 2019-01-08bibliografisk kontrollert
Delarbeid
1. Mobile health in emerging countries: a survey of research initiatives in Brazil.
Åpne denne publikasjonen i ny fane eller vindu >>Mobile health in emerging countries: a survey of research initiatives in Brazil.
Vise andre…
2013 (engelsk)Inngår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, nr 5, s. 283-298Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.

HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-40062 (URN)10.1016/j.ijmedinf.2013.01.003 (DOI)000318998000016 ()23410658 (PubMedID)
Tilgjengelig fra: 2016-02-12 Laget: 2016-02-12 Sist oppdatert: 2018-11-27bibliografisk kontrollert
2. SecourHealth: a delay-tolerant security framework for mobile health data collection.
Åpne denne publikasjonen i ny fane eller vindu >>SecourHealth: a delay-tolerant security framework for mobile health data collection.
Vise andre…
2015 (engelsk)Inngår i: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, nr 2, s. 761-772Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-40063 (URN)10.1109/JBHI.2014.2320444 (DOI)000351091200039 ()24801629 (PubMedID)
Tilgjengelig fra: 2016-02-12 Laget: 2016-02-12 Sist oppdatert: 2018-11-27bibliografisk kontrollert
3. Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Åpne denne publikasjonen i ny fane eller vindu >>Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Vise andre…
2016 (engelsk)Inngår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 94, s. 91-99Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Introduction - Mobile health consists in applying mobile devices and communication capabilities for expanding the coverage and improving the effectiveness of health care programs. The technology is particularly promising for developing countries, in which health authorities can take advantage of the flourishing mobile market to provide adequate health care to underprivileged communities, especially primary care. In Brazil, the Primary Care Information System (SIAB) receives primary health care data from all regions of the country, creating a rich database for health-related action planning. Family Health Teams (FHTs) collect this data in periodic visits to families enrolled in governmental programs, following an acquisition procedure that involves filling in paper forms. This procedure compromises the quality of the data provided to health care authorities and slows down the decision-making process.

Objectives - To develop a mobile system (GeoHealth) that should address and overcome the aforementioned problems and deploy the proposed solution in a wide underprivileged metropolitan area of a major city in Brazil.

Methods - The proposed solution comprises three main components: (a) an Application Server, with a database containing family health conditions; and two clients, (b) a Web Browser running visualization tools for management tasks, and (c) a data-gathering device (smartphone) to register and to georeference the family health data. A data security framework was designed to ensure the security of data, which was stored locally and transmitted over public networks.

Results - The system was successfully deployed at six primary care units in the city of Sao Paulo, where a total of 28,324 families/96,061 inhabitants are regularly followed up by government health policies. The health conditions observed from the population covered were: diabetes in 3.40%, hypertension (age > 40) in 23.87% and tuberculosis in 0.06%. This estimated prevalence has enabled FHTs to set clinical appointments proactively, with the aim of confirming or detecting cases of non-communicable diseases more efficiently, based on real-time information.

Conclusion - The proposed system has the potential to improve the efficiency of primary care data collection and analysis. In terms of direct costs, it can be considered a low-cost solution, with an estimated additional monthly cost of U$ 0.040 per inhabitant of the region covered, or approximately U$ 0.106 per person, considering only those currently enrolled in the system.

sted, utgiver, år, opplag, sider
Elsevier, 2016
Emneord
Data collection, mobile health, data quality, georeference, primary care, security
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-44392 (URN)10.1016/j.ijmedinf.2016.06.013 (DOI)000382511500011 ()
Tilgjengelig fra: 2016-07-05 Laget: 2016-07-05 Sist oppdatert: 2018-11-27bibliografisk kontrollert
4. mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
Åpne denne publikasjonen i ny fane eller vindu >>mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
2018 (engelsk)Inngår i: 2018 IEEE 31st International Symposium on Computer-Based Medical Systems / [ed] Bridget Kane, Karlstad, Sweden: IEEE conference proceedings, 2018Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Community Health Workers (CHWs) have been using Mobile Health Data Collection Systems (MDCSs) for supporting the delivery of primary healthcare and carrying out public health surveys, feeding national-level databases with families’ personal data. Such systems are used for public surveillance and to manage sensitive data (i.e., health data), so addressing the privacy issues is crucial for successfully deploying MDCSs. In this paper we present a comprehensive privacy threat analysis for MDCSs, discuss the privacy challenges and provide recommendations that are specially useful to health managers and developers. We ground our analysis on a large-scale MDCS used for primary care (GeoHealth) and a well-known Privacy Impact Assessment (PIA) methodology. The threat analysis is based on a compilation of relevant privacy threats from the literature as well as brain-storming sessions with privacy and security experts. Among the main findings, we observe that existing MDCSs do not employ adequate controls for achieving transparency and interveinability. Thus, threatening fundamental privacy principles regarded as data quality, right to access and right to object. Furthermore, it is noticeable that although there has been significant research to deal with data security issues, the attention with privacy in its multiple dimensions is prominently lacking.

sted, utgiver, år, opplag, sider
Karlstad, Sweden: IEEE conference proceedings, 2018
Emneord
Privacy, Data privacy, Security, Surveillance, Data collection, Public healthcare
HSV kategori
Forskningsprogram
Datavetenskap; Informatik
Identifikatorer
urn:nbn:se:kau:diva-68003 (URN)10.1109/CBMS.2018.00015 (DOI)978-1-5386-6060-7 (ISBN)978-1-5386-6061-4 (ISBN)
Konferanse
Proceedings of 31st IEEE Symposium on Computer-Based Medical Systems (CBMS 2018)
Tilgjengelig fra: 2018-07-11 Laget: 2018-07-11 Sist oppdatert: 2018-12-06bibliografisk kontrollert
5. Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
Åpne denne publikasjonen i ny fane eller vindu >>Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs,helping to breach the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and to improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth applications, known as Mobile Health Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal data (i.e., health data) of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: This paper presents a Privacy Impact Assessment (PIA) for a MDCSs in order to systematically identify and evaluate potential effects on privacy and to search for ways to avoid or mitigate negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy (FHS), the Brazilian program for delivering community-based primary care. All the PIA steps were based on discussions among the researchers (privacy and security experts), and in particular, the identification of threats and controls was based on literature reviews and brainstorming meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs.

Results: In numbers, the GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation (EU GDPR). Associated with that, 22 threat groups with a total of 97 sub-threats and 41 recommended controls were identified. Among the main findings, we observe that existing MDCSs do not employ adequate controls for managing consent, transparency and intervenability.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new/upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Emneord
mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70212 (URN)
Tilgjengelig fra: 2018-11-21 Laget: 2018-11-21 Sist oppdatert: 2018-11-27
6. Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Åpne denne publikasjonen i ny fane eller vindu >>Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Vise andre…
2016 (engelsk)Inngår i: Privacy and Identity Management: Time for a Revolution? / [ed] David Aspinal, Marit Hansen, Jan Camenisch, Simone Fischer-Hübner, Charles Raab, Springer, 2016, s. 343-358Konferansepaper, Publicerat paper (Fagfellevurdert)
sted, utgiver, år, opplag, sider
Springer, 2016
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238
HSV kategori
Identifikatorer
urn:nbn:se:kau:diva-43014 (URN)10.1007/978-3-319-41763-9 (DOI)9783319417639 (ISBN)
Konferanse
10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School
Tilgjengelig fra: 2016-06-15 Laget: 2016-06-15 Sist oppdatert: 2018-11-27bibliografisk kontrollert
7. E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Åpne denne publikasjonen i ny fane eller vindu >>E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Vise andre…
(engelsk)Manuskript (preprint) (Annet vitenskapelig)
Abstract [en]

Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

Emneord
mobile health, privacy, public health surveillance
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70211 (URN)
Tilgjengelig fra: 2018-11-21 Laget: 2018-11-21 Sist oppdatert: 2018-11-27

Open Access i DiVA

fulltext_KAPPAN(4485 kB)12 nedlastinger
Filinformasjon
Fil FULLTEXT02.pdfFilstørrelse 4485 kBChecksum SHA-512
e9e58f4cb1a48c514491fb46de4864e724a7a37468d550930b6667e3a25def3d4b3bb8170d3db23d52d1fa63d5b5e222aa5747c235a9cd6aa49c1086627e7f6f
Type fulltextMimetype application/pdf

Søk i DiVA

Av forfatter/redaktør
Iwaya, Leonardo Horn
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 12 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 156 treff
12 2 of 2
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf