12 2 av 2
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security)ORCID-id: 0000-0001-9005-0543
2019 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC). In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches. Although MDCSs improve the efficiency of CBPHC, existing solutions lack adequate privacy and security safeguards.

To bridge this knowledge gap between the research areas of mHealth and privacy, we start by asking: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, an engineering approach is chosen to analyse and design privacy and security mechanisms for MDCSs.

Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: SecourHealth, a security framework for data encryption and user authentication; an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, an electronic consent (e-Consent) tool for obtaining and handling informed consent.

Ort, förlag, år, upplaga, sidor
Karlstad: Karlstads universitet, 2019. , s. 55
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2019:1
Nyckelord [en]
Privacy, data protection, information security, mobile health, community-based primary care, privacy impact assessment, consent management, anonymisation
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-70216ISBN: 978-91-7063-900-5 (tryckt)ISBN: 978-91-7063-995-1 (digital)OAI: oai:DiVA.org:kau-70216DiVA, id: diva2:1266242
Disputation
2019-01-31, 1A305, Lagerlöfsalen, Karlstad, 10:00 (Engelska)
Opponent
Handledare
Tillgänglig från: 2019-01-08 Skapad: 2018-11-27 Senast uppdaterad: 2019-01-08Bibliografiskt granskad
Delarbeten
1. Mobile health in emerging countries: a survey of research initiatives in Brazil.
Öppna denna publikation i ny flik eller fönster >>Mobile health in emerging countries: a survey of research initiatives in Brazil.
Visa övriga...
2013 (Engelska)Ingår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, nr 5, s. 283-298Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.

Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kau:diva-40062 (URN)10.1016/j.ijmedinf.2013.01.003 (DOI)000318998000016 ()23410658 (PubMedID)
Tillgänglig från: 2016-02-12 Skapad: 2016-02-12 Senast uppdaterad: 2018-11-27Bibliografiskt granskad
2. SecourHealth: a delay-tolerant security framework for mobile health data collection.
Öppna denna publikation i ny flik eller fönster >>SecourHealth: a delay-tolerant security framework for mobile health data collection.
Visa övriga...
2015 (Engelska)Ingår i: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, nr 2, s. 761-772Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kau:diva-40063 (URN)10.1109/JBHI.2014.2320444 (DOI)000351091200039 ()24801629 (PubMedID)
Tillgänglig från: 2016-02-12 Skapad: 2016-02-12 Senast uppdaterad: 2018-11-27Bibliografiskt granskad
3. Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Öppna denna publikation i ny flik eller fönster >>Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Visa övriga...
2016 (Engelska)Ingår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 94, s. 91-99Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Introduction - Mobile health consists in applying mobile devices and communication capabilities for expanding the coverage and improving the effectiveness of health care programs. The technology is particularly promising for developing countries, in which health authorities can take advantage of the flourishing mobile market to provide adequate health care to underprivileged communities, especially primary care. In Brazil, the Primary Care Information System (SIAB) receives primary health care data from all regions of the country, creating a rich database for health-related action planning. Family Health Teams (FHTs) collect this data in periodic visits to families enrolled in governmental programs, following an acquisition procedure that involves filling in paper forms. This procedure compromises the quality of the data provided to health care authorities and slows down the decision-making process.

Objectives - To develop a mobile system (GeoHealth) that should address and overcome the aforementioned problems and deploy the proposed solution in a wide underprivileged metropolitan area of a major city in Brazil.

Methods - The proposed solution comprises three main components: (a) an Application Server, with a database containing family health conditions; and two clients, (b) a Web Browser running visualization tools for management tasks, and (c) a data-gathering device (smartphone) to register and to georeference the family health data. A data security framework was designed to ensure the security of data, which was stored locally and transmitted over public networks.

Results - The system was successfully deployed at six primary care units in the city of Sao Paulo, where a total of 28,324 families/96,061 inhabitants are regularly followed up by government health policies. The health conditions observed from the population covered were: diabetes in 3.40%, hypertension (age > 40) in 23.87% and tuberculosis in 0.06%. This estimated prevalence has enabled FHTs to set clinical appointments proactively, with the aim of confirming or detecting cases of non-communicable diseases more efficiently, based on real-time information.

Conclusion - The proposed system has the potential to improve the efficiency of primary care data collection and analysis. In terms of direct costs, it can be considered a low-cost solution, with an estimated additional monthly cost of U$ 0.040 per inhabitant of the region covered, or approximately U$ 0.106 per person, considering only those currently enrolled in the system.

Ort, förlag, år, upplaga, sidor
Elsevier, 2016
Nyckelord
Data collection, mobile health, data quality, georeference, primary care, security
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-44392 (URN)10.1016/j.ijmedinf.2016.06.013 (DOI)000382511500011 ()
Tillgänglig från: 2016-07-05 Skapad: 2016-07-05 Senast uppdaterad: 2018-11-27Bibliografiskt granskad
4. mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
Öppna denna publikation i ny flik eller fönster >>mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
2018 (Engelska)Ingår i: 2018 IEEE 31st International Symposium on Computer-Based Medical Systems / [ed] Bridget Kane, Karlstad, Sweden: IEEE conference proceedings, 2018Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Community Health Workers (CHWs) have been using Mobile Health Data Collection Systems (MDCSs) for supporting the delivery of primary healthcare and carrying out public health surveys, feeding national-level databases with families’ personal data. Such systems are used for public surveillance and to manage sensitive data (i.e., health data), so addressing the privacy issues is crucial for successfully deploying MDCSs. In this paper we present a comprehensive privacy threat analysis for MDCSs, discuss the privacy challenges and provide recommendations that are specially useful to health managers and developers. We ground our analysis on a large-scale MDCS used for primary care (GeoHealth) and a well-known Privacy Impact Assessment (PIA) methodology. The threat analysis is based on a compilation of relevant privacy threats from the literature as well as brain-storming sessions with privacy and security experts. Among the main findings, we observe that existing MDCSs do not employ adequate controls for achieving transparency and interveinability. Thus, threatening fundamental privacy principles regarded as data quality, right to access and right to object. Furthermore, it is noticeable that although there has been significant research to deal with data security issues, the attention with privacy in its multiple dimensions is prominently lacking.

Ort, förlag, år, upplaga, sidor
Karlstad, Sweden: IEEE conference proceedings, 2018
Nyckelord
Privacy, Data privacy, Security, Surveillance, Data collection, Public healthcare
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap; Informatik
Identifikatorer
urn:nbn:se:kau:diva-68003 (URN)10.1109/CBMS.2018.00015 (DOI)978-1-5386-6060-7 (ISBN)978-1-5386-6061-4 (ISBN)
Konferens
Proceedings of 31st IEEE Symposium on Computer-Based Medical Systems (CBMS 2018)
Tillgänglig från: 2018-07-11 Skapad: 2018-07-11 Senast uppdaterad: 2018-12-06Bibliografiskt granskad
5. Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
Öppna denna publikation i ny flik eller fönster >>Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
(Engelska)Manuskript (preprint) (Övrigt vetenskapligt)
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs,helping to breach the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and to improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth applications, known as Mobile Health Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal data (i.e., health data) of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: This paper presents a Privacy Impact Assessment (PIA) for a MDCSs in order to systematically identify and evaluate potential effects on privacy and to search for ways to avoid or mitigate negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy (FHS), the Brazilian program for delivering community-based primary care. All the PIA steps were based on discussions among the researchers (privacy and security experts), and in particular, the identification of threats and controls was based on literature reviews and brainstorming meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs.

Results: In numbers, the GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation (EU GDPR). Associated with that, 22 threat groups with a total of 97 sub-threats and 41 recommended controls were identified. Among the main findings, we observe that existing MDCSs do not employ adequate controls for managing consent, transparency and intervenability.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new/upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Nyckelord
mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70212 (URN)
Tillgänglig från: 2018-11-21 Skapad: 2018-11-21 Senast uppdaterad: 2018-11-27
6. Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Öppna denna publikation i ny flik eller fönster >>Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Visa övriga...
2016 (Engelska)Ingår i: Privacy and Identity Management: Time for a Revolution? / [ed] David Aspinal, Marit Hansen, Jan Camenisch, Simone Fischer-Hübner, Charles Raab, Springer, 2016, s. 343-358Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
Springer, 2016
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kau:diva-43014 (URN)10.1007/978-3-319-41763-9 (DOI)9783319417639 (ISBN)
Konferens
10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School
Tillgänglig från: 2016-06-15 Skapad: 2016-06-15 Senast uppdaterad: 2018-11-27Bibliografiskt granskad
7. E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Öppna denna publikation i ny flik eller fönster >>E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Visa övriga...
(Engelska)Manuskript (preprint) (Övrigt vetenskapligt)
Abstract [en]

Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

Nyckelord
mobile health, privacy, public health surveillance
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70211 (URN)
Tillgänglig från: 2018-11-21 Skapad: 2018-11-21 Senast uppdaterad: 2018-11-27

Open Access i DiVA

fulltext_KAPPAN(4485 kB)12 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 4485 kBChecksumma SHA-512
e9e58f4cb1a48c514491fb46de4864e724a7a37468d550930b6667e3a25def3d4b3bb8170d3db23d52d1fa63d5b5e222aa5747c235a9cd6aa49c1086627e7f6f
Typ fulltextMimetyp application/pdf

Sök vidare i DiVA

Av författaren/redaktören
Iwaya, Leonardo Horn
Av organisationen
Institutionen för matematik och datavetenskap (from 2013)
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 12 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 156 träffar
12 2 av 2
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf