kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Privacy and Security)ORCID iD: 0000-0001-9005-0543
2016 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.
Abstract [en]

Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance.
Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2016. , p. 28
Series
Karlstad University Studies, ISSN 1403-8099 ; 2016:47
Keywords [en]
Mobile health, information security, data privacy, data collection, personal health data
National Category
Computer and Information Sciences Telecommunications Computer Sciences
Research subject
Computer Science; Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-46982ISBN: 978-91-7063-730-8 (print)OAI: oai:DiVA.org:kau-46982DiVA, id: diva2:1043735
Presentation
2016-12-13, 21A342 - Eva Erikssonsalen, Karlstads universitet, 651 88, Karlstad, 15:15 (English)
Opponent
Supervisors
Available from: 2016-11-22 Created: 2016-10-31 Last updated: 2019-09-19Bibliographically approved
List of papers
1. Mobile health in emerging countries: a survey of research initiatives in Brazil.
Open this publication in new window or tab >>Mobile health in emerging countries: a survey of research initiatives in Brazil.
Show others...
2013 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, no 5, p. 283-298Article in journal (Refereed) Published
Abstract [en]

OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-40062 (URN)10.1016/j.ijmedinf.2013.01.003 (DOI)000318998000016 ()23410658 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2020-05-19Bibliographically approved
2. SecourHealth: a delay-tolerant security framework for mobile health data collection.
Open this publication in new window or tab >>SecourHealth: a delay-tolerant security framework for mobile health data collection.
Show others...
2015 (English)In: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, no 2, p. 761-772Article in journal (Refereed) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-40063 (URN)10.1109/JBHI.2014.2320444 (DOI)000351091200039 ()24801629 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2020-05-19Bibliographically approved
3. Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Open this publication in new window or tab >>Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Show others...
2016 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 94, p. 91-99Article in journal (Refereed) Published
Abstract [en]

Introduction - Mobile health consists in applying mobile devices and communication capabilities for expanding the coverage and improving the effectiveness of health care programs. The technology is particularly promising for developing countries, in which health authorities can take advantage of the flourishing mobile market to provide adequate health care to underprivileged communities, especially primary care. In Brazil, the Primary Care Information System (SIAB) receives primary health care data from all regions of the country, creating a rich database for health-related action planning. Family Health Teams (FHTs) collect this data in periodic visits to families enrolled in governmental programs, following an acquisition procedure that involves filling in paper forms. This procedure compromises the quality of the data provided to health care authorities and slows down the decision-making process.

Objectives - To develop a mobile system (GeoHealth) that should address and overcome the aforementioned problems and deploy the proposed solution in a wide underprivileged metropolitan area of a major city in Brazil.

Methods - The proposed solution comprises three main components: (a) an Application Server, with a database containing family health conditions; and two clients, (b) a Web Browser running visualization tools for management tasks, and (c) a data-gathering device (smartphone) to register and to georeference the family health data. A data security framework was designed to ensure the security of data, which was stored locally and transmitted over public networks.

Results - The system was successfully deployed at six primary care units in the city of Sao Paulo, where a total of 28,324 families/96,061 inhabitants are regularly followed up by government health policies. The health conditions observed from the population covered were: diabetes in 3.40%, hypertension (age > 40) in 23.87% and tuberculosis in 0.06%. This estimated prevalence has enabled FHTs to set clinical appointments proactively, with the aim of confirming or detecting cases of non-communicable diseases more efficiently, based on real-time information.

Conclusion - The proposed system has the potential to improve the efficiency of primary care data collection and analysis. In terms of direct costs, it can be considered a low-cost solution, with an estimated additional monthly cost of U$ 0.040 per inhabitant of the region covered, or approximately U$ 0.106 per person, considering only those currently enrolled in the system.
Place, publisher, year, edition, pages
Elsevier, 2016
Keywords
Data collection, mobile health, data quality, georeference, primary care, security
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-44392 (URN)10.1016/j.ijmedinf.2016.06.013 (DOI)000382511500011 ()
Available from: 2016-07-05 Created: 2016-07-05 Last updated: 2018-11-27Bibliographically approved
4. Towards a Privacy Impact Assessment Template for Mobile Health Data Collection Systems
Open this publication in new window or tab >>Towards a Privacy Impact Assessment Template for Mobile Health Data Collection Systems
2016 (English)In: Proceedings of the 5th International Conference on M4D Mobile Communication Technology for Development: M4D 2016, General Tracks / [ed] Orlando P Zacarias and Caroline W. Larsson, 2016, p. 189-200Conference paper, Published paper (Refereed)
Series
Karlstad University Studies, ISSN 1403-8099 ; 2016:40
National Category
Computer Sciences
Identifiers
urn:nbn:se:kau:diva-46978 (URN)978-91-7063-723-0 (ISBN)
Conference
5th International Conference on M4D Mobile Communication Technology for Development
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2020-07-02Bibliographically approved
5. Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Open this publication in new window or tab >>Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Show others...
2016 (English)In: Privacy and Identity Management: Time for a Revolution? / [ed] David Aspinal, Marit Hansen, Jan Camenisch, Simone Fischer-Hübner, Charles Raab, Springer, 2016, p. 343-358Conference paper, Published paper (Refereed)
Abstract [en]

Healthcare Information Systems typically fall into the group of systems in which the need of data sharing conflicts with the privacy. A myriad of these systems have to, however, constantly communicate among each other. One of the ways to address the dilemma between data sharing and privacy is to use data obfuscation by lowering data accuracy to guarantee patient’s privacy while retaining its usefulness. Even though many obfuscation methods are able to handle numerical values, the obfuscation of non-numerical values (e.g., textual information) is not as trivial, yet extremely important to preserve data utility along the process. In this paper, we preliminary investigate how to exploit ontologies to create obfuscation mechanism for releasing personal and electronic health records (PHR and EHR) to selected audiences with different degrees of obfuscation. Data minimisation and access control should be supported to enforce different actors, e.g., doctors, nurses and managers, will get access to no more information than needed for their tasks. Besides that, ontology-based obfuscation can also be used for the particular case of data anonymisation. In such case, the obfuscation has to comply with a specific criteria to provide anonymity, so that the data set could be safely released. This research contributes to: state the problems in the area; review related privacy and data protection legal requirements; discuss ontology-based obfuscation and anonymisation methods; and define relevant healthcare use cases. As a result, we present the early concept of our Ontology-based Data Sharing Service (O-DSS) that enforces patient’s privacy by means of obfuscation and anonymisation functions.
Place, publisher, year, edition, pages
Springer, 2016
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 476
Keywords
Access Control, Safe Harbor, Privacy Preference, Healthcare Information System, Expert Determination
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43014 (URN)10.1007/978-3-319-41763-9 (DOI)978-3-319-41762-2 (ISBN)978-3-319-82423-9 (ISBN)978-3-319-41763-9 (ISBN)
Conference
10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2023-08-17Bibliographically approved

Open Access in DiVA

fulltext(443 kB)3292 downloads
File information
File name FULLTEXT01.pdfFile size 443 kBChecksum SHA-512
b56fcba13d784749caed8a77621ece22b957448d72fade5ef4a3d997522521442cc66701ace9b5f70a125ad79d136369d6289cc00f1ccbf16316c2174bc53713
Type fulltextMimetype application/pdf
Podcast(27565 kB)146 downloads
File information
File name AUDIO01.mp3File size 27565 kBChecksum SHA-512
d1664b5637a67fa13946665c2416e37df56e162f27f211cf9ea3b4a56dbfc140598dd3eca6f8f3189fc6cf673e778ecd926c52b2df0cb791ca049a3a94b51c0f
Type audioMimetype audio/mpeg

Authority records

Iwaya, Leonardo H

Search in DiVA

By author/editor
Iwaya, Leonardo H
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer and Information SciencesTelecommunicationsComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 3292 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 23955 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.40.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support