Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security)ORCID-id: 0000-0001-9005-0543
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security)ORCID-id: 0000-0002-6938-4466
School of Informatics, University of Skövde, Skövde, Sweden.
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security)ORCID-id: 0000-0002-9980-3473
2019 (engelsk)Inngår i: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, nr 3, s. 1-16, artikkel-id e11642Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

sted, utgiver, år, opplag, sider
JMIR Publications , 2019. Vol. 7, nr 3, s. 1-16, artikkel-id e11642
Emneord [en]
Mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-70212DOI: 10.2196/11642Scopus ID: 2-s2.0-85067895402OAI: oai:DiVA.org:kau-70212DiVA, id: diva2:1264733
Tilgjengelig fra: 2018-11-21 Laget: 2018-11-21 Sist oppdatert: 2019-07-10bibliografisk kontrollert
Inngår i avhandling
1. Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
Åpne denne publikasjonen i ny fane eller vindu >>Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
2019 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC). In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches. Although MDCSs improve the efficiency of CBPHC, existing solutions lack adequate privacy and security safeguards.

To bridge this knowledge gap between the research areas of mHealth and privacy, we start by asking: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, an engineering approach is chosen to analyse and design privacy and security mechanisms for MDCSs.

Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: SecourHealth, a security framework for data encryption and user authentication; an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, an electronic consent (e-Consent) tool for obtaining and handling informed consent.

sted, utgiver, år, opplag, sider
Karlstad: Karlstads universitet, 2019. s. 55
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2019:1
Emneord
Privacy, data protection, information security, mobile health, community-based primary care, privacy impact assessment, consent management, anonymisation
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70216 (URN)978-91-7063-900-5 (ISBN)978-91-7063-995-1 (ISBN)
Disputas
2019-01-31, 1A305, Lagerlöfsalen, Karlstad, 10:00 (engelsk)
Opponent
Veileder
Prosjekter
HITS, 4707
Forskningsfinansiär
Knowledge Foundation
Tilgjengelig fra: 2019-01-08 Laget: 2018-11-27 Sist oppdatert: 2020-02-25bibliografisk kontrollert

Open Access i DiVA

fulltext(2009 kB)77 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 2009 kBChecksum SHA-512
3ac8db669bcccb94f5357a89dd501ed3d1486f6ba21ddedee8978384573a0bc22bfab93d62f058b2197cfd862787ec03a8a03e2c5eb14fb42aeb3be982a38cb7
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekstScopus

Personposter BETA

Iwaya, Leonardo HFischer-Hübner, SimoneÅhlfeldt, Rose-MharieMartucci, Leonardo

Søk i DiVA

Av forfatter/redaktør
Iwaya, Leonardo HFischer-Hübner, SimoneÅhlfeldt, Rose-MharieMartucci, Leonardo
Av organisasjonen
I samme tidsskrift
JMIR mhealth and uhealth

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 77 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 198 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf