Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Privacy and Security)ORCID iD: 0000-0001-9005-0543
2019 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC). In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches. Although MDCSs improve the efficiency of CBPHC, existing solutions lack adequate privacy and security safeguards.

To bridge this knowledge gap between the research areas of mHealth and privacy, we start by asking: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, an engineering approach is chosen to analyse and design privacy and security mechanisms for MDCSs.

Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: SecourHealth, a security framework for data encryption and user authentication; an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, an electronic consent (e-Consent) tool for obtaining and handling informed consent.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2019. , p. 55
Series
Karlstad University Studies, ISSN 1403-8099 ; 2019:1
Keywords [en]
Privacy, data protection, information security, mobile health, community-based primary care, privacy impact assessment, consent management, anonymisation
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-70216ISBN: 978-91-7063-900-5 (print)ISBN: 978-91-7063-995-1 (electronic)OAI: oai:DiVA.org:kau-70216DiVA, id: diva2:1266242
Public defence
2019-01-31, 1A305, Lagerlöfsalen, Karlstad, 10:00 (English)
Opponent
Supervisors
Projects
HITS, 4707
Funder
Knowledge FoundationAvailable from: 2019-01-08 Created: 2018-11-27 Last updated: 2022-11-22Bibliographically approved
List of papers
1. Mobile health in emerging countries: a survey of research initiatives in Brazil.
Open this publication in new window or tab >>Mobile health in emerging countries: a survey of research initiatives in Brazil.
Show others...
2013 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, no 5, p. 283-298Article in journal (Refereed) Published
Abstract [en]

OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.

National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-40062 (URN)10.1016/j.ijmedinf.2013.01.003 (DOI)000318998000016 ()23410658 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2020-05-19Bibliographically approved
2. SecourHealth: a delay-tolerant security framework for mobile health data collection.
Open this publication in new window or tab >>SecourHealth: a delay-tolerant security framework for mobile health data collection.
Show others...
2015 (English)In: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, no 2, p. 761-772Article in journal (Refereed) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-40063 (URN)10.1109/JBHI.2014.2320444 (DOI)000351091200039 ()24801629 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2020-05-19Bibliographically approved
3. Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Open this publication in new window or tab >>Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care
Show others...
2016 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 94, p. 91-99Article in journal (Refereed) Published
Abstract [en]

Introduction - Mobile health consists in applying mobile devices and communication capabilities for expanding the coverage and improving the effectiveness of health care programs. The technology is particularly promising for developing countries, in which health authorities can take advantage of the flourishing mobile market to provide adequate health care to underprivileged communities, especially primary care. In Brazil, the Primary Care Information System (SIAB) receives primary health care data from all regions of the country, creating a rich database for health-related action planning. Family Health Teams (FHTs) collect this data in periodic visits to families enrolled in governmental programs, following an acquisition procedure that involves filling in paper forms. This procedure compromises the quality of the data provided to health care authorities and slows down the decision-making process.

Objectives - To develop a mobile system (GeoHealth) that should address and overcome the aforementioned problems and deploy the proposed solution in a wide underprivileged metropolitan area of a major city in Brazil.

Methods - The proposed solution comprises three main components: (a) an Application Server, with a database containing family health conditions; and two clients, (b) a Web Browser running visualization tools for management tasks, and (c) a data-gathering device (smartphone) to register and to georeference the family health data. A data security framework was designed to ensure the security of data, which was stored locally and transmitted over public networks.

Results - The system was successfully deployed at six primary care units in the city of Sao Paulo, where a total of 28,324 families/96,061 inhabitants are regularly followed up by government health policies. The health conditions observed from the population covered were: diabetes in 3.40%, hypertension (age > 40) in 23.87% and tuberculosis in 0.06%. This estimated prevalence has enabled FHTs to set clinical appointments proactively, with the aim of confirming or detecting cases of non-communicable diseases more efficiently, based on real-time information.

Conclusion - The proposed system has the potential to improve the efficiency of primary care data collection and analysis. In terms of direct costs, it can be considered a low-cost solution, with an estimated additional monthly cost of U$ 0.040 per inhabitant of the region covered, or approximately U$ 0.106 per person, considering only those currently enrolled in the system.

Place, publisher, year, edition, pages
Elsevier, 2016
Keywords
Data collection, mobile health, data quality, georeference, primary care, security
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-44392 (URN)10.1016/j.ijmedinf.2016.06.013 (DOI)000382511500011 ()
Available from: 2016-07-05 Created: 2016-07-05 Last updated: 2018-11-27Bibliographically approved
4. mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
Open this publication in new window or tab >>mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
2018 (English)In: 2018 IEEE 31st International Symposium on Computer-Based Medical Systems / [ed] Hollmen, J; McGregor, C; Soda, P; Kane, B, IEEE, 2018, p. 42-47Conference paper, Published paper (Refereed)
Abstract [en]

Community Health Workers (CHWs) have been using Mobile Health Data Collection Systems (MDCSs) for supporting the delivery of primary healthcare and carrying out public health surveys, feeding national-level databases with families’ personal data. Such systems are used for public surveillance and to manage sensitive data (i.e., health data), so addressing the privacy issues is crucial for successfully deploying MDCSs. In this paper we present a comprehensive privacy threat analysis for MDCSs, discuss the privacy challenges and provide recommendations that are specially useful to health managers and developers. We ground our analysis on a large-scale MDCS used for primary care (GeoHealth) and a well-known Privacy Impact Assessment (PIA) methodology. The threat analysis is based on a compilation of relevant privacy threats from the literature as well as brain-storming sessions with privacy and security experts. Among the main findings, we observe that existing MDCSs do not employ adequate controls for achieving transparency and interveinability. Thus, threatening fundamental privacy principles regarded as data quality, right to access and right to object. Furthermore, it is noticeable that although there has been significant research to deal with data security issues, the attention with privacy in its multiple dimensions is prominently lacking.

Place, publisher, year, edition, pages
IEEE, 2018
Series
IEEE International Symposium on Computer-Based Medical Systems, E-ISSN 2372-9198
Keywords
Privacy, Data privacy, Security, Surveillance, Data collection, Public healthcare
National Category
Computer Sciences
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-68003 (URN)10.1109/CBMS.2018.00015 (DOI)000518804700008 ()978-1-5386-6060-7 (ISBN)978-1-5386-6061-4 (ISBN)
Conference
Proceedings of 31st IEEE Symposium on Computer-Based Medical Systems (CBMS 2018)
Available from: 2018-07-11 Created: 2018-07-11 Last updated: 2020-12-10Bibliographically approved
5. Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
Open this publication in new window or tab >>Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
2019 (English)In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, no 3, p. 1-16, article id e11642Article in journal (Refereed) Published
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Place, publisher, year, edition, pages
JMIR Publications, 2019
Keywords
Mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70212 (URN)10.2196/11642 (DOI)000463345300001 ()2-s2.0-85067895402 (Scopus ID)
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2020-12-10Bibliographically approved
6. Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Open this publication in new window or tab >>Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare
Show others...
2016 (English)In: Privacy and Identity Management: Time for a Revolution? / [ed] David Aspinal, Marit Hansen, Jan Camenisch, Simone Fischer-Hübner, Charles Raab, Springer, 2016, p. 343-358Conference paper, Published paper (Refereed)
Abstract [en]

Healthcare Information Systems typically fall into the group of systems in which the need of data sharing conflicts with the privacy. A myriad of these systems have to, however, constantly communicate among each other. One of the ways to address the dilemma between data sharing and privacy is to use data obfuscation by lowering data accuracy to guarantee patient’s privacy while retaining its usefulness. Even though many obfuscation methods are able to handle numerical values, the obfuscation of non-numerical values (e.g., textual information) is not as trivial, yet extremely important to preserve data utility along the process. In this paper, we preliminary investigate how to exploit ontologies to create obfuscation mechanism for releasing personal and electronic health records (PHR and EHR) to selected audiences with different degrees of obfuscation. Data minimisation and access control should be supported to enforce different actors, e.g., doctors, nurses and managers, will get access to no more information than needed for their tasks. Besides that, ontology-based obfuscation can also be used for the particular case of data anonymisation. In such case, the obfuscation has to comply with a specific criteria to provide anonymity, so that the data set could be safely released. This research contributes to: state the problems in the area; review related privacy and data protection legal requirements; discuss ontology-based obfuscation and anonymisation methods; and define relevant healthcare use cases. As a result, we present the early concept of our Ontology-based Data Sharing Service (O-DSS) that enforces patient’s privacy by means of obfuscation and anonymisation functions.

Place, publisher, year, edition, pages
Springer, 2016
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 476
Keywords
Access Control, Safe Harbor, Privacy Preference, Healthcare Information System, Expert Determination
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43014 (URN)10.1007/978-3-319-41763-9 (DOI)978-3-319-41762-2 (ISBN)978-3-319-82423-9 (ISBN)978-3-319-41763-9 (ISBN)
Conference
10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2023-08-17Bibliographically approved
7. E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Open this publication in new window or tab >>E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Show others...
2019 (English)In: MEDINFO 2019: Health and Wellbeing e-Networks for All / [ed] Lucila Ohno-Machado, Brigitte Séroussi, IOS Press, 2019, Vol. 264, p. 1224-1227Conference paper, Published paper (Refereed)
Abstract [en]

Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

Place, publisher, year, edition, pages
IOS Press, 2019
Series
Studies in Health Technology and Informatics, ISSN 0926-9630, E-ISSN 1879-8365
Keywords
mobile health, privacy, public health surveillance
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70211 (URN)10.3233/SHTI190421 (DOI)000569653400246 ()978-1-64368-002-6 (ISBN)978-1-64368-003-3 (ISBN)
Conference
MEDINFO 2019, the 17th World Congress on Medical and Health Informatics, Lyon, France, 25-30 August 2019
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2020-11-05Bibliographically approved

Open Access in DiVA

fulltext_KAPPAN(4485 kB)962 downloads
File information
File name FULLTEXT02.pdfFile size 4485 kBChecksum SHA-512
e9e58f4cb1a48c514491fb46de4864e724a7a37468d550930b6667e3a25def3d4b3bb8170d3db23d52d1fa63d5b5e222aa5747c235a9cd6aa49c1086627e7f6f
Type fulltextMimetype application/pdf

Authority records

Iwaya, Leonardo H

Search in DiVA

By author/editor
Iwaya, Leonardo H
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 969 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1660 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf