Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0002-6509-3792
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0002-6938-4466
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
2018 (English)In: Journal of Medical Internet Research, E-ISSN 1438-8871, Vol. 20, no 12, article id e10954Article in journal (Refereed) Published
Abstract [en]

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Place, publisher, year, edition, pages
JMIR Publications , 2018. Vol. 20, no 12, article id e10954
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-70971DOI: 10.2196/10954ISI: 000454351700001PubMedID: 30578189OAI: oai:DiVA.org:kau-70971DiVA, id: diva2:1286744
Note

This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions

This paper was included as manuscript in Alaqra's licentiate thesis Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services, with the title: Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Perspectives by Medical Professionals and Patients

Available from: 2019-02-07 Created: 2019-02-07 Last updated: 2024-01-17Bibliographically approved
In thesis
1. The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
Open this publication in new window or tab >>The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature.

We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2018. p. 14
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:23
Keywords
Data privacy, wicked problems, user-centered design, crypto-based solutions, usability, data minimization, redactable signatures
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67134 (URN)978-91-7063-856-5 (ISBN)978-91-7063-951-7 (ISBN)
Presentation
2018-06-11, 10:15 (English)
Opponent
Supervisors
Note

Paper 3 was included as manuscript in the thesis.

Available from: 2018-05-23 Created: 2018-04-23 Last updated: 2019-02-07Bibliographically approved
2. Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services
Open this publication in new window or tab >>Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Mainly, there were three PETs in the cloud context included in our studies: malleable signatures, secret sharing, and homomorphic encryption. Based on the three PETs, services were developed within European research projects that were the scope of our user studies. We followed a user-centered design approach by using empirical qualitative and quantitative means for collecting study data. Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 22
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:5
Keywords
Data privacy, wicked problems, user-centered design, privacy enhancing technologies, human factors, malleable signatures, secret sharing, homomorphic encryption
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-75992 (URN)978-91-7867-077-2 (ISBN)978-91-7867-087-1 (ISBN)
Public defence
2020-01-30, 21A342, Eva Eriksson, 10:15 (English)
Opponent
Supervisors
Available from: 2020-01-09 Created: 2019-12-16 Last updated: 2022-04-04Bibliographically approved

Open Access in DiVA

Fulltext(5981 kB)364 downloads
File information
File name FULLTEXT01.pdfFile size 5981 kBChecksum SHA-512
7ab224cc3fefec30c5609bc25318e382b397c048028d002249b079d69a425b8f889527a4148e59e199334859ca465a592a75ccc62e5a13159cf2bf7308a20b7b
Type fulltextMimetype application/pdf

Other links

Publisher's full textPubMed

Authority records

Alaqra, Ala SarahFischer-Hübner, SimoneFramner, Erik

Search in DiVA

By author/editor
Alaqra, Ala SarahFischer-Hübner, SimoneFramner, Erik
By organisation
Department of Mathematics and Computer Science (from 2013)
In the same journal
Journal of Medical Internet Research
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 364 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
pubmed
urn-nbn

Altmetric score

doi
pubmed
urn-nbn
Total: 549 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf