Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
SecourHealth: a delay-tolerant security framework for mobile health data collection.
Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.ORCID iD: 0000-0001-5227-7165
Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.ORCID iD: 0000-0001-9005-0543
Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.ORCID iD: 0000-0002-0821-0614
Show others and affiliations
2015 (English)In: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, no 2, p. 761-772Article in journal (Refereed) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

Place, publisher, year, edition, pages
2015. Vol. 19, no 2, p. 761-772
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-40063DOI: 10.1109/JBHI.2014.2320444ISI: 000351091200039PubMedID: 24801629OAI: oai:DiVA.org:kau-40063DiVA, id: diva2:903001
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2020-05-19Bibliographically approved
In thesis
1. Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems
Open this publication in new window or tab >>Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems
2016 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.

Abstract [en]

Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2016. p. 28
Series
Karlstad University Studies, ISSN 1403-8099 ; 2016:47
Keywords
Mobile health, information security, data privacy, data collection, personal health data
National Category
Computer and Information Sciences Telecommunications Computer Sciences
Research subject
Computer Science; Computer Science
Identifiers
urn:nbn:se:kau:diva-46982 (URN)978-91-7063-730-8 (ISBN)
Presentation
2016-12-13, 21A342 - Eva Erikssonsalen, Karlstads universitet, 651 88, Karlstad, 15:15 (English)
Opponent
Supervisors
Available from: 2016-11-22 Created: 2016-10-31 Last updated: 2019-09-19Bibliographically approved
2. Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
Open this publication in new window or tab >>Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
2019 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

Abstract [en]

Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC). In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches. Although MDCSs improve the efficiency of CBPHC, existing solutions lack adequate privacy and security safeguards.

To bridge this knowledge gap between the research areas of mHealth and privacy, we start by asking: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, an engineering approach is chosen to analyse and design privacy and security mechanisms for MDCSs.

Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: SecourHealth, a security framework for data encryption and user authentication; an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, an electronic consent (e-Consent) tool for obtaining and handling informed consent.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2019. p. 55
Series
Karlstad University Studies, ISSN 1403-8099 ; 2019:1
Keywords
Privacy, data protection, information security, mobile health, community-based primary care, privacy impact assessment, consent management, anonymisation
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70216 (URN)978-91-7063-900-5 (ISBN)978-91-7063-995-1 (ISBN)
Public defence
2019-01-31, 1A305, Lagerlöfsalen, Karlstad, 10:00 (English)
Opponent
Supervisors
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2019-01-08 Created: 2018-11-27 Last updated: 2022-11-22Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textPubMed

Authority records

Simplício, M AIwaya, Leonardo HCarvalho, T C M B

Search in DiVA

By author/editor
Simplício, M AIwaya, Leonardo HCarvalho, T C M B
In the same journal
IEEE journal of biomedical and health informatics
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
pubmed
urn-nbn

Altmetric score

doi
pubmed
urn-nbn
Total: 413 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf