Change search
Refine search result
1 - 27 of 27
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Barros, B M
    et al.
    University of São Paulo.
    Iwaya, L H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Simplício, M A
    Carvalho, T C M B
    Méhes, A
    Ericsson Research.
    Näslund, M
    Ericsson Research.
    Classifying Security Threats in Cloud Networking2015In: Proceedings of the 5th International Conference on Cloud Computing and Services Science / [ed] Markus Helfert, Donald Ferguson and Víctor Méndez Muñoz, SciTePress , 2015, p. 214-220Conference paper (Refereed)
    Abstract [en]

    A central component of managing risks in cloud computing is to understand the nature of security threats. The relevance of security concerns are evidenced by the efforts from both the academic community and technological organizations such as NIST, ENISA and CSA, to investigate security threats and vulnerabilities related to cloud systems. Provisioning secure virtual networks (SVNs) in a multi-tenant environment is a fundamental aspect to ensure trust in public cloud systems and to encourage their adoption. However, comparing existing SVN-oriented solutions is a difficult task due to the lack of studies summarizing the main concerns of network virtualization and providing a comprehensive list of threats those solutions should cover. To address this issue, this paper presents a threat classification for cloud networking, describing threat categories and attack scenarios that should be taken into account when designing, comparing, or categorizing solutions. The classification is based o n the CSA threat report, building upon studies and surveys from the specialized literature to extend the CSA list of threats and to allow a more detailed analysis of cloud network virtualization issues.

  • 2.
    Fischer-Hübner, Simone
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Herold, Sebastian
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Alfredsson, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Albin, Zuccato
    ATEA Sverige AB, Stockholm, Sweden.
    A MOOC on Privacy by Design and the GDPR2018In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper (Refereed)
    Abstract [en]

    In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

  • 3.
    Haque, Mubin U.
    et al.
    The University of Adelaide, AUS.
    Iwaya, Leonardo H
    The University of Adelaide, AUS.
    Ali Babar, M.
    The University of Adelaide, AUS.
    Challenges in Docker Development: A Large-scale Study Using Stack Overflow2020In: ESEM '20: Proceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), ACM Digital Library, 2020, Vol. 7, p. 1-11, article id 3410693Conference paper (Refereed)
    Abstract [en]

    Background: Docker technology has been increasingly used among software developers in a multitude of projects. This growing interest is due to the fact that Docker technology supports a convenient process for creating and building containers, promoting close cooperation between developer and operations teams, and enabling continuous software delivery. As a fast-growing technology, it is important to identify the Docker-related topics that are most popular as well as existing challenges and difficulties that developers face. Aims: This paper presents a large-scale empirical study identifying practitioners' perspectives on Docker technology by mining posts from the Stack Overflow (SoF) community. Method: A dataset of 113, 922 Docker-related posts was created based on a set of relevant tags and contents. The dataset was cleaned and prepared. Topic modelling was conducted using Latent Dirichlet Allocation (LDA), allowing the identification of dominant topics in the domain. Results: Our results show that most developers use SoF to ask about a broad spectrum of Docker topics including framework development, application deployment, continuous integration, web-server configuration and many more. We determined that 30 topics that developers discuss can be grouped into 13 main categories. Most of the posts belong to categories of application development, configuration, and networking. On the other hand, we find that the posts on monitoring status, transferring data, and authenticating users are more popular among developers compared to the other topics. Specifically, developers face challenges in web browser issues, networking error and memory management. Besides, there is a lack of experts in this domain. Conclusion: Our research findings will guide future work on the development of new tools and techniques, helping the community to focus efforts and understand existing trade-offs on Docker topics.

    Download full text (pdf)
    fulltext
  • 4.
    Iwaya, L H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fausto, Giunchiglia
    Trento University, Italy.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Hume, Alethia
    Trento University, Italy.
    Fischer-Hübner, Simone
    Karlstad University, Division for Information Technology.
    Chenu-Abente, Ronald
    Trento University, Italy.
    Ontology-based Obfuscation and Anonymisation for Privacy: A Case Study on Healthcare2016In: Privacy and Identity Management: Time for a Revolution? / [ed] David Aspinal, Marit Hansen, Jan Camenisch, Simone Fischer-Hübner, Charles Raab, Springer, 2016, p. 343-358Conference paper (Refereed)
    Abstract [en]

    Healthcare Information Systems typically fall into the group of systems in which the need of data sharing conflicts with the privacy. A myriad of these systems have to, however, constantly communicate among each other. One of the ways to address the dilemma between data sharing and privacy is to use data obfuscation by lowering data accuracy to guarantee patient’s privacy while retaining its usefulness. Even though many obfuscation methods are able to handle numerical values, the obfuscation of non-numerical values (e.g., textual information) is not as trivial, yet extremely important to preserve data utility along the process. In this paper, we preliminary investigate how to exploit ontologies to create obfuscation mechanism for releasing personal and electronic health records (PHR and EHR) to selected audiences with different degrees of obfuscation. Data minimisation and access control should be supported to enforce different actors, e.g., doctors, nurses and managers, will get access to no more information than needed for their tasks. Besides that, ontology-based obfuscation can also be used for the particular case of data anonymisation. In such case, the obfuscation has to comply with a specific criteria to provide anonymity, so that the data set could be safely released. This research contributes to: state the problems in the area; review related privacy and data protection legal requirements; discuss ontology-based obfuscation and anonymisation methods; and define relevant healthcare use cases. As a result, we present the early concept of our Ontology-based Data Sharing Service (O-DSS) that enforces patient’s privacy by means of obfuscation and anonymisation functions.

  • 5.
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care2019Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.

    Download full text (pdf)
    fulltext_KAPPAN
    Download (jpg)
    preview image
  • 6.
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems2016Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.

    Download full text (pdf)
    fulltext
    Download (jpg)
    preview image
    Download (mp3)
    Podcast
  • 7.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). The University of Adelaide, AUS; Cyber Security Cooperative Research Centre (CSCRC), AUS.
    Ahmad, Aakash
    University of Hail, SAU.
    Ali Babar, M.
    The University of Adelaide, AUS; Cyber Security Cooperative Research Centre (CSCRC), AUS.
    Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study2020In: IEEE Access, E-ISSN 2169-3536, Vol. 8, p. 150081-150112Article in journal (Refereed)
    Abstract [en]

    An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research, (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation. In contrast, areas of data governance, security and privacy policies, and program management are under-represented, although these are critical to most of the organizations that employ m/uHealth systems. Most research proposes new solutions with limited validation, reflecting a lack of evaluation of security and privacy of m/uHealth in the real world. Empirical research, development, and validation of m/uHealth security and privacy is still incipient, which may discourage practitioners from readily adopting solutions from the literature. This SMS facilitates knowledge transfer, enabling researchers and practitioners to engineer security and privacy for emerging and next generation of m/uHealth systems.

    Download full text (pdf)
    fulltext
  • 8.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Alaqra, Ala Sarah
    Karlstad University, Faculty of Arts and Social Sciences (starting 2013), Karlstad Business School (from 2013).
    Hansen, Marit
    Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Privacy impact assessments in the wild: A scoping review2024In: Array, E-ISSN 2590-0056, Vol. 23, p. 1-20, article id 100356Article in journal (Refereed)
    Abstract [en]

    Privacy Impact Assessments (PIAs) offer a process for assessing the privacy impacts of a project or system. As a privacy engineering strategy, they are one of the main approaches to privacy by design, supporting the early identification of threats and controls. However, there is still a shortage of empirical evidence on their use and proven effectiveness in practice. To better understand the current literature and research, this paper provides a comprehensive Scoping Review (ScR) on the topic of PIAs “in the wild,” following the well-established Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) guidelines. This ScR includes 45 studies, providing an extensive synthesis of the existing body of knowledge, classifying types of research and publications, appraising the methodological quality of primary research, and summarising the positive and negative aspects of PIAs in practice, as reported by those studies. This ScR also identifies significant research gaps (e.g., evidence gaps from contradictory results and methodological gaps from research design deficiencies), future research pathways, and implications for researchers, practitioners, and policymakers developing and using PIA frameworks. As we conclude, there is still a significant need for more primary research on the topic, both qualitative and quantitative. A critical appraisal of qualitative studies revealed deficiencies in the methodological quality, and only four quantitative studies were identified, suggesting that current primary research remains incipient. Nonetheless, PIAs can be regarded as a prominent sub-area in the broader field of empirical privacy engineering, in which further scientific research to support existing practices is needed.

    Download full text (pdf)
    fulltext
  • 9.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). The University of Adelaide, AUS; Cyber Security Cooperative Research Centre (CSCRC), AUS.
    Babar, M. Ali
    The University of Adelaide, AUS; Cyber Security Cooperative Research Centre (CSCRC), AUS.
    Rashid, Awais
    University of Bristol, GBR; REPHRAIN: National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online, GBR.
    Wijayarathna, Chamila
    The University of Adelaide, AUS; Cyber Security Cooperative Research Centre (CSCRC), AUS.
    On the privacy of mental health apps: An empirical investigation and its implications for app development2023In: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 28, no 1, article id 2Article in journal (Refereed)
    Abstract [en]

    An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an unprecedented growth in the adoption of mental health services, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps’ development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among 3rd-parties and advertisers in the current apps’ ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. We conclude that while developers ought to be more knowledgeable in considering and addressing privacy issues, users and health professionals can also play a role by demanding privacy-friendly apps. 

    Download full text (pdf)
    fulltext
  • 10.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). the University of Adelaide, Australia; Cyber Security Cooperative Research Centre (CSCRC), Australia.
    Babar, Muhammad Ali
    the University of Adelaide, Australia; Cyber Security Cooperative Research Centre (CSCRC), Australia.
    Rashid, Awais
    University of Bristol, U.K.; REPHRAIN: National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online, U.K..
    Privacy Engineering in the Wild: Understanding the Practitioners' Mindset, Organisational Aspects, and Current Practices2023In: IEEE Transactions on Software Engineering, ISSN 0098-5589, E-ISSN 1939-3520, Vol. 49, no 9, p. 4324-4348Article in journal (Refereed)
    Abstract [en]

    Privacy engineering, as an emerging field of research and practice, comprises the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems. For that, software practitioners and other stakeholders in software companies need to work cooperatively toward building privacy-preserving businesses and engineering solutions. Significant research has been done to understand the software practitioners' perceptions of information privacy, but more emphasis should be given to the uptake of concrete privacy engineering components. This research delves into the software practitioners' perspectives and mindset, organisational aspects, and current practices on privacy and its engineering processes. A total of 30 practitioners from nine countries and backgrounds were interviewed, sharing their experiences and voicing their opinions on a broad range of privacy topics. The thematic analysis methodology was adopted to code the interview data qualitatively and construct a rich and nuanced thematic framework. As a result, we identified three critical interconnected themes that compose our thematic framework for privacy engineering “in the wild”: (1) personal privacy mindset and stance, categorised into practitioners' privacy knowledge, attitudes and behaviours; (2) organisational privacy aspects, such as decision-power and positive and negative examples of privacy climate; and, (3) privacy engineering practices, such as procedures and controls concretely used in the industry. Among the main findings, this study provides many insights about the state-of-the-practice of privacy engineering, pointing to a positive influence of privacy laws (e.g., EU General Data Protection Regulation) on practitioners' behaviours and organisations' cultures. Aspects such as organisational privacy culture and climate were also confirmed to have a powerful influence on the practitioners' privacy behaviours. A conducive environment for privacy engineering needs to be created, aligning the privacy values of practitioners and their organisations, with particular attention to the leaders and top management's commitment to privacy. Organisations can also facilitate education and awareness training for software practitioners on existing privacy engineering theories, methods and tools that have already been proven effective.

    Download full text (pdf)
    fulltext
  • 11.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Åhlfeldt, Rose-Mharie
    School of Informatics, University of Skövde, Skövde, Sweden.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems2018In: 2018 IEEE 31st International Symposium on Computer-Based Medical Systems / [ed] Hollmen, J; McGregor, C; Soda, P; Kane, B, IEEE, 2018, p. 42-47Conference paper (Refereed)
    Abstract [en]

    Community Health Workers (CHWs) have been using Mobile Health Data Collection Systems (MDCSs) for supporting the delivery of primary healthcare and carrying out public health surveys, feeding national-level databases with families’ personal data. Such systems are used for public surveillance and to manage sensitive data (i.e., health data), so addressing the privacy issues is crucial for successfully deploying MDCSs. In this paper we present a comprehensive privacy threat analysis for MDCSs, discuss the privacy challenges and provide recommendations that are specially useful to health managers and developers. We ground our analysis on a large-scale MDCS used for primary care (GeoHealth) and a well-known Privacy Impact Assessment (PIA) methodology. The threat analysis is based on a compilation of relevant privacy threats from the literature as well as brain-storming sessions with privacy and security experts. Among the main findings, we observe that existing MDCSs do not employ adequate controls for achieving transparency and interveinability. Thus, threatening fundamental privacy principles regarded as data quality, right to access and right to object. Furthermore, it is noticeable that although there has been significant research to deal with data security issues, the attention with privacy in its multiple dimensions is prominently lacking.

  • 12.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Åhlfeldt, Rose-Mharie
    University of Skövde.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats2019In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, no 3, p. 1-16, article id e11642Article in journal (Refereed)
    Abstract [en]

    Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

    Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

    Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

    Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

    Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

    Download full text (pdf)
    fulltext
  • 13.
    Iwaya, Leonardo H.
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Åhlfeldt, Rose-Mharie
    School of Informatics, University of Skövde, Skövde, Sweden.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Overview of Privacy Challenges in Mobile Health Data Collection Systems2018Conference paper (Refereed)
    Abstract [en]

    Community Health Workers (CHWs) have been using Mobile HealthData Collection Systems (MDCSs) for public health surveys, feeding the national-level databases with the families’ personal data. Since such systems are inherentlyused for public surveillance and manage sensitive data (i.e., health data), deal-ing with the privacy issues is crucial to successful deployments. In this poster wepresent the privacy challenges related to MDCSs, providing a summary speciallyimportant to health managers and developers.

    Download full text (pdf)
    fulltext
  • 14.
    Iwaya, Leonardo H
    et al.
    Univ Sao Paulo, Dept Comp & Digital Syst Engn, Sao Paulo, Brazil.
    Gomes, M A L
    Univ Sao Paulo, Dept Comp & Digital Syst Engn, Sao Paulo, Brazil.
    Simplício, M A
    Univ Sao Paulo, Dept Comp & Digital Syst Engn, Sao Paulo, Brazil.
    Carvalho, T C M B
    Univ Sao Paulo, Dept Comp & Digital Syst Engn, Sao Paulo, Brazil.
    Dominicini, C K
    Department of Computer and Digital Systems Engineering, University of São Paulo, São Paulo, SP, Brazil.
    Sakuragui, R R M
    Univ Sao Paulo, Dept Comp & Digital Syst Engn, Sao Paulo, Brazil.
    Rebelo, M S
    Univ Sao Paulo, Sch Med, Heart Inst InCor, Sao Paulo, Brazil.
    Gutierrez, M A
    Univ Sao Paulo, Sch Med, Heart Inst InCor, Sao Paulo, Brazil.
    Näslund, M
    Ericsson Res, Stockholm, Sweden.
    Håkansson, P
    Ericsson Res, Stockholm, Sweden.
    Mobile health in emerging countries: a survey of research initiatives in Brazil.2013In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, no 5, p. 283-298Article in journal (Refereed)
    Abstract [en]

    OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

    METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

    RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

    CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.

  • 15.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). Federal University of Santa Catarina, Brazil.
    Iwaya, Gabriel Horn
    Federal University of Santa Catarina, Brazil.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Steil, Andrea Valeria
    Federal University of Santa Catarina, Brazil.
    Organisational Privacy Culture and Climate: A Scoping Review2022In: IEEE Access, E-ISSN 2169-3536, Vol. 10, p. 73907-73930Article, review/survey (Refereed)
    Abstract [en]

    New regulations worldwide are increasingly pressing organisations to review how they collect and process personal data to ensure the protection of individual privacy rights. This organisational transformation involves implementing several privacy practices (e.g., privacy policies, governance frameworks, and privacy-by-design methods) across multiple departments. The literature points to a strong influence of the organisations’ culture and climate in implementing such privacy practices, depending on how leaders and employees perceive and address privacy concerns. However, this new hybrid topic referred to as Organisational Privacy Culture and Climate (OPCC), remains poorly demarcated and weakly defined. In this paper, we report a Scoping Review (ScR) on the topic of OPCC to systematically identify and map studies, contributing with a synthesis of the existing work, distinguishing core and adjacent publications, research gaps, and pathways of future research. This ScR includes 36 studies categorised according to their demographics, research types, contribution types, research designs, proposed definitions, and conceptualisations. Also, 18 studies categorised as primary research were critically appraised, assessing the studies’ methodological quality and credibility of the evidence. Although published research has significantly advanced the topic of OPCC, more research is still needed. Our findings show that the topic is still in its embryonic stage. The theory behind OPCC has not yet been fully articulated, even though some definitions have been independently proposed. Only one measuring instrument for privacy culture was identified, but it needs to be further developed in terms of identifying and analysing its factors, and evaluating its validity and reliability. Initiatives of future research in OPCC will require interdisciplinary research efforts and close cooperation with industry to further propose and rigorously evaluate instruments. Only then OPCC would be considered an evidence-based research topic that can be reliably used to evaluate, measure, and embed privacy in organisations.

    Download full text (pdf)
    fulltext
  • 16.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Li, Jane
    Health and Biosecurity, Commonwealth Scientific and Industrial Research Organization, Australia.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Åhlfeldt, Rose-Mharie
    University of Skövde.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance2019In: MEDINFO 2019: Health and Wellbeing e-Networks for All / [ed] Lucila Ohno-Machado, Brigitte Séroussi, IOS Press, 2019, Vol. 264, p. 1224-1227Conference paper (Refereed)
    Abstract [en]

    Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

  • 17.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Towards a Privacy Impact Assessment Template for Mobile Health Data Collection Systems2016In: Proceedings of the 5th International Conference on M4D Mobile Communication Technology for Development: M4D 2016, General Tracks / [ed] Orlando P Zacarias and Caroline W. Larsson, 2016, p. 189-200Conference paper (Refereed)
    Download full text (pdf)
    Iwaya_et_al_2016
  • 18.
    Iwaya, Leonardo H
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Nordin, Anna
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Health Sciences (from 2013). Karlstad University, Faculty of Social and Life Sciences, Department of Nursing.
    Fritsch, Lothar
    Oslo Metropolitan University, Norway.
    Børøsund, Elin
    Oslo University Hospital, Norway.
    Johansson, Margareta
    Uppsala University, Sweden.
    Varsi, Cecilie
    Oslo University Hospital, Norway.
    Ängeby, Karin
    Region Värmland, Sweden.
    Early Labour App: Developing a practice-based mobile health application for digital early labour support2023In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 177, p. 105139-105139, article id 105139Article in journal (Refereed)
    Abstract [en]

    Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner’s preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project’s Randomised Control Trial, which is already ongoing.

    Download full text (pdf)
    fulltext
  • 19.
    Iwaya, Leonardo H.
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Voronkov, Artem
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Martucci, Leonardo A.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Firewall Usability and Visualization: A Systematic Literature Review2016Report (Refereed)
    Abstract [en]

    Firewalls are network security components that allow administrators to handle incoming and outgoing traffic based on a set of rules. Such security appliances are typically the first line of defense, creating a barrier between organization’s internal network and the outside network (e.g., Internet). The process of correctly configuring a firewall is complex and error prone, and it only gets worse as the complexity of the network grows. A vulnerable firewall configuration will very likely result in major threats to the organization’s security. In this report we aim to investigate how to make administrator task of planning and implementing firewall solutions easier, from the stand points of usability and visualization. Our scientific investigation starts with the understanding of the state-of-the-art on this specific field. To do so, we conducted a Systematic Literature Review (SLR), a strict methodology to plan a literature review, to gather relevant information, to synthesize and compare approaches, and to report findings. During the initial search process thousands of papers were screened, leading us to 125 papers carefully selected for further readings. In the secondary study, ten relevant works were identified and assessed, in which authors tackled the issues of usability and visualization for Firewalls and Personal Firewalls. Among the main findings, we perceive that there is a lack (or even absence) of user studies to validate the proposed models. This leads us to a series of unwarranted solutions, that need to be prototyped and tested with real users. We also see an huge opportunity for integrative approaches, that could combine firewall research areas, such as automatic anomaly detection, advisory systems, and varying visualization schemes.

    Download full text (pdf)
    fulltext
    Download (jpg)
    preview image
  • 20.
    Iwaya, Leonardo
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). University of Sao Paulo, Brazil.
    Rosso, R S U
    Universidade do Estado de Santa Catarina, Brazli.
    Hounsell, M S
    Universidade do Estado de Santa Catarina, Brazil.
    A Design for Assembly Application with Dynamic Information Retrieval from Case Database2013In: Intelligent Manufacturing Systems / [ed] Marcos de Sales Guerra Tsuzuki and José Reinaldo Silva, Elsevier, 2013, Vol. 11, p. 186-191Conference paper (Refereed)
    Abstract [en]

    Design for Assembly (DFA) is a Concurrent Engineering constituent that gained a lot of attention due to fast and measurable benets. The main principle of DFA is to foresee assembly problems at the design stage based on the experience regarding functionality, materials and machine availability. The work presented in this paper, named RFA - Redesign for Assembly, adds a way to explicitly register and retrieve experiences as part of the design process. It starts from an initial design, then RFA leads the designer through a detailed assessment towards an improved design according to previous experiences. Experience representation was done using a Group Technology classication concept that helps assign a primary-key for a Case Based Teaching underlying system. A supporting system has been implemented in order to try out RFA. DFA scholars have used RFA and proved that experience retrieval is easily and intuitively incorporated in the design process. The paper presents a study about the DFA methodology, reviews existing solutions (methods and software) from the literature and details the RFA architecture, implementation and tests. RFA shows potential for a new design culture based on knowledge sharing, but also, as a repository for a very valuable asset, i.e. problem-oriented assembly-related design experience.

  • 21.
    Knoche, Hendrik
    et al.
    Aalborg University, Denmark.
    Abdul-Rahman, Alfie
    King’s College London, UK.
    Clark, Leigh
    Bold Insight, UK.
    Curcin, Vasa
    King’s College London, UK.
    Huo, Zhiqiang
    King’s College London, UK.
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lemon, Oliver
    Heriot-Watt University, UK.
    Mikulík, Robert
    The St. Anne’s University Hospital, Czech Republic.
    Neate, Timothy
    King's College London, UK.
    Roper, Abi
    University of London, UK.
    Skovfoged, Milo Marsfeldt
    Aalborg University, Denmark.
    Verdezoto, Nervo
    Cardiff University, UK.
    Wilson, Stephanie M.
    City University London, UK.
    Ziadeh, Hamzah
    Aalborg University, Denmark.
    Identifying Challenges and Opportunities for Intelligent Data-Driven Health Interfaces to Support Ongoing Care2023In: CHI EA '23: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems / [ed] Albrecht Schmidt, Kaisa Väänänen, Association for Computing Machinery (ACM), 2023, p. 1-7, article id 354Conference paper (Refereed)
    Abstract [en]

    This workshop will explore future work in the area of intelligent, conversational, data-driven health interfaces both from patients’ and health care professionals’ perspectives. We aim to bring together a diverse set of experts and stakeholders to jointly discuss the opportunities and challenges at the intersection of public health care provisioning, patient and caretaker empowerment, monitoring provisioning of health care and its quality. This will require AI-supported, conversational decision-making interfaces that adhere to ethical and privacy standards and address issues around agency, control, engagement, motivation, and accessibility. The goal of the workshop is to create a community around intelligent data-driven interfaces and create a road map for their future research.

  • 22.
    Näslund, Mats
    et al.
    Bromma, Sweden.
    Carvalho, Tereza C. M. B
    São Paulo, Brasil.
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Simplício, Marcos A.
    São Paulo, Brasil.
    Encrypting and Storing Data2016Patent (Other (popular science, discussion, etc.))
    Abstract [en]

    Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server

    Download full text (pdf)
    fulltext
  • 23.
    Simplício, M A
    et al.
    University of Sao Paulo.
    Carvalho, T C M B
    University of Sao Paulo.
    Dominicini, C
    University of Sao Paulo.
    Håkansson, P
    Ericsson Research.
    Iwaya, L H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. University of Sao Paulo.
    Näslund, M
    Ericsson Research.
    Method and Apparatus for Securing a Connection in a Communications Network2015Patent (Other (popular science, discussion, etc.))
    Abstract [en]

    A method of securing a session between a Network Application Function, NAF, and a User Equipment, UE, connected to a network. The NAF is assigned a NAF identifier, NAF_id, using the Generic Bootstrapping Architecture, GBA, or a similar architecture and a shared secret is established between the UE and the NAF (S7.1). An application request containing a bootstrapping transaction identifier is sent to the NAF from the UE (S7.2) and an authentication request comprising the bootstrapping transaction identifier, the NAF_id, and information derived from the shared secret is sent to a Bootstrapping Server Function, BSF, from the NAF (S7.4). The BSF and the UE determine a NAF key, Ks_NAF, by using a modified parameter in place of or in addition to an original parameter in a key derivation function, the modified parameter being derived from the shared secret and the original parameter of the key derivation function (S7.5). This NAF key is transmitted from the BSF to the NAF (S7.6) and used to secure communications between the NAF and the UE (S7.7). Also provided are apparatus to act as a NAF, UE, and BSF in the method above.

  • 24.
    Simplício, M A
    et al.
    Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
    Iwaya, Leonardo H
    Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
    Barros, Bruno M
    Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
    Carvalho, T C M B
    Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
    Näslund, Mats
    Escola Politécnica, Universidade de São Paulo, São Paulo, Brazil.
    SecourHealth: a delay-tolerant security framework for mobile health data collection.2015In: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, no 2, p. 761-772Article in journal (Refereed)
    Abstract [en]

    Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

  • 25.
    Sá, João
    et al.
    University of Sao Paulo Medical School, Sao Paulo, SP, Brazil.
    Rebelo, Marina
    University of Sao Paulo Medical School, Sao Paulo, SP, Brazil.
    Brentani, Alexandra
    University of Sao Paulo Medical School, Sao Paulo, SP, Brazil.
    Grisi, Sandra
    University of Sao Paulo Medical School, Sao Paulo, SP, Brazil.
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Simplício, Marcos
    Department of Computer and Digital Systems Engineering, University of Sao Paulo, Sao Paulo, SP, Brazil.
    Carvalho, Tereza
    Department of Computer and Digital Systems Engineering, University of Sao Paulo, Sao Paulo, SP, Brazil.
    Gutierrez, Marco
    University of Sao Paulo Medical School, Sao Paulo, SP, Brazil.
    Georeferenced and Secure Mobile Health System for Large Scale Data Collection in Primary Care2016In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 94, p. 91-99Article in journal (Refereed)
    Abstract [en]

    Introduction - Mobile health consists in applying mobile devices and communication capabilities for expanding the coverage and improving the effectiveness of health care programs. The technology is particularly promising for developing countries, in which health authorities can take advantage of the flourishing mobile market to provide adequate health care to underprivileged communities, especially primary care. In Brazil, the Primary Care Information System (SIAB) receives primary health care data from all regions of the country, creating a rich database for health-related action planning. Family Health Teams (FHTs) collect this data in periodic visits to families enrolled in governmental programs, following an acquisition procedure that involves filling in paper forms. This procedure compromises the quality of the data provided to health care authorities and slows down the decision-making process.

    Objectives - To develop a mobile system (GeoHealth) that should address and overcome the aforementioned problems and deploy the proposed solution in a wide underprivileged metropolitan area of a major city in Brazil.

    Methods - The proposed solution comprises three main components: (a) an Application Server, with a database containing family health conditions; and two clients, (b) a Web Browser running visualization tools for management tasks, and (c) a data-gathering device (smartphone) to register and to georeference the family health data. A data security framework was designed to ensure the security of data, which was stored locally and transmitted over public networks.

    Results - The system was successfully deployed at six primary care units in the city of Sao Paulo, where a total of 28,324 families/96,061 inhabitants are regularly followed up by government health policies. The health conditions observed from the population covered were: diabetes in 3.40%, hypertension (age > 40) in 23.87% and tuberculosis in 0.06%. This estimated prevalence has enabled FHTs to set clinical appointments proactively, with the aim of confirming or detecting cases of non-communicable diseases more efficiently, based on real-time information.

    Conclusion - The proposed system has the potential to improve the efficiency of primary care data collection and analysis. In terms of direct costs, it can be considered a low-cost solution, with an estimated additional monthly cost of U$ 0.040 per inhabitant of the region covered, or approximately U$ 0.106 per person, considering only those currently enrolled in the system.

  • 26.
    Voronkov, Artem
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Systematic Literature Review on Usability of Firewall Configuration2018In: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 50, no 6, article id 87Article in journal (Refereed)
    Abstract [en]

    Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.

  • 27.
    Wairimu, Samuel
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). Oslo Metropolitan University, Norway.
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review2024In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 19625-19650Article, review/survey (Refereed)
    Abstract [en]

    Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices. 

    Download full text (pdf)
    fulltext
1 - 27 of 27
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf