his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden.
Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden.
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Informationssystem (IS), Information Systems)ORCID iD: 0000-0002-8607-948X
Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden.
2019 (English)In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, no 3, p. 1-16, article id e11642Article in journal (Refereed) Published
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Place, publisher, year, edition, pages
CANADA: JMIR PUBLICATIONS , 2019. Vol. 7, no 3, p. 1-16, article id e11642
Keywords [en]
mobile health, mHealth, data security, privacy, data protection, privacy impact assessment, public health
National Category
Computer Sciences
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-16707DOI: 10.2196/11642ISI: 000463345300001PubMedID: 30892275Scopus ID: 2-s2.0-85064505109OAI: oai:DiVA.org:his-16707DiVA, id: diva2:1297683
Available from: 2019-03-20 Created: 2019-03-20 Last updated: 2019-07-10Bibliographically approved

Open Access in DiVA

fulltext(930 kB)67 downloads
File information
File name FULLTEXT01.pdfFile size 930 kBChecksum SHA-512
7b427dcdf6de02af0861c06461e6f56b9c78a101c51dd34017298b7fe99d92007f8803291aeca1a9b3aa18bc024cc352871f62675e3d9bd7682945d66e681a43
Type fulltextMimetype application/pdf

Other links

Publisher's full textPubMedScopus

Authority records BETA

Åhlfeldt, Rose-Mharie

Search in DiVA

By author/editor
Åhlfeldt, Rose-Mharie
By organisation
School of InformaticsThe Informatics Research Centre
In the same journal
JMIR mhealth and uhealth
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 67 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
pubmed
urn-nbn

Altmetric score

doi
pubmed
urn-nbn
Total: 155 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf