Advertisement

mHealth Applications for Goal Management Training - Privacy Engineering in Neuropsychological Studies

  • Alexander Gabel
  • Ina SchieringEmail author
  • Sandra Verena Müller
  • Funda Ertas
Chapter
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 526)

Abstract

The potential of digitalisation in healthcare based on mobile health, so-called mHealth applications, is considerable. On the other hand these solutions incorporate huge privacy risks. In the context of goal management training, a neuropsychological training used for the cognitive rehabilitation of executive dysfunction after a brain injury, the use of mHealth applications is considered. Privacy requirements of this scenario are modelled based on methodologies as privacy protection goals and privacy design strategies. Measures to realize the requirements are proposed and discussed in the context of a study. The focus in privacy engineering is on pseudonymity of patients, data minimization and transparency for patients.

Keywords

mHealth Privacy Data minimization Pseudonymity Transparency Privacy protection goals Privacy design strategies Goal management training Executive dysfunctions 

Notes

Acknowledgment

This work was supported by the Ministry for Science and Culture of Lower Saxony as part of SecuRIn (VWZN3224).

References

  1. 1.
    Allaert, F.A., Mazen, N.J., Legrand, L., Quantin, C.: The tidal waves of connected health devices with healthcare applications: consequences on privacy and care management in European healthcare systems. BMC Med. Inf. Decis. Making 17, 10 (2017).  https://doi.org/10.1186/s12911-017-0408-6CrossRefGoogle Scholar
  2. 2.
    Bakken, D.E., Rarameswaran, R., Blough, D.M., Franz, A.A., Palmer, T.J.: Data obfuscation: anonymity and desensitization of usable data sets. IEEE Secur. Priv. 2(6), 34–41 (2004)CrossRefGoogle Scholar
  3. 3.
    Bauer, A., Hebeisen, C.: Igexin advertising network put user privacy at risk, August 2017. https://blog.lookout.com/igexin-malicious-sdk
  4. 4.
    Becker, S., Miron-Shatz, T., Schumacher, N., Krocza, J., Diamantidis, C., Albrecht, U.V.: mHealth 2.0: experiences, possibilities, and perspectives. JMIR mHealth uHealth 2(2), e24 (2014)CrossRefGoogle Scholar
  5. 5.
    Bertens, D.: Doin’ it right: assessment and errorless learning of executive skills after brain injury. [S.l. : s.n.] (2016). http://repository.ubn.ru.nl/handle/2066/149530
  6. 6.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334, May 2007Google Scholar
  7. 7.
    Bier, C., Krempel, E.: Common privacy patterns in video surveillance and smart energy. In: 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 610–615. IEEE (2012). http://ieeexplore.ieee.org/abstract/document/6530407/
  8. 8.
    Bitglass: The 2014 Bitglass healthcare breach report (2014). https://pages.bitglass.com/pr-2014-healthcare-breach-report.html
  9. 9.
    Bösch, C., Erb, B., Kargl, F., Kopp, H., Pfattheicher, S.: Tales from the dark side: privacy dark strategies and privacy dark patterns. Proc. Priv. Enhanc. Technol. 2016, 237–254 (2016)CrossRefGoogle Scholar
  10. 10.
    Bot, B.M., Suver, C., Neto, E.C., Kellen, M., Klein, A., Bare, C., Doerr, M., Pratap, A., Wilbanks, J., Dorsey, E.R., Friend, S.H., Trister, A.D.: The mPower study, Parkinson disease mobile data collected using ResearchKit. Sci. Data 3, 160011 (2016). http://www.nature.com/articles/sdata201611CrossRefGoogle Scholar
  11. 11.
    Cavoukian, A.: Privacy by design: the 7 foundational principles. Implementation and mapping of fair information practices. Information and Privacy Commissioner of Ontario, Canada (2009)Google Scholar
  12. 12.
    Cavoukian, A., Taylor, S., Abrams, M.E.: Privacy by design: essential for organizational accountability and strong business practices. Identity Inf. Soc. 3(2), 405–413 (2010)CrossRefGoogle Scholar
  13. 13.
    Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40 (2016)Google Scholar
  14. 14.
    Colesky, M., Hoepman, J.H., Bösch, C., Kargl, F., Kopp, H., Mosby, P., Le Métayer, D., Drozd, O., del Álamo, J.M., Martín, Y.S., Gupta, M., Doty, N.: Privacy patterns (2012). https://privacypatterns.org/
  15. 15.
    Emmanouel, A.: Look at the frontal side of life: anterior brain pathology and everyday executive function: assessment approaches and treatment. Ph.D. thesis, Radboud University (2017). http://repository.ubn.ru.nl/handle/2066/166754
  16. 16.
    Charter of fundamental rights of the European union (2012/C 326/02)Google Scholar
  17. 17.
    Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Official Journal of the European Union L119, pp. 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
  18. 18.
    Finn, R.L., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds.) European Data Protection: Coming of Age, pp. 3–32. Springer, Dordrecht (2013).  https://doi.org/10.1007/978-94-007-5170-5_1CrossRefGoogle Scholar
  19. 19.
    Gamito, P., Oliveira, J., Lopes, P., Brito, R., Morais, D., Silva, D., Silva, A., Rebelo, S., Bastos, M., Deus, A.: Executive functioning in alcoholics following an mHealth cognitive stimulation program: randomized controlled trial. J. Med. Internet Res. 16(4), e102 (2014). http://www.jmir.org/2014/4/e102/CrossRefGoogle Scholar
  20. 20.
    Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)Google Scholar
  21. 21.
    Hafiz, M., Adamczyk, P., Johnson, R.E.: Growing a pattern language (for security). In: Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software, pp. 139–158. ACM, New York (2012).  https://doi.org/10.1145/2384592.2384607
  22. 22.
    Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 IEEE Security and Privacy Workshops, pp. 159–166, May 2015Google Scholar
  23. 23.
    Hansen, M.: The standard data protection model - a concept for inspection and consultation on the basis of unified protection goals, March 2017. https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V1_EN1.pdf
  24. 24.
    Hillen, C.: The pseudonym broker privacy pattern in medical data collection. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 999–1005, August 2015Google Scholar
  25. 25.
    Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55415-5_38CrossRefGoogle Scholar
  26. 26.
    Huckvale, K., Prieto, J.T., Tilney, M., Benghozi, P.J., Car, J.: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Med. 13, 214 (2015).  https://doi.org/10.1186/s12916-015-0444-yCrossRefGoogle Scholar
  27. 27.
    Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Lenz, R., Longhurst, J., Nordholt, E.S., Seri, G., Wolf, P.: Handbook on statistical disclosure control. ESSnet on Statistical Disclosure Control (2010)Google Scholar
  28. 28.
    Jenkins, A., Lindsay, S., Eslambolchilar, P., Thornton, I.M., Tales, A.: Administering cognitive tests through touch screen tablet devices: potential issues. J. Alzheimers Dis. 54(3), 1169–1182 (2016)CrossRefGoogle Scholar
  29. 29.
    Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008).  https://doi.org/10.1007/s00766-008-0067-3CrossRefGoogle Scholar
  30. 30.
    Kao, C.K., Liebovitz, D.M.: Consumer mobile health apps: current state, barriers, and future directions. PM & R: J. Inj. Funct. Rehabil. 9(5S), S106–S115 (2017)CrossRefGoogle Scholar
  31. 31.
    Kokott, J., Sobotta, C.: The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR. Int. Data Priv. Law 3(4), 222–228 (2013).  https://doi.org/10.1093/idpl/ipt017CrossRefGoogle Scholar
  32. 32.
    Kumar, S., Nilsen, W., Pavel, M., Srivastava, M.: Mobile health: revolutionizing healthcare through transdisciplinary research. Computer 46(1), 28–35 (2013)CrossRefGoogle Scholar
  33. 33.
    Langheinrich, M.: Privacy by design — principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45427-6_23CrossRefzbMATHGoogle Scholar
  34. 34.
    Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 3rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Vienna, Austria, August 2017Google Scholar
  35. 35.
    Levine, B., Robertson, I.H., Clare, L., Carter, G., Hong, J., Wilson, B.A., Duncan, J., Stuss, D.T.: Rehabilitation of executive functioning: an experimental-clinical validation of goal management training. J. Int. Neuropsychol. Soc. 6(3), 299–312 (2000)CrossRefGoogle Scholar
  36. 36.
    Mandl, K.D., Mandel, J.C., Kohane, I.S.: Driving innovation in health systems through an apps-based information economy. Cell Syst. 1(1), 8–13 (2015)CrossRefGoogle Scholar
  37. 37.
    McKay, F.H., Cheng, C., Wright, A., Shill, J., Stephens, H., Uccellini, M.: Evaluating mobile phone applications for health behaviour change: a systematic review. J. Telemed. Telecare 24(1), 22–30 (2016).  https://doi.org/10.1177/1357633X16673538CrossRefGoogle Scholar
  38. 38.
    heise online: Abgegriffene Browserdaten: WOT-Anbieter will Datenschutz-Vorwürfe prüfen, November 2016. https://www.heise.de/ho/meldung/Abgegriffene-Browserdaten-WOT-Anbieter-will-Datenschutz-Vorwuerfe-pruefen-3455466.html
  39. 39.
    heise online: Daten zu Surfverhalten von Millionen Deutschen als “kostenlose Probe”, November 2016. https://www.heise.de/ho/meldung/Daten-zu-Surfverhalten-von-Millionen-Deutschen-als-kostenlose-Probe-3451556.html
  40. 40.
    Peng, W., Kanthawala, S., Yuan, S., Hussain, S.A.: A qualitative study of user perceptions of mobile health apps. BMC Public Health 16, 1158 (2016).  https://doi.org/10.1186/s12889-016-3808-0CrossRefGoogle Scholar
  41. 41.
    Pfaeffli, L., Maddison, R., Whittaker, R., Stewart, R., Kerr, A., Jiang, Y., Kira, G., Carter, K., Dalleck, L.: A mHealth cardiac rehabilitation exercise intervention: findings from content development studies. BMC Cardiovasc. Disord. 12, 36 (2012).  https://doi.org/10.1186/1471-2261-12-36CrossRefGoogle Scholar
  42. 42.
    Prasad, A., Sorber, J., Stablein, T., Anthony, D., Kotz, D.: Understanding sharing preferences and behavior for mHealth devices. In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES 2012, pp. 117–128. ACM, New York (2012).  https://doi.org/10.1145/2381966.2381983
  43. 43.
    Ranchordas, S., Kaplan, B.: MHealth for Alzheimer’s disease: regulation, consent, and privacy concerns. SSRN Scholarly Paper ID 2765976, Social Science Research Network, Rochester, April 2016. https://papers.ssrn.com/abstract=2765976
  44. 44.
    Siljee, J.: Privacy transparency patterns. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, EuroPLoP 2015, pp. 52:1–52:11. ACM, New York (2015).  https://doi.org/10.1145/2855321.2855374
  45. 45.
    Sunyaev, A., Dehling, T., Taylor, P.L., Mandl, K.D.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inf. Assoc. 22(e1), e28–e33 (2015). https://academic.oup.com/jamia/article/22/e1/e28/700676/Availability-and-quality-of-mobile-health-appGoogle Scholar
  46. 46.
    Tirman, V.J.: The current state of mHealth applications and the need for improved regulatory guidelines to protect the privacy of patient health information. Ph.D. thesis, Alliant International University (2016)Google Scholar
  47. 47.
    Vogel, M.M.E., Combs, S.E., Kessel, K.A.: mHealth and application technology supporting clinical trials: today’s limitations and future perspective of smartRCTs. Front. Oncol. 7 (2017). http://www.ncbi.nlm.nih.gov/pmc/articles/PMC5346562/
  48. 48.
    Volkova, E., Li, N., Dunford, E., Eyles, H., Crino, M., Michie, J., Mhurchu, C.N.: “Smart” RCTs: development of a smartphone app for fully automated nutrition-labeling intervention trials. JMIR mHealth uHealth 4(1), e23 (2016). http://mhealth.jmir.org/2016/1/e23/CrossRefGoogle Scholar
  49. 49.
    Vrhovec, S.L.R.: Challenges of mobile device use in healthcare. In: 2016 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1393–1396, May 2016Google Scholar
  50. 50.
    Zmily, A., Mowafi, Y., Mashal, E.: Study of the usability of spaced retrieval exercise using mobile devices for Alzheimer’s disease rehabilitation. JMIR mHealth uHealth 2(3), e31 (2014). http://mhealth.jmir.org/2014/3/e31/CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Alexander Gabel
    • 1
  • Ina Schiering
    • 1
    Email author
  • Sandra Verena Müller
    • 1
  • Funda Ertas
    • 1
  1. 1.Ostfalia University of Applied SciencesWolfenbüttelGermany

Personalised recommendations