mHealth Applications for Goal Management Training - Privacy Engineering in Neuropsychological Studies
- 2 Citations
- 972 Downloads
Abstract
The potential of digitalisation in healthcare based on mobile health, so-called mHealth applications, is considerable. On the other hand these solutions incorporate huge privacy risks. In the context of goal management training, a neuropsychological training used for the cognitive rehabilitation of executive dysfunction after a brain injury, the use of mHealth applications is considered. Privacy requirements of this scenario are modelled based on methodologies as privacy protection goals and privacy design strategies. Measures to realize the requirements are proposed and discussed in the context of a study. The focus in privacy engineering is on pseudonymity of patients, data minimization and transparency for patients.
Keywords
mHealth Privacy Data minimization Pseudonymity Transparency Privacy protection goals Privacy design strategies Goal management training Executive dysfunctionsNotes
Acknowledgment
This work was supported by the Ministry for Science and Culture of Lower Saxony as part of SecuRIn (VWZN3224).
References
- 1.Allaert, F.A., Mazen, N.J., Legrand, L., Quantin, C.: The tidal waves of connected health devices with healthcare applications: consequences on privacy and care management in European healthcare systems. BMC Med. Inf. Decis. Making 17, 10 (2017). https://doi.org/10.1186/s12911-017-0408-6CrossRefGoogle Scholar
- 2.Bakken, D.E., Rarameswaran, R., Blough, D.M., Franz, A.A., Palmer, T.J.: Data obfuscation: anonymity and desensitization of usable data sets. IEEE Secur. Priv. 2(6), 34–41 (2004)CrossRefGoogle Scholar
- 3.Bauer, A., Hebeisen, C.: Igexin advertising network put user privacy at risk, August 2017. https://blog.lookout.com/igexin-malicious-sdk
- 4.Becker, S., Miron-Shatz, T., Schumacher, N., Krocza, J., Diamantidis, C., Albrecht, U.V.: mHealth 2.0: experiences, possibilities, and perspectives. JMIR mHealth uHealth 2(2), e24 (2014)CrossRefGoogle Scholar
- 5.Bertens, D.: Doin’ it right: assessment and errorless learning of executive skills after brain injury. [S.l. : s.n.] (2016). http://repository.ubn.ru.nl/handle/2066/149530
- 6.Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334, May 2007Google Scholar
- 7.Bier, C., Krempel, E.: Common privacy patterns in video surveillance and smart energy. In: 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 610–615. IEEE (2012). http://ieeexplore.ieee.org/abstract/document/6530407/
- 8.Bitglass: The 2014 Bitglass healthcare breach report (2014). https://pages.bitglass.com/pr-2014-healthcare-breach-report.html
- 9.Bösch, C., Erb, B., Kargl, F., Kopp, H., Pfattheicher, S.: Tales from the dark side: privacy dark strategies and privacy dark patterns. Proc. Priv. Enhanc. Technol. 2016, 237–254 (2016)CrossRefGoogle Scholar
- 10.Bot, B.M., Suver, C., Neto, E.C., Kellen, M., Klein, A., Bare, C., Doerr, M., Pratap, A., Wilbanks, J., Dorsey, E.R., Friend, S.H., Trister, A.D.: The mPower study, Parkinson disease mobile data collected using ResearchKit. Sci. Data 3, 160011 (2016). http://www.nature.com/articles/sdata201611CrossRefGoogle Scholar
- 11.Cavoukian, A.: Privacy by design: the 7 foundational principles. Implementation and mapping of fair information practices. Information and Privacy Commissioner of Ontario, Canada (2009)Google Scholar
- 12.Cavoukian, A., Taylor, S., Abrams, M.E.: Privacy by design: essential for organizational accountability and strong business practices. Identity Inf. Soc. 3(2), 405–413 (2010)CrossRefGoogle Scholar
- 13.Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40 (2016)Google Scholar
- 14.Colesky, M., Hoepman, J.H., Bösch, C., Kargl, F., Kopp, H., Mosby, P., Le Métayer, D., Drozd, O., del Álamo, J.M., Martín, Y.S., Gupta, M., Doty, N.: Privacy patterns (2012). https://privacypatterns.org/
- 15.Emmanouel, A.: Look at the frontal side of life: anterior brain pathology and everyday executive function: assessment approaches and treatment. Ph.D. thesis, Radboud University (2017). http://repository.ubn.ru.nl/handle/2066/166754
- 16.Charter of fundamental rights of the European union (2012/C 326/02)Google Scholar
- 17.Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Official Journal of the European Union L119, pp. 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
- 18.Finn, R.L., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds.) European Data Protection: Coming of Age, pp. 3–32. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-5170-5_1CrossRefGoogle Scholar
- 19.Gamito, P., Oliveira, J., Lopes, P., Brito, R., Morais, D., Silva, D., Silva, A., Rebelo, S., Bastos, M., Deus, A.: Executive functioning in alcoholics following an mHealth cognitive stimulation program: randomized controlled trial. J. Med. Internet Res. 16(4), e102 (2014). http://www.jmir.org/2014/4/e102/CrossRefGoogle Scholar
- 20.Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)Google Scholar
- 21.Hafiz, M., Adamczyk, P., Johnson, R.E.: Growing a pattern language (for security). In: Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software, pp. 139–158. ACM, New York (2012). https://doi.org/10.1145/2384592.2384607
- 22.Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 IEEE Security and Privacy Workshops, pp. 159–166, May 2015Google Scholar
- 23.Hansen, M.: The standard data protection model - a concept for inspection and consultation on the basis of unified protection goals, March 2017. https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V1_EN1.pdf
- 24.Hillen, C.: The pseudonym broker privacy pattern in medical data collection. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 999–1005, August 2015Google Scholar
- 25.Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38CrossRefGoogle Scholar
- 26.Huckvale, K., Prieto, J.T., Tilney, M., Benghozi, P.J., Car, J.: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Med. 13, 214 (2015). https://doi.org/10.1186/s12916-015-0444-yCrossRefGoogle Scholar
- 27.Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Lenz, R., Longhurst, J., Nordholt, E.S., Seri, G., Wolf, P.: Handbook on statistical disclosure control. ESSnet on Statistical Disclosure Control (2010)Google Scholar
- 28.Jenkins, A., Lindsay, S., Eslambolchilar, P., Thornton, I.M., Tales, A.: Administering cognitive tests through touch screen tablet devices: potential issues. J. Alzheimers Dis. 54(3), 1169–1182 (2016)CrossRefGoogle Scholar
- 29.Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008). https://doi.org/10.1007/s00766-008-0067-3CrossRefGoogle Scholar
- 30.Kao, C.K., Liebovitz, D.M.: Consumer mobile health apps: current state, barriers, and future directions. PM & R: J. Inj. Funct. Rehabil. 9(5S), S106–S115 (2017)CrossRefGoogle Scholar
- 31.Kokott, J., Sobotta, C.: The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR. Int. Data Priv. Law 3(4), 222–228 (2013). https://doi.org/10.1093/idpl/ipt017CrossRefGoogle Scholar
- 32.Kumar, S., Nilsen, W., Pavel, M., Srivastava, M.: Mobile health: revolutionizing healthcare through transdisciplinary research. Computer 46(1), 28–35 (2013)CrossRefGoogle Scholar
- 33.Langheinrich, M.: Privacy by design — principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45427-6_23CrossRefzbMATHGoogle Scholar
- 34.Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 3rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Vienna, Austria, August 2017Google Scholar
- 35.Levine, B., Robertson, I.H., Clare, L., Carter, G., Hong, J., Wilson, B.A., Duncan, J., Stuss, D.T.: Rehabilitation of executive functioning: an experimental-clinical validation of goal management training. J. Int. Neuropsychol. Soc. 6(3), 299–312 (2000)CrossRefGoogle Scholar
- 36.Mandl, K.D., Mandel, J.C., Kohane, I.S.: Driving innovation in health systems through an apps-based information economy. Cell Syst. 1(1), 8–13 (2015)CrossRefGoogle Scholar
- 37.McKay, F.H., Cheng, C., Wright, A., Shill, J., Stephens, H., Uccellini, M.: Evaluating mobile phone applications for health behaviour change: a systematic review. J. Telemed. Telecare 24(1), 22–30 (2016). https://doi.org/10.1177/1357633X16673538CrossRefGoogle Scholar
- 38.heise online: Abgegriffene Browserdaten: WOT-Anbieter will Datenschutz-Vorwürfe prüfen, November 2016. https://www.heise.de/ho/meldung/Abgegriffene-Browserdaten-WOT-Anbieter-will-Datenschutz-Vorwuerfe-pruefen-3455466.html
- 39.heise online: Daten zu Surfverhalten von Millionen Deutschen als “kostenlose Probe”, November 2016. https://www.heise.de/ho/meldung/Daten-zu-Surfverhalten-von-Millionen-Deutschen-als-kostenlose-Probe-3451556.html
- 40.Peng, W., Kanthawala, S., Yuan, S., Hussain, S.A.: A qualitative study of user perceptions of mobile health apps. BMC Public Health 16, 1158 (2016). https://doi.org/10.1186/s12889-016-3808-0CrossRefGoogle Scholar
- 41.Pfaeffli, L., Maddison, R., Whittaker, R., Stewart, R., Kerr, A., Jiang, Y., Kira, G., Carter, K., Dalleck, L.: A mHealth cardiac rehabilitation exercise intervention: findings from content development studies. BMC Cardiovasc. Disord. 12, 36 (2012). https://doi.org/10.1186/1471-2261-12-36CrossRefGoogle Scholar
- 42.Prasad, A., Sorber, J., Stablein, T., Anthony, D., Kotz, D.: Understanding sharing preferences and behavior for mHealth devices. In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES 2012, pp. 117–128. ACM, New York (2012). https://doi.org/10.1145/2381966.2381983
- 43.Ranchordas, S., Kaplan, B.: MHealth for Alzheimer’s disease: regulation, consent, and privacy concerns. SSRN Scholarly Paper ID 2765976, Social Science Research Network, Rochester, April 2016. https://papers.ssrn.com/abstract=2765976
- 44.Siljee, J.: Privacy transparency patterns. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, EuroPLoP 2015, pp. 52:1–52:11. ACM, New York (2015). https://doi.org/10.1145/2855321.2855374
- 45.Sunyaev, A., Dehling, T., Taylor, P.L., Mandl, K.D.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inf. Assoc. 22(e1), e28–e33 (2015). https://academic.oup.com/jamia/article/22/e1/e28/700676/Availability-and-quality-of-mobile-health-appGoogle Scholar
- 46.Tirman, V.J.: The current state of mHealth applications and the need for improved regulatory guidelines to protect the privacy of patient health information. Ph.D. thesis, Alliant International University (2016)Google Scholar
- 47.Vogel, M.M.E., Combs, S.E., Kessel, K.A.: mHealth and application technology supporting clinical trials: today’s limitations and future perspective of smartRCTs. Front. Oncol. 7 (2017). http://www.ncbi.nlm.nih.gov/pmc/articles/PMC5346562/
- 48.Volkova, E., Li, N., Dunford, E., Eyles, H., Crino, M., Michie, J., Mhurchu, C.N.: “Smart” RCTs: development of a smartphone app for fully automated nutrition-labeling intervention trials. JMIR mHealth uHealth 4(1), e23 (2016). http://mhealth.jmir.org/2016/1/e23/CrossRefGoogle Scholar
- 49.Vrhovec, S.L.R.: Challenges of mobile device use in healthcare. In: 2016 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1393–1396, May 2016Google Scholar
- 50.Zmily, A., Mowafi, Y., Mashal, E.: Study of the usability of spaced retrieval exercise using mobile devices for Alzheimer’s disease rehabilitation. JMIR mHealth uHealth 2(3), e31 (2014). http://mhealth.jmir.org/2014/3/e31/CrossRefGoogle Scholar