A Threat Taxonomy for mHealth Privacy

Networked mobile devices have great potential to enable individuals (and their physicians) to better monitor their health and to manage medical conditions. In this paper, we examine the privacy-related threats to these so-called \emphmHealth\/ technologies. We develop a taxonomy of the privacy-related threats, and discuss some of the technologies that could support privacy-sensitive mHealth systems. We conclude with a brief summary of research challenges

Developing a comprehensive information security framework for mHealth: a detailed analysis

It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform

Developing a comprehensive information security framework for mHealth: a detailed analysis

It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform

Pervasive eHealth services a security and privacy risk awareness survey

The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy measures in connected health devices is described with recommendations to circumvent critical situations

Towards a Holistic Approach to Designing Theory-based Mobile Health Interventions

Increasing evidence has shown that theory-based health behavior change interventions are more effective than non-theory-based ones. However, only a few segments of relevant studies were theory-based, especially the studies conducted by non-psychology researchers. On the other hand, many mobile health interventions, even those based on the behavioral theories, may still fail in the absence of a user-centered design process. The gap between behavioral theories and user-centered design increases the difficulty of designing and implementing mobile health interventions. To bridge this gap, we propose a holistic approach to designing theory-based mobile health interventions built on the existing theories and frameworks of three categories: (1) behavioral theories (e.g., the Social Cognitive Theory, the Theory of Planned Behavior, and the Health Action Process Approach), (2) the technological models and frameworks (e.g., the Behavior Change Techniques, the Persuasive System Design and Behavior Change Support System, and the Just-in-Time Adaptive Interventions), and (3) the user-centered systematic approaches (e.g., the CeHRes Roadmap, the Wendel's Approach, and the IDEAS Model). This holistic approach provides researchers a lens to see the whole picture for developing mobile health interventions

DOES PRIVACY THREAT MATTER IN MOBILE HEALTH SERVICE? FROM HEALTH BELIEF MODEL PERSPECTIVE

A lot of mobile health (mHealth) service apps have been launched in the market with advances in technology. When people decide to use these mHealth service apps, they have to provide their personal data or personal health data more or less to the service providers. However, the health data is more sensitive data than general personal data. In addition, the behaviour of using mHealth service apps includes technology use behaviour and health promotion behaviour. Therefore, we employed HBM to be the theory foundation to find out what factors will impact on the intention to upload personal health data via a mHealth service app. Online questionnaires were distributed and 133 valid questionnaires were returned. The results showed the perceived benefits is the only factor to influence an individual intention to upload personal health data. The specific information privacy concerns has no significant effect on the behaviour intention. That means people value the benefits that the mhealth service app can bring more than the threat of privacy they perceived. The construct, disposition to value privacy (DTVP), have strong effects on perceived vulnerability, perceived severity, and specific information privacy concerns. Future studies will be recommended

Securing mHealth - Investigating the development of a novel information security framework

The deployment of Mobile Health (mHealth) platforms as well as the use of mobile and wireless technologies have significant potential to transform healthcare services. The use of mHealth technologies allow a real-time remote monitoring as well as direct access to healthcare data so that users (e.g., patients and healthcare professionals) can utilise mHealth services anywhere and anytime. Generally, mHealth offers smart solutions to tackle challenges in healthcare. However, there are still various issues regarding the development of the mHealth system. One of the most common diffi-culties in developing the mHealth system is the security of healthcare data. mHealth systems are still vulnerable to numerous security issues with regard to their weak-nesses in design and data management. Several information security frameworks for mHealth devices as well as information security frameworks for Cloud storage have been proposed, however, the major challenge is developing an effective information se-curity framework that will encompass every component of an mHealth system to secure sensitive healthcare data. This research investigates how healthcare data is managed in mHealth systems and proposes a new information security framework that secures mHealth systems. Moreover, a prototype is developed for the purpose of testing the proposed information security framework. Firstly, risk identification is carried out to determine what could happen to cause potential damage and to gain insight into how, where, and why the damage might happen. The process of risk identification includes the identification of assets those need to be protected, threats that we try to protect against, and vulnerabilities that are weaknesses in mHealth systems. Afterward, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of the most essential security requirements is identified to develop a new information security framework. It then examines existing information security frameworks for mHealth devices and the Cloud, noting similarities and differences. Key mechanisms to implement the new framework are discussed and the new framework is then presented. Furthermore, a prototype is developed for the purpose of testing. It consists of four layers including an mHealth secure storage system, Capability system, Secure transactional layer, and Service management layer. Capability system, Secure transactional layer, and Service management layer are developed as main contributions of the research