Designing a Multimedia Intervention for Illiterate and Semi-Illiterate Pregnant Women in Developing Countries: A Case of Uganda

Die hohe Müttersterblichkeit in Entwicklungsländern ist zum Teil auf indirekte Faktoren wie Analphabetismus und eingeschränkten Zugang zu Gesundheitsinformationen für Mütter zurückzuführen. Während gebildete Frauen auf Gesundheitsinformationen über Online-Plattformen und mHealth-Apps zugreifen können, müssen Analphabetinnen diese in Gesundheitseinrichtungen abrufen, was aufgrund der Transportkosten oft nicht möglich ist. Mobilfunktechnologie hat in der Gesundheitsversorgung Chancen für ressourcenarme Gemeinschaften eröffnet, die sonst nicht von den digitalen Technologien profitiert hätten. Obwohl Mobilfunktechnologie in der Müttergesundheit eingesetzt wird, können die meisten Maßnahmen nicht von Analphabeten genutzt werden, verwenden Sicherheitsmodelle die nicht auf den Kontext von Entwicklungsländern zugeschnitten sind, und wurden nicht auf ihre Auswirkungen auf die Müttergesundheit hin evaluiert. In dieser Arbeit wurden zwei (Web und Mobile) Apps entwickelt, die die Übermittlung von multimedialen Nachrichten zur Müttergesundheit, Terminerinnerungen und Anrufe/Chats erleichtern. Um die Anforderungen der Nutzer zu erfassen, wurde eine Feldstudie mit halbstrukturierten Interviews und Fokusgruppendiskussionen mit schwangeren Analphabetinnen, Gesundheitsexperten und Entwicklern durchgeführt. Es folgte die Entwicklung eines Sicherheitsmodells (T2RoL) zur Sicherung der Gesundheitsinformationen in den Apps, die dann nach einem nutzerzentrierten Designansatz entwickelt wurden. Eine zweite Feldstudie in Form von halbstrukturierten Interviews und Umfragen wurde durchgeführt, um die mobile App in einer randomisierten kontrollierten Studie mit 80 schwangeren Analphabetinnen über 9 Monate zu evaluieren. Die Auswertung zeigte, dass die App akzeptiert wurde sowie einfach zu erlernen und zu benutzen war. Das Wissen über Müttergesundheit in der Interventionsgruppe verbesserte sich, was sich positiv auf gesundheitsbezogene Entscheidungen und Gesundheitsmaßnahmen auswirkte.Maternal mortality is high in developing countries partly due to indirect factors such as illiteracy and limited access to maternal health information. While literate women can access health information from online platforms, and mHealth apps, illiterate women must get it from health facilities which is often not possible due to lack of transport fees. Mobile technology has opened opportunities in maternal health care for low resource communities that would otherwise not have benefited from digital technologies. Although used in maternal health, most interventions are not usable by the illiterate, use security models that are not tailored to the developing countries’ context, and have not been evaluated to assess their impact on maternal health care. In this thesis, two (web and mobile) apps that facilitate delivery of multimedia-based maternal health messages, appointment reminders, and calls/ chats were developed. To gather user requirements, a field study in form of semi-structured interviews and focus group discussions was conducted with illiterate pregnant women, health practitioners and developers. Development of a security model (T2RoL) to secure the health information in the apps followed. The apps were then developed following a user-centered design approach. A second field study in form of semi-structured interviews and surveys was conducted to evaluate the mobile app through a randomized controlled trial with 80 illiterate pregnant women that were followed for 9 months. Overall, results show that the app was acceptable, easy to learn and use. There was improved maternal health knowledge among the intervention group which positively influenced health related decision making and health practices

Privacy Risks and Security Threats in mHealth apps

mHealth (Mobile Health) applications (apps) have transformed the doctor-patient relationship. They help users with varied functionalities such as monitoring their health, understanding specific health conditions, consulting doctors online and achieving fitness goals. Whilst these apps provide an option of equitable and convenient access to healthcare, a lot of personal and sensitive data about users is collected, stored and shared to achieve these functionalities. Little is known about the privacy and security concerns these apps address. Based on literature review, this paper identifies the privacy risks and security features for evaluating thirty apps in the Medical category across two app distribution platforms in India namely Google Play and App Store. Factors identified through the review formed a basis of the scoring model which helped to arrive at the ‘Privacy Risk Score’ and ‘Safety Score’ for each app. A comparative analysis of the selected apps was performed by studying their privacy policies. The results indicate that adopting these apps pose a risk. Finally, recommendations are provided to consumers such as examining the app before downloading it, customizing the app settings, and to developers to develop robust and transparent privacy policies

Information Provenance for Mobile Health Data

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals\u27 health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual\u27s health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially for data that may have been created through a series of aggregations and transformations on many input data sets. In other words, information provenance should be one of the main focuses for any system that wishes to facilitate the sharing of sensitive mHealth data. Creating such a trusted and secure data sharing ecosystem for mHealth apps and devices is difficult, however, as they are implemented with different technologies and managed by different organizations. Furthermore, many mHealth devices use ultra-low-power micro-controllers, which lack the kinds of sophisticated Memory Management Units (MMUs) required to sufficiently isolate sensitive application code and data. In this thesis, we present an end-to-end solution for providing information provenance for mHealth data, which begins by securing mHealth data at its source: the mHealth device. To this end, we devise a memory-isolation method that combines compiler-inserted code and Memory Protection Unit (MPU) hardware to protect application code and data on ultra-low-power micro-controllers. Then we address the security of mHealth data outside of the source (e.g., data that has been uploaded to smartphone or remote-server) with our health-data system, Amanuensis, which uses Blockchain and Trusted Execution Environment (TEE) technologies to provide confidential, yet verifiable, data storage and computation for mHealth data. Finally, we look at identity privacy and data freshness issues introduced by the use of blockchain and TEEs. Namely, we present a privacy-preserving solution for blockchain transactions, and a freshness solution for data access-control lists retrieved from the blockchain

A hybrid model for managing personal health records in South Africa

Doctors can experience difficulty in accessing medical information of new patients. One reason for this is that the management of medical records is mostly institution-centred. The lack of access to medical information may negatively affect patients in several ways. These include new medical tests that may need to be carried out at a cost to the patient and doctors prescribing drugs to which the patient is allergic. This research investigates how patients can play an active role in sharing their personal health records (PHRs) with doctors located in geographically separate areas. In order to achieve the goal of this research, existing literature concerning medical health records and standards was reviewed. A literature review of techniques that can be used to ensure privacy of health information was also undertaken. Interview studies were carried out with three medical practices in Port Elizabeth with the aim of contextualising the findings from the literature study. The Design Science Research methodology was used for this research. A Hybrid Model for Managing Personal Health Records in South Africa is proposed. This model allows patients to view their PHRs on their mobile phones and medical practitioners to manage the patients’ PHRs using a web-based application. The patients’ PHR information is stored both on a cloud server and on mobile devices hence the hybrid nature. Two prototypes were developed as a proof of concept; a mobile application for the patients and a web-based application for the medical practitioners. A field study was carried out with the NMMU health services department and 12 participants over a period of two weeks. The results of the field study were highly positive. The successful evaluation of the prototypes provides empirical evidence that the proposed model brings us closer to the realisation of ubiquitous access to PHRS in South Africa

Privacy and Security Analysis of mHealth Apps

The widespread availability of Mobile Health (mHealth) applications has been significantly accelerated by the outbreak of the COVID-19 pandemic. While bringing many benefits, from self-monitoring to medical consultations, mHealth apps process many sensitive health-related user data. Therefore, they are subject to privacy regulations set by government, such as General Data Protection Regulation (GDPR) in the EU and Health Insurance Portability and Accountability Act (HIPAA) in the USA, as well as privacy guidelines of the app store (e.g., Google Android). In this work, we analyze the privacy, compliance, and security of 232 mHealth apps in the Android ecosystem, mainly focusing on the most popular free apps (199), but also considering a sample of paid apps (25) and healthcare provider/clinician apps published on the US Centers for Disease Control and Prevention (CDC)'s website (8). For our analysis, we leverage both static approaches, such as privacy policy and APK analysis, and dynamic approaches, like network traffic inspection and analysis of in-app consent acquisition. Our findings reveal that 85.4\% of the free mHealth apps do not properly inform the users about all the aspects of the data processing required by the regulations. In addition, they often contain conflicting or incomplete information: only 2.51% of them are completely consistent. Moreover, 55.8% of these apps process user data without explicit consent. Our analysis shows that, when compared to free apps, paid ones are less careful in writing the privacy policy, while containing a lower number of trackers and dangerous permissions on average. We found that 76% of these apps fail in obtaining explicit consent and 84% of them process some types of data without informing the user. Concerning the CDC-endorsed apps, while we did not detect a pervasive presence of trackers, dangerous permissions or sensitive data in the network traffic, our results show that all of them have incomplete privacy policies and fail to ask for explicit consent before accessing their services. As we consider apps with a mean of 8 millions downloads each, our study impacts a lot of end-users and helps creating awareness of mHealth apps' privacy importance among both users and developers

ShareABEL: Secure Sharing of mHealth Data through Cryptographically-Enforced Access Control

Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareABEL, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design (and prototype implementation) of this system makes three contributions: (1) it applies cryptographically-enforced access-control measures to wearable healthcare data, which pose different challenges than Electronic Medical Records (EMRs), (2) it recognizes the temporal nature of mHealth data streams and supports revocation of access to part or all of a data stream, and (3) it departs from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices

A case study in open source innovation: developing the Tidepool Platform for interoperability in type 1 diabetes management.

OBJECTIVE:Develop a device-agnostic cloud platform to host diabetes device data and catalyze an ecosystem of software innovation for type 1 diabetes (T1D) management. MATERIALS AND METHODS:An interdisciplinary team decided to establish a nonprofit company, Tidepool, and build open-source software. RESULTS:Through a user-centered design process, the authors created a software platform, the Tidepool Platform, to upload and host T1D device data in an integrated, device-agnostic fashion, as well as an application ("app"), Blip, to visualize the data. Tidepool's software utilizes the principles of modular components, modern web design including REST APIs and JavaScript, cloud computing, agile development methodology, and robust privacy and security. DISCUSSION:By consolidating the currently scattered and siloed T1D device data ecosystem into one open platform, Tidepool can improve access to the data and enable new possibilities and efficiencies in T1D clinical care and research. The Tidepool Platform decouples diabetes apps from diabetes devices, allowing software developers to build innovative apps without requiring them to design a unique back-end (e.g., database and security) or unique ways of ingesting device data. It allows people with T1D to choose to use any preferred app regardless of which device(s) they use. CONCLUSION:The authors believe that the Tidepool Platform can solve two current problems in the T1D device landscape: 1) limited access to T1D device data and 2) poor interoperability of data from different devices. If proven effective, Tidepool's open source, cloud model for health data interoperability is applicable to other healthcare use cases

Amulet: a Secure Architecture for Mhealth Applications for Low-Power Wearable Devices

Interest in using mobile technologies for health-related applications (mHealth) has increased. However, none of the available mobile platforms provide the essential properties that are needed by these applications. An mHealth platform must be (i) secure; (ii) provide high availability; and (iii) allow for the deployment of multiple third-party mHealth applications that share access to an individual\u27s devices and data. Smartphones may not be able to provide property (ii) because there are activities and situations in which an individual may not be able to carry them (e.g., while in a contact sport). A low-power wearable device can provide higher availability, remaining attached to the user during most activities. Furthermore, some mHealth applications require integrating multiple on-body or near-body devices, some owned by a single individual, but others shared with multiple individuals. In this paper, we propose a secure system architecture for a low-power bracelet that can run multiple applications and manage access to shared resources in a body-area mHealth network. The wearer can install a personalized mix of third-party applications to support the monitoring of multiple medical conditions or wellness goals, with strong security safeguards. Our preliminary implementation and evaluation supports the hypothesis that our approach allows for the implementation of a resource monitor on far less power than would be consumed by a mobile device running Linux or Android. Our preliminary experiments demonstrate that our secure architecture would enable applications to run for several weeks on a small wearable device without recharging