Framework de segurança para coleta de dados em saúde móvel.

Mobile health (mHealth) can be defined as the practice of medicine and public health supported by mobile computing technologies, such as mobile phones, PDAs, tablets, sensors and other wireless devices. Particularly in the case of mobile phones, there has been a significant increase in the number of lines, equipment, and network infrastructure in Low- and Middle-Income Countries (LMIC), allowing the adoption of mHealth systems efficiently. There are now several cases of systems for data collection focused on primary care, health surveillance and epidemiological research, which were adopted in these countries. Such systems provide health care managers information with higher quality and in a shorter time, which in turn improves their ability to plan actions and respond to emergencies. However, security is not included among the main requirements of such systems. Aiming to address this issue, we developed a survey about mHealth applications and research initiatives in Brazil, which shows that a reasonable number of papers only briefly (13%) or simply do not mention (40%) their security requirements. This survey also provides a discussion about the current state-of-art of Brazilian mHealth researches, including the main types of applications, target users, devices employed and the research barriers identified. After that, we present the SecourHealth, a security framework for mHealth data collection applications. SecourHealth was designed to cope with six main security requirements: support user registration and authentication mechanisms; treat network disconnections and delays; provide a secure data storage - even in case of possible theft or loss of equipment; allow secure data exchange between the device and server; enabling device sharing between users (i.e., health workers); and allow trade-offs between security, performance and usability. This thesis also describes in detail the framework modeling and development steps showing how it was integrated into an application for the Android platform. Finally, we benchmarked the cryptographic algorithms implemented, when compared to the overhead of using HTTPS protocol.Saúde Móvel (mHealth) pode ser definida como a prática médica e a saúde pública suportadas por tecnologias de computação móvel, como: telefones celulares, PDAs, tablets, sensores e outros dispositivos sem fio. Particularmente no caso dos celulares, há um aumento expressivo no número de linhas, aparelhos, e na infraestrutura de rede em países de média e baixa renda (Low- Middle- Income Countries, LMIC), permitindo a adoção de sistemas mHealth de maneira eficiente. Existem, hoje, vários casos de sistemas de coleta de dados voltadas à atenção primária, vigilância (em saúde) e pesquisas epidemiológicas adotados nesses países. Tais sistemas fornecem aos gestores de saúde uma informação de melhor qualidade em menor tempo, que por sua vez melhoram a capacidade de planejamento e resposta a emergências. Contudo, nota-se um relaxamento no cumprimento de requisitos de segurança nestes sistemas. Com base nisso, foi feito um levantamento de aplicações e iniciativas de pesquisa em mHealth no Brasil, no qual se constatou que um número razoável de trabalhos mencionam fracamente (13%) ou não menciona (40%) os requisitos de segurança. Este levantamento também discute sobre o estado atual das pesquisas de mHealth no Brasil, os principais tipos de aplicações, os grupos de usuários, os dispositivos utilizados e as barreiras de pesquisa identificadas. Em seguida, este trabalho apresenta o SecourHealth, um framework de segurança voltado ao desenvolvimento de aplicações de mhealth para coleta de dados. O SecourHealth foi projetado com base em seis requisitos principais de segurança: suportar o registro e a autenticação do usuário; tratar a desconexão e os atrasos na rede; prover o armazenamento seguro de dados prevendo possibilidades de furto ou perda dos aparelhos; fazer transmissão segura de dados entre o aparelho e o servidor; permitir o compartilhamento de dispositivos entre os usuários (e.g., agentes de saúde); e considerar opções de compromisso entre segurança, desempenho e usabilidade. O trabalho também descreve com detalhes as etapas de modelagem e desenvolvimento do framework - que foi integrado a uma aplicação para a plataforma Android. Finalmente, é feita uma análise do desempenho dos algoritmos criptográficos implementados, considerando o overhead pelo simples uso do protocolo HTTPS

Organisational Privacy Culture and Climate : A Scoping Review

New regulations worldwide are increasingly pressing organisations to review how they collect and process personal data to ensure the protection of individual privacy rights. This organisational transformation involves implementing several privacy practices (e.g., privacy policies, governance frameworks, and privacy-by-design methods) across multiple departments. The literature points to a strong influence of the organisations’ culture and climate in implementing such privacy practices, depending on how leaders and employees perceive and address privacy concerns. However, this new hybrid topic referred to as Organisational Privacy Culture and Climate (OPCC), remains poorly demarcated and weakly defined. In this paper, we report a Scoping Review (ScR) on the topic of OPCC to systematically identify and map studies, contributing with a synthesis of the existing work, distinguishing core and adjacent publications, research gaps, and pathways of future research. This ScR includes 36 studies categorised according to their demographics, research types, contribution types, research designs, proposed definitions, and conceptualisations. Also, 18 studies categorised as primary research were critically appraised, assessing the studies’ methodological quality and credibility of the evidence. Although published research has significantly advanced the topic of OPCC, more research is still needed. Our findings show that the topic is still in its embryonic stage. The theory behind OPCC has not yet been fully articulated, even though some definitions have been independently proposed. Only one measuring instrument for privacy culture was identified, but it needs to be further developed in terms of identifying and analysing its factors, and evaluating its validity and reliability. Initiatives of future research in OPCC will require interdisciplinary research efforts and close cooperation with industry to further propose and rigorously evaluate instruments. Only then OPCC would be considered an evidence-based research topic that can be reliably used to evaluate, measure, and embed privacy in organisations.TRUEdi

Privacy Engineering in the Wild: Understanding the Practitioners' Mindset, Organisational Aspects, and Current Practices

Privacy engineering, as an emerging field of research and practice, comprises the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems. For that, software practitioners and other stakeholders in software companies need to work cooperatively toward building privacy-preserving businesses and engineering solutions. Significant research has been done to understand the software practitioners' perceptions of information privacy, but more emphasis should be given to the uptake of concrete privacy engineering components. This research delves into the software practitioners' perspectives and mindset, organisational aspects, and current practices on privacy and its engineering processes. A total of 30 practitioners from nine countries and backgrounds were interviewed, sharing their experiences and voicing their opinions on a broad range of privacy topics. The thematic analysis methodology was adopted to code the interview data qualitatively and construct a rich and nuanced thematic framework. As a result, we identified three critical interconnected themes that compose our thematic framework for privacy engineering “in the wild”: (1) personal privacy mindset and stance, categorised into practitioners' privacy knowledge, attitudes and behaviours; (2) organisational privacy aspects, such as decision-power and positive and negative examples of privacy climate; and, (3) privacy engineering practices, such as procedures and controls concretely used in the industry. Among the main findings, this study provides many insights about the state-of-the-practice of privacy engineering, pointing to a positive influence of privacy laws (e.g., EU General Data Protection Regulation) on practitioners' behaviours and organisations' cultures. Aspects such as organisational privacy culture and climate were also confirmed to have a powerful influence on the practitioners' privacy behaviours. A conducive environment for privacy engineering needs to be created, aligning the privacy values of practitioners and their organisations, with particular attention to the leaders and top management's commitment to privacy. Organisations can also facilitate education and awareness training for software practitioners on existing privacy engineering theories, methods and tools that have already been proven effective

Early Labour App : Developing a practice-based mobile health application for digital early labour support

BACKGROUND: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. OBJECTIVE: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. METHODS: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. RESULTS: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users' needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner's preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. CONCLUSION: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project's Randomised Control Trial, which is already ongoing

Identifying Challenges and Opportunities for Intelligent Data-Driven Health Interfaces to Support Ongoing Care

This workshop will explore future work in the area of intelligent, conversational, data-driven health interfaces both from patients’ and health care professionals’ perspectives. We aim to bring together a diverse set of experts and stakeholders to jointly discuss the opportunities and challenges at the intersection of public health care provisioning, patient and caretaker empowerment, monitoring provisioning of health care and its quality. This will require AI-supported, conversational decision-making interfaces that adhere to ethical and privacy standards and address issues around agency, control, engagement, motivation, and accessibility. The goal of the workshop is to create a community around intelligent data-driven interfaces and create a road map for their future research