-
JMIR Human Factors Oct 2020Complying with individual privacy perceptions is essential when processing personal information for research. Our specific research area is performance development of...
BACKGROUND
Complying with individual privacy perceptions is essential when processing personal information for research. Our specific research area is performance development of elite athletes, wherein nutritional aspects are important. Before adopting new automated tools that capture such data, it is crucial to understand and address the privacy concerns of the research subjects that are to be studied. Privacy as contextual integrity emphasizes understanding contextual sensitivity in an information flow. In this study, we explore privacy perceptions in image-based dietary assessments. This research field lacks empirical evidence on what will be considered as privacy violations when exploring trends in long-running studies. Prior studies have only classified images as either private or public depending on their basic content. An assessment and analysis are thus needed to prevent unwanted consequences of privacy breach and other issues perceived as sensitive when designing systems for dietary assessment by using food images.
OBJECTIVE
The aim of this study was to investigate common perceptions of computer systems using food images for dietary assessment. The study delves into perceived risks and data-sharing behaviors.
METHODS
We investigated the privacy perceptions of 105 individuals by using a web-based survey. We analyzed these perceptions along with perceived risks in sharing dietary information with third parties.
RESULTS
We found that understanding the motive behind the use of data increases its chances of sharing with a social group.
CONCLUSIONS
In this study, we highlight various privacy concerns that can be addressed during the design phase. A system design that is compliant with general data protection regulations will increase participants' and stakeholders' trust in an image-based dietary assessment system. Innovative solutions are needed to reduce the intrusiveness of a continuous assessment. Individuals show varying behaviors for sharing metadata, as knowing what the data is being used for, increases the chance of it being shared.
PubMed: 33055060
DOI: 10.2196/19085 -
Sensors (Basel, Switzerland) Mar 2023The overwhelming popularity of technology-based solutions and innovations to address day-to-day processes has significantly contributed to the emergence of smart cities....
The overwhelming popularity of technology-based solutions and innovations to address day-to-day processes has significantly contributed to the emergence of smart cities. where millions of interconnected devices and sensors generate and share huge volumes of data. The easy and high availability of rich personal and public data generated in these digitalized and automated ecosystems renders smart cities vulnerable to intrinsic and extrinsic security breaches. Today, with fast-developing technologies, the classical username and password approaches are no longer adequate to secure valuable data and information from cyberattacks. Multi-factor authentication (MFA) can provide an effective solution to minimize the security challenges associated with legacy single-factor authentication systems (both online and offline). This paper identifies and discusses the role and need of MFA for securing the smart city ecosystem. The paper begins by describing the notion of smart cities and the associated security threats and privacy issues. The paper further provides a detailed description of how MFA can be used for securing various smart city entities and services. A new concept of blockchain-based multi-factor authentication named "BAuth-ZKP" for securing smart city transactions is presented in the paper. The concept focuses on developing smart contracts between the participating entities within the smart city and performing the transactions with zero knowledge proof (ZKP)-based authentication in a secure and privacy-preserved manner. Finally, the future prospects, developments, and scope of using MFA in smart city ecosystem are discussed.
PubMed: 36904955
DOI: 10.3390/s23052757 -
Journal of Medical Internet Research Jul 2021Data breaches are an inevitable risk to hospitals operating with information technology. The financial costs associated with data breaches are also growing. The costs...
BACKGROUND
Data breaches are an inevitable risk to hospitals operating with information technology. The financial costs associated with data breaches are also growing. The costs associated with a data breach may divert resources away from patient care, thus negatively affecting hospital productivity.
OBJECTIVE
After a data breach, the resulting regulatory enforcement and remediation are a shock to a hospital's patient care delivery. Exploiting this shock, this study aimed to investigate the association between hospital data breaches and productivity by using a generalized difference-in-differences model with multiple prebreach and postbreach periods.
METHODS
The study analyzed the hospital financial data of the California Office of Statewide Health Planning and Development from 2012 to 2016. The study sample was an unbalanced panel of hospitals with 2610 unique hospital-year observations, including general acute care hospitals. California hospital data were merged with breach data published by the US Department of Health and Human Services. The dependent variable was hospital productivity measured as value added. The difference-in-differences model was estimated using fixed effects regression.
RESULTS
Hospital productivity did not significantly differ from the baseline for 3 years after a breach. Data breaches were not significantly associated with a reduction in hospital productivity. Before a breach, the productivity of hospitals that experienced a data breach maintained a parallel trend with control hospitals.
CONCLUSIONS
Hospital productivity was resilient against the shocks from a data breach. Nonetheless, data breaches continue to threaten hospitals; therefore, health care workers should be trained in cybersecurity to mitigate disruptions.
Topics: Computer Security; Confidentiality; Hospitals; Humans; United States
PubMed: 34255672
DOI: 10.2196/26157 -
Perspectives in Health Information... 2021The study's objective is to examine the role of healthcare privacy officers, including their personal and organizational knowledge, and the facilities where they work. A...
The study's objective is to examine the role of healthcare privacy officers, including their personal and organizational knowledge, and the facilities where they work. A survey was conducted of privacy officers that are members of the American Health Information Management Association (AHIMA). This resulted in 123 responses that were analyzed for this study. Descriptive statistics were used to characterize factors. The results showed the characteristics predominant among privacy officers are female, higher age, employed in healthcare for numerous years, mostly hold credentials, higher educated, with higher self-reported knowledge levels. Privacy officers are housed in several departments, with the majority within health information management (HIM). Their facilities are typically acute-care hospitals or healthcare systems located in states without additional privacy laws and are primarily non-profit.
Topics: Administrative Personnel; Computer Security; Confidentiality; Electronic Health Records; Female; Humans; Male; Middle Aged; Professional Role; Surveys and Questionnaires; United States
PubMed: 34035790
DOI: No ID Found -
Empirical Software Engineering 2023An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an...
UNLABELLED
An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an unprecedented growth in the adoption of mental health services, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps' development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among 3rd-parties and advertisers in the current apps' ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. We conclude that while developers ought to be more knowledgeable in considering and addressing privacy issues, users and health professionals can also play a role by demanding privacy-friendly apps.
SUPPLEMENTARY INFORMATION
The online version contains supplementary material available at 10.1007/s10664-022-10236-0.
PubMed: 36407814
DOI: 10.1007/s10664-022-10236-0 -
Healthcare (Basel, Switzerland) Dec 2022The public perceive social media as a convenient source of health information. Some physicians might use this to enhance their visibility and market value. In this...
The public perceive social media as a convenient source of health information. Some physicians might use this to enhance their visibility and market value. In this study, we aimed to assess medical students' awareness of regulations for dispersion of health-related information on social media and physicians' online self-promotional activities. A cross-sectional study was conducted among undergraduate medical students from the 3 largest administrative regions of Saudi Arabia: Central, Western, and Eastern regions. Data was collected between February-July 2020 via online distribution of a self-administered questionnaire. Results showed that: (a) a total of 730 medical students participated; (b) about half of respondents were unsure or unaware of guidelines of both, online posting of medical information and physicians' online self-promotional activities (343/47% and 385/52.7%, respectively); (c) 610 (83.6%) students supported that healthcare providers report accounts sharing unreliable health information. Physicians' online promotional activities, and posting about successful cases, might shift physicians' focus from patient care to becoming more popular online. Care should be taken not to breach essential professional and ethical principles, such as protecting the confidentiality and privacy of patients. Raising awareness among patients and physicians, current and future ones, of the regulations governing these online health related interactions is imperative.
PubMed: 36611481
DOI: 10.3390/healthcare11010021 -
Health Information Management : Journal... Feb 2023The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health...
BACKGROUND
The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health information and cybersecurity managers need to understand if, and to what extent, breach types and locations are associated with their organisation's business type.
OBJECTIVE
To investigate if breach type and breach location are associated with business type, and if so, investigate how these factors affect information systems and protected health information in for-profit versus non-profit organisations.
METHOD
The quantitative study was performed using chi-square tests for association and post-hoc comparison of column proportions analysis on an archival data set of reported healthcare data breaches from 2020 to 2022. Data from the Department of Health and Human Services website was retrieved and each organisation classified as for-profit or non-profit.
RESULTS
For-profit organisations experienced a significantly higher number of breaches due to theft, and non-profit organisations experienced a significantly higher number of breaches due to unauthorised access. Furthermore, the number of breaches that occurred on laptops and paper/films was significantly higher in for-profit organisations.
CONCLUSION
While the threat level of hacking techniques is the same in for-profit and non-profit organisations, certain breach types are more likely to occur within specific breach locations based on the organisation's business type. To protect the privacy and security of medical information, health information and cybersecurity managers need to align with industry-leading frameworks and controls to prevent specific breach types that occur in specific locations within their environments.
PubMed: 36840419
DOI: 10.1177/18333583231158886 -
International Journal of Environmental... Jun 2022Globally, there is an urgent need for solutions that can support our aging populations to live well and reduce the associated economic, social and health burdens....
Globally, there is an urgent need for solutions that can support our aging populations to live well and reduce the associated economic, social and health burdens. Implementing smart technologies within homes and communities may assist people to live well and 'age in place'. To date, there has been little consultation with older Australians addressing either the perceived benefits, or the potential social and ethical challenges associated with smart technology use. To address this, we conducted five World Cafés in two Australian states, aiming to capture citizen knowledge about the possibilities and challenges of smart technologies. The participants ( = 84) were aged 55 years and over, English-speaking, and living independently. Grounding our analysis in values-based social science and biomedical ethical principles, we identified the themes reflecting the participants' understanding, resistance, and acceptance of smart technologies, and the ethical principles, including beneficence, non-maleficence, autonomy, privacy, confidentiality, and justice. Similar to other studies, many of the participants demonstrated cautious and conditional acceptance of smart technologies, while identifying concerns about social isolation, breaches of privacy and confidentiality, surveillance, and stigmatization. Attention to understanding and incorporating the values of older citizens will be important for the acceptance and effectiveness of smart technologies for supporting independent and full lives for older citizens.
Topics: Aged; Aging; Australia; Home Care Services; Humans; Privacy; Technology
PubMed: 35805477
DOI: 10.3390/ijerph19137817 -
JMIR Medical Informatics Nov 2015Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is...
BACKGROUND
Short message service (SMS) text messaging is an efficient form of communication and pervasive in health care, but may not securely protect patient information. It is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care.
OBJECTIVE
We sought to compare residents' preferences for SMS text messaging compared with other forms of in-hospital communication when considering security versus ease of use.
METHODS
This study was a cross-sectional multi-institutional survey of internal medicine residents. Residents ranked different communication modalities based on efficiency, ease of use, and security using a Likert scale. Communication options included telephone, email, hospital paging, and SMS text messaging. Respondents also reported whether they had received confidential patient identifiers through any of these modalities.
RESULTS
SMS text messaging was preferred by 71.7% (94/131) of respondents because of its efficiency and by 79.8% (103/129) of respondents because of its ease of use. For security, 82.5% (104/126) of respondents preferred the hospital paging system, whereas only 20.6% (26/126) of respondents preferred SMS text messaging for secure communication. In all, 70.9% (93/131) of respondents reported having received patient identifiers (first and/or last name), 81.7% (107/131) reported receiving patient initials, and 50.4% (66/131) reported receiving a patient's medical record number through SMS text messages.
CONCLUSIONS
Residents prefer in-hospital communication through SMS text messaging because of its ease of use and efficiency. Despite security concerns, the majority of residents reported receiving confidential patient information through SMS text messaging. For providers, it is possible that the benefits of improved in-hospital communication with SMS text messaging and the presumed improvement in the coordination and delivery of patient care outweigh security concerns they may have. The tension between the security and convenience of SMS text messaging may represent an educational opportunity to ensure the compliance of mobile technology in the health care setting.
PubMed: 26611620
DOI: 10.2196/medinform.4797 -
Yearbook of Medical Informatics Aug 2018To summarize the state of the art during the year 2017 in consumer health informatics and education, with a special emphasis on sharing health data and accessing... (Review)
Review
OBJECTIVE
To summarize the state of the art during the year 2017 in consumer health informatics and education, with a special emphasis on sharing health data and accessing personal health information (PHI) from patients' and consumers' perspective.
METHODS
We conducted a systematic search of articles published in PubMed using a predefined set of queries which identified 228 potential articles for review. The section editors then screened these articles according to topic relevance and selected 15 candidate best papers for full review and scoring by a panel of international experts. Based on the scores and the reviews, four papers received the highest score and were selected in a consensus meeting as the best papers on health data access and sharing from consumers' and patients' perspective.
RESULTS
These four papers were categorised into the following topics: 1) data sharing for research and governance in privacy protection; 2) use of personal health information and individual privacy concerns; and 3) consumers' views and demographic characteristics regarding health data sharing and the use of digital health portals. Overall, it was surprising to see only a small number of papers reporting original research in this area.
CONCLUSIONS
Patients understand the need for sharing information to facilitate best care and to enrich biomedical knowledge. When confronted with the reality of accessing information systems for their own information, patients are concerned about usability as well as privacy. Overall, there is a need for more emphasis on: 1) considering privacy as a feature defined by design; 2) using specific consent approaches and data sharing mechanisms for recruiting clinical trial participants; 3) taking into account socio-demographic characteristics when promoting consumer access to personal health information; and 4) defining indicators of high-quality care to incorporate healthcare professionals' level of caution when accessing patients' medical information and fostering patient trust in data exchange. Ultimately, privacy mechanisms should be part of the design process and not only be implemented when security has been breached and violated.
Topics: Confidentiality; Consensus; Consumer Health Informatics; Electronic Health Records; Health Records, Personal; Humans; Information Dissemination; Internet; Patient Portals; Privacy
PubMed: 30157519
DOI: 10.1055/s-0038-1641218