research-article

A privacy framework for mobile health and home-care systems

Authors:

David Kotz,

Sasikanth Avancha,

Amit BaxiAuthors Info & Claims

SPIMACS '09: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems

Pages 1 - 12

https://doi.org/10.1145/1655084.1655086

Published: 13 November 2009 Publication History

Get Access

Abstract

In this paper, we consider the challenge of preserving patient privacy in the context of mobile healthcare and home-care systems, that is, the use of mobile computing and communications technologies in the delivery of healthcare or the provision of at-home medical care and assisted living. This paper makes three primary contributions. First, we compare existing privacy frameworks, identifying key differences and shortcomings. Second, we identify a privacy framework for mobile healthcare and home-care systems. Third, we extract a set of privacy properties intended for use by those who design systems and applications for mobile healthcare and home-care systems, linking them back to the privacy principles. Finally, we list several important research questions that the community should address. We hope that the privacy framework in this paper can help to guide the researchers and developers in this community, and that the privacy properties provide a concrete foundation for privacy-sensitive systems and applications for mobile healthcare and home-care systems.

References

[1]

University of Washington. Assisted Cognition project at UW. http://www.cs.washington.edu/assistcog, visited Mar. 2008.

Google Scholar

[2]

Georgia Institute of Technology. Aware Home project at GA Tech. http://www.cc.gatech.edu/fce/ahri/, visited Mar. 2008.

Google Scholar

[3]

Asia-Pacific Economic Council (APEC). APEC privacy framework, 2005. http://preview.tinyurl.com/cusnax.

Google Scholar

[4]

R. Aylward and J. A. Paradiso. A compact, high-speed, wearable sensor network for biomotion capture and interactive media. In Proceedings of the Sixth International Conference on Information Processing in Sensor Networks (IPSN), pages 380--389. ACM Press, Apr. 2007. DOI 10.1145/1236360.1236408.

Digital Library

Google Scholar

[5]

C. R. Baker, et al. Wireless sensor networks for home health care. In Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, pages 832--837. IEEE Computer Society, May 2007. DOI 10.1109/AINAW.2007.376.

Digital Library

Google Scholar

[6]

S. A. Buckovich, H. E. Rippen, and M. J. Rozen. Driving toward guiding principles: A goal for privacy, confidentiality, and security of health information. Journal of the American Medical Informatics Association, 6(2):122--133, Mar.-Apr. 1999.

Crossref

Google Scholar

[7]

Certification Commission for Healthcare Information Technology (CCHIT). Consumer's guide to certification of personal health records, 2008. http://cchit.org/files/CCHITPHRConsumerGuide08.pdf.

Google Scholar

[8]

Center for Democracy & Technology. Comprehensive privacy and security: Critical for health information technology. White paper, May 2008. http://www.cdt.org/healthprivacy/20080514HPframe.pdf.

Google Scholar

[9]

Center for Democracy & Technology. Summary of health privacy provisions in the 2009 economic stimulus legislation, 29 Apr. 2009. http://www.cdt.org/healthprivacy/20090324 ARRAPrivacy.pdf.

Google Scholar

[10]

Y. B. Choi, K. E. Capitan, J. S. Krause, and M. M. Streeper. Challenges associated with privacy in healthcare industry: Implementation of HIPAA and security rules. Journal of Medical Systems, 30(1):57--64, Feb. 2006. DOI 10.1007/s10916-006-7405-0.

Digital Library

Google Scholar

[11]

S. P. Cohn, National Committee on Vital and Health Statistics. Privacy and confidentiality in the nationwide health information network, June 2006. http://www.ncvhs.hhs.gov/060622lt.htm.

Google Scholar

[12]

Intel Research. Digital Home project at Intel. http://www.intel.com/research/exploratory/digitalhome.htm, visited Mar. 2008.

Google Scholar

[13]

D. Halperin, Thomas, K. Fu, T. Kohno, and W. H. Maisel. Security and privacy for implantable medical devices. IEEE Pervasive Computing, 7(1):30--39, Jan.-Mar. 2008. DOI 10.1109/MPRV.2008.16.

Digital Library

Google Scholar

[14]

US Department of Health and Human Services. Your health information: Privacy rights. http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/consumer rights.pdf, visited Mar. 2009.

Google Scholar

[15]

Health Privacy Working Group, Health Privacy Project. Best principles for health privacy. Georgetown University, July 1999.

Google Scholar

[16]

Health Privacy Project. Best practices for employers offering personal health records (PHRs). Developed by the Employers' Working Group on Personal Health Records (PHRs), Dec. 2007. http://www.cdt.org/healthprivacy/2007Best Practices.pdf.

Google Scholar

[17]

International Security, Trust, and Privacy Alliance. Privacy framework, Oct. 2002. http://www.istpa.org/pdfs/ISTPAPrivacyFrameworkV1.1.pdf.

Google Scholar

[18]

International Security, Trust, and Privacy Alliance. Analysis of privacy principles: Making privacy operational, May 2007. http://www.istpa.org/pdfs/ISTPAAnalysisofPrivacyPrinciplesV2.pdf.

Google Scholar

[19]

D. Kaplan. Group unveils first-of-its-kind standard to secure patient data. SC Magazine, Mar. 2009. http://preview.tinyurl.com/clvu9r.

Google Scholar

[20]

P. Kulkarni and Y. Öztürk. Requirements and design spaces of mobile medical care. SIGMOBILE Mobile Computing Communications Review, 11(3):12--30, July 2007. DOI 10.1145/1317425.1317427.

Digital Library

Google Scholar

[21]

B. O. Lubeke and V. M. Lubecke. Wireless house calls: using communications technology for health care and monitoring. IEEE Microwave Magazine, 3(3):43--48, Sept. 2002. DOI 10.1109/MMW.2002.1028361.

Crossref

Google Scholar

[22]

D. C. Mack, M. Alwan, B. Turner, P. Suratt, and R. A. Felder. A passive and portable system for monitoring heart rate and detecting sleep apnea and arousals: Preliminary validation. In Proceedings of the First Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare (D2H2), pages 51--54. IEEE Computer Society, Apr. 2006. DOI 10.1109/DDHH.2006.1624795.

Crossref

Google Scholar

[23]

M. Meingast, T. Roosta, and S. Sastry. Security and privacy issues with health care information technology. In Proceedings of the 28th IEEE EMBS Annual International Conference, Aug. 2006. DOI 10.1109/IEMBS.2006.260060.

Crossref

Google Scholar

[24]

Markle Foundation. Common Framework for networked personal health information: Overview and principles. Connecting For Health, June 2008. http://connectingforhealth.org/phti/docs/Overview.pdf.

Google Scholar

[25]

Wikipedia. mHealth. http://en.wikipedia.org/wiki/Mhealth, visited Apr. 2009.

Google Scholar

[26]

National Committee on Vital and Health Statistics. Individual control of sensitive health information accessible via NHIN. NCVHS letter to HHS Secretary, Feb. 2008. http://www.ncvhs.hhs.gov/080220lt.pdf.

Google Scholar

[27]

Organization for Economoic Co-operation and Development (OECD.org). OECD guidelines on the protection of privacy and transborder flows of personal data. http://preview.tinyurl.com/2of8ox, visited Aug. 2009.

Google Scholar

[28]

Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services. The nationwide privacy and security framework for electronic exchange of individually identifiable health information, Dec. 2008. http://www.hhs.gov/healthit/privacy/framework.html.

Google Scholar

[29]

R. Paradiso, G. Loriga, and N. Taccini. A wearable health care system based on knitted integrated sensors. IEEE Transactions on Information Technology in Biomedicine, 9(3):337--344, Sept. 2005. DOI 10.1109/TITB.2005.854512.

Digital Library

Google Scholar

[30]

Intel Research. PlaceLab project at Intel. http://www.placelab.org/, visited Mar. 2008.

Google Scholar

[31]

C. Pounder. Why the APEC privacy framework is unlikely to protect privacy. Out-Law.com, Oct. 2007. http://www.out-law.com/default.aspx?page=8550.

Google Scholar

[32]

W. B. Rouse. Health care as a complex adaptive system: Implications for design and management. The Bridge, 38(1), Spring 2008.

Google Scholar

[33]

University of Rochester. Smart Home project at Center for Future Health. http://www.futurehealth.rochester.edu/smart home, visited Mar. 2008.

Google Scholar

[34]

V. Stanford. Pervasive health care applications face tough security challenges. IEEE Pervasive Computing, 1(2):8--12, Apr.-June 2002. DOI 10.1109/MPRV.2002.1012332.

Digital Library

Google Scholar

[35]

Vital Wave Consulting. mHealth for development: The opportunity of mobile technology for healthcare in the developing world. United Nations Foundation and Vodafone Foundation Technology Partnership, Feb. 2009. http://www.unfoundation.org/global-issues/technology/mhealth-report.html.

Google Scholar

[36]

U. Varshney. Pervasive healthcare and wireless health monitoring. Mobile Networks and Applications, 12(2-3):113--127, June 2007. DOI 10.1007/s11036-007-0017-1.

Digital Library

Google Scholar

[37]

Q. Wang, W. Shin, X. Liu, Z. Zeng, C. Oh, B. K. Alshebli, M. Caccamo, C. A. Gunter, E. Gunter, J. Hou, K. Karahalios, and L. Sha. I-Living: An open system architecture for assisted living. In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC), volume 5, pages 4268--4275, Oct. 2006. DOI 10.1109/ICSMC.2006.384805.

Crossref

Google Scholar

Cited By

View all

Offerman CBourgeois JBozzon A(2024)Embedding caring into remote patient management systemsProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685399(1-13)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685399
Alghamdi SFurnell SBagley S(2024)Towards a Harmonised Approach for Security and Privacy Management in Smart Home ContextsHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_12(170-187)Online publication date: 1-Jun-2024
https://doi.org/10.1007/978-3-031-61379-1_12
Sobuti SKhorsandi S(2023)Towards Provable Privacy Protection in IoT-Health Applications2023 14th International Conference on Information and Knowledge Technology (IKT)10.1109/IKT62039.2023.10433042(123-128)Online publication date: 26-Dec-2023
https://doi.org/10.1109/IKT62039.2023.10433042
Show More Cited By

Index Terms

A privacy framework for mobile health and home-care systems

Recommendations

Privacy in mobile technology for personal healthcare

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of mobile computing technologies that have the potential to transform healthcare. Such mHealth technology enables ...
Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

With an increasing emphasis on pervasive healthcare services, providing a high degree of privacy to patients is becoming a major challenge due to: (a) an increased number of avenues, such as device, access points, switches and database; (b) more threats ...
EEMI-An Electronic Health Record for Pediatricians: Adoption Barriers, Services and Use in Mexico

The use of paper health records and handwritten prescriptions are prone to preset errors of misunderstanding instructions or interpretations that derive in affecting patients' health. Electronic Health Records EHR systems are useful tools that among ...

Reviews

Reviewer: Fjodor J. Ruzic

Health systems enabled by new information and communications technologies are discussed in this paper. The emergence of mobile communication systems, health information processing systems, and e-health portfolios with embedded tele-medicine monitoring and first aid devices creates a new paradigm for mobile health and home-care systems. Of course, this trend also brings to light new issues related to personal privacy and data security within these systems. Kotz, Avancha, and Baxi start with the premise that several conceptual privacy frameworks exist, and provide brief information on privacy frameworks for healthcare information systems. After presenting the basic conceptual privacy frameworks, the authors describe their reason for choosing the common framework from the Markle Foundation as the basis for the special privacy framework that aims to cover issues in mobile health and home-care systems. The privacy properties are evaluated briefly for the purposes of data acquisition, storage, and communication, with regard to the patient's role, rights, and control possibilities. These statements are declared within the dedicated privacy framework of a mobile health and home-care system. The authors presume that there is fairly broad agreement on general principles, but there is room for reasonable disagreement on some of the details, especially in mobile and home-care systems. They conclude that a high-quality mobile health system should protect privacy and data integrity. Thus, they derive several additional properties and add the necessary integrity, availability, and auditability properties. Since the mobile health system consists of communications over open networks, the authors state some additional points that should be included in any privacy framework. To fully achieve all privacy properties within mobile health systems, some problems must be solved-the authors stress eight additional research areas. It is obvious that healthcare quality should be embedded into distributed diagnosis and home healthcare systems that mostly rely on mobile telecommunications networks exploited by patients with mobile phones and digital medical devices. The patient's fundamental right to privacy must also be guaranteed in every system design, but this notion is not clearly defined or evaluated within this paper. The paper contains relevant, timely references, as well as issues open for further research. Those working on mobile health systems deployment should read this paper. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

SPIMACS '09: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems

November 2009

72 pages

ISBN:9781605587905

DOI:10.1145/1655084

General Chair:
L. Jean Camp
George Mason University, USA
,
Program Chair:
Elena Ferrari
Institute of Insubria, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

76
Total Citations
View Citations
2,450
Total Downloads

Downloads (Last 12 months)31
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Offerman CBourgeois JBozzon A(2024)Embedding caring into remote patient management systemsProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685399(1-13)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685399
Alghamdi SFurnell SBagley S(2024)Towards a Harmonised Approach for Security and Privacy Management in Smart Home ContextsHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_12(170-187)Online publication date: 1-Jun-2024
https://doi.org/10.1007/978-3-031-61379-1_12
Sobuti SKhorsandi S(2023)Towards Provable Privacy Protection in IoT-Health Applications2023 14th International Conference on Information and Knowledge Technology (IKT)10.1109/IKT62039.2023.10433042(123-128)Online publication date: 26-Dec-2023
https://doi.org/10.1109/IKT62039.2023.10433042
Fung CMotti VZhang KQian Y(2022)A Study of User Concerns about Smartphone Privacy2022 6th Cyber Security in Networking Conference (CSNet)10.1109/CSNet56116.2022.9955623(1-8)Online publication date: 24-Oct-2022
https://doi.org/10.1109/CSNet56116.2022.9955623
Yang AVarshney U(2022)Mobile health evaluation: Taxonomy development and cluster analysisHealthcare Analytics10.1016/j.health.2022.1000222(100022)Online publication date: Nov-2022
https://doi.org/10.1016/j.health.2022.100022
Yang ASingh NVarshney U(2022)Mobile Health Interventions and RCTs: Structured Taxonomy and Research FrameworkJournal of Medical Systems10.1007/s10916-022-01856-646:10Online publication date: 7-Sep-2022
https://doi.org/10.1007/s10916-022-01856-6
Pan JDong HBryan-Kinns N(2021)Perception and Initial Adoption of Mobile Health Services of Older Adults in London: Mixed Methods InvestigationJMIR Aging10.2196/304204:4(e30420)Online publication date: 19-Nov-2021
https://doi.org/10.2196/30420
Saleh YChibelushi CAbdel-Hamid ASoliman A(2021)Privacy-Aware Ant Routing for Wireless Multimedia Sensor Networks in Healthcare2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)10.1109/HPSR52026.2021.9481823(1-6)Online publication date: 7-Jun-2021
https://doi.org/10.1109/HPSR52026.2021.9481823
Jusob FGeorge CMapp G(2021)A new privacy framework for the management of chronic diseases via mHealth in a post-Covid-19 worldJournal of Public Health10.1007/s10389-021-01608-9Online publication date: 18-Jun-2021
https://doi.org/10.1007/s10389-021-01608-9
Yadav NAliasgari MPoellabauer C(2020)Mobile Healthcare in an Increasingly Connected Developing WorldVirtual and Mobile Healthcare10.4018/978-1-5225-9863-3.ch042(859-883)Online publication date: 2020
https://doi.org/10.4018/978-1-5225-9863-3.ch042
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Privacy in mobile technology for personal healthcare

Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

EEMI-An Electronic Health Record for Pediatricians: Adoption Barriers, Services and Use in Mexico

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations