research-article

Privacy in mobile technology for personal healthcare

Authors:

Sasikanth Avancha,

Amit Baxi,

David KotzAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 45, Issue 1

Article No.: 3, Pages 1 - 54

https://doi.org/10.1145/2379776.2379779

Published: 07 December 2012 Publication History

Get Access

Abstract

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of mobile computing technologies that have the potential to transform healthcare. Such mHealth technology enables physicians to remotely monitor patients' health and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions.

References

[1]

Ackerman, M. S. and Mainwaring, S. D. 2005. Privacy issues and human-computer interaction. In Security and Usability: Designing Secure Systems that People Can Use, L. F. Cranor and S. Garfinkel, Eds., O'Reilly Media, 381--400. http://oreilly.com/catalog/9780596008277/.

Google Scholar

[2]

ACLU 2009, American Civil Liberties Union. The American Recovery and Reinvestment Act of 2009: Health information technology, privacy summary. http://www.aclu.org/images/asset_upload_file625_38771.pdf. (last accessed 3/09).

Google Scholar

[3]

Agrafioti, F. and Hatzinakos, D. 2008. Fusion of ECG sources for human identification. In Proceedings of the International Symposium on Communications, Control and Signal Processing (ISCCSP). IEEE Press, 1542--1547. DOI 10.1109/ISCCSP.2008.4537472.

Crossref

Google Scholar

[4]

Al Ameen, M., Liu, J., and Kwak, K. 2010. Security and privacy issues in wireless sensor networks for healthcare applications. J. Medical Syst. 1--9. DOI 10.1007/s10916-010-9449-4.

Digital Library

Google Scholar

[5]

AllOne Health. 2009. PHR access on mobile phone. http://www.allonemobile.com. (last accessed 3/09)

Google Scholar

[6]

American Medical Association. 2009. HR.1, the American Recovery and Reinvestment Act of 2009: Explanation of privacy provisions. http://www.ama-assn.org/ama1/pub/upload/mm/399/arra-privacy-provisions.pdf. (last accessed 3/09).

Google Scholar

[7]

Andersen, J. 2009. Secure group formation protocol for a medical sensor network prototype. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP). IEEE, 343--348. DOI 10.1109/ISSNIP.2009.5416771.

Crossref

Google Scholar

[8]

Anvita Health. 2009. Google health on mobile phone. http://www.anvitahealth.com. (last accessed 3/09).

Google Scholar

[9]

APEC 2005. APEC privacy framework. http://tinyurl.com/cusnax.

Google Scholar

[10]

Appari, A. and Johnson, M. E. 2010. Information security and privacy in healthcare: Current state of research. Int. J. Internet Enterprise Manage. 6, 4, 279--314. http://mba.tuck.dartmouth.edu/pages/faculty/eric.johnson/pdfs/AJIJIEM.pdf.

Crossref

Google Scholar

[11]

Aylward, R. and Paradiso, J. A. 2007. A compact, high-speed, wearable sensor network for biomotion capture and interactive media. In Proceedings of the International Workshop on Information Processing in Sensor Networks (IPSN). ACM, 380--389. DOI 10.1145/1236360.1236408.

Digital Library

Google Scholar

[12]

Baker, C. R., Armijo, K., Belka, S., Benhabib, M., Bhargava, V., Burkhart, N., Der Minassians, A., Dervisoglu, G., Gutnik, L., Haick, B. M., Ho, C., Koplow, M., Mangold, J., Robinson, S., Rosa, M., Schwartz, M., Sims, C., Stoffregen, H., Waterbury, A., Leland, E. S., Pering, T., and Wright, P. K. 2007. Wireless sensor networks for home health care. In Proceedings of the International Conference on Advanced Information Networking and Applications Workshops. IEEE Computer Society, 832--837. DOI 10.1109/AINAW.2007.376.

Digital Library

Google Scholar

[13]

Baldus, H., Klabunde, K., and Müsch, G. 2004. Reliable set-up of medical body-sensor networks. In Proceedings of the 1^st European Workshop on Wireless Sensor Networks. Lecture Notes in Computer Science, vol. 2920. Springer, 353--363. DOI 10.1007/978-3-540-24606-0-24.

Crossref

Google Scholar

[14]

Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. 2006. Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE Press, 15--29. DOI 10.1109/SP.2006.32.

Digital Library

Google Scholar

[15]

Barth, A. T., Hanson, M. A., Powell, H. C., Unluer, D., Wilson, S. G., and Lach, J. 2008. Body-coupled communication for body sensor networks. In Proceedings of the ICST International Conference on Body Area Networks (BodyNets). Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (ICST), 1--4. Online at http://portal.acm.org/citation.cfm&quest;id=1460257.1460273.

Digital Library

Google Scholar

[16]

Becher, E., Benenson, Z., and Dornseif, M. 2006. Tampering with motes: Real-world physical attacks on wireless sensor networks. In Proceedings of the International Conference on Security in Pervasive Computing (SPC). Springer-Verlag, 104--118. DOI 10.1007/11734666 9.

Digital Library

Google Scholar

[17]

Bekiaris, E., Damousis, I. G., and Tzovaras, D. 2008. Unobtrusive multimodal biometric authentication: The HUMABIO project concept. EURASIP J. Adv. Sig. Process. DOI 10.1155/2008/265767.

Digital Library

Google Scholar

[18]

Bellman, S., Johnson, E. J., and Lohse, G. L. 2001. To opt-in or opt-out&quest; it depends on the question. Comm. ACM 44, 2, 25--27. DOI 10.1145/359205.359241.

Digital Library

Google Scholar

[19]

Bichler, D., Stromberg, G., Huemer, M., and Löw, m. 2007. Key generation based on acceleration data of shaking processes. In Proceedings of Ubiquitous Computing (UbiComp). Lecture Notes in Computer Science Series, vol. 4717. Springer-Verlag, 304--317. DOI 10.1007/978-3-540-74853-3 18.

Digital Library

Google Scholar

[20]

Blough, D., Ahamad, M., Liu, L., and Chopra, P. 2008. MedVault: Ensuring security and privacy for electronic medical records. NSF CyberTrust Principal Investigators Meeting. Online at http://www.cs.yale.edu/cybertrust08/posters/posters/158 medvault_poster_CT08.pdf.

Google Scholar

[21]

Boric-Lubecke, O. and Lubecke, V. M. 2002.Wireless house calls: using communications technology for health care and monitoring. IEEE Microwave Magazine 3, 3, 43--48. DOI 10.1109/MMW.2002.1028361.

Crossref

Google Scholar

[22]

Brahmbhatt, B. 2010. Position and perspective of privacy laws in India. In AAAI Spring Symposium Series: Intelligent Information Privacy Management. AAAI. Online at http://www.aaai.org/ocs/index.php/SSS/SSS10/paper/view/1197/1474.

Google Scholar

[23]

Bratus, S., Cornelius, C., Kotz, D., and Peebles, D. 2008. Active behavioral fingerprinting of wireless devices. In Proceedings of the ACM Conference on Wireless Network Security (WiSec). ACM, 56--61. DOI 10.1145/1352533.1352543.

Digital Library

Google Scholar

[24]

Breaux, T. D. and Antón, A. I. 2008. Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 1, 5--20. DOI 10.1109/TSE.2007.70746.

Digital Library

Google Scholar

[25]

Brik, V., Banerjee, S., Gruteser, M., and Oh, S. 2008. Wireless device identification with radiometric signatures. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 116--127. DOI 10.1145/1409944.1409959.

Digital Library

Google Scholar

[26]

Buckovich, S. A., Rippen, H. E., and Rozen, M. J. 1999. Driving toward guiding principles: A goal for privacy, confidentiality, and security of health information. J. AMIA 6, 2, 122--133. DOI 10.1136/jamia.1999.0060122.

Crossref

Google Scholar

[27]

CCHIT 2008. Consumer's guide to certification of personal health records. Booklet. Online at http://cchit. org/files/CCHITPHRConsumerGuide08.pdf.

Google Scholar

[28]

CDT 2008. Comprehensive privacy and security: Critical for health information technology. White paper. Online at http://www.cdt.org/healthprivacy/20080514HPframe.pdf.

Google Scholar

[29]

CDT 2009. Summary of health privacy provisions in the 2009 economic stimulus legislation. White paper. Online at http://www.cdt.org/healthprivacy/20090324_ARRAPrivacy.pdf.

Google Scholar

[30]

CHCF 2008. Whose data is it anyway&quest; Expanding consumer control over personal health information. California Healthcare Foundation. Online at http://ehealth.chcf.org/topics/view. cfm&quest;itemID=133577.

Google Scholar

[31]

Cherukuri, S., Venkatasubramanian, K. K., and Gupta, S. K. S. 2003. BioSec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In Proceedings of the International Conference on Parallel Processing Workshops. IEEE Computer Society, 432--439. DOI 10.1109/ICPPW.2003.1240399.

Crossref

Google Scholar

[32]

Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M. 2006. Challenges associated with privacy in healthcare industry: Implementation of HIPAA and security rules. J. Med. Syst. 30, 1, 57--64. DOI 10.1007/s10916-006-7405-0.

Digital Library

Google Scholar

[33]

Cohn, S. P. 2006. Privacy and confidentiality in the nationwide health information network. Online at http://www.ncvhs.hhs.gov/060622lt.htm.

Google Scholar

[34]

Collins, T. 2006. NHS trust uncovers password sharing risk to patient data. Computer Weekly. Online at http://www.computerweekly.com/Articles/2006/07/11/216882/nhs-trust-uncovers-password-sharing-risk-to-patient.htm.

Google Scholar

[35]

Cornelius, C., and Kotz, D. 2010. On usable authentication for wireless body area networks. In Proceedings of the USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth. edu/_dfk/papers/abstracts/cornelius-healthsec10.html.

Google Scholar

[36]

Cornelius, C. and Kotz, D. 2011. Recognizing whether sensors are on the same body. In Proceedings of the International Conference on Pervasive Computing. Lecture Notes in Computer Science. Springer, 332--349. DOI 10.1007/978-3-642-21726-5 21.

Digital Library

Google Scholar

[37]

Covington, M., Moyer, M., and Ahamad, M. 2000. Generalized role-based access control for securing future applications. In Proceedings of the National Information Systems Security Conference. NIST. Online at http://csrc.nist.gov/nissc/2000/proceedings/papers/040.pdf.

Google Scholar

[38]

Cranor, L. F. 2003. ‘I didn't buy it for myself’: Privacy and ecommerce personalization. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES). ACM, 111--117. DOI 10.1145/1005140.1005158.

Digital Library

Google Scholar

[39]

Cranor, L. F. 2005. Privacy policies and privacy preferences. In Security and Usability: Designing Secure Systems that People Can Use. L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 22, 447--469. Online at http://oreilly.com/catalog/9780596008277/.

Google Scholar

[40]

Cranor, L. F. 2008. A framework for reasoning about the human in the loop. In Proceedings of the Conference on Usability, Psychology, and Security (UPSEC). USENIX Association, 1--15. Online at http://static.usenix.org/event/upsec08/tech/full_pasess/cranor/cranor.pdf.

Digital Library

Google Scholar

[41]

Dai Zovi, D. A. and Macaulay, S. A. 2005. Attacking automatic wireless network selection. In Proceedings of the IEEE SMC Information Assurance Workshop. IEEE Press, 365--372. DOI 10.1109/IAW.2005.1495975.

Crossref

Google Scholar

[42]

De Mulder, Y., Danezis, G., Batina, L., and Preneel, B. 2008. Identification via location-profiling in GSM networks. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES). ACM, 23--32. DOI 10.1145/1456403.1456409.

Digital Library

Google Scholar

[43]

DH 2008, Intel Research. Digital Home project. Online at http://www.intel.com/research/exploratory/digitalhome.htm, visited Mar. 2008.

Google Scholar

[44]

DIT 2011, Government of India, Department of Information Technology (DIT). Information Technology Act 2000 {India}. Online at http://www.mit.gov.in/content/information-technology-act-2000, visited Feb. 2011.

Google Scholar

[45]

Dixon, P. 2006. Medical identity theft: The information crime that can kill you. Online at http://www.worldprivacyforum.org/pdf/wpfmedicalidtheft2006.pdf.

Google Scholar

[46]

Domingo-Ferrer, J., Martínez-Ballesté, A., Mateo-Sanz, J. M. and Sebé, F. 2006. Efficient multivariate data-oriented microaggregation. VLDB J. 15, 4, 355--369. DOI 10.1007/s00778-006-0007-0.

Digital Library

Google Scholar

[47]

DS 2009, Daily Strength. Dailystrength.org. Online at http://www.dailystrength.org/, visited Oct. 2009.

Google Scholar

[48]

Eisenman, S. B., Miluzzo, E., Lane, N. D., Peterson, R. A., Ahn, G.-S., and Campbell, A. T. 2009. BikeNet: A mobile sensing system for cyclist experience mapping. ACM Trans. Sensor Netw. (TOSN) 6, 1, 1--39. DOI http://doi.acm.org/10.1145/1653760.1653766.

Digital Library

Google Scholar

[49]

Enck, W., Ongtang, M., and Mcdaniel, P. 2009. On lightweight mobile phone application certification. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 235--245. DOI 10.1145/1653662.1653691.

Digital Library

Google Scholar

[50]

EU 2009, Office of the Data Protection Commissioner. EU Directive 95/46/EC: The data protection directive. Online at http://www.dataprotection.ie/viewdoc.asp&quest;DocID=92, visited Mar. 2009.

Google Scholar

[51]

Ferraiolo, D. and Kuhn, R. 1992. Role based access control. In Proceedings of the National Computer Security Conference. NIST. Online at http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf.

Google Scholar

[52]

Frank, M., Streich, A. P., Basin, D., and Buhmann, J. M. 2009. A probabilistic approach to hybrid role mining. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 101--111. DOI 10.1145/1653662.1653675.

Digital Library

Google Scholar

[53]

Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J. V., and Sicker, D. 2006. Passive data link layer 802.11 wireless device driver fingerprinting. In Proceedings of the USENIX Security Symposium. USENIX Association, 167--178. Online at http://www.usenix.org/events/sec06/tech/franklin.html.

Digital Library

Google Scholar

[54]

Friedman, B., Lin, P., and Miller, J. K. 2005. Informed consent by design. In Security and Usability: Designing Secure Systems that People Can Use. L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 24, 495--521. Online at http://oreilly.com/catalog/9780596008277/.

Google Scholar

[55]

Garcia-Morchon, O. and Baldus, H. 2008. Efficient distributed security for wireless medical sensor networks. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing. IEEE, 249--254. DOI 10.1109/ISSNIP.2008.4761995.

Crossref

Google Scholar

[56]

Garcia-Morchon, O., Falck, T., Heer, T., and Wehrle, K. 2009. Security for pervasive medical sensor networks. In Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous). IEEE Press. DOI 10.4108/ICST.MOBIQUITOUS2009.6832.

Crossref

Google Scholar

[57]

GD. 2011. Giesecke and Devrient GmbH. Online at http://www.gi-de.com/, visited Mar. 2011.

Google Scholar

[58]

Gedik, B. and Liu, L. 2008. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Trans. Mobile Comput. 7, 1, 1--18. DOI 10.1109/TMC.2007.1062.

Digital Library

Google Scholar

[59]

GH 2008, Google. Google Health. Online at https://www.google.com/health, visited Nov. 2008.

Google Scholar

[60]

Georgia Institute of Technology. 2008. Aware Home project. http://www.cc.gatech.edu/fce/ahri/. (last accessed 3/08).

Google Scholar

[61]

Giannetsos, T., Dimitriou, T., and Prasad, N. R. 2011. People-centric sensing in assistive healthcare: Privacy challenges and directions. Secur. Commun. Netw. DOI 10.1002/sec.313.

Digital Library

Google Scholar

[62]

Gilbert, P., Cox, L. P., Jung, J., and Wetherall, D. 2010. Toward trustworthy mobile sensing. In Proceedings of the Workshop on Mobile Computing Systems & Applications (HotMobile). ACM, 31--36. DOI 10.1145/1734583.1734592.

Digital Library

Google Scholar

[63]

Goldman, J. 1998. Protecting privacy to improve health care. Health Affairs 17, 6, 47--60. DOI 10.1377/hlthaff.17.6.47.

Crossref

Google Scholar

[64]

Golle, P. and Partridge, K. 2009. On the anonymity of home/work location pairs. In Proceedings of Pervasive Computing. Lecture Notes in Computer Science Series, vol. 5538. Springer-Verlag, 390--397. DOI 10.1007/978-3-642-01516-8_26.

Digital Library

Google Scholar

[65]

Goyal, V. 2007. Certificate revocation using fine grained certificate space partitioning. In Proceedings of the International Conference on Financial Cryptography and Data Security (FCDS). S. Dietrich and R. Dhamija, Eds. Lecture Notes in Computer Science Series, vol. 4888. Springer-Verlag, 247--259. DOI 10.1007/978-3-540-77366-5_24.

Digital Library

Google Scholar

[66]

Goyal, V., Pandey, O., Sahai, A., and Waters, B. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 89--98. DOI 10.1145/1180405.1180418.

Digital Library

Google Scholar

[67]

Greenstein, B., McCoy, D., Pang, J., Kohno, T., Seshan, S., and Wetherall, D. 2008. Improving wireless privacy with an identifier-free link layer protocol. In Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys). ACM Press, 40--53. DOI 10.1145/1378600.1378607.

Digital Library

Google Scholar

[68]

Gruteser, M. and Grunwald, D. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys). ACM, 31--42. DOI 10.1145/1066116.1189037.

Digital Library

Google Scholar

[69]

Gutmann, P. 2002. PKI: It's not dead, just resting. IEEE Computer 35, 8, 41--49. DOI 10.1109/MC.2002.1023787.

Digital Library

Google Scholar

[70]

Halamka, J. 2008. Respecting patient privacy preferences. Blog-- Life as a Healthcare CIO. Online at http://geekdoctor.blogspot.com/2008/01/respecting-patient-privacy-preferences.html.

Google Scholar

[71]

Halamka, J., Leavitt, M., and Tooker, J. 2009. A shared roadmap and vision for health IT. Position statement. Online at http://tinyurl.com/c8ztuy.

Google Scholar

[72]

Halperin, D., Heydt-Benjamin, T. S., Ransford, B., Clark, S. S., Defend, B., Morgan, W., Fu, K., Kohno, T., and Maisel, W. H. 2008a. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE Press, 129--142. DOI 10.1109/SP.2008.31.

Digital Library

Google Scholar

[73]

Halperin, D., Thomas, Fu, K., Kohno, T., and Maisel, W. H. 2008b. Security and privacy for implantable medical devices. IEEE Pervas. Comput. 7, 1, 30--39. DOI 10.1109/MPRV.2008.16.

Digital Library

Google Scholar

[74]

HHS 2009, US Department of Human and Health Services. Draft model personal health record (PHR) privacy notice & facts-at-a-glance. Online at http://tinyurl.com/cxm4q3, visited Apr. 2009.

Google Scholar

[75]

HIPAA 2010, HHS. HIPAA website. Online at http://www.hhs.gov/ocr/privacy/, visited Mar. 2010.

Google Scholar

[76]

HITECH1 2009, Coppersmith Gordon Schermer and Brockelman. HITECH Act expands HIPAA privacy and security rules. Online at http://www.azhha.org/member_and_media_resources/documents/HITECHAct. pdf, visited Nov. 2009.

Google Scholar

[77]

HITECH2 2009, HIPAA Survival Guide. HITECH Act text. Online at http://www.hipaasurvivalguide.com/hitech-act-text.php, visited Nov. 2009.

Google Scholar

[78]

HITSP 2008. TP-30: HITSP manage consent directives transaction package. Online at http://www.hitsp.org/ConstructSet Details.aspx&quest;&PrefixAlpha=2&PrefixNumeric=30.

Google Scholar

[79]

HL 2009, Health Law News and Notes. FAQs on ARRA/Stimulus Bill changes for business associates. Online at http://healthlawoffices. com/blog/&quest;p=85, visited Mar. 2009.

Google Scholar

[80]

Hoh, B. and Gruteser, M. 2005. Protecting location privacy through path confusion. In Proceedings of the IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm). IEEE Press. DOI 10.1109/SECURECOMM.2005.33.

Digital Library

Google Scholar

[81]

Hoh, B., Gruteser, M., Xiong, H., and Alrabady, A. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 161--171. DOI 10.1145/1315245.1315266.

Digital Library

Google Scholar

[82]

HPP 1999. Best principles for health privacy. Georgetown University. Online at http://www.healthprivacy. org/usr doc/33807.pdf.

Google Scholar

[83]

HPP 2007. Best practices for employers offering personal health records (PHRs). Developed by the Employers' Working Group on Personal Health Records (PHRs). Online at http://www.cdt.org/healthprivacy/2007Best Practices.pdf.

Google Scholar

[84]

Hu, W., Corke, P., Shih, W. C., and Overs, L. 2009. secFleck: A public key technology platform for wireless sensor networks. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN). Springer-Verlag, 296--311. DOI 10.1007/978-3-642-00224-3 19.

Digital Library

Google Scholar

[85]

Iachello, G. and Hong, J. 2007. End-user privacy in human-computer interaction. Found. Trends Hum.-Comput. Interact. (FTHCI) 1, 1--137. DOI 10.1561/1100000004.

Digital Library

Google Scholar

[86]

IHE 2009, IHE International. IHE profiles. Online at http://www.ihe.net/profiles/index.cfm, visited Nov. 2009.

Google Scholar

[87]

India 2011. Information technology rules GSR 313(E)-316(E). Government of India. http://deity.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf.

Google Scholar

[88]

Irvine, J. M., Israel, S. A., Scruggs, T. W., and Worek, W. J. 2008. eigenPulse: Robust human identification from cardiovascular function. Patt. Recog. 41, 11, 3427--3435. DOI 10.1016/j.patcog. 2008.04.015.

Digital Library

Google Scholar

[89]

ISTPA 2007. Analysis of privacy principles: Making privacy operational. Online at http://www.istpa. org/pdfs/ISTPAAnalysisofPrivacyPrinciplesV2.pdf.

Google Scholar

[90]

Jain, A. K., Flynn, P., and Ross, A. A., Eds. 2007. Handbook of Biometrics. Springer-Verlag. Online at http://www.springer.com/computer/computer+imaging/book/978-0-387-71040-2.

Digital Library

Google Scholar

[91]

Jain, A. K., Ross, A., and Prabhakar, S. 2004. An introduction to biometric recognition. IEEE Trans. Circ. Syst. Video Tech. 14, 1, 4--20. DOI 10.1109/TCSVT.2003.818349.

Digital Library

Google Scholar

[92]

Jana, S., Premnath, S. N., Clark, M., Kasera, S. K., Patwari, N., and Krishnamurthy, S. V. 2009. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 321--332. DOI 10.1145/1614320.1614356.

Digital Library

Google Scholar

[93]

Jea, D., Liu, J., Schmid, T., and Srivastava, M. B. 2008. Hassle free fitness monitoring. In Proceedings of the Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (HealthNet). ACM. DOI 10.1145/1515747.1515756.

Digital Library

Google Scholar

[94]

Johnson, M. E. 2009. Data hemorrhages in the health-care sector. In Financial Cryptography and Data Security. Springer-Verlag. DOI 10.1007/978-3-642-03549-4_5.

Digital Library

Google Scholar

[95]

Jones, V., Mei, H., Broens, T., Widya, I., and Peuscher, J. 2007. Context aware body area networks for telemedicine. In Advances in Multimedia Information Processing (PCM). Springer-Verlag, 590--599. DOI 10.1007/978-3-540-77255-2_74.

Digital Library

Google Scholar

[96]

Kaplan, D. 2009. Group unveils first-of-its-kind standard to secure patient data. SC Magazine. Online at http://www.scmagazineus.com/Group-unveils-first-of-its-kind-standard-to-secure-patient-data/article/128168/.

Google Scholar

[97]

Karat, C., Brodie, C., and Karat, J. 2005. Usability design and evaluation for privacy and security solutions. In Security and Usability: Designing Secure Systems that People Can Use, L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 4, 47--74. Online at http://oreilly.com/catalog/9780596008277/.

Google Scholar

[98]

Kelley, P. G., Cesca, L., Bresee, J., and Cranor, L. F. 2010. Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the International Conference on Human Factors in Computing Systems (CHI). ACM, 1573--1582. DOI 10.1145/1753326.1753561.

Digital Library

Google Scholar

[99]

Kelley, P. G., Hankes Drielsma, P., Sadeh, N., and Cranor, L. F. 2008. User-controllable learning of security and privacy policies. In Proceedings of the ACM Workshop on Security and Artificial Intelligence (AIsec). ACM, 11--18. DOI 10.1145/1456377.1456380.

Digital Library

Google Scholar

[100]

Klasnja, P., Consolvo, S., Choudhury, T., and Beckwith, R. 2009. Exploring privacy concerns about personal sensing. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Springer-Verlag. DOI 10.1007/978-3-642-01516-8_13.

Digital Library

Google Scholar

[101]

Kleidermacher, D. 2008. Next generation secure mobile devices. Inf. Quart. 7, 4, 14--17. Online at http://www.iqmagazineonline.com/article.php&quest;issue=25&article_id=1041.

Google Scholar

[102]

Kotz, D. 2011. A threat taxonomy for mHealth privacy. In Proceedings of the Workshop on Networked Healthcare Technology (NetHealth). IEEE Press. DOI 10.1109/COMSNETS.2011.5716518.

Crossref

Google Scholar

[103]

Kotz, D., Avancha, S., and Baxi, A. 2009. A privacy framework for mobile health and home-care systems. In Proceedings of the Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS). ACM, 1--12. DOI 10.1145/1655084.1655086.

Digital Library

Google Scholar

[104]

Kuie, T. S. 2003. The impact of data privacy protection in medical practice in Singapore. SGH Proc. 12, 4, 201--207. Online at http://www.pgmi.com.sg/SGHproceeding/12-4/impact&percnt;20of&percnt;20data&percnt;20privacy.pdf.

Google Scholar

[105]

Kulkarni, P. and ÖZtürk, Y. 2007. Requirements and design spaces of mobile medical care. SIGMOBILE Mobile Comput. Commun. Rev. 11, 3, 12--30. DOI 10.1145/1317425.1317427.

Digital Library

Google Scholar

[106]

Kumar, A., Saxena, N., Tsudik, G., and Uzun, E. 2009. A comparative study of secure device pairing methods. Pervas. Mobile Comput. 5, 6, 734--749. DOI 10.1016/j.pmcj.2009.07.008.

Digital Library

Google Scholar

[107]

Kumaraguru, P. and Cranor, L. 2006. Privacy in India: Attitudes and awareness. In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), G. Danezis and D. Martin, Eds. Springer, 243--258. DOI 10.1007/11767831_16.

Digital Library

Google Scholar

[108]

Liu, A. and Ning, P. 2008. TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In Proceedings of the International Workshop on Information Processing in Sensor Networks (IPSN). IEEE Press. DOI 10.1109/IPSN.2008.47.

Digital Library

Google Scholar

[109]

Lowrance, W. W. 2009. Privacy and health research: New laws in Europe. The HHS Data Council, US Department of Health and Human Services. Online at http://aspe.hhs.gov/datacncl/PHR5.htm.

Google Scholar

[110]

Machanavajjhala, A., Gehrke, J., Kifer, D., and Venkitasubramaniam, M. 2006. l-diversity: Privacy beyond k-anonymity. In Proceedings of the International Conference on Data Engineering (ICDE). IEEE Press, 24--85. DOI 10.1109/ICDE.2006.1.

Digital Library

Google Scholar

[111]

Mack, D. C., Alwan, M., Turner, B., Suratt, P., and Felder, R. A. 2006. A passive and portable system for monitoring heart rate and detecting sleep apnea and arousals: Preliminary validation. In Proceedings of the Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare (D2H2). IEEE Computer Society, 51--54. DOI 10.1109/DDHH.2006.1624795.

Crossref

Google Scholar

[112]

Malan, D. J., Welsh, M., and Smith, M. D. 2008. Implementing public-key infrastructure for sensor networks. ACM Trans. Sensor Netw. (TOSN) 4, 4, 1--23. DOI 10.1145/1387663.1387668.

Digital Library

Google Scholar

[113]

Malasri, K. and Wang, L. 2007. Addressing security in medical sensor networks. In Proceedings of the Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (HealthNet). ACM Press, 7--12. DOI 10.1145/1248054.1248058.

Digital Library

Google Scholar

[114]

Malasri, K. and Wang, L. 2008. Design and implementation of a secure wireless mote-based medical sensor network. In Proceedings of Conference on Ubiquitous Computing (UbiComp). ACM, 172--181. DOI 10.1145/1409635.1409660.

Digital Library

Google Scholar

[115]

Malin, B. 2006. Re-identification of familial database records. In Proceedings of the AMIA Annual Symposium. AMIA, 524--528. Online at http://view.ncbi.nlm.nih.gov/ /17238396.

Google Scholar

[116]

Malin, B. and Airoldi, E. 2007. Confidentiality preserving audits of electronic medical record access. Stud. Health Tech. Informat. 129, Part 1, 320--324. Online at http://view.ncbi.nlm.nih. gov/ /17911731.

Google Scholar

[117]

Mare, S. and Kotz, D. 2010. Is Bluetooth the right technology for mHealth&quest; In USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth.edu/dfk/papers/abstracts/mare-healthsec10.html.

Google Scholar

[118]

Mare, S., Sorber, J., Shin, M., Cornelius, C., and Kotz, D. 2011. Adaptive security and privacy for mHealth sensing. In Proceedings of the USENIX Workshop on Health Security (HealthSec). Online at http://www.cs.dartmouth.edu/dfk/papers/mare-healthsec11.pdf.

Digital Library

Google Scholar

[119]

Martin, L. 2008. Identity-based encryption and beyond. IEEE Security and Privacy 6, 62--64. Online at DOI 10.1109/MSP,2008.120.

Digital Library

Google Scholar

[120]

Mary Hitchcock Memorial Hospital and Dartmouth-Hitchcock Clinics. 2009. The Dartmouth-Hitchcock Privacy Group policy statement on the privacy & confidentiality of patient information.

Google Scholar

[121]

Mathur, S., Trappe, W., Mandayam, N., Ye, C., and Reznik, A. 2008. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 128--139. DOI 10.1145/1409944.1409960.

Digital Library

Google Scholar

[122]

Mayrhofer, R. and Gellersen, H. 2007. Shake well before use: Authentication based on accelerometer data. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Lecture Notes in Computer Science Series, vol. 4480. Springer-Verlag, 144--161. DOI 10.1007/978-3-540-72037-9_9.

Digital Library

Google Scholar

[123]

McDaniel, P. and Rubin, A. 2000. A response to “Can we eliminate certificate revocation lists&quest;”. In Proceedings of the International Conference on Financial Cryptography (FC), Y. Frankel, Ed. Lecture Notes in Computer Science Series, vol. 1962. Springer-Verlag, 245--258. DOI 10.1007/3-540-45472-1_17.

Digital Library

Google Scholar

[124]

Merkle, R. 1982. Method of providing digital signatures. US Patent 4309569. Online at http://patft.uspto.gov/netacgi/nph-Parser&quest;patentnumber=4309569.

Google Scholar

[125]

Messmer, E. 2008. Health care organizations see cyberattacks as growing threat. Network World. Online at http://tinyurl.com/66b2py.

Google Scholar

[126]

MF 2008. Common Framework for networked personal health information: Overview and principles. Connecting for Health. Online at http://connectingforhealth.org/phti/docs/Overview.pdf.

Google Scholar

[127]

MFC 2009, Markle Foundation: Connecting for Health. Consumer consent to collections, uses, and disclosures of information. Online at http://connectingforhealth.org/phti/docs/CP3.pdf, visited Nov. 2009.

Google Scholar

[128]

mH 2009, Wikipedia. mHealth. Online at http://en.wikipedia.org/wiki/Mhealth, visited Apr. 2009.

Google Scholar

[129]

MHV 2008, Microsoft. The HealthVault web-based PHR. Online at http://www.healthvault.com, visited Nov. 2008.

Google Scholar

[130]

Micali, S. 2002. NOVOMODO: Scalable certificate validation and simplified PKI management. In Proceedings of the PKI Research Workshop. NIST. Online at http://www.cs.dartmouth.edu/_pki02/Micali/paper.pdf.

Google Scholar

[131]

MID. 2009, Wikipedia. Mobile internet device. Online at http://en.wikipedia.org/wiki/Mobile Internet Device, visited May 2009.

Google Scholar

[132]

Mišić, J. 2008. Enforcing patient privacy in healthcare WSNs using ECC implemented on 802.15.4 beacon enabled clusters. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE Computer Society Press, 686--691. DOI 10.1109/PERCOM.2008.28.

Digital Library

Google Scholar

[133]

Mokbel, M. F., Chow, C.-Y., and Aref, W. G. 2006. The new Casper: query processing for location services without compromising privacy. In Proceedings of the International Conference on Very Large Data Bases (VLDB). VLDB Endowment, 763--774. Online at http://www.vldb.org/conf/2006/p763-mokbel.pdf.

Digital Library

Google Scholar

[134]

Molina, A. D., Salajegheh, M., and Fu, K. 2009. HICCUPS: Health information collaborative collection using privacy and security. In Proceedings of the Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS). ACM Press, 21--30. DOI 10.1145/1655084.1655089.

Digital Library

Google Scholar

[135]

Mont, M. C., Bramhall, P., and Harrison, K. 2003. A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care. In Proceedings of the International Workshop on Database and Expert Systems Applications. IEEE Press, 432--437. DOI 10.1109/DEXA.2003.1232060.

Digital Library

Google Scholar

[136]

Moore, J. 2009. The feds and PHR privacy. Government Health IT. Online at http://www.govhealthit.com/Articles/2009/01/26/The-feds-and-PHR-privacy.aspx.

Google Scholar

[137]

Motta, G. H. and Furuie, S. S. 2003. A contextual role-based access control authorization model for electronic patient record. IEEE Trans. Inf. Tech. Biomed. 7, 3, 202--207. DOI 10.1109/TITB.2003.816562.

Digital Library

Google Scholar

[138]

MPWG. 2009, Trusted Computing Group. Mobile Phone Work Group. Online at http://www. trustedcomputinggroup.org/developers/mobile, visited May 2009.

Google Scholar

[139]

MTM. 2008, Trusted Computing Group. Mobile Phone Work Group Mobile Trusted Module Specification, Version 1.0. Online at http://www.trustedcomputinggroup.org/resources/mobile_phone_workgroup_mobile_trusted_module_specification_version_10, visited June 2008.

Google Scholar

[140]

Muralidhar, K. and Sarathy, R. 2005. An enhanced data perturbation approach for small data sets. Dec. Sci. 36, 3, 513--529. DOI 10.1111/j.1540-5414.2005.00082.

Crossref

Google Scholar

[141]

NAHIT 2008. Defining key health information technology terms. Report to the Office of the National Coordinator for Health Information Technology. Online at http://www.nahit.org/images/pdfs/HITTermsFinalReport_051508.pdf.

Google Scholar

[142]

NCVHS 2008. Individual control of sensitive health information accessible via NHIN. NCVHS letter to HHS Secretary. Online at http://www.ncvhs.hhs gov/080220lt.pdf.

Google Scholar

[143]

NHS 2009a, UK National Health Service. Connecting for Health. Online at http://www.connectingforhealth. nhs.uk/, visited Mar. 2009.

Google Scholar

[144]

NHS 2009b, UK National Health Service. Connecting for Health: Systems and services. Online at http://www.connectingforhealth.nhs.uk/systemsandservices, visited Mar. 2009.

Google Scholar

[145]

Ni, Q., Lin, D., Bertino, E., and Lobo, J. 2007a. Conditional privacy-aware role based access control. In Proceedings of the European Symposium On Research In Computer Security (ESORICS). Lecture Notes in Computer Science Series, vol. 4734. Springer-Verlag, 72--89. DOI 10.1007/978-3-540-74835-9_6.

Digital Library

Google Scholar

[146]

Ni, Q., Trombetta, A., Bertino, E., and Lobo, J. 2007b. Privacy-aware role based access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). ACM, 41--50. DOI 10.1145/1266840.1266848.

Digital Library

Google Scholar

[147]

Nissenbaum, H. 2004. Privacy as contextual integrity. Washington Law Review 79, 119--158. Online at http://www.nyu.edu/projects/nissenbaum/papers/washingtonlawreview.pdf.

Google Scholar

[148]

NZHIPC. 2008. Health information privacy code 1994. New Zealand. 2008 revised edition. Online at http://www.privacy.org.nz/assets/Files/Codes-of-Practice-materials/HIPC-1994-2008-revised-edition.pdf.

Google Scholar

[149]

NZPA. 1993. Privacy act 1993. New Zealand legislature, Public Act 1993 No. 28. Online at http://www. legislation.govt.nz/act/public/1993/0028/latest/096be8ed80604d98.pdf.

Google Scholar

[150]

OECD. 1980. OECD guidelines on the protection of privacy and transborder flows of personal data. Online at http://preview.tinyurl.com/2of8ox.

Google Scholar

[151]

ONC 2008. The nationwide privacy and security framework for electronic exchange of individually identifiable health information. Online at http://www.hhs.gov/healthit/privacy/framework.html.

Google Scholar

[152]

OW 2009, Organized Wisdom. Organizedwisdom.com. Online at http://organizedwisdom.com, visited Oct. 2009.

Google Scholar

[153]

Pang, J., Greenstein, B., Gummadi, R., Seshan, S., and Wetherall, D. 2007. 802.11 user fingerprinting. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 99--110. DOI 10.1145/1287853.1287866.

Digital Library

Google Scholar

[154]

Paradiso, R., Loriga, G., and Taccini, N. 2005. A wearable health care system based on knitted integrated sensors. IEEE Trans. Inf. Tech. Biomed. 9, 3, 337--344. DOI 10.1109/TITB.2005.854512.

Digital Library

Google Scholar

[155]

PL 2008, Intel Research. PlaceLab project. Online at http://www.placelab.org/, visited Mar. 2008.

Google Scholar

[156]

Pounder, C. 2007. Why the APEC privacy framework is unlikely to protect privacy. Out-Law.com. Online at http://www.out-law.com/default.aspx&quest;page=8550.

Google Scholar

[157]

Prasad, A. and Kotz, D. 2010. Can I access your data&quest; Privacy management in mHealth. In Proceedings of the USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth.edu/~dfk/papers/abstracts/prasad-healthsec10.html.

Google Scholar

[158]

Prasad, A., Sorber, J., Stablein, T., Anthony, D., and Kotz, D. 2011. Exposing privacy concerns in mHealth. In Proceedings of theUSENIX Workshop on Health Security (HealthSec). Online at http://www.cs.dartmouth.edu/~dfk/papers/prasad-healthsec11.pdf.

Digital Library

Google Scholar

[159]

Ravichandran, R., Benisch, M., Kelley, P. G., and Sadeh, N. M. 2009. Capturing social networking privacy preferences. In Proceedings of the International Symposium on Privacy Enhancing Technologies (PETS). Lecture Notes in Computer Science Series, vol. 5672. Springer-Verlag, 1--18. DOI 10.1007/978-3-642-03168-7_1.

Digital Library

Google Scholar

[160]

Riedl, B., Neubauer, T., Goluch, G., Boehm, O., Reinauer, G., and Krumboeck, A. 2007. A secure architecture for the pseudonymization of medical data. In Proceedings of the International Conference on Availability, Reliability and Security (ARES). IEEE press, 318--324. DOI 10.1109/ARES.2007.22.

Digital Library

Google Scholar

[161]

Rivest, R. L. 1998. Can we eliminate certificate revocations lists&quest; In Proceedings of the International Conference on Financial Cryptography (FC), R. Hirschfeld, Ed. Lecture Notes in Computer Science Series, vol. 1465. Springer-Verlag, 178--183. DOI 10.1007/BFb0055482.

Digital Library

Google Scholar

[162]

Rouse, W. B. 2008. Health care as a complex adaptive system: Implications for design and management. The Bridge 38, 1. Online at http://www.nae.edu/nae/bridgecom.nsf/weblinks/MKEZ-7CLKRV&quest; OpenDocument.

Google Scholar

[163]

Safe. 2010. U.S. Department of Commerce.Welcome to the U.S.-EU & Swiss safe harbor frameworks. Online at http://www.export.gov/safeharbor, visited Oct. 2010.

Google Scholar

[164]

Sahai, A. and Waters, B. 2005. Fuzzy identity-based encryption. In Proceedings of Advances in Cryptology (EUROCRYPT). Lecture Notes in Computer Science Series, vol. 3494. Springer-Verlag, 457--473. DOI 10.1007/11426639 27.

Digital Library

Google Scholar

[165]

Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308. DOI 10.1109/PROC,1975,9939.

Crossref

Google Scholar

[166]

Samarati, P. 2001. Protecting respondents' identities in microdata release. IEEE Trans. Knowl. Data Eng. 13, 6, 1010--1027. DOI 10.1109/69.971193.

Digital Library

Google Scholar

[167]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. DOI 10.1109/2.485845.

Digital Library

Google Scholar

[168]

Sankar, P. and Jones, N. L. 2005. To tell or not to tell: primary care patients' disclosure deliberations. Arch. Intern. Med. 165, 20, 2378--2383. DOI 10.1001/archinte.165.20.2378.

Crossref

Google Scholar

[169]

Scholl, M., Stine, K., Hash, J., Bowen, P., Johnson, A., Smith, C. D., and Steinberg, D. I. 2008. An introductory resource guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) security rule. Tech. Rep. 800-66-Rev1, National Institute of Standards and Technology. Oct. Online at http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf.

Digital Library

Google Scholar

[170]

Schwingenschlögl, C., Eichler, S., and Müller-rathgeber, B. 2006. Performance of PKI-based security mechanisms in mobile ad hoc networks. Int. J. Electron. Commun. 60, 1, 20--24. DOI 10.1016/j.aeue.2005.10.004.

Crossref

Google Scholar

[171]

SH 2008, University of Rochester. Smart Home project at Center for Future Health. Online at http://www.futurehealth.rochester.edu/smart_home, visited Mar. 2008.

Google Scholar

[172]

Sinclair, S. and Smith, S. W. 2008. Preventative directions for insider threat mitigation via access control. In Insider Attack and Cyber Security: Beyond the Hacker. Advances in Information Security Series, vol. 39. Springer-Verlag, 173--202. DOI 10.1007/978-0-387-77322-3_10.

Crossref

Google Scholar

[173]

Singelée, D. and Preneel, B. 2006. Location privacy in wireless personal area networks. In Proceedings of the ACM Workshop on Wireless Security (WiSe). ACM, 11--18. DOI 10.1145/1161289.1161292.

Digital Library

Google Scholar

[174]

Solworth, J. A. 2008. Instant revocation. In Public Key Infrastructure. Lecture Notes in Computer ScienceSeries, vol. 5057. Springer-Verlag, 31--48. DOI 10.1007/978-3-540-69485-4_3.

Digital Library

Google Scholar

[175]

Srinivasan, V., Stankovic, J., and Whitehouse, K. 2008. Protecting your daily in-home activity information from a wireless snooping attack. In Proceedings of the Conference on Ubiquitous Computing (UbiComp). ACM, 202--211. DOI 10.1145/1409635.1409663.

Digital Library

Google Scholar

[176]

Srinivasan, V., Stankovic, J., and Whitehouse, K. 2010. Using height sensors for biometric identification in multi-resident homes. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Lecture Notes in Computer Science Series, vol. 6030. Springer, Berlin Heidelberg, 337--354. DOI 10.1007/978-3-642-12654-3_20.

Digital Library

Google Scholar

[177]

Sriram, J., Shin, M., Choudhury, T., and Kotz, D. 2009a. Activity-aware ECG-based patient authentication for remote health monitoring. In Proceedings of the International Conference on Multimodal Interfaces and Workshop on Machine Learning for Multi-modal Interaction (ICMI-MLMI). ACM, 297--304. DOI 10.1145/1647314.1647378.

Digital Library

Google Scholar

[178]

Sriram, J., Shin, M., Kotz, D., Rajan, A., Sastry, M., and Yarvis, M. 2009b. Challenges in data quality assurance in pervasive health monitoring systems. In Future of Trust in Computing, D. Gawrock, H. Reimer, A.-R. Sadeghi, and C. Vishik, Eds. Vieweg+Teubner Verlag, 129--142. DOI 10.1007/978-3-8348-9324-6 14.

Crossref

Google Scholar

[179]

Stanford, V. 2002. Pervasive health care applications face tough security challenges. IEEE Pervas. Comput. 1, 2, 8--12. DOI 10.1109/MPRV.2002.1012332.

Digital Library

Google Scholar

[180]

Steinbrook, R. 2009. Health care and the American Recovery and Reinvestment Act. New Eng. J. Med. 360, 11, 1057--1060. DOI 10.1056/NEJMp0900665.

Crossref

Google Scholar

[181]

Sun, Y., La porta, T. F., and Kermani, P. 2009. A flexible privacy-enhanced location-based services system framework and practice. IEEE Trans. Mobile Comput. 8, 3, 304--321. DOI 10.1109/TMC.2008.112.

Digital Library

Google Scholar

[182]

Sundaram, B. and Chapman, B. 2005. A grid authentication system with revocation guarantees. In Proceedings of the Symposium on High Performance Computing (HiPC). Lecture Notes in Computer Science Series, vol. 3769. Springer, 508--517. DOI 10.1007/11602569_52.

Digital Library

Google Scholar

[183]

Sweeney, L. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncert., Fuzz., Knowl.-Based Syst. 10, 5, 557--570. DOI 10.1142/S0218488502001648.

Digital Library

Google Scholar

[184]

Tan, C. C., Wang, H., Zhong, S., and Li, Q. 2009. IBE-lite: A lightweight identity-based cryptography for body sensor networks. IEEE Trans. Inf. Tech. Biomed. 13, 6, 926--932. DOI 10.1109/TITB.2009.2033055.

Digital Library

Google Scholar

[185]

TPM. 2009, Trusted Computing Group (TCG). Trusted Platform Module. Online at http://www. trustedcomputinggroup.org/developers/trusted_platform_module, visited May 2009.

Google Scholar

[186]

University of Washington. 2008. Assisted Cognition project. http://www.cs.washington.edu/Assistcog. (last accessed 3/08).

Google Scholar

[187]

Vadehra, S. 2011, Kan & Krishme, Attorneys at Law. India: Data protection and the IT Act India. Online at http://www.gala-marketlaw.com/joomla4/index.php&quest;option=com_content&&num;&num;38; view=article&&num;&num;38;id=261&&num;&num;38;Itemid=138, visited Jan. 2011.

Google Scholar

[188]

Varshavsky, A., Lamarca, A., and De Lara, E. 2007a. Enabling secure and spontaneous communication between mobile devices using common radio environment. In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile). ACM, 9--13. DOI 10.1109/HotMobile.2007.12.

Digital Library

Google Scholar

[189]

Varshavsky, A., Scannell, A., Lamarca, A., and De Lara, E. 2007b. Amigo: Proximity-based authentication of mobile devices. In Proceedings of Ubiquitous Computing (UbiComp). Lecture Notes in Computer Science Series, vol. 4717. Springer-Verlag, 253--270. DOI 10.1007/978-3-540-74853-3_15.

Digital Library

Google Scholar

[190]

Varshney, U. 2007. Pervasive healthcare and wireless health monitoring. Mobile Netw. Appl. 12, 2-3, 113--127. DOI 10.1007/s11036-007-0017-1.

Digital Library

Google Scholar

[191]

Vitaletti, A. and Palombizio, G. 2007. Rijndael for sensor networks: Is speed the main issue&quest; Electron. Notes Theoret. Comput. Sci. (ENTCS) 171, 1, 71--81. DOI 10.1016/j.entcs.2006.11.010.

Digital Library

Google Scholar

[192]

Wang, Q., Shin, W., Liu, X., Zeng, Z., Oh, C., Alshebli, B. K., Caccamo, M., Gunter, C. A., Gunter, E., Hou, J., Karahalios, K., and Sha, L. 2006. I-Living: An open system architecture for assisted living. In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC). Vol. 5. IEEE press, 4268--4275. DOI 10.1109/ICSMC.2006.384805.

Crossref

Google Scholar

[193]

Wang, W., Motani, M., and Srinivasan, V. 2008. Dependent link padding algorithms for low latency anonymity systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 323--332. DOI 10.1145/1455770.1455812.

Digital Library

Google Scholar

[194]

Watro, R., Kong, D., Cuti, S.-F., Gardiner, C., Lynn, C., and Kruus, P. 2004. TinyPK: securing sensor networks with public key technology. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN). ACM, 59--64. DOI 10.1145/1029102.1029113.

Digital Library

Google Scholar

[195]

Weerasinghe, D., Elmufti, K., Rajarajan, M., and Rakocevic, V. 2007. Securing electronic health records with novel mobile encryption schemes. Int. J. Electron. Healthcare 3, 4, 395--416. DOI 10.1504/IJEH.2007.015320.

Crossref

Google Scholar

[196]

Wong, F.-L. and Stajano, F. 2005. Location privacy in Bluetooth. In Proceedings of the European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS). Lecture Notes in Computer Science Series, vol. 3813. Springer-Verlag, 176--188. DOI 10.1007/11601494_15.

Digital Library

Google Scholar

[197]

Wright, C. V., Ballard, L., Coull, S. E., Monrose, F., and Masson, G. M. 2010. Uncovering spoken phrases in encrypted voice over IP conversations. ACM Trans. Inf. Syst. Sec. (TISSEC) 13, 4, 35:1--35:30. DOI 10.1145/1880022.1880029.

Digital Library

Google Scholar

[198]

Wright, C. V., Coull, S. E., and Monrose, F. 2009. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS). Internet Society. Online at http://www.isoc.org/isoc/conferences/ndss/09/pdf/14.pdf.

Google Scholar

[199]

Xiao, Y., Rayi, V. K., Sun, B., Du, X., Hu, F., and Galloway, M. 2007. A survey of key management schemes in wireless sensor networks. Computer Communications 30, 11-12, 2314--2341. Special issue on security on wireless ad hoc and sensor networks, DOI 10.1016/j.comcom.2007.04.009.

Digital Library

Google Scholar

Cited By

View all

Moyo MMushiri T(2025)Boosting P6 medicine and its ethical considerationsMoving Towards Everlasting Artificial Intelligent Battery-Powered Implants10.1016/B978-0-443-24830-6.00009-8(229-247)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-24830-6.00009-8
Sabur AShowail A(2024)Nudging Data Privacy of Mobile Health Applications in Saudi ArabiaInternational Journal of Information Security and Privacy10.4018/IJISP.34564718:1(1-19)Online publication date: 2-Jul-2024
https://dl.acm.org/doi/10.4018/IJISP.345647
Liu LChen Y(2024)A Triple-Layered Comparative Approach to Understanding New Privacy Policy Practices of Digital Platforms and Users in China After Implementation of the PIPLSocial Media + Society10.1177/2056305124130126510:4Online publication date: 28-Nov-2024
https://doi.org/10.1177/20563051241301265
Show More Cited By

Index Terms

Privacy in mobile technology for personal healthcare

Recommendations

A privacy framework for mobile health and home-care systems
SPIMACS '09: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems

In this paper, we consider the challenge of preserving patient privacy in the context of mobile healthcare and home-care systems, that is, the use of mobile computing and communications technologies in the delivery of healthcare or the provision of at-...
Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

With an increasing emphasis on pervasive healthcare services, providing a high degree of privacy to patients is becoming a major challenge due to: (a) an increased number of avenues, such as device, access points, switches and database; (b) more threats ...
Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease
Asian CHI '21: Proceedings of the Asian CHI Symposium 2021

Personal Health Record (PHR) is a technology that usually is targeted to people with chronic illness or in the elderly and designed to supplement medical care with health monitoring outside traditional care environments in hospitals such as in person-...

Reviews

Reviewer: John S Fitzgerald

When you are sick, everyone wants your data. Advances in mobile computing are helping to create systems that gather detailed data from patients in real-life settings, and convey it to clinicians for individualized care. This trove of data can also be used to inform research, to assist government with evidence-based decision making, or for insurers, or perhaps advertisers, for business purposes. The implications for privacy are considerable. The authors build a conceptual privacy framework for this model based on ten principles derived from a review of the many existing frameworks. Turning to privacy technology, the paper systematically reviews threats ranging from compromising identity, through access control and data integrity, to the loss of devices. It becomes challenging to select established security measures, such as encryption, to respond to these threats, especially in mobile computing, where power is limited. The paper identifies other open research questions. By far the most striking of these questions relates to the challenge of faithfully conveying the effects of access control decisions to lay people, and obtaining informed patient consent to the disclosure of data. Other major questions include privacy at the mobile node, enforcement of controls, data identity, anonymization, and accountability, and the trade-offs between these various issues. This thorough and informative paper provides a guide to privacy for researchers and practitioners in healthcare informatics. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ACM Computing Surveys Volume 45, Issue 1

November 2012

455 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/2379776

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2012

Accepted: 01 July 2011

Revised: 01 May 2011

Received: 01 December 2009

Published in CSUR Volume 45, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

151
Total Citations
View Citations
6,378
Total Downloads

Downloads (Last 12 months)144
Downloads (Last 6 weeks)10

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Moyo MMushiri T(2025)Boosting P6 medicine and its ethical considerationsMoving Towards Everlasting Artificial Intelligent Battery-Powered Implants10.1016/B978-0-443-24830-6.00009-8(229-247)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-24830-6.00009-8
Sabur AShowail A(2024)Nudging Data Privacy of Mobile Health Applications in Saudi ArabiaInternational Journal of Information Security and Privacy10.4018/IJISP.34564718:1(1-19)Online publication date: 2-Jul-2024
https://dl.acm.org/doi/10.4018/IJISP.345647
Liu LChen Y(2024)A Triple-Layered Comparative Approach to Understanding New Privacy Policy Practices of Digital Platforms and Users in China After Implementation of the PIPLSocial Media + Society10.1177/2056305124130126510:4Online publication date: 28-Nov-2024
https://doi.org/10.1177/20563051241301265
Dotch EMavrovounioti ADu WAnkrah EJohnson JMin AHayes G(2024)Accessibility through Awareness of Noise Sensitivity Management and Regulation PracticesProceedings of the 26th International ACM SIGACCESS Conference on Computers and Accessibility10.1145/3663548.3675630(1-12)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3663548.3675630
Dong YSun HWang RNoh H(2024)Robust personalized gait health monitoring through footstep-induced structural vibrationsSensors and Smart Structures Technologies for Civil, Mechanical, and Aerospace Systems 202410.1117/12.3010554(49)Online publication date: 9-May-2024
https://doi.org/10.1117/12.3010554
Cory TRieder WHuynh T(2024)A Qualitative Analysis Framework for mHealth Privacy Practices2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00010(24-31)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00010
Ouedraogo ISome BOyibo KBenedikter RDiallo G(2024)Evaluating a phone-based Interactive Voice Response system for reducing misinformation and improving malaria literacyInformation Technology for Development10.1080/02681102.2024.2414193(1-27)Online publication date: 5-Nov-2024
https://doi.org/10.1080/02681102.2024.2414193
Alabsi MGill ABandara M(2024)Integrated Interaction Journey and Privacy Risk Assessment: A Graph ModelProcedia Computer Science10.1016/j.procs.2024.06.335239(1594-1603)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.06.335
Alabsi MGill A(2024)A Systematic Review of Personal Information Sharing in Smart Cities: Risks, Impacts, and ControlsJournal of the Knowledge Economy10.1007/s13132-024-02126-1Online publication date: 24-Jun-2024
https://doi.org/10.1007/s13132-024-02126-1
Nan DSun SZhang SZhao XKim J(2024)Analyzing behavioral intentions toward Generative Artificial Intelligence: the case of ChatGPTUniversal Access in the Information Society10.1007/s10209-024-01116-zOnline publication date: 25-Apr-2024
https://doi.org/10.1007/s10209-024-01116-z
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A privacy framework for mobile health and home-care systems

Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A privacy framework for mobile health and home-care systems

Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations