Controversial TopicBalancing privacy and conveniencePrivacy will lose ground to convenience in 2015 as patients adopt digital tools and services that gather and analyze health information.Expectations of this assignment: You should identify at least six articles from the peer-reviewed literature on your topic. In your summary of each article, the position of the author(s) must be clear. For example, either the author is in favor of a particular position, or against it. There should be an equal balance of articles (e.g., 3 to 5 articles) on either side of the topic. You will be expected to provide a complete citation for each article.You will be expected to write a short paragraph in which you summarize the article. The main arguments and central assertions made by the author(s) of the articles must be clear. THE PAPERS WILL BE ATTACHED CHOOSE 6 OF THE 8 PAPERS 3 PAPERS MUST BE FOR THE TOPIC AND 3 MUST BE AGAINST THE TOPICPrivacy and Security Issues for Mobile Health Platforms
Melissa J. Harvey
National Network of Libraries of Medicine, Middle Atlantic Region, Health Sciences Library System, University
of Pittsburgh, Pittsburgh, PA 15261. E-mail: mjharvey@pitt.edu
Michael G. Harvey
Whiting School of Engineering, Johns Hopkins University, Baltimore, MD 21218. E-mail: mharve11@jhu.edu
Mobile health (mHealth) platforms offer a promising
solution to some of the more important problems facing
the current healthcare system. This paper examines
some of the key challenges facing mHealth with a focus
on privacy and security issues. In the first part of the
paper, the security engineering process is described,
which can assist healthcare organizations in developing
an architecture-level protection strategy that is compliant with privacy and security legislation and industry
initiatives. In the second part of the paper, use cases are
selected to illustrate the diverse security architecture
contexts in which the protection strategy will be
deployed, and to emphasize the importance of integrating security across these contexts. In the third part of
the paper, industry and government security best practices are discussed, which can assist healthcare organizations in implementing security architectures to meet
their specific privacy and security requirements.
Introduction
Cost inflation, uneven clinical quality, and extending
health information and services to underserved populations
are just a few of the problems facing the current U.S. healthcare system. The rising cost of caring for an aging population
burdened with multiple chronic conditions that require continuous monitoring has made a new care model imperative.
This is dramatically changing the way healthcare is being
administered, which is increasingly taking place outside of
hospitals and clinics. Quality healthcare is becoming more
and more dependent on leveraging large volumes of health
data. Health information is now derived from a number of
data sources, including electronic medical records (EMRs),
medical and biological data banks, observational sensorbased systems, and medical devices. The volume, variety, and
velocity of data are increasing at an exponential rate.
Researchers in health information technology (IT) argue that
Received April 30, 2013; revised June 30, 2013; accepted July 1, 2013
© 2014 ASIS&T • Published online 25 February 2014 in Wiley Online
Library (wileyonlinelibrary.com). DOI: 10.1002/asi.23066
more research in big data analytics is needed to leverage the
growing avalanche of data in order to improve the quality of
health information (Graham et al., 2010). Extending health
information and services to underserved populations is a
strategic objective of the National Library of Medicine and
the National Network of Libraries of Medicine. Access and
distance barriers for routine and chronic care need to be
removed to improve the outcomes for poor, rural, minority,
and disabled populations (Krohn, 2012).
Mobile health platforms offer a promising approach to
these problems. Mobile health (mHealth) is a subfield of
eHealth that concerns the use of information and communications technology (ICT) for extending health information
and services to all populations. Mobile health applications
include the use of mobile devices in collecting community
and clinical health data, delivering health information to
practitioners, researchers, and patients, monitoring patient
vital signs, and provisioning care through telemedicine.
Mobile health stakeholders include private technology companies, the telecommunications industry, health IT organizations, clinical providers, research universities, federal
agencies, standards development organizations, patient and
consumer advocacy groups, policy makers, and finance
(Gallagher, 2012). Although mHealth is not a panacea for the
healthcare crisis, industry experts argue that a mobile healthcare strategy will enable the healthcare enterprise to shift
from an intervention care model to a care coordination model
that is patient-centered and quality-driven. The new care
coordination model will actively involve the patient in the
decision-making process, and will enable a patient’s personal
care team to practice evidence-based medicine regardless of
location (Intel and MedTech Media, 2011).
The future of mHealth, however, faces formidable technical challenges and serious privacy and security issues.
Health information access, delivery, and communication
will depend on a variety of information technologies distributed across multiple organizations within the healthcare
enterprise. These technologies will have to be integrated
in a scalable, interoperable, standards-based system that
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY, 65(7):1305–1318, 2014
supports the new care coordination model in mHealth. Most
important for patients and consumers, the system will have
to protect personal health information. This paper examines
some of the more important privacy and security issues that
need to be addressed in the development of an architecturelevel protection strategy. Use cases are selected to illustrate
the diverse security architecture contexts in which the protection strategy will be deployed, and to emphasize the
importance of integrating security across these contexts.
Industry and government security best practices are discussed, which can assist healthcare organizations in implementing security architectures that meet their specific
privacy and security requirements.
Security Architecture for mHealth
The healthcare enterprise must comply with many privacy
and security laws, regulations, rules, and industry standards
intended to protect patient privacy. The Health Insurance
Portability and Accountability Act of 1996 (HIPAA) imposes
costly penalties on healthcare organizations for noncompliance with its privacy and security rules. Under the American
Recovery and Reinvestment Act of 2009 (ARRA), which
emphasizes the need to move toward the use of EMRs, the
Health Information Technology for Economic and Clinical
Health Act (HITECH) substantially increases the penalties
for noncompliance. Any organization covered by HIPAA and
the HITECH Act must meet new minimum privacy and
security requirements, while continuing to monitor and
comply with the growing number of laws that govern patient
information in every state in which the organization operates.
Well-defined security policies are needed for compliance
audits, and for providing documentation to victims, attorneys, legal departments, shareholders, and law enforcement
that the organization took steps to prevent data breaches.
For healthcare organizations that seek to qualify for Medicare and Medicaid funds, the Office of the National Coordinator for Health Information Technology has established a
10-step plan for meeting the meaningful use security requirement (ONC HIT, 2012). The National Institute of Standards
and Technology (NIST) provides additional guidance on
implementing the HIPAA security rule (Scholl et al., 2008).
The Office for Civil Rights provides more specific guidance
on risk assessment (OCR, 2012). Healthcare organizations
not covered by HIPAA privacy and security rules must meet
the health breach notification rule instead (FTC, 2010).
The Patient Protection and Affordable Care Act of 2010
(ACA) amended HIPAA with healthcare operating rules.
These rules establish guidelines for the electronic exchange
of health information that are not defined by any existing
standard. The mission of the National eHealth Collaborative
(NeHC) and the Committee on Operating Rules for Information Exchange (CORE) is to build consensus among
healthcare enterprise stakeholders on a set of operating
rules that facilitate administrative interoperability between
providers and health plans (Lippincott & Lohse, 2012).
The federally mandated operating rules address gaps in
1306
standards, help refine the IT infrastructure that supports
electronic data exchange, and recognize interdependencies
among transactions. They are intended to complement the
development of joint standards for integrating scalable,
interoperable, and secure health IT systems through privatepublic collaborations, and to support these collaborative
efforts in the development of the Nationwide Health Information Network (NwHIN).
The Security Engineering Process
As legislation increases, the security engineering process
will become essential to ensuring that health IT systems are
compliant with privacy and security rules. Security engineering involves risk assessment, security solutions engineering, and information assurance. After a thorough risk
assessment is performed to identify, prioritize, and manage
the security risks associated with new ICT, security solutions and countermeasures can be implemented to minimize
the risks. Information assurance provides the level of confidence in the security solutions and countermeasures needed
by an enterprise. The objective of the security engineering
process is to find and fix security vulnerabilities in the development phase of the software development lifecycle where
they are introduced. According to security experts, this is the
best way of addressing privacy and security issues. Like
software quality, security should be built-in rather than
added on as an extra layer (Belapurkar et al., 2009).
The typical security engineering process includes a
requirements phase, architecture and design phase, development and coding phase, and a testing phase. Security
requirements aim to reduce vulnerabilities by providing an
acceptable level of information assurance through identification and authentication, authorization and access control,
nonrepudiation, integrity, privacy, and auditing. The architecture and design phase of the security engineering process
includes risk assessment, building threat models to analyze
security threats, and conducting security architecture
reviews to identify vulnerabilities early in the design process
when they are less costly to fix. Regardless of how thorough
a risk assessment may be, however, there is always residual
risk. Threat models allow an organization to focus its protection strategy on the highest priority risks to achieve an
acceptable level of information assurance, and to optimize
its resources in implementing appropriate countermeasures.
Risk Assessment and Management
Privacy and security legislation requires the security
architecture for mobile health platforms to support several
privacy and security principles, including confidentiality,
integrity, and availability. Confidentiality ensures that transmitted and stored data cannot be read by unauthorized
parties; integrity ensures that there are no intentional or
accidental changes to transmitted and stored data; and availability ensures that users can access assets or resources
regardless of location or time. Legislation also requires risk
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
assessment as a first step toward implementing these privacy
and security principles. Risk assessment is a key step in
meeting the HIPAA meaningful use criteria for Medicare
and Medicaid incentives. In 2005, the HIPAA privacy and
security rules issued the healthcare industry’s first risk
assessment requirement. The HIPAA privacy and security
rules, however, did not provide adequate guidance on what a
risk assessment should include or how it should be conducted. Consequently, the healthcare enterprise has sought
additional guidance from security experts in industry.
Most security experts recommend a comprehensive
approach to risk assessment, which begins with a definition of
the scope of an organization’s assets that must be protected
under the meaningful use risk assessment directive. The
scope may include scope definition, a review of the provider’s
security policies and procedures, interviews with key provider officials, a technical review that includes scanning and
testing internal systems, identification of vulnerabilities and
assessment of their potential impact, and development of
remediation strategies (Moore, 2012). The scope definition
should include business associates as another source of security vulnerabilities. HIPAA defines business associates as
third parties that handle Protected Health Information (PHI)
in the course of doing business with a covered entity. HIPAA
requires healthcare providers to sign a business associate
agreement with each data-sharing partner. Potential vendors
should be vetted before signing an agreement by using an
independent security questionnaire during the selection/
request for proposal (RFP) process.
The Software Engineering Institute (SEI) at Carnegie
Mellon University provides clear guidance on health information risk assessment and management (Alberts, Behrens,
& Wilson, 2007). The SEI guidance may be viewed as
specific interpretations of the risk assessment process
described in the NIST Guide for Conducting Risk Assessments (Joint Task Force Transformation Initiative, 2012).
SEI defines risk as a situation in which a person could do
something undesirable, or as a natural occurrence that
could cause an undesirable outcome, both of which result in
an impact. Whereas risk assessment involves the identification of current risks relative to the mission, scope, and key
assets of an organization, risk management involves minimizing risk through the ongoing process of identifying new
risks and implementing countermeasures to address them.
Table 1 presents the three-step process recommended by
SEI for carrying out a comprehensive, enterprise-wide risk
assessment.
The risk assessment is used to develop a security solution, or protection strategy, which includes maintaining
existing security practices, implementing new security practices that are currently missing, and fixing identified vulnerabilities. A protection strategy is not intended to provide
immediate security solutions for every vulnerability, but to
provide a direction and benchmark for future security
improvement efforts. Table 2 presents the five-step process
recommended by SEI for developing a protection strategy
based on the risk assessment.
TABLE 1.
Risk assessment process.
Step 1.
Examine key areas of expertise within an organization to
identify important information assets, threats to the assets,
security requirements of the assets, the organization’s
current protection strategy, and organizational
vulnerabilities or weaknesses in security policies and
practices.
Examine key operational components of the IT infrastructure
to identify technology vulnerabilities that can lead to
unauthorized action.
Examine the results of the foregoing steps to identify risks to
the enterprise, prioritize them based on their impact to the
mission of the organization, and develop a new protection
strategy to address the risks with the highest priority.
Step 2.
Step 3.
TABLE 2.
Step 1.
Step 2.
Step 3.
Step 4.
Step 5.
Protection strategy development process.
Define the information security objectives that the protection
strategy must meet.
Identify candidate approaches for mitigating high priority
risks and themes by considering existing and missing
security policies and practices, threats, assets,
vulnerabilities, and available security technologies.
Evaluate these alternative approaches according to their ability
to address information security requirements and risks, their
applicability to the existing IT infrastructure of the
organization, and the costs and impact to the organization.
Select or recommend solutions and courses of action which
may range from new security technologies to the
commission of a study on policy development.
Implement the elements of the protection strategy, and
monitor the strategy for effectiveness through a security
management program.
The SEI guidance on developing a protection strategy is
based on a defense-in-depth approach, which is one of the
top 10 secure coding practices recommended by their Computer Emergency Readiness Team (CERT) (Seacord, 2011).
A defense-in-depth approach counters threats by overlapping security controls and countermeasures. The protection
strategy should be implemented using more than one security control, or more than one class of control. One security
control is not inherently better than another. Rather, they
work in different ways with different results, and should be
selected according to how they contribute to achieving the
protection strategy (Pfleeger & Pfleeger, 2012).
Risk management programs are increasing deploying
vulnerability management systems (VMSs), which aim to
proactively prevent the exploitation of vulnerabilities by
malicious users. Exposure to vulnerabilities is managed by
the timely deployment of patches. These systems can make
the health IT environment more secure, and can improve the
regulatory compliance of a healthcare organization. NIST
recommends that organizations create a patch and vulnerability group (PVG) to implement and oversee a patch and
vulnerability program (Mell, Bergeron, & Henning, 2005).
The US-CERT National Vulnerability Database (NVD) is a
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1307
U.S. government repository of standards-based vulnerability
management data that enables the automation of vulnerability management, security management, and regulatory compliance. The NVD includes databases of security checklists,
security-related software flaws, erroneous configurations,
product names, and impact metrics.
EMR Usage Patterns
Enterprise-wide resource usage patterns should also be
defined in the architecture and design phase of the security
engineering process (Belapurkar et al., 2009). It is well
understood that improvements in system performance
depend on a knowledge of system utilization and user
request patterns, which can be used to optimize web application deployment and achieve system-wide load balances.
This knowledge may also be used to improve boundarybased network security. Understanding EMR usage patterns
can assist healthcare organizations in customizing security
architectures to meet their specific privacy and security
requirements.
In a study by the Vanderbilt Medical Center, EMR usage
patterns were analyzed to improve access to their web-based
health information system and to improve its privacy and
security protection strategy (Li, Xue, & Malin, 2011).
Table 3 summarizes the results of the study. The study is
based on a trace analysis of user initiated sessions with the
web server to invoke system functions over a 1-year period.
Each entry in the trace includes a timestamp, IP address,
user ID, an action module that identifies the Common
Gateway Interface (CGI) script module invoked for the web
portal, and parameters whose values are associated with the
actions such as the patient record number. CGI scripts allow
web pages and servers to interact through a Common
Gateway Interface. The study considers three different types
of patterns. System-wide characteristics involve overall
system usage and session features shared by all users. User
behavior patterns focus on differences among users, their
behavioral consistency over time, and migration over sessions. Patient record access patterns focus on differences
among records and the relationship between users and
accessed records.
TABLE 3.
Results of the Vanderbilt Medical Center study.
• The workload of the EMR system, as measured by the number of
sessions, is consistent with a weekly pattern.
• EMR users can be differentiated by the number of sessions they
initiate with the web server, the actions or system functions they
invoke, and the number of records they access, which reflect the roles
and department affiliations of users within the healthcare organization.
• The behavior of EMR users in web sessions significantly fluctuates
over consecutive sessions, but exhibits greater consistency over a
reasonable time frame.
• Patient record access patterns show that a large proportion of EMR
records are rarely accessed, and that only a few users interact with the
records that are accessed.
1308
These results may be used to improve network security
by developing profiles for intrusion detection systems
(IDSs). Such profiles can be used in conjunction with monitoring system loads to detect denial-of-service (DoS) attacks
and other network-based threats. Analysis of aggregated sessions may be used to define stable user profiles for anomaly
detection and privilege misuse. The results may also be used
to support the new care coordination model in mHealth. In
this model, a personal care team is assembled in which roles
may frequently shift. A new consultant may join the care
team when a new problem arises; insurance changes may
require a new home care nurse; or a daughter may become
her father’s new caretaker. These roles are often informally
negotiated, which makes agents, tasks, and plans difficult to
manage and optimize. Knowledge of EMR usage patterns
may be used to define more flexible and finely grained
role-based access control (RBAC) policies and mechanisms
for individual users and groups of users. The sparse relationship between users and records found by the study reflects
the stable patient-caregiver structure over time in most
healthcare organizations. Although this finding may not be
valid in the new care model in light of frequently shifting
roles in the personal care team, the results may still be valid
over shorter time frames.
Security Testing and Training
NIST is leading the development of an infrastructure for
testing health IT systems for interoperability and compliance with privacy and security rules (NIST, 2011). The infrastructure will provide a scalable, multi-partner, automated,
remote capability for current and future security testing
needs. NIST will collaborate with health IT stakeholders,
including vendors, implementers, standards organizations,
and certification bodies, to provide a number of resources
and services for security testing. The health IT implementation testing and support website provides resources and tools
for testing implementations of standards-based health IT
systems (NIST, 2007). The successful implementation of the
security engineering process, however, depends on changing
the attitudes of the development culture and the organizational posture toward privacy and security through education
and training. Indeed, HIPAA requires covered healthcare
providers to train their workforce on privacy and security
policies and procedures at least once a year, as well as
whenever changes are made to them.
Security Architecture Contexts in mHealth
The security engineering process provides a systematic
approach to developing secure health IT systems that are
scalable, interoperable, and standards-based. The identification of security vulnerabilities in the early stages of the
software development lifecycle where they are introduced,
however, depends on a thorough understanding of the security architecture contexts in which the architecture-level protection strategy will be deployed. Figure 1 shows that the
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
FIG. 1.
Security architecture contexts in mHealth. [Color figure can be viewed in the online issue, which is available at wileyonlinelibrary.com.]
security architecture for mobile health platforms needs to
address several different, overlapping security architecture
contexts and requirements, including health information
exchanges (HIEs), grid-based health data repositories or
knowledge bases, web-based eHealth services, and wireless
health applications. As the traditional network security
boundary is stretched through the integration of HIEs,
health data repositories, web-based eHealth services and
mobile devices, the level of threat will rise and the complexity of the security architecture will increase. Each security
architecture context adds an additional layer of complexity
to the mHealth system. As the system evolves, it will
become more difficult to balance availability regardless of
location with privacy and security safeguards. Thus, an
architecture-level protection strategy is needed to prevent
issues such as information security, authorization, and
service-level security from destabilizing the whole system.
Security requirements should be coordinated at an architecture level to achieve a comprehensive protection strategy
that prevents security silos at the interfaces of these security
architecture contexts. Security silos are created by the
implementation of security controls and features for individual application architectures that are often unique within
a specific platform or system. Although this approach is
expedient to the application development process, organizations must deal with many diverse, custom, and inconsistent
security implementations. The problem is exacerbated by
the rising popularity of cloud computing. Applications and
data may exist on traditional platforms within an organization on one day, may be hosted within the organization’s
private cloud the next day, and may be migrated to a public
cloud service on yet another day. Such systems rapidly
become complex to operate, expensive to maintain, and easy
to break unless there is a comprehensive protection strategy
in place (Gardiner, 2011). Thus, security silos originate from
the traditional approach of securing individual components
of an IT infrastructure such as desktop computers, software
applications, networks, and database systems within a par-
ticular security architecture context. A more comprehensive
approach is to integrate security technologies across these
diverse security architecture contexts to ensure that the
interactions between their IT components are also secure
(Feiman, 2012).
Health Information Exchanges
A HIE defines the interchange of health information,
which may be represented in multiple formats and diverse
media, within large-scale distributed systems. In general,
a data exchange is responsible for collecting a range
of information that must be accurate and confidential.
Existing data exchanges are not yet tailored to the
healthcare enterprise. In many cases, health IT systems
have not been interoperable, which has created silos
of health information with little interconnection or the
ability to transfer electronic health information to other
organizations within the healthcare enterprise. This is
largely due to the lack of adoption of standards for data
sharing among physicians, hospitals, clinics, and other
healthcare providers.
Integrating the Healthcare Enterprise (IHE) is a healthcare industry initiative that advocates the integration and
interoperability of health IT systems. The NIST specification, IHE IT Infrastructure Technical Framework (ITI-TF),
includes established messaging standards such as Crossenterprise Document Sharing (XDS), Audit Trail and Node
Authentication (ATNA), and Patient Identifier Crossreferencing/Patient Demographics Query (PIX/PDQ) for
sharing health information (IHE International, 2011). The
companion document, Security Architecture Design Process
for Health Information Exchanges, published by NIST Interagency Reports, implements the IHE ITI-TF framework to
manage the sharing of documents between healthcare organizations (Scholl, Stine, Lin, & Steinberg, 2010). Figure 2
from the NIST Interagency Report (NISTIR) document
shows how the issues of complexity and interoperability
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1309
FIG. 2.
HIE security architecture contexts. [Color figure can be viewed in the online issue, which is available at wileyonlinelibrary.com.]
compound as ad hoc, regional, and multi-regional HIEs are
integrated in a nationwide HIE.
The NISTIR document provides guidance on designing a
security architecture for the exchange of health information,
which corresponds to the architecture and design phase of
the security engineering process. The guidance is based on
industry and government security best practices, and illustrates how they can be applied to the development of HIEs
that meet privacy and security requirements. The document
describes a five-layered security architecture design process
for integrating security across different business and technical layers. These layers focus on the development of
capstone policies for protecting health information in HIEs,
enabling services needed to implement the policies,
enabling processes needed to define the operational baseline
according to use cases and scenarios for enabling services,
and the notional architectures that define the technical constructs and relationships needed to implement enabling processes such as RBAC and directory services. Together, these
layers provide a scalable, standardized, and repeatable methodology to guide HIE development in the integration of
data protection mechanisms across each layer. The methodology guides the selection and design of information technologies and protection strategies that meet architecturelevel requirements. More specific guidance on each layer is
provided by additional NISTIR publications listed in the
document.
Health Data Repositories
Due to the digitization and explosion of healthcare data,
it is now impossible for healthcare professionals to master
the entire medical knowledge base. In particular, the skill set
of physicians is shifting from the acquisition of a knowledge
base to the ability to apply reference information systems at
the point of care. Health data repositories and big data analytics will be key technologies for care coordination in
mHealth. Personal care teams will utilize these technologies
1310
to manage and interpret the volumes of data that are generated by EMRs, HIEs, national epidemiological databases,
and genomics. Health data repositories are data grids that
will support the knowledge base requirements for mHealth.
Grid-based computing supports large-scale sharing of data
and computing resources. In contrast to computational grids,
which provide large-scale distributed computing capabilities, data grids provide the ability to query and aggregate
data from many different, independent sources. Data grids
are often accessible only through private clouds to meet
legal and regulatory requirements for privacy and security.
In 2004, the National Cancer Institute Center for Bioinformatics launched the cancer Biomedical Informatics Grid
(caBIG). The data grid aims to expedite knowledge discovery in the health sciences and to improve patient outcomes
by supporting data sharing among life science researchers,
physicians, and patients throughout the cancer community.
In 2008, members from the Fox Chase Cancer Center, the
Fred Hutchinson Cancer Research Institute, the University
of Texas Health Science Center, and the University of Pittsburgh School of Medicine performed a study of privacy and
security requirements for institutions participating in the
caBIG data grid (Manion, Robbins, Weems, & Crowley,
2009). The study is based on an analysis of policy statements
from six participant U.S. cancer centers. In accordance with
the risk assessment process recommended by SEI, the interview instrument mines knowledge from different areas of
expertise within each cancer center to develop a preliminary
set of privacy and security requirements, which are summarized below under Security Architecture Guidance for
mHealth. These requirements not only serve as a reference
model for developing the caBIG Data Sharing and Security
Framework (DSSF), but may also be used as a benchmark
for developing privacy and security policies for other large,
multi-institutional data-sharing federations.
Although the study concludes that secure, large-scale,
federated data sharing within a regulated environment is
possible, a key challenge is developing suitable models for
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
authentication and authorization within a federated context.
Authentication is typically a global property of federated
systems. Most participants in the study argue that authorization mimics data-sharing agreements that are best
addressed at a local level. Instead of centralizing authorization, the study recommends the establishment of a central
governing entity to set the data sharing and data use policies
for participants at the local level, where policies can be
implemented to meet the specific privacy and security
requirements of individual healthcare organizations. The
study also identifies several issues concerning institutional
review boards (IRBs) that need clarification through the
development of consensus within the cancer community.
These issues include the manner in which undefined prospective research involving data and tissue repositories
should be consented and managed, how data use and confidentiality agreements can be established between participant
organizations and investigators in a scalable fashion, and
how common consent forms can be developed that are
acceptable to all IRBs.
Web-Based eHealth Services
Cloud computing is well suited to eHealth services
because it is inherently service oriented, loose coupling, and
fault tolerant. In object-oriented design, loose coupling
reduces interdependencies between modules and increases
flexibility in adding or replacing modules by using abstract
interfaces that may be implemented by different concrete
classes. This flexibility allows cloud computing to support
the development of large-scale eHealth services for both
small and medium-sized healthcare organizations, while significantly reducing the need for health IT expertise and
financial resources.
Researchers at Edinburgh Napier University in the U.K.
have developed a cloud-based platform for eHealth services
to provide access to health information and support
evidence-based medicine (Fan et al., 2011). The Data
Capture and Auto Identification Reference (DACAR) is a
Platform as a Service (PaaS) built on a scalable and costeffective Infrastructure as a Service (IaaS). A serviceoriented architecture (SOA) is adopted to support the
integration of eHealth services for data capture, storage, and
user consumption in the top layer of the platform. The
middle layer of the platform contains a single point of
contact (SPoC) that meets the authorization requirement.
A SPoC authorization is issued in the form of a service
ticket, or security token, protected by the SPoC’s digital
signature.
The bottom layer of the platform contains the security
mechanisms for authentication, data integrity, and confidentiality requirements. The platform supports federated
identity providers running a range of user authentication
protocols. It also provides libraries and application programming interfaces (APIs) to implement secure services using
Simple Object Access Protocol (SOAP) messages. This
enables several security functions to be applied to the
application-specific portion of the communication payload,
including digital signatures, integrity checksums, hashing,
and encryption. The platform utilizes a private cloud for data
storage, and a hybrid cloud for hosting service instances.
The DACAR eHealth services platform shares the same
privacy and security issues inherent in all distributed webbased systems, which will be discussed under Security
Architecture Guidance for mHealth.
Wireless Health Applications
Many innovative mobile health applications exist. Three
use cases are selected to illustrate the diverse settings in
which they may be deployed and the privacy and security
issues they pose for their environments. The Carson Springs
mobile health platform illustrates the benefits of using
mobile devices at remote points of care, and leveraging big
data analytics to streamline the collection and delivery of
patient health information in emergency care situations
(Wouhaybi et al., 2010). Developed at the Oregon Health &
Science University in collaboration with Intel, the platform
provides a mobile patient context management framework
for telemedicine applications, which can support a variety of
patient-centric sensing applications. Contextual data may
include the actions, assessments, and flow of activity among
members of a surgical team, as well as the postsurgical
course of treatment and the patient’s postdischarge experience. Carson Springs combines contextual data, physiological vital signs, patient history, procedures performed,
medications administered, and physical assessments in a
single chronological record of care that can be referenced in
the field by paramedics and delivered to hospital physicians.
The platform is centered around an aggregator that is typically implemented on a mobile device such as a PDA, smartphone, or tablet that can be wiped clean to protect PHI. The
aggregator is paired with wireless on-body and environmental sensors that send personal health information over a
wireless personal area network. The aggregator enables
patient data to be processed, stored, and displayed locally,
and delivered to remote telemedicine clients over a wireless
wide area network.
The Artemis analytic system illustrates the benefits of
using mobile devices and leveraging big data analytics for
monitoring and early response in neonatal intensive care in
hospital and clinical settings (Blount et al., 2010). Developed through a collaboration involving the University of
Ontario Institute of Technology, the Neonatal Intensive Care
Unit of The Hospital for Sick Children (SickKids), the
Department of Pediatrics at the University of Toronto, and
IBM Watson Research Center, Artemis performs real-time
analysis of patient data streams to detect medically significant conditions that precede the onset of medical complications. This is accomplished by leveraging IBM InfoSphere
Streams to support automated or clinician-driven knowledge
discovery to detect new temporal relationships between
physiological data streams and latent medical conditions
(Zikopoulos & Eaton, 2011).
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1311
The key privacy and security feature of Artemis is how it
performs de-identification of PHI before it is processed,
stored, or transmitted in the system. De-identification occurs
in real time as streams of physiological data enter the system
from a variety of monitoring devices. During the enrollment
process, an Artemis identifier is generated for each infant
enrolled in the program, and a patient monitor identifier is
generated by each data element collected from the patient.
An association between the identifiers is stored in a database
mapping table. As data streams into the streaming component of the system, an operator picks up the patient identifier
from the data elements and inserts the associated Artemis
identifier in its place. User operations on the physiological
data streams stored in the database are controlled by the
authentication mechanism of the operating system, and by
the authorization mechanism of the database system. The
streaming system is isolated from other hospital information
systems to prevent unauthorized access. Since interactions
between the streaming component of the system and the
deployment server are done over the hospital network,
access to the deployment server is password-protected. In
addition, the deployment server authenticates with the
streaming component of the system for every remote operation it attempts to perform on the data streams. These countermeasures effectively isolate PHI from hospital networks
that could be susceptible to threats due to their connection
with web services and wireless networks.
The Extensible Mobile Platform for Healthcare (EMeH)
illustrates the benefits of using mobile devices for extending
eHealth information and services to patients, consumers,
and underserved populations (Bialy, Kobusinski, Malecki,
& Stefaniak, 2011). Developed by researchers at the Poznañ
University of Technology in Poland, EMeH enables client
applications installed on mobile devices to consume eHealth
services in a SOA-based web service environment. After
verifying the version of the client application installed on the
mobile device to prevent errors in client-server communications, the platform utilizes Secure Sockets Layer (SSL) certificates to establish secure communication between the
client application and web service environment. The certificates are installed on both sides of the client-server connection to provide data encryption and identity verification for
both the client application and web service environment, and
must be compatible for successful authentication. As appealing as these wireless health applications may be, however,
their technology benefits must be balanced with a consideration of the mobile risks they pose for healthcare organizations, as will be discussed.
Security Architecture Guidance for mHealth
A study by the Ponemon Institute found that almost 1.5
million Americans are victims of medical identity theft
(Miliard, 2011). The study also found that the pervasiveness
and cost of medical identity theft is not resonating with the
public. Although nearly 70\% of consumers reported that it
1312
was important to have control over their health information,
49\% of victims of medical identity theft reported that they
did not take any new steps to protect themselves after a
crime. This places the responsibility to protect patient health
information on healthcare providers. The following guidance on privacy and security best practices for the different
security architecture contexts in mHealth can assist healthcare organizations in fulfilling their responsibility.
Web Services Security
Many enterprises have adopted cloud computing as a
cost-effective and scalable alternative to investing in their
own IT infrastructure. In the healthcare enterprise, cloudbased web services are being used to extend health information and services to all populations. Security experts,
however, caution that the technology benefits of cloud computing may be overshadowing the risks that the solutions
pose for enterprises (Cisco Systems, 2009). Web services
enable different software applications running on different
platforms to interoperate in a standard manner and interact
over a computer network through a common interface. The
Web Services Description Language (WSDL) describes this
interface in a machine-processable format. Other software
systems interact with a web service through the interface
using SOAP messages, which are typically transmitted over
the network using HTTP with an XML serialization in conjunction with other web-related standards. Several organizations develop and maintain web services security standards,
including the World Wide Web Consortium (W3C), the
Organization for the Advancement of Structured Information Standards (OASIS), Liberty Alliance, and an industry
forum led by Microsoft and IBM.
The Web Services Architecture developed by the W3C
describes characteristics common to all web services. The
document also addresses security considerations for the
architecture (W3C, 2004). Table 4 summarizes the key security recommendations.
TABLE 4.
Web Services Architecture security recommendations.
• Use password-based authentication in conjunction with other
authentication mechanisms such as certificates and Public Key
Infrastructure (PKI) to verify the identities of the requester and
provider agents.
• Use authorization to control access to resources based on the access
rights of the requester and the principle of least privilege, which states
that only those rights necessary to perform the requested service or
functionality should be granted.
• Use data encryption and digital signatures to protect confidentiality and
message integrity respectively.
• Use nonrepudiation technologies to provide evidence of transactions
that may be used by a third party to resolve disagreement between two
parties.
• Use audit trails performed by agents for monitoring control access and
user behavior to detect security policy violations and to verify system
integrity.
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
The document points out that the relationship between
privacy and web services technology still needs clarification.
For example, since the public actions of a web service need to
be verified according to policy, the actions must be monitored
to ensure that the owner’s rights are respected. The document
also points out that traditional point-to-point, network-layer
security mechanisms such as IPsec may not provide sufficient
end-to-end security since web services are message-based.
Security experts add that firewalls and IDSs are inadequate
because web services use the HTTP protocol. Firewalls are
typically configured with few restrictions on HTTP, and
allow HTTP tunneling for RMI/EJB objects. HTTP tunneling
refers to a process of packaging packets that allows them to
traverse a network in a secure, confidential manner (Conklin
& White, 2012). Firewalls cannot filter all XML messages
without impacting system performance. Nor can they filter all
SOAP messages because Secure Sockets Layer/Transport
Layer Security (SSL/TLS) is designed for point-to-point
communication which does not protect against intermediaries. The presence of intermediaries may make SOAP messages vulnerable to Man-in-the-Middle (MITM) attacks that
could compromise data integrity. Thus, security experts argue
that it is more important to provide message-level security
rather than transport-level security (Belapurkar et al., 2009).
The Web Services Architecture has addressed these threats by
enhancing the specification for secure SOAP messaging
developed by Organization for the Advancement of Structured Information Standards (OASIS) (OASIS, 2006).
The NIST Guide to Secure Web Services provides additional guidance (Singhal, Winograd, & Scarfone, 2007).
NIST recommends that the WS-Security specification developed by IBM, Microsoft, and VeriSign should be an integral
part of any web services deployment. WS-Security,
however, does not secure the entire SOA. Table 5 lists nine
additional security functions and technologies recommended by NIST that organizations should adopt.
NIST also identifies the need to provide different levels
of security for different components or users of web services. This flexibility is currently lacking, however, because
there are no established standards for specifying the desired
Quality of Protection (QoP) for SOAP messages or web
services. Web researchers argue that a set of quantifiable and
measurable indexes are urgently needed for QoP in web
services to keep pace with their rapidly expanding deployment (Bo, Lin, & Ru, 2011).
Data Grid Security
The study of privacy and security requirements for the
caBIG data grid has resulted in a preliminary set of requirements for participant institutions. Table 6 summarizes the
recommendations of the study.
Several recommendations from the study are illustrated
in the privacy and security policy for the Genome-Wide
Association Studies (GWAS) program. Table 7 summarizes
the key areas of agreement. Created by the National Institutes of Health (NIH), the GWAS program scans markers
TABLE 5.
NIST web services security recommendations.
• Adopt service-to-service authentication within a single organization
according to the WS-Security specification. For large or multiple
organizations such as HIEs, however, a trust federation framework
should be adopted for authentication across trust boundaries.
• Adopt a federated identity management system in which a group of
providers agrees to recognize user identities from one another. The
system will allow providers to accept service requests in the event of a
Distributed DoS (DDoS) attack.
• Establish trust between services by adopting the WS-Federation and
WS-Trust identity federation system developed by IBM, Microsoft,
VeriSign, RSA, BEA, and other vendors. Whereas WS-Trust extends
WS-Security with methods for exchanging trust tokens between
services, WS-Federation extends WS-Trust with protocols that provide
security token services that allow requesters and providers to interact
across organizational boundaries.
• Establish web services policies by adopting the Web Services Policy
(WS-Policy) framework developed by IBM, Microsoft, BEA, and other
vendors. The framework is intended to overcome the limitations of
WSDL in giving providers more flexibility in specifying their security
requirements, such as how a message will be authenticated or which
parts of a message need to be signed.
• Adopt distributed authorization and access management, in which each
web service is treated as a Policy Enforcement Point (PEP) that
communicates with a Policy Decision Point (PDP) to obtain
authorization information.
• Establish confidentiality, integrity, and nonrepudiation of
service-to-service interchanges by adopting the WS-Security
specification, which is based on XML signature and encryption
standards.
• Establish accountability by adopting XML signatures and algorithms
for nonrepudiation defined by the Federal Information Processing
Standards (FIPS) (NIST, 2009). The NIST Guide to Computer Security
Log Management provides guidance on managing security logs within
an organization (Kent & Souppaya, 2006). However, there is currently
no standard for distributed security auditing within a web services
environment.
• Establish availability of web services by adopting Quality of Service
(QoS) technologies to ensure that mission critical applications and high
priority web service traffic are not interrupted by network failures or
DoS attacks.
• Establish discovery service security by adopting countermeasures to
prevent attackers from gaining access to restricted information, either
by corrupting the Universal Description Discovery and Integration
(UDDI) service registry, or by using a provider’s incorrect WSDL
document. Since WSDL documents do not support digital signatures,
requesters cannot verify the authenticity and integrity of information
from a published service.
across the complete sets of DNA, or genomes, of many
people to find genetic variations associated with a particular
disease. Researchers can use the identification of new
genetic associations to develop better strategies for the
detection, treatment, and prevention of diseases, particularly
for common, complex diseases such as asthma, cancer, diabetes, heart disease, and mental illnesses. The GWAS datasharing mechanisms are constructed around the database of
Genotypes and Phenotypes (dbGaP), maintained by the
National Center for Biotechnology Information (NCBI) at
the National Library of Medicine, which archives and distributes results of GWAS program studies. The privacy and
security policy stresses the importance of a strong central
governing structure, and places responsibility for adhering
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1313
TABLE 6.
Privacy and security recommendations for caBIG.
• Construct a separate legal entity for governance of large-scale,
federated, data-sharing initiatives.
• Develop consensus on foreign and commercial partnerships.
• Define risk models and risk management processes for data within the
federation.
• Develop a technical infrastructure to support the credentialing process
in the regulated environment.
• Explore the feasibility of developing a federated, honest broker system
for data sharing. An honest broker acts as a trusted, neutral third party,
and may maintain the key that links de-identified data with its original
identifiers.
• Develop federated identity provisioning processes to support
authentication and authorization.
• Develop or acquire acceptable HIPAA and research ethics training
modules for the entire federated community.
• Recognize the necessity for a central auditing authority.
• Utilize a two-protocol mode for data exchange for de-identified PHI, in
which owners of repositories and investigators have IRB protocols
from their institutions that specify the relationship between parties in
advance of the data exchange.
TABLE 7.
Key areas of agreement between the caBIG study and GWAS.
• Data submission to dbGaP requires pre-certification by institutional
officials which must be part of a data-sharing plan submitted with
grant applications.
• Data quality, privacy, and security are maintained to certain standards,
and there are guidelines for both the dbGaP data repository and the
research groups submitting data to the repository.
• Access to the database and use of data extracted from it require review
by a data access committee, and a formally submitted data use
certification agreement must be signed by institutional officials. Data
distribution is bound by additional constraints, including publication
embargo of developed results.
• Mechanisms are in place to audit and review appropriate data access
and data use.
to the terms of the data sharing and acceptable use agreements on the participant institutions.
The GWAS privacy and security policy complements the
SEI risk assessment guidance discussed earlier in providing
guidance on risk assessment and mitigation that is specific to
the type of data resource. Contrary to the privacy and security recommendations made by the study of the caBIG data
grid, however, the GWAS privacy and security policy does
not deploy a distributed or federated technology model for
protecting data in the dbGaP repository. Instead, NIH has
chosen to maintain the repository as a centralized resource.
Privacy and security lessons learned from the GWAS
program confirm that formal risk mitigation strategies and
institutional sign-off mechanisms for specific data resources
should be in place before sensitive data are collected and
shared. Although there is high scientific value in collecting
and sharing very large and highly distributed data sets, there
is also high risk in maintaining sensitive data in a collaboratively operated environment. As the authors of the caBIG
study conclude, more specific social mechanisms need to be
1314
developed to facilitate collaborative research while maintaining individual accountability.
Mobile Device Security
The rapid growth of mobile health applications has
forced many healthcare organizations to support the use of
employee-owned and organization-provided mobile devices.
This has created new challenges for privacy and security due
to the limited computing power and storage capabilities of
mobile devices. Most mobile devices support Internet connections that expose them to the same web-based threats that
have affected desktop and laptop computers. In addition,
mobile devices are typically exposed to higher levels of
threat than computing devices within the enterprise network
due to broad Internet and network connectivity through
various channels, including 3G/4G, Wi-Fi, Bluetooth, and
wired connections. A mobile device connected through
Wi-Fi or Bluetooth is at higher risk because the Wi-Fi source
or the other Bluetooth-enabled device may have been compromised. Security experts point out that mobile threats may
occur in many different places along these data transmission
paths (Kao, 2011).
Mobile device users also take more risks when downloading applications that could contain mobile malware,
which attempts to exploit vulnerabilities in the operating
system in order to steal confidential data that can be used to
launch other cybercrimes. According to one security expert,
four common attack vectors are used by attackers to infect
mobile devices (Orebaugh, 2012). Malware may create a
mobile application that appears legitimate but contains malicious code; it may execute from legitimate advertisements
that contain pop-up adds that redirect users to malicious
websites where additional malware can be downloaded; it
may trick users into installing counterfeit versions of legitimate security software; or it may install itself through an
installation request that appears legitimate. Most of these
attack vectors are successful because users give mobile
applications unrestricted permissions. Consequently, mobile
devices need to be protected with an even broader set of
security requirements and mitigation strategies than those
employed for traditional desktop and laptop computing
environments.
Table 8 summarizes recommendations for securing
employee-owned mobile devices used within an organization (McNickle, 2012; Orebaugh, 2012).
Although some of these recommendations may appear
obvious, cybercriminals, often exploit the very things we
take for granted.
Many healthcare organizations now treat employees as
shared owners of end user technologies such as smartphones, iPads, and tablets. Security policies often permit the
use of employee-owned mobile devices within the organization, but hold the individual responsible for adherence
to proper device usage and security. Table 9 summarizes
recommendations for enterprise mobile device security
(Orebaugh, 2012).
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
TABLE 8.
devices.
Recommendations for securing employee-owned mobile
• Encrypt all mobile devices, including often overlooked hardware such
as USB drives.
• Install USB locks as an additional countermeasure to prevent
unauthorized data transfers through USB ports and thumb drives.
• Use location tracking software to remotely wipe data on the device if it
is lost or stolen. The configuration of most leading encryption products
leaves the device unencrypted when a password is entered. Thus,
confidential data are unprotected if the device is lost or stolen while it
is in sleep mode. The location tracking software should be configured
to wipe data on the device after 10 failed passcode attempts.
• Use strong passcodes that are difficult to guess, and enable the
fingerprint lock option if available.
• Enable and configure the screen lock after a short period of inactivity
from 1 to 5 minutes.
• Disable Wi-Fi autoconnect, and access the Internet using the service
provider’s secure network or a secure Wi-Fi network instead. A public
Wi-Fi should never be used for confidential data that could be exposed
to attackers, regardless of whether the wireless network is secured or
unsecured.
• Do not click on suspicious or unknown links, regardless of the sender.
• Do not respond to text messages from unknown sources or known
sources that contain strange requests.
• Download applications only from trusted sources and distribution
channels such as trusted data-sharing exchanges or federations.
• Understand the permissions that an application is requesting before
granting them. If an application requests permission to access
something that seems unusual for its purpose such as personal location
or contacts, ensure that the application is legitimate and free of
malware before granting permissions.
• Do not jailbreak the device by removing limitations or security
parameters that guard against mobile threats.
• Ensure that the operating system installed on the device is current, and
promptly apply platform updates when they are released.
• Install and configure current security software. Several vendors have
developed applications to add third party security software to mobile
devices, including Trend Micro, ESET, McAfee, Symantec, and
Webroot.
TABLE 9.
Recommendations for enterprise mobile device security.
• Centralize mobile device management, including capabilities to remote
locate and lock lost or stolen devices, and to remote wipe, backup, and
restore data on the device.
• Enforce mobile device security policies, including the use of strong
passcodes and security applications to guard against mobile threats.
• Use SSL Virtual Private Network (VPN) clients for authentication and
protection of data in transit.
• Use software to monitor device activity for data leakage and
inappropriate use.
• Incorporate planned internal phishing exercises to measure security
awareness and educate users. Phishing is a technique used by attackers
to acquire sensitive data such as usernames, passcodes, and other
personal information by masquerading as a trusted entity, which can be
used to launch other cybercrimes.
Several government agencies have developed enterprise
strategies to guard against the abuse of mobile devices as
gateways to protected information in the cloud and other
data stores. The NIST Guidelines for Managing and
TABLE 10.
Common mobile threats and countermeasures.
• Mobile devices use networks outside the control of organizations for
Internet access. Countermeasures include using strong encryption
technologies to protect data confidentiality and integrity, and mutual
authentication mechanisms to verify the identities of both parties
before data are transmitted.
• Mobile devices make it easy to locate, download, and install third party
applications. Countermeasures include whitelisting prohibited
applications, utilizing a sandbox to isolate third party applications from
organizational applications and data, performing risk assessments for
third party applications before allowing their use, and restricting
built-in web browser access or using a separate browser within a
sandbox for organizational needs. A sandbox refers to an environment
in which the actions of a program or process are restricted by a
security policy, which is usually accomplished by adding security
checking mechanisms to the libraries or kernel (Bishop, 2003).
• Mobile devices may interact with other systems to perform data
synchronization and storage. Countermeasures include preventing
organization-provided devices from syncing with employee-owned
devices, or vice versa, by restricting the type of devices with which
they may interact, and blocking domain services from being contacted
or configuring the devices not to use these services to prevent remote
backups.
• Mobile devices may use untrusted content which other types of
computing devices generally do not encounter. Countermeasures
include discouraging users from accessing untrusted content, and
restricting peripheral use such as disabling the camera to prevent Quick
Response (QR) codes from being translated into URLs that could
redirect devices to malicious websites.
• Mobile devices with built-in GPS capabilities typically run location
services. Countermeasures include disabling location services or
prohibiting its use for specific applications such as social networking
and photo applications, and training users to turn off location services
when in sensitive areas.
Securing Mobile Devices in the Enterprise describe the
security issues inherent in the use of mobile devices, and
provide guidance on selecting, implementing, and using
centralized management technologies to secure mobile
devices throughout their life cycles (Souppaya & Scarfone,
2012). The guidance focuses on mobile computing devices
such as smartphones and tablets, and covers security for
both organization-provided and employee-owned mobile
devices. Although Trusted Platform Modules (TPMs) are
increasingly being built into laptop computers, mobile computing devices currently lack such protection. Since mobile
devices are frequently jailbroken by users to bypass built-in
security mechanisms for convenience, NIST advises organizations to treat all mobile devices as untrusted, unless they
have been properly secured before provisioning and are continuously monitored while being used with enterprise applications or data. Table 10 summarizes some of the more
common mobile threats and countermeasures from the NIST
guidance.
Centralized mobile device management technologies
may be used to achieve these countermeasures. In addition
to managing the security and configuration of mobile
devices, these technologies provide other features such as
secure access to enterprise computing resources. Table 11
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1315
TABLE 11. NIST recommendations for centralized mobile device
management.
• Develop a separate threat model for mobile devices and the assets that
are accessed through them. Mobile devices require their own threat
model because they are subject to a higher level of threat and require
more protection than desktop and laptop computers.
• Develop a security policy for mobile devices that is consistent with the
organization’s overall security policy to prevent security silos. The
security policy should address which types of devices are allowed to
access organizational assets, the degree of access that should be
granted for organization-provided versus employee-owned devices, and
how provisioning should be handled. The policy should also address
how the organization’s centralized mobile device management servers
are administered, and how policies on those servers should be updated.
• Consider the merits of security services for mobile devices, determine
which services are needed for the security architecture context, and
acquire or design security solutions that will collectively result in a
mobile device protection strategy that meets organizational privacy and
security requirements.
• Implement and test a prototype of the mobile device protection strategy
before putting the strategy into production.
• Secure organization-provided mobile devices before provisioning them
to employees.
• Maintain and update mobile device security on a regular basis.
summarizes NIST recommendations for securing mobile
computing devices using centralized mobile device management techniques.
Conclusion
The success of mHealth depends on meeting several
challenges. Administrative challenges involve promoting
private-public collaborations among mHealth stakeholders
to develop a unified vision for mHealth, and to facilitate the
development of a scalable, interoperable, standards-based
system. The system will include the development of datasharing federations to leverage industry and government
health data repositories for knowledge discovery. Privacy
and security policies for data sharing and data use need to
be developed and enforced by a central governing entity,
but implemented at the local level to promote trusted
collaborations between health data repository owners
and investigators. Stakeholders also need to ensure that the
system is effective by changing organizational attitudes
toward privacy and security through education and training
programs.
Architectural challenges involve developing an
architecture-level protection strategy for mitigating threats
and vulnerabilities that is compliant with legal and regulatory requirements. These requirements are best addressed in
the architecture and design phase of the security engineering
process where vulnerabilities are introduced and are less
expensive to fix. Robust security controls should be built
into the system to instill user confidence in the system. A
thorough understanding of the diverse security architecture
contexts in which the protection strategy will be deployed is
necessary to ensure that security is integrated across these
1316
contexts to prevent security silos. Cost-effective cloud solutions should be leveraged to extend eHealth information and
services to all populations, and to provide access to health
data repositories. Big data analytics should be incorporated
into the system to improve the quality of health information
derived from health data repositories, and to support
advanced mobile health applications that use streaming
analytics.
Implementation challenges involve customizing security
architectures to meet the specific privacy and security
requirements of individual healthcare organizations. The
industry and government guidance summarized in the last
part of the paper is necessarily presented at a high level of
abstraction to ensure that it encompasses generic principles
of privacy and security that can be adapted to a variety of
security architecture contexts. The Vanderbilt Medical
Center study illustrates the value of EMR usage patterns in
providing more specific guidance on implementing security
architectures that meet specific organizational privacy and
security requirements. One area of security architecture
where more research is needed is authorization. In addition
to improving system performance, EMR usage patterns may
assist healthcare organizations in developing more flexible
and finely grained RBAC policies and mechanisms that
reflect the changing roles of personal care team members in
the new care coordination model in mHealth.
Another implementation challenge concerns the tradeoff
between security and system performance for different types
of mobile health applications. Since most mobile devices do
not have encryption capabilities at the network or system
level due to limited power, encryption is typically implemented at a higher level. Today, enterprises are exploring
security solutions at the web services layer to achieve more
scalability and flexibility. The cost of moving security up
the layers, however, is performance degradation. This may
affect synchronization issues that adversely impact QoS in
health information delivery in emergency care situations
where data integrity and availability are essential. For applications that do not depend on real-time processing capabilities, security may be best implemented at the web services
layer to achieve scalability and flexibility. For real-time,
streaming applications that require high performance,
however, security should be implemented at a lower level
using a TPM chip, which protects encryption and signature
keys at their most vulnerable stages during operations when
the keys are being used unencrypted in plain text form.
Alternatively, a streaming analytics mechanism can be used
to de-identify PHI before it is processed, stored, or transmitted as in the use case of the Artemis analytic system.
Finally, all enterprises face the challenge of balancing the
productivity, cost benefits, or scientific value of new information technologies with the security risks they pose to the
enterprise. In the healthcare enterprise, this challenge is
most evident in the use of cloud computing and mobile
devices for extending eHealth information and services, and
for providing access to health data repositories. The seriousness of risks also needs to be balanced with the financial cost
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
of implementing countermeasures. Achieving this balance in
individual healthcare organizations involves finding the
appropriate mix of policies and countermeasures. A comprehensive risk assessment, which identifies and prioritizes
risks, provides the scale for determining the balance. The
development of an architecture-level protection strategy,
which aims to mitigate the risks with the highest potential
impact on the mission of the organization, is necessary to
find an acceptable equilibrium point on this scale that is
within the organization’s tolerance for risk.
Acknowledgments
We thank Professor Harold J. Podell, Center for Science,
Technology and Engineering, Government Accountability
Office, for research guidance and constructive comments
that improved the quality of this paper.
References
Alberts, C.J., Behrens, S.G., & Wilson, W.R. (2007). Managing information privacy and security in healthcare: Health information risk assessment and management. In HIMSS Privacy & Security Toolkit (pp. 1–14).
Chicago: Healthcare Information and Management Systems Society.
Belapurkar, A., Chakrabarti, A., Ponnapalli, H., Varadarajan, N.,
Padmanabhuni, S., & Sundarrajan, S. (2009). Security engineering. In
Distributed systems security: Issues, processes and solutions (pp. 21–41).
Chichester, UK: Wiley.
Bialy, T., Kobusinski, J., Malecki, M., & Stefaniak, K. (2011). EMeH:
Extensible mobile platform for healthcare. In 2011 Federated Conference
on Computer Science and Information Systems (FedCSIS), Szczecin,
Poland, September 18–21, 2011 (pp. 355–361). Piscataway, NJ: IEEE.
Bishop, M. (2003). Computer security: Art and science (pp. 444–445). New
York: Addison-Wesley.
Blount, M., Ebling, M.R., Eklund, J.M., James, A.G., McGregor, C.,
Percival, N., . . . (2010). Real-time analysis for intensive care: Development and deployment of the Artemis analytic system. IEEE Engineering
in Medicine and Biology Magazine, 29(2), 110–118.
Bo, Y., Lin, Y., & Ru, M.L. (2011). Quality of protection in web service:
An overview. In 2011 1st International Conference on Instrumentation,
Measurement, Computer, Communication and Control, Beijing, China,
October 21–23, 2011 (pp. 495–498). Los Alamitos, CA: IEEE Computer
Society.
Cisco Systems, Inc. (2009). Cisco 2009 midyear security report: An update
on global security threats and trends. Retrieved from http://www
.cisco.com/go/securityreport
Conklin, W.A., & White, G. (2012). Principles of computer security:
CompTIA security+™ and beyond. 3rd ed. New York: McGraw-Hill.
Fan, L., Buchanan, W., Thummler, C., Lo, O., Khedim, A., Uthmani, O.,
. . . (2011). DACAR platform for eHealth services cloud. In L. Liu & M.
Parashar (Eds.), 2011 IEEE 4th International Conference on Cloud Computing (CLOUD 2011), Washington, DC, July 4–9, 2011 (pp. 219–226).
Los Alamitos, CA: IEEE Computer Society.
Feiman, J. (2012). To-the-point: Moving from security silos to security
intelligence. In Gartner Security & Risk Management Summit, London,
UK, September 19–20, 2012. Stamford, CT: Gartner. Retrieved from
http://agendabuilder.gartner.com/SEC13I/webpages/
SessionDetail.aspx?EventSessionId=856
FTC. (2010). Complying with the FTC’s health breach notification rule.
Washington, DC: Bureau of Consumer Protection, Division of Consumer
and Business Education, Federal Trade Commission. Retrieved from
http://business.ftc.gov/documents/bus56-complying-ftcs-health-breach
-notification-rule
Gallagher, L.A. (2012). Mobile computing in healthcare: Privacy and security considerations and available resources. In NIST/OCR Conference,
Washington, DC, June 6–7, 2012. Chicago: Healthcare Information and
Management Systems Society.
Gardiner, M. (2011). Will the cloud cause the reemergence of security
silos? Retrieved from https://blog.cloudsecurityalliance.org/2011/01/19/
will-the-cloud-cause-the-reemergence-of-security-silos/
Graham, S., Estrin, D., Horvitz, E., Kohane, I., Mynatt, E., & Sim, I.
(2010). Information technology research challenges for healthcare: From
discovery to delivery. In Computing Community Consortium (pp. 1–8).
Washington, DC: Computing Research Association.
IHE International, Inc. (2011). Introduction. In IHE IT Infrastructure Technical Framework, v. 1: Integration profiles (ITI TF-1), rev. 8.0 (pp. 8–17).
Chicago: Integrating the Healthcare Enterprise.
Intel and MedTech Media. (2011). Enabling collaborative healthcare delivery: Care coordination strategies with 21st century technology. New
Gloucester, ME: MedTech Media Custom Group.
Joint Task Force Transformation Initiative. (2012). Guide for conducting
risk assessments (NIST Special Publication 800-30, rev. 1) (pp. 4–22).
Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology.
Retrieved from http://csrc.nist.gov/publications/drafts/800-30-rev1/
SP800-30-Rev1-ipd.pdf
Kao, I.-L. (2011). Securing mobile devices in the business environment:
Security threats to mobile devices. Somers, NY: IBM Global Services.
Retrieved from http://www.935.ibm.com/services/uk/en/attachments/
pdf/Securing_mobile_devices_in_the_business_environment.pdf
Kent, K., & Souppaya, M. (2006). Guide to computer security log management. Recommendations of the National Institute of Standards and
Technology (NIST Special Publication 800-92). Gaithersburg, MD:
Computer Security Division, Information Technology Laboratory,
National Institute of Standards and Technology. Retrieved from http://
csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
Krohn, R. (2012). Toward an mHealth ecosystem: Extending access,
remote connectivity and engagement. Journal of Healthcare Information
Management, 26(1), 10–11.
Li, X., Xue, Y., & Malin, B. (2011). Towards understanding the usage
pattern of web-based electronic medical record systems. In 2011 IEEE
International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), Lucca, Italy, June 20–23, 2011 (pp. 1–7).
Piscataway, NJ: IEEE.
Lippincott, R., & Lohse, G. (2012). Healthcare administrative transactions
simplified: The role of mandated operating rules. Presented at Committee
on Operating Rules for Information Exchange (CORE), Washington,
DC, June 25, 2012. Washington, DC: National eHealth Collaborative
(NeHC) and Committee on Operating Rules for Information Exchange
(CORE). Retrieved from http://www.nationalehealth.org/healthcareadministrative-transactions-simplified-role-mandated-operating-rules
Manion, F.J., Robbins, R.J., Weems, W.A., & Crowley, R.S. (2009). Security and privacy requirements for a multi-institutional cancer research
data grid: An interview-based study. BMC Medical Informatics and
Decision Making, 9(1), 1–31.
McNickle, M. (2012). 13 tips for fighting mobile health threats. Healthcare
IT News. Retrieved from http://www.admobili.com/jupgrade/index.php/
news/health-news/109-13-tips-for-fighting-mobile-health-threats
Mell, P., Bergeron, T., & Henning, D. (2005). Creating a patch and vulnerability management program. Recommendations of the National Institute
of Standards and Technology (NIST Special Publication 800-40, v. 2.0).
Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/
SP800-40v2.pdf
Miliard, M. (2011). Medical identity theft on the rise. Healthcare IT News.
Retrieved from http://www.healthcareitnews.com/news/medical-identity
-theft-rise
Moore, J. (2012). Security risk assessments gaining traction in health care.
iHealthBeat. Retrieved from http://www.ihealthbeat.org/features/2012/
security-risk-assessments-gaining-traction-in-health-care
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
1317
NIST. (2007). Helping HIT implementers connect. Gaithersburg, MD:
National Institute of Standards and Technology. Retrieved from http://
xreg2.nist.gov/hit-testing/
NIST. (2009). Digital signature standard (DSS) (FIPS PUB 186-3). Gaithersburg, MD: National Institute of Standards and Technology. Retrieved
from http://csrc.nist.gov/publications/drafts/fips186-3/fips_186-3.pdf
NIST. (2011). Health IT testing infrastructure. http://healthcare.nist.gov/
testing_infrastructure/
OASIS. (2006). Security considerations. In A. Nadalin, C. Kaler, R.
Monzillo, & P. Hallam-Baker (Eds.), Web services security: SOAP
message security 1.1 (WS-security 2004) (pp. 59–62). Burlington, MA:
Organization for the Advancement of Structured Information Standards.
Retrieved from http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-osSOAPMessageSecurity.pdf
OCR (Office for Civil Rights), U.S. Department of Health & Human Services. (2012). The HIPAA privacy rule and electronic health information
exchange in a networked environment. Washington, DC: U.S. Department of Health & Human Services. Retrieved from http://www.hhs.gov/
ocr/privacy/hipaa/understanding/special/healthit/
ONC HIT. (2012). Guide to privacy and security of health information, v.
1.2. Washington, DC: Office of the National Coordinator for Health
Information Technology. Retrieved from http://www.healthit.gov/sites/
default/files/pdf/privacy/privacy-and-security-guide.pdf
Orebaugh, A. (2012). Securing the mobile device. . .and its user. IAnewsletter, 15(1), 20–33.
Pfleeger, C.P., & Pfleeger, S.L. (2012). Security blanket or security theater?
In Analyzing computer security: A threat/vulnerability/countermeasure
approach (pp. 30–32). Upper Saddle River, NJ: Prentice-Hall.
Scholl, M., Stine, K., Hash, J., Bowen, P., Johnson, A., Smith, C.D., . . .
(2008). An introductory resource guide for implementing the health
insurance portability and accountability act (HIPAA) security rule (NIST
Special Publication 800-66, rev. 1). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute
of Standards and Technology. Retrieved from http://csrc.nist.gov/
publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
1318
Scholl, M., Stine, K., Lin, K., & Steinberg, D. (2010). Security architecture
design process for health information exchanges (HIEs) (NIST Interagency Report 7497). Gaithersburg, MD: National Institute of Standards
and Technology. Retrieved from http://csrc.nist.gov/publications/nistir/
ir7497/nistir-7497.pdf
Seacord, R. (2011). Top 10 secure coding practices. Pittsburgh, PA: Computer Emergency Readiness Team, Software Engineering Institute,
Carnegie Mellon University. Retrieved from https://www.securecoding
.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices
Singhal, A., Winograd, T., & Scarfone, K. (2007). Web service security
functions and related technologies. In Guide to secure web services:
Recommendations of the National Institute of Standards and Technology
(NIST Special Publication 800-95) (secs. 3.1-3.18). Gaithersburg, MD:
Computer Security Division, Information Technology Laboratory,
National Institute of Standards and Technology. Retrieved from http://
csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
Souppaya, M., & Scarfone, K. (2012). Guidelines for managing and securing mobile devices in the enterprise (NIST Special Publication 800-124,
rev. 1, draft). Gaithersburg, MD: National Institute of Standards and
Technology. Retrieved from http://csrc.nist.gov/publications/drafts/800124r1/draft_sp800-124-rev1.pdf
W3C. (2004). Security consideration of this architecture. In Web services
architecture, W3C working group note 11 (sec. 3.6.4). Boston, MA:
World Wide Web Consortium. Retrieved from http://www.w3.org/TR/
ws-arch/
Wouhaybi, R.H., Yarvis, M.D., Muse, P., Wan, C.-Y., Sharma, S., Prasad,
S., . . . (2010). A context-management framework for telemedicine: An
emergency medicine case study. In Wireless Health (WH 2010), San
Diego, CA, October 5–7, 2010 (pp. 164–173). New York: Association for
Computing Machinery.
Zikopoulos, P., & Eaton, C. (2011). Industry use cases for InfoSphere
Streams, health and life sciences, University of Ontario Institute of
Technology. In Understanding big data: Analytics for enterprise class
hadoop and streaming data (pp. 126–127). New York: McGraw-Hill
Professional.
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY—July 2014
DOI: 10.1002/asi
Copyright of Journal of the Association for Information Science & Technology is the property
of John Wiley & Sons, Inc. and its content may not be copied or emailed to multiple sites or
posted to a listserv without the copyright holders express written permission. However, users
may print, download, or email articles for individual use.
ALCOHOL RESEARCH:
Current Reviews
Privacy and Security in Mobile
Health (mHealth) Research
Shifali Arora, M.D.; Jennifer Yttri, Ph.D.; and Wendy Nilsen, Ph.D.
Shifali Arora, M.D., is an American
Association for the Advancement
of Science (AAAS) Fellow in the
Directorate for Computer &
Information Science & Engineering,
National Science Foundation,
Washington, DC.
Jennifer Yttri, Ph.D., is an AAAS
Science and Technology Policy
Fellow in the Directorate for
Computer & Information Science
& Engineering, National Science
Foundation, Washington, DC.
Wendy Nilsen, Ph.D., is a Health
Scientist Administrator in the Office
of Behavioral and Social Sciences
Research, National Institutes of
Health, Bethesda, Maryland.
The recent proliferation of wireless and
mobile health (mHealth) technologies
presents the opportunity for scientists
to collect information in the real-world
via wearable sensors. When coupled
with fixed sensors embedded in the
environment, mHealth technologies
produce continuous streams of data
related to an individual’s biology, psy­
chology (attitudes, cognitions, and
emotions), behavior and daily environ­
ment. These data have the potential to
yield new insights into the factors that
lead to disease. They also could be ana­
lyzed and used in real time to prompt
changes in behaviors or environmental
exposures that can reduce health risks
or optimize health outcomes. This new
area of research has the potential to be
a transformative force, because it is
dynamic, being based on a continuous
input and assessment process. Research
Research on the use of mobile technologies for alcohol use problems is a developing
field. Rapid technological advances in mobile health (or mHealth) research generate
both opportunities and challenges, including how to create scalable systems capable
of collecting unprecedented amounts of data and conducting interventions—some
in real time—while at the same time protecting the privacy and safety of research
participants. Although the research literature in this area is sparse, lessons can be
borrowed from other communities, such as cybersecurity or Internet security, which
offer many techniques to reduce the potential risk of data breaches or tampering in
mHealth. More research into measures to minimize risk to privacy and security
effectively in mHealth is needed. Even so, progress in mHealth research should not
stop while the field waits for perfect solutions.
Key words: Alcohol use, abuse, and dependence; problematic alcohol use; alcohol
use disorders; mobile health; mHealth; wireless technology; mobile devices;
sensors; data collection; intervention; privacy; security
in mHealth can ensure that important
social, behavioral, and environmental
data are used to understand the deter­
minants of health and to improve
health outcomes and prevent develop­
ment of alcohol use disorders (AUDs).
Despite its promise, research in
mHealth has progressed much more
slowly than developments in industry.
One reason is that issues of privacy
and security remain an ongoing con­
cern for researchers conducting
mHealth studies, especially in areas
involving sensitive behavior or treat­
ment (e.g., alcohol use). Not only is
the sensitivity of the data an issue for
privacy and security, but also the
amount that can be collected using
mobile devices. Because most mobile
devices (including phones and sensors)
are carried by the person and collecting
data throughout the day, researchers
are now able to begin thinking about
big data at the level of the individual
(Estrin 2014). Fusion of streaming
biological, physiological, social, behav­
ioral, environmental, and locational
data can now dwarf the traditional
genetics and electronic health recordsbased datasets of so-called big data.
Further, previously underserved groups
can now participate in research because
of the rapid adoption of mobile
devices. In contrast with the Internet
digital divide that limited the reach
of computerized health behavior inter­
ventions for lower socioeconomic
groups, mobile phone use has been
rapidly and widely adopted among
virtually all demographic groups (Pew
Research Internet Project 2014). Now,
90 percent of American adults and 78
percent of teenagers have a cell phone,
Privacy and Security in Mobile Health (mHealth) Research
143
and more than half are smartphones
(Pew Research Internet Project 2014).
Many of the strengths of mHealth
research (i.e., its ability to reach large
and broad samples and collect contin­
uously streaming data on a range of
potentially sensitive and possibly illegal
behaviors and events) also drive privacy
and security concerns. These topics, as
well as confidentiality, are all separate
yet connected issues that researchers
must address in protecting research
participants. The National Committee
for Vital and Health Statistics describes
the differences between and among
privacy, confidentiality, and security
this way:
“Health information privacy is an
individual’s right to control the acquisi­
tion, uses, or disclosures of his or her
identifiable health data. Confidentiality,
which is closely related, refers to the obli­
gations of those who receive information
to respect the privacy interests of those
to whom the data relate. Security is
altogether different. It refers to physical,
technological, or administrative safe­
guards or tools used to protect identifiable
health data from unwarranted access or
disclosure (Cohn 2006).”
These issues are further complicated
by Federal regulations governing per­
sonal health information, as well as
sensitive information concerning
alcohol, drug use or mental health.
There also are many legal and ethical
concerns about mHealth, especially
when used to study alcohol, drug use
or mental health. Among these issues
is safety of participants and liability of
researchers if a study participant expe­
riences an emergency during the study
(Kramer et al. 2014). Legal and ethical
considerations should be discussed
further by the mHealth community
but will not be reviewed here. Instead,
this article focuses on privacy, confi­
dentiality, and security in mHealth,
areas ripe with research questions and
opportunities whose times are overdue.
144
Federal Regulations Affecting
Health Information Privacy
and Security
Any study related to alcohol use gen­
erally must abide by several layers of
Federal rules instituted to protect
patients and research subjects.
HIPAA
Regulations have been in place for
close to 20 years surrounding the
privacy of personal health information.
In 1996, the Department of Health
and Human Services—specifically the
Office for Civil Rights—introduced
the Health Insurance Portability and
Accountability Act (HIPAA). Although
research activity is not directly addressed
in HIPAA, many researchers are
employed by or work within HIPAAcovered entities and work under the
HIPAA guidelines for privacy and
security, especially when personal
health information is being used.
Title II of HIPAA defined policies and
guidelines for maintaining privacy and
security of a patient’s health informa­
tion (U.S. Department of Health and
Human Services 1996). Within Title
II lies the Privacy Rule, the first set of
national standards for protecting every
individual’s health information, as
well as the Security Rule, which set
a national standard for protecting
personal health information in an
electronic format (U.S. Department
of Health and Human Services 1996).
At the time these rules were introduced,
clinical health information existed pri­
marily in the form of handwritten
patient health records. Information
generally was shared between care
providers over the phone, by fax or in
person. Consequently, initial regulations
and guidelines focused on the challenges
surrounding protecting information in
these limited-sharing formats.
The regulations have evolved over
the last 15 years as the needs of the
healthcare system have changed. As
systems have begun to use electronic
health records, the guidelines have
been amended to take new factors into
Vol. 36, No.1 Alcohol Research: C u r r e n t R e v i e w s
consideration. Significantly, some
components have not been modified:
the rules still require authorization
from the individual to share his or her
personal health information; and an
individual has the right to ask for and
receive his or her own health informa­
tion. Other areas have evolved: the
security regulations now include updated
administrative, physical and technical
safeguards for protected health infor­
mation (U.S. Department of Health
and Human Services 2009a). The latest
2013 update, which expanded HIPAA
through the HITECH Act Subtitle D,
now allows a patient to receive pro­
tected health information in any elec­
tronic format preferred. The onus of
protection has been extended beyond
the initial group of “covered entities”
(i.e., medical care providers, hospitals
and insurance companies) to include
those involved with Electronic Health
Record (EHR) development and
records management (U.S. Department
of Health and Human Services 2013).
The Common Rule
In addition to HIPAA, researchers
must abide by the Federal Policy for
the Protection of Human Subjects,
also known as the Common Rule.
The Common Rule was introduced in
1991 to protect individuals participating
in research activities (U.S. Department
of Health and Human Services 2009b).
The Common Rule sets out detailed
policies and guidelines about informed
consent, adverse events, handling
of biological data, and vulnerable
populations, among other issues. An
updated version of the Common Rule
is undergoing review (U.S. Depart­
ment of Health and Human Services
2011). One proposed change of signif­
icance to mobile health researchers is
the addition of specific guidance on
data security and privacy. If enacted
as proposed, data privacy and security
protections that would be applied to
research on human subjects would be
calibrated to the level of identifiability
of the information being collected.
Because standards for digital privacy
and security were not delineated in
earlier versions of the Common Rule,
Institutional Review Boards were
often asked to make judgments about
topics for which they may not have
had the proper expertise. Thus, stan­
dardizing requirements will allow for
more uniformity in research review
and more clarity for researchers as they
design research protocols to support
digital privacy and security.
42 Code of Federal Regulations
Part 2
The field of alcohol and substance use
research is unique in that a set of spe­
cific Federal regulations guides it above
and beyond the requirements of HIPAA
and the Common Rule. Under 42
Code of Federal Regulations Part 2
(42 CFR), the confidentiality of the
records of patients with alcohol and
substance abuse/dependence is man­
dated (http://www.ecfr.gov/cgi-bin/
text-idx?c=ecfr;sid=af45a7480ecfb95b
c813ab4bbd37fb5b;rgn=div5;view=
text;node=42\%3A1.0.1.1.2;idno=
42;cc=ecfr). Alcohol and drug abuse
records can only be shared after written
consent is obtained from patients, even
if the use of such records by healthcare
professionals occurs in a medical
emergency. CFR42 also prohibits the
disclosure of a research participant’s
identity in any report or publication,
even with consent. Because of the sen­
sitive nature of the personal health
information involved, protection of
privacy, security and confidentiality
warrants extra thought by alcohol
researchers.
Responsibility to Protect Privacy
and Security
Regulations governing privacy and
security—while layered and complex—
tend to hold few surprises for experienced
research teams. Patient expectations
related to privacy on mobile devices,
however, offer a new challenge that
study protocols must address. For
example, research has shown that a
majority of Americans (78 percent)
consider information stored on their
mobile phones to be as or even more
private than the information stored in
their personal computers (Urban et al.
2012). Although people believe that
information on their phones is under
their control, this is not always true.
The settings on phones may allow
applications to access and share more
information than people realize.
Research participants, by contrast,
are told the truth about phone privacy
and security issues—primarily that
there are potential dangers that often
center on data breaches. This apparent
disconnect between perception of
privacy in daily life compared with
research settings is important. It sug­
gests that broad efforts at enhancing
technological literacy are needed, or
researchers risk making mHealth
applications seem less safe than other
protected mobile activities, such as
banking. Instead of voicing concerns
about highlighting the risks in health
research and care, the scientific com­
munity should support overall efforts
to increase the public’s knowledge of
privacy and security risks regarding
technology, thus allowing a rising tide
of literacy to float all mobile device–
using boats.
As is the case in all research, privacy,
confidentiality, and security policies
should be created in advance of a project
by developing written standard oper­
ating procedures. Developing a priori
practices and principles of conduct for
mHealth research projects is a crucial
step in enhancing data and participant
safety. Since the majority of security
breaches in healthcare (not just mHealth)
are due to unauthorized access to a
device or from mishandling or misusing
data (Bennett et al. 2010), mHealth
researchers need to conduct a risk
assessment to identify potential vul­
nerabilities as they develop and imple­
ment their systems. When designing
and implementing a security plan to
protect participant information,
researchers should tailor the plan to
fit the risks associated with their pro­
tocol. A plan for privacy and security
safeguards should balance the type of
information being used, the intended
use of the mHealth tool, the method
of sharing information, and the costs
of the protections to develop a feasible
system with the minimal amount of
privacy and security risk.
Privacy in mHealth
In the United States, privacy is consid­
ered an essential freedom. It is the
right of individuals to determine for
themselves when, how, and to what
extent personal information is com­
municated to others. Because privacy
targets the human side of information
protection, the solutions to these
issues target the humans using the
technology. At the highest level, patients
currently regulate who can access their
personal health information through
consent. The consent gives partici­
pants appropriate knowledge of what
data are being collected, how they are
stored and used, what rights they have
to the data, and what the potential
risks of disclosure could be. Unfortu­
nately, as noted earlier, technological
literacy in the United States limits
people’s understanding of the true risks
and benefits of mobile technology.
Because changes in technological
literacy take time to implement,
researchers in mHealth will need to
develop systems that enhance partici­
pant privacy. More specifically, this
means building mHealth systems that
allow research participants some con­
trol over the data, whether this be
control over which data are collected
or over which data are released to the
research team. Researchers will need
to be explicit about the data they are
collecting and what control the partic­
ipants will have over it. This also means
that mHealth researchers should be
thoughtful about what research data
they will collect.
An example of offering such patient
control comes from the field of com­
puter science. Although not a standard
for other scientific areas in health, in
a participatory model of research
Privacy and Security in Mobile Health (mHealth) Research
145
proposed in computer science (Shilton
2012), participants pick and choose
which data to share, whether before
data collection or after data have been
sampled. A simple electronic or paper
checklist of possible data points
administered before data collection
and/or a patient-facing data dashboard
will allow participants to exercise their
rights to control and access their data.
Thus, which data ar…
Purchase answer to see full
attachment




Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.