Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

Download Full-text

A Mobile App for Assisting Users to Make Informed Selections in Security Settings for Protecting Personal Health Data: Development and Feasibility Study (Preprint)

10.2196/preprints.11210 ◽

2018 ◽

Author(s):

Leming Zhou ◽

Bambang Parmanto ◽

Zakiy Alfikri ◽

Jie Bao

Keyword(s):

Access Control ◽

Mobile Apps ◽

Health Data ◽

Mobile App ◽

Security And Privacy ◽

Personal Health ◽

Security Measures ◽

Security Education ◽

Study Results ◽

Before And After

BACKGROUND On many websites and mobile apps for personal health data collection and management, there are security features and privacy policies available for users. Users sometimes are given an opportunity to make selections in a security setting page; however, it is challenging to make informed selections in these settings for users who do not have much education in information security as they may not precisely know the meaning of certain terms mentioned in the privacy policy or understand the consequences of their selections in the security and privacy settings. OBJECTIVE The aim of this study was to demonstrate several commonly used security features such as encryption, user authentication, and access control in a mobile app and to determine whether this brief security education is effective in encouraging users to choose stronger security measures to protect their personal health data. METHODS A mobile app named SecSim (Security Simulator) was created to demonstrate the consequences of choosing different options in security settings. A group of study participants was recruited to conduct the study. These participants were asked to make selections in the security settings before and after they viewed the consequences of security features. At the end of the study, a brief interview was conducted to determine the reason for their selections in the security settings. Their selections before and after the security education were compared in order to determine the effectiveness of the security education. The usability of the app was also evaluated. RESULTS In total, 66 participants finished the study and provided their answers in the app and during a brief interview. The comparison between the pre- and postsecurity education selection in security settings indicated that 21% (14/66) to 32% (21/66) participants chose a stronger security measure in text encryption, access control, and image encryption; 0% (0/66) to 2% (1/66) participants chose a weaker measure in these 3 security features; and the remainder kept their original selections. Several demographic characteristics such as marital status, years of experience using mobile devices, income, employment, and health status showed an impact on the setting changes. The usability of the app was good. CONCLUSIONS The study results indicate that a significant percentage of users (21%-32%) need guidance to make informed selection in security settings. If websites and mobile apps can provide embedded security education for users to understand the consequences of their security feature selection and the meaning of commonly used security features, it may help users to make the best choices in terms of security settings. Our mobile app, SecSim, offers a unique approach for mobile app users to understand commonly used security features. This app may be incorporated into other apps or be used before users make selections in their security settings.

Download Full-text

Cumulative Risks from Stressor Exposures and Personal Risk Factors in the Workplace: Examples from a Scoping Review

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph18115850 ◽

2021 ◽

Vol 18 (11) ◽

pp. 5850

Author(s):

Mary A. Fox ◽

Richard Todd Niemeier ◽

Naomi Hudson ◽

Miriam R. Siegel ◽

Gary Scott Dotson

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Scoping Review ◽

Multiple Stressors ◽

Cumulative Risk ◽

Real Life ◽

Personal Factors ◽

Exposure Limits ◽

Personal Risk ◽

Personal Risk Factors

Protecting worker and public health involves an understanding of multiple determinants, including exposures to biological, chemical, or physical agents or stressors in combination with other determinants including type of employment, health status, and individual behaviors. This has been illustrated during the COVID-19 pandemic by increased exposure and health risks for essential workers and those with pre-existing conditions, and mask-wearing behavior. Health risk assessment practices for environmental and occupational health typically do not incorporate multiple stressors in combination with personal risk factors. While conceptual developments in cumulative risk assessment to inform a more holistic approach to these real-life conditions have progressed, gaps remain, and practical methods and applications are rare. This scoping review characterizes existing evidence of combined stressor exposures and personal factors and risk to foster methods for occupational cumulative risk assessment. The review found examples from many workplaces, such as manufacturing, offices, and health care; exposures to chemical, physical, and psychosocial stressors combined with modifiable and unmodifiable determinants of health; and outcomes including respiratory function and disease, cancers, cardio-metabolic diseases, and hearing loss, as well as increased fertility, menstrual dysfunction and worsened mental health. To protect workers, workplace exposures and modifiable and unmodifiable characteristics should be considered in risk assessment and management. Data on combination exposures can improve assessments and risk estimates and inform protective exposure limits and management strategies.

Download Full-text

Security and Privacy Risk Assessment of Energy Big Data in Cloud Environment

Computational Intelligence and Neuroscience ◽

10.1155/2021/2398460 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Zhiru Li ◽

Wei Xu ◽

Huibin Shi ◽

Yuanyuan Zhang ◽

Yan Yan

Keyword(s):

Neural Network ◽

Risk Factors ◽

Risk Assessment ◽

Big Data ◽

Data Storage ◽

Bp Neural Network ◽

Security And Privacy ◽

Cloud Environment ◽

Privacy Risk ◽

Whole Life Cycle

Considering the importance of energy in our lives and its impact on other critical infrastructures, this paper starts from the whole life cycle of big data and divides the security and privacy risk factors of energy big data into five stages: data collection, data transmission, data storage, data use, and data destruction. Integrating into the consideration of cloud environment, this paper fully analyzes the risk factors of each stage and establishes a risk assessment index system for the security and privacy of energy big data. According to the different degrees of risk impact, AHP method is used to give indexes weights, genetic algorithm is used to optimize the initial weights and thresholds of BP neural network, and then the optimized weights and thresholds are given to BP neural network, and the evaluation samples in the database are used to train it. Then, the trained model is used to evaluate a case to verify the applicability of the model.

Download Full-text

MEVA - a new method of occupational health and safety risk assessment

MATEC Web of Conferences ◽

10.1051/matecconf/201929012008 ◽

2019 ◽

Vol 290 ◽

pp. 12008

Author(s):

Doru-Costin Darabont ◽

Eduard Smîdu ◽

Alina Trifu ◽

Vicențiu Ciocîrlea ◽

Iulian Ivan ◽

...

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Occupational Health ◽

Deductive Reasoning ◽

Health And Safety ◽

Occupational Health And Safety ◽

New Method ◽

Risk Level ◽

Simple Method ◽

Safety Risk

The paper describes a new method of occupational health and safety risk assessment. This method, called MEVA, unlike the old ones, focuses more on reduce or eliminate subjective issues in determining the probability of manifestation of risk factors and is based on a deductive reasoning, with the help of which is studied the chain between two or more events. The novelty of the method consists in combining risk assessment techniques with evaluation of compliance with legal and other requirements, aiming to provide a more objective results of the risk assessment. In the MEVA method, the risk matrix is defined by 5 classes of severity and 5 probability classes, resulting in 5 levels of risk. After quantifying the risk factors, prevention measures are proposed for all the identified risk factors and each partial risk level is recalculated as a result of the proposed measures. The five levels of risk were grouped into three categories: acceptable, tolerable and unacceptable. The MEVA method is a simple method and it can be used for assessing various workplaces, with different characteristics of complexity, activity domain or occupational health and safety recordings.

Download Full-text

Prevalence of Risk Factors for VTE In Hospitalized Medical and Surgical Patients. Data From the Comparison of Methods for Thromboembolic Risk Assessment with Clinical Perceptions and AwareneSS In Real Life Surgical and Medical Patients (COMPASS) Study

Blood ◽

10.1182/blood.v116.21.3337.3337 ◽

2010 ◽

Vol 116 (21) ◽

pp. 3337-3337

Author(s):

Grigoris T Gerotziafas ◽

Miltos Chrysanthidis ◽

Reda Isaad ◽

Hela Baccouche ◽

Chrysoula Papageorgiou ◽

...

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Gastrointestinal Disease ◽

Real Life ◽

Bleeding Risk ◽

Hospitalized Patients ◽

Assessment Model ◽

Surgical Patients ◽

Medical Patients ◽

The Impact

Abstract Abstract 3337 Introduction: Risk assessment models (RAM) are helpful tools for the screening VTE risk in hospitalized patients. Most of the available RAMs have been constructed on a disease-based or surgery-based approach and include some of the most relevant risk factors for VTE. There is limited information on the impact and importance of individual and comorbidity related risk factors for VTE present during hospitalization on the global VTE risk. Incorporation of the most frequent VTE risk and bleeding risk factors related to comorbidities might improve the ability of RAM to detect real-life patients at risk VTE and to evaluate drawbacks for the application of thromboprophylaxis. Aim of the study: The primary aim of the COMPASS programme was to evaluate the prevalence of the all known VTE and bleeding risk factors reported in the literature in real-life surgical and medical hospitalized patients. Methods: A prospective multicenter cross-sectional observational study was conducted in 6 hospitals in Greece and 1 in France. All inpatients aged >40 years hospitalised for medical diseases and inpatients aged >18 years admitted due to a surgical procedure and hospitalisation for a period exceeding three days were included. Patients and their treating physicians were interviewed with standardised questionnaire including all VTE and bleeding risk factors described in literature (130 items) on the third day of hospitalisation. Patients not giving informed consent, or receiving anticoagulant treatment for any reason or hospitalised in order to undergo diagnostic investigation without any further therapeutic intervention were excluded. Results: A total of 806 patients were enrolled in the study (414 medical and 392 surgical). Most frequent causes of hospitalisation in medical patients were infection (42%), ischemic stroke (14%), cancer (13%), gastrointestinal disease (9%), pulmonary disease (4%), renal disease (3%) and rheumatologic disease (1,4%). Surgical patients were hospitalised for vascular disease (22%) cancer (19,4%) gastrointestinal disease (12,5%), infection (8%), orthopaedic surgery and trauma (14%) or minor surgery (7%). Analysis of the frequency of risk factors for VTE showed that active cancer, recent hospitalisation, venous insufficiency and total bed rest without bathroom privileges were frequent in both groups. Medical patients had significantly more frequently than surgical patients several important predisposing risk factors for VTE. Moreover, medical patient had more frequently than surgical ones bleeding risk factors. The data for the most frequent risk factors are summarised in Table 1. Conclusion: COMPASS is the first registry that provides key data on the prevalence of all known VTE and bleeding risk factors in real life medical and surgical patients hospitalised in two countries of European Union. The analysis of the data shows that in addition to risk stemin from the disease or surgical act both medical and surgical patients share common VTE risk factors. The careful analysis of the most frequent and relevant VTE risk factors will allow the derivation of a practical VTE and bleeding risk assessment model taken into account these factors. Disclosures: Chrysanthidis: Sanofi-Aventis: Employment.

Download Full-text

Security Challenges in Healthcare Cloud Computing: A Systematic Review

Global Journal of Health Science ◽

10.5539/gjhs.v9n3p157 ◽

2016 ◽

Vol 9 (3) ◽

pp. 157 ◽

Cited By ~ 14

Author(s):

Esmaeil Mehraeen ◽

Marjan Ghazisaeedi ◽

Jebraeil Farzi ◽

Saghar Mirshekari

Keyword(s):

Systematic Review ◽

Cloud Computing ◽

Access Control ◽

Identity Management ◽

Research Question ◽

Security And Privacy ◽

Healthcare Data ◽

Security Challenges ◽

Authentication And Authorization ◽

Hypervisor Security

BACKGROUND: Healthcare data are very sensitive records that should not be made available to unauthorized people in order for protecting patient's information security. However, in progressed technologies as cloud computing which are vulnerable to cyber gaps that pose an adverse impact on the security and privacy of patients’ electronic health records and in these situations, security challenges of the wireless networks need to be carefully understood and considered. Recently, security concerns in cloud computing environment are a matter of challenge with rising importance.OBJECTIVE: In this study a systematic review to investigate the security challenges in cloud computing was carried out. We focused mainly on healthcare cloud computing security with an organized review of 210 full text articles published between 2000 and 2015.METHOD: A systematic literature review was conducted including PubMed, Science direct, Embase, ProQuest, Web of science, Cochrane, Emerald, and Scopus databases.FINDINGS: Using the strategies described, 666 references retrieved (for research question one 365, research question two 201, and research question three 100 references).IMPROVEMENTS: Review of articles showed that for ensuring healthcare data security, it is important to provide authentication, authorization and access control within cloud's virtualized network. Issues such as identity management and access control, Internet-based access, authentication and authorization and cybercriminals are major concerns in healthcare cloud computing. To manage these issues many involved events such as Hybrid Execution Model, VCC-SSF, sHype Hypervisor Security Architecture, Identity Management, and Resource Isolation approaches have to be defined for using cloud computing threat management processes.

Download Full-text

ERGONOMIC RISK ASSESSMENT ON SELECTED HOT-WORK WORKERS AT COMPANY XXX

Malaysian Journal of Public Health Medicine ◽

10.37268/mjphm/vol.20/no.special1/art.688 ◽

2020 ◽

Vol 20 (Special1) ◽

pp. 176-185

Author(s):

Sivabalan Sanmugum ◽

Karmegam Karuppiah ◽

Sivasankar

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

High Risk ◽

Extreme Temperature ◽

Effective Control ◽

Risk Level ◽

Entire Body ◽

Very High ◽

Ergonomic Risk Assessment ◽

Ergonomic Risk

Company XXX is a factory that involving manufacturing of offshore containers in where the hot works are one of the crucial activities in fabrication and structuring the framework of the containers. This study had been conducted at hot work section to conduct initial and advanced ergonomic risk assessment to identify ergonomic risk factors involved among hot-work workers which cause the significant number of reports on ergonomic related health issues at hot works area from the year 2011 to year 2017. The initial and advanced ergonomic risk assessment had been conducted based on DOSH latest release of guideline on ergonomic risk assessment 2017 and all findings had been tabulated and analysed. Based on the intial ergonomic assessment, total score achived is 17.7 with main risk factors identified through the hot work acticties are including awkward postures, repetitive motions, static and sustained work postures, vibration, insufficient ventilation, exposure of noise and working in extreme temperature. Based on Advanced ERA conducted on selected 3 workers, the study shows Muscle Fatigue Assessment (MFA) with average score for risk level shown ‘High’ and ‘Very High’ categories, Rapid Entire Body Assessment (REBA) with average total score more than 10 which categorized as ‘High Risk’ and Quick Exposure Check (QEC) which shown the workers have very high risk for back and shoulder or arm parts with score level are between 29 to 40 for back static and 41 to 56 for shoulder and arm parts. Based on results of the assessment, company XXX recommended had been to conduct further investigation for improvements to determine effective control measure for the work process in order to reduce that risk level towards the hot work workers.

Download Full-text

Project Portfolio Resource Risk Assessment considering Project Interdependency by the Fuzzy Bayesian Network

Complexity ◽

10.1155/2020/5410978 ◽

2020 ◽

Vol 2020 ◽

pp. 1-21

Author(s):

Libiao Bai ◽

Kaimin Zhang ◽

Huijing Shi ◽

Min An ◽

Xiao Han

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Bayesian Network ◽

Risk Reduction ◽

Portfolio Management ◽

Resource Sharing ◽

Resource Constraints ◽

Risk Level ◽

Project Portfolio ◽

Strategic Decisions

Resource risk caused by specific resource sharing or competition among projects due to resource constraints is a major issue in project portfolio management, which challenges the application of risk analysis methods effectively. This paper presents a methodology by using a fuzzy Bayesian network to assess the project portfolio resource risk, determine critical resource risk factors, and propose risk-reduction strategies. In this method, the project portfolio resource risk factors are first identified by taking project interdependency into consideration, and then the Bayesian network model is developed to analyze the risk level of the identified risk factors in which expert judgments and fuzzy set theory are integrated to determine the probabilities of all risk factors to deal with incomplete risk data and information. To reduce the subjectivity of expert judgments, the expert weights are determined by combining experts’ background and reliability degree of expert judgments. A numerical analysis is used to demonstrate the application of the proposed methodology. The results show that project portfolio resource risks can be analyzed effectively and efficiently. Furthermore, “poor communication and cooperation among projects,” “capital difficulty,” and “lack of sharing technology among projects” are considered the leading factors of the project portfolio resource risk. Risk-reduction strategic decisions based on the results of risk assessment can be made, which provide project managers with a useful method or tool to manage project risks.

Download Full-text

Evaluating Violence Risk in Children and Adolescents

10.1093/oxfordhb/9780199352722.013.5 ◽

2015 ◽

Cited By ~ 1

Author(s):

Randy Borum

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Children And Adolescents ◽

Health Professionals ◽

Risk Level ◽

Evidence Based ◽

Violence Risk ◽

Developmental Context ◽

Emergency Workers ◽

Behavioral Emergencies

Emergency workers and behavioral health professionals who work in crisis or emergency settings should understand the fundamentals of assessing and managing violence risk in children and adolescents, but violence potential must be considered in its developmental context. This chapter presents an approach for assessing violence risk among youth in the context of behavioral emergencies. It begins with a brief discussion of the developmental context for risk assessment and how to think about violent outcomes among children and adolescents. Then, it covers the information an evaluator would need to collect, how to collect it, and how to reach a sound decision about a youth’s risk level. It encourages evaluators in emergency or crisis settings to rely on evidence-based risk factors, while also applying individualized formulations to give texture to the assessments and to the subsequent forecasts about the nature and degree of risk for violence.

Download Full-text

Investment Risk Assessment of Dispersed Wind Power in Low Wind Speed Area Using a Hybrid Multi-Criteria Decision-Making Approach Based on Hesitant Fuzzy Linguistic Environment

Mathematical Problems in Engineering ◽

10.1155/2020/9481281 ◽

2020 ◽

Vol 2020 ◽

pp. 1-23

Author(s):

Lingyun Liu ◽

Jianli Zhou ◽

Haoxin Dong ◽

Yao Tao ◽

Yunna Wu ◽

...

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Decision Making ◽

Wind Speed ◽

Risk Analysis ◽

Wind Power ◽

Assessment Model ◽

Risk Level ◽

Low Wind Speed ◽

Fuzzy Linguistic

Reducing the phenomenon of wind curtailment is essential to improve the level of wind power consumption. Wind power development in China has shifted to southeast region and dispersed wind power has developed rapidly and gradually become the new main force. However, various obstacles limit the smooth progress of dispersed wind power in low wind speed area. An important point is the absence of targeted risk analysis and evaluation methods. Therefore, the principal contribution of this paper is to find out the critical risk factors of such projects and propose the risk assessment model. First, 18 critical risk factors are identified using the constructed five-dimensional risk analysis model. Second, the hesitant fuzzy linguistic term set with credibility is utilized to collect evaluation information on one hand and to improve the multicriteria decision-making methods involved on the other hand. Third, the risk evaluation and ranking for 10 provinces that mainly develop dispersed wind power is carried out. The evaluation results indicate that the risk level of dispersed wind power projects is “Relatively Low” in most study provinces and the risk levels of Guangdong and Fujian are higher. It is worth noting that the consistency between the evaluation results and the distribution of wind resources can be used to guide the formulation of stimulus policies. Besides, the ranking results show some preference for investment choice. Finally, dual sensitivity analysis tests the stability of the model and shows the ranking results under different decision preferences. Scenario analysis gives the possible risk scenarios and evaluation results in the future. This study can provide insightful inspiration to wind power investors, risk management practitioners, and policymakers.

Download Full-text