A Mobile App for Assisting Users to Make Informed Selections in Security Settings for Protecting Personal Health Data: Development and Feasibility Study (Preprint)

Mapping Intimacies ◽

10.2196/preprints.11210 ◽

2018 ◽

Author(s):

Leming Zhou ◽

Bambang Parmanto ◽

Zakiy Alfikri ◽

Jie Bao

Keyword(s):

Access Control ◽

Mobile Apps ◽

Health Data ◽

Mobile App ◽

Security And Privacy ◽

Personal Health ◽

Security Measures ◽

Security Education ◽

Study Results ◽

Before And After

BACKGROUND On many websites and mobile apps for personal health data collection and management, there are security features and privacy policies available for users. Users sometimes are given an opportunity to make selections in a security setting page; however, it is challenging to make informed selections in these settings for users who do not have much education in information security as they may not precisely know the meaning of certain terms mentioned in the privacy policy or understand the consequences of their selections in the security and privacy settings. OBJECTIVE The aim of this study was to demonstrate several commonly used security features such as encryption, user authentication, and access control in a mobile app and to determine whether this brief security education is effective in encouraging users to choose stronger security measures to protect their personal health data. METHODS A mobile app named SecSim (Security Simulator) was created to demonstrate the consequences of choosing different options in security settings. A group of study participants was recruited to conduct the study. These participants were asked to make selections in the security settings before and after they viewed the consequences of security features. At the end of the study, a brief interview was conducted to determine the reason for their selections in the security settings. Their selections before and after the security education were compared in order to determine the effectiveness of the security education. The usability of the app was also evaluated. RESULTS In total, 66 participants finished the study and provided their answers in the app and during a brief interview. The comparison between the pre- and postsecurity education selection in security settings indicated that 21% (14/66) to 32% (21/66) participants chose a stronger security measure in text encryption, access control, and image encryption; 0% (0/66) to 2% (1/66) participants chose a weaker measure in these 3 security features; and the remainder kept their original selections. Several demographic characteristics such as marital status, years of experience using mobile devices, income, employment, and health status showed an impact on the setting changes. The usability of the app was good. CONCLUSIONS The study results indicate that a significant percentage of users (21%-32%) need guidance to make informed selection in security settings. If websites and mobile apps can provide embedded security education for users to understand the consequences of their security feature selection and the meaning of commonly used security features, it may help users to make the best choices in terms of security settings. Our mobile app, SecSim, offers a unique approach for mobile app users to understand commonly used security features. This app may be incorporated into other apps or be used before users make selections in their security settings.

Download Full-text

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Journal of Healthcare Engineering ◽

10.1155/2020/5601068 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Pedro Moura ◽

Paulo Fazendeiro ◽

Pedro R. M. Inácio ◽

Pedro Vieira-Marques ◽

Ana Ferreira

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Access Control ◽

Delphi Study ◽

Mobile Apps ◽

Real Life ◽

Health Data ◽

Security And Privacy ◽

Risk Level ◽

Healthcare Data

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

Download Full-text

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

International Journal of Computational Models and Algorithms in Medicine ◽

10.4018/jcmam.2010040101 ◽

2010 ◽

Vol 1 (2) ◽

pp. 1-21

Author(s):

Luan Ibraimi ◽

Qiang Tang ◽

Pieter Hartel ◽

Willem Jonker

Keyword(s):

Access Control ◽

Health Data ◽

Third Party ◽

Personal Health ◽

Encryption Scheme ◽

Health Records ◽

Web Based ◽

The Third ◽

Access Control Policies ◽

Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

Download Full-text

Mobile app user guide: Hipbone to sync personal health data

British Journal of Sports Medicine ◽

10.1136/bjsports-2016-096842 ◽

2016 ◽

Vol 52 (3) ◽

pp. 204-205

Author(s):

Robert D Furberg ◽

Alexa M Ortiz

Keyword(s):

Health Data ◽

Mobile App ◽

Personal Health

Download Full-text

EFFECT OF YOGIC EXERCISES AND MEDITATION ON EMOTIONAL WELLNESS AND SPIRITUAL WELLNESS OF WOMEN IN THOOTHUKUDI

International Journal of Research -GRANTHAALAYAH ◽

10.29121/granthaalayah.v4.i9(se).2016.2511 ◽

2016 ◽

Vol 4 (9(SE)) ◽

pp. 63-73

Author(s):

Thanga Selvam ◽

Shunmuga SelvaSivaSankari ◽

A. Nagalakshmi

Keyword(s):

Personal Health ◽

Spiritual Wellness ◽

Health And Wellbeing ◽

Study Results ◽

Significant Difference ◽

Emotional Wellness ◽

Before And After ◽

Post Test ◽

Quasi Experimental ◽

The Impact

Today, yoga is considered as an alternative exercise approach to obtain personal health and wellbeing. Yoga’s holistic methodology strives to unite one’s body, mind, and spirit; it is a method of exercise mirrored in the physical, mental, and emotional benefits which result. The focus of this paper will highlight on the effect of yogic exercises and meditation on emotional wellness and spiritual wellness among women. The objectives of this study were to find out the level of emotional wellness and spiritual wellness of women before and after treatment and to find out the impact of yogic exercises and meditation on the emotional wellness and spiritual wellness of women. The investigators have adopted quasi-experimental method for this study. Results of this study show that there is significant difference between pretest and post test scores on emotional wellness and spiritual wellness of women before and after the yogic exercises and meditation.

Download Full-text

Multipurpose Mobile Apps for Mental Health in Chinese App Stores: Content Analysis and Quality Evaluation (Preprint)

10.2196/preprints.34054 ◽

2021 ◽

Author(s):

Xiaoqian Wu ◽

Lin Xu ◽

PengFei Li ◽

TingTing Tang ◽

Cheng Huang

Keyword(s):

Mental Health ◽

Rating Scale ◽

Mobile Apps ◽

Scientific Basis ◽

Mobile App ◽

Security Measures ◽

Privacy And Security ◽

Health Apps ◽

Mental Health Awareness ◽

Privacy Measures

BACKGROUND Mental disorders impose varying degrees of burden on patients and their surroundings. However, people are reluctant to take the initiative to seek mental health services because of the uneven distribution of resources and stigmatization. Thus, mobile apps are considered an effective way to eliminate these obstacles and improve mental health awareness. OBJECTIVE This study aimed to evaluate the quality, function, privacy measures, and evidence-based and professional background of multipurpose mental health apps in Chinese commercial app stores. METHODS A systematic search was conducted on iOS and Android platforms in China to identify multipurpose mental health apps. Two independent reviewers evaluated the identified mobile apps using Mobile App Rating Scale (MARS). Each app was downloaded, and the general characteristics, privacy and security measures, development background, and functional characteristics of each app were evaluated. RESULTS A total of 40 apps were analyzed, of which 35 apps (87.5%) were developed by companies and 33 apps (82.5%) provided links to access the privacy policy; 52.5% did not mention the involvement of relevant professionals or the guidance of scientific basis in the app development process. The main built-in functions of these apps include psychological education (38/40, 95%), self-assessment (34/40, 85%), and counseling (33/40, 83%). The overall quality average MARS score of the 40 apps was 3.53 (standard deviation 0.39), and the total score was between 2.96 and 4.30. The total score of MARS was significantly positively correlated with the scores of each subscale (r = 0.62–0.88; P <.001). However, the user score of the app market was not significantly correlated with the total score of MARS (r = 0.23; P =.19). CONCLUSIONS The quality of multipurpose mental health apps in China’s main app market is generally good and provides various functional combinations. However, health professionals are less involved in the development of these apps, and the privacy protection policy of the apps also needs to be described in more detail. This study provides a reference for the development of multipurpose mental health apps.

Download Full-text

Net Neutrality and Mobile App Innovation in Denmark and Netherlands 2010–2016

Review of Network Economics ◽

10.1515/rne-2019-0012 ◽

2018 ◽

Vol 17 (3) ◽

pp. 207-224

Author(s):

Roslyn Layton

Keyword(s):

Mobile Networks ◽

Mobile Apps ◽

Self Regulation ◽

Mobile App ◽

Net Neutrality ◽

The European Union ◽

App Development ◽

The Us ◽

Before And After ◽

The Impact

Abstract Net neutrality or “Open Internet” rulemaking has been ongoing for more than a decade. Some 50 nations have adopted formal rules including the US (then repealed), the European Union, India, and many countries in Latin America. Among other arguments, it is asserted that net neutrality rules are necessary for application innovation. While the focus for policymakers has largely been to make rules, there is less attention on how to measure the impact of such rules and how well they achieve their innovation goals. The article summaries a specific research investigation to what degree the introduction of rules in a given country stimulates innovation in that country’s mobile app ecosystem. The focus in on mobile networks because it allowed the most consistent data across countries. The study covered 53 countries, their net neutrality policies (or lack thereof), and the results to the respective mobile application ecosystems of the countries adopting rules between the period of 2010–2016. This investigation tests the proposition that countries which adopt net neutrality rules should experience an increase in mobile app development innovation within their national economy. To test this, a statistical methodology was developed based upon measuring the number of locally developed mobile apps in the country for relevant periods before and after rules are imposed and the corresponding app downloads, usage, and revenue. Measurement was conducted with two independent toolsets and adjusted for the sophistication and penetration of advanced mobile networks in the country. To make more meaningful comparisons and avoid inevitable heterogeneity across the countries, the investigation focuses on two similar countries with different rules, Denmark with soft rules (self-regulation) and Netherlands with hard rules (legislation). The study reviewed the leading theories of innovation as well as the foundational papers in net neutrality to explain the observed discrepancies. The research finds significant statistical support for “soft” net neutrality measures adopted on a voluntary basis. Hard rules adopted through legislation and regulation were not associated with greater mobile app development for the given country. Denmark increased in local mobile app development while Netherlands decreased. Additionally, the explosion of mobile apps from countries with no net neutrality rules and the general dearth of mobile apps from countries which have had hard rules for years runs counter to expected results. This suggests that policymakers revisit their assumptions and expectations for net neutrality policy.

Download Full-text

Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6309.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 7244-7250

Keyword(s):

Access Control ◽

Service Providers ◽

Health Data ◽

Security And Privacy ◽

Unique Identifier ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Revocation ◽

Role Based ◽

Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

Download Full-text

Evaluation of Mood Check-in Feature for Participation in Meditation Mobile App Users: Retrospective Longitudinal Analysis

JMIR mhealth and uhealth ◽

10.2196/27106 ◽

2021 ◽

Vol 9 (4) ◽

pp. e27106

Author(s):

Jennifer Huberty ◽

Jeni Green ◽

Megan Puzia ◽

Chad Stecher

Keyword(s):

Mental Health ◽

Longitudinal Analysis ◽

Mindfulness Meditation ◽

Mobile Apps ◽

Median Number ◽

Mobile App ◽

Rate Of Change ◽

Behavioral Strategies ◽

Before And After ◽

Intent To Treat

Background Mindfulness meditation smartphone apps may improve mental health but lack evidence-based behavioral strategies to encourage their regular use for attaining mental health benefits. In October 2019, the Calm mindfulness meditation app introduced a mood check-in feature, but its effects on participation in meditation have yet to be tested. Objective The objective of this study was to investigate how a mood check-in feature impacts meditation behavior in Calm app subscribers. Methods This was a retrospective longitudinal analysis of mobile app usage data from a random sample of first-time subscribers to the Calm app (n=2600) who joined in summer 2018 or summer 2019. The mood check-in feature allows users to rate their mood using an emoji after completing a meditation session and displays a monthly calendar of their past mood check-ins. Regression analyses were used to compare the rate of change in meditation behavior before and after the introduction of mood check-ins and to estimate how usage of mood check-ins was associated with individuals’ future meditation behavior (ie, intent-to-treat effects). Additional regression models examined the heterogenous effect of mood check-ins between subscribers who were active or inactive users prior to the introduction to mood check-ins (ie, above or below the median number of weeks with any meditation within their cohort). In order to confirm the specific associations between mood check-ins and meditation engagement, we modeled the direct relationship between the use of mood check-ins in previous weeks and subsequent meditation behavior (ie, treatment on the treated effects). Results During the first 9 months of their subscription, the 2019 cohort completed an average of 0.482 more sessions per week (95% CI 0.309 to 0.655) than the 2018 cohort; however, across both cohorts, average weekly meditation declined (–0.033 sessions per week, 95% CI –0.035 to –0.031). Controlled for trends in meditation before mood check-ins and aggregate differences between the 2018 and 2019 samples, the time trend in the number of weekly meditation sessions increased by 0.045 sessions among the 2019 cohort after the introduction of mood check-ins (95% CI 0.039 to 0.052). This increase in meditation was most pronounced among the inactive subscribers (0.063 sessions, 95% CI 0.052 to 0.074). When controlled for past-week meditation, use of mood check-ins during the previous week was positively associated with the likelihood of meditating the following week (odds ratio 1.132, 95% CI 1.059 to 1.211); however, these associations were not sustained beyond 1 week. Conclusions Using mood check-ins increases meditation participation in Calm app subscribers and may be especially beneficial for inactive subscribers. Mobile apps should consider incorporating mood check-ins to help better engage a wider range of users in app-based meditation, but more research is warranted.

Download Full-text

Managing Privacy and Effectiveness of Patient-Administered Authorization Policies

International Journal of Computational Models and Algorithms in Medicine ◽

10.4018/jcmam.2012040103 ◽

2012 ◽

Vol 3 (2) ◽

pp. 43-62

Author(s):

Thomas Trojer ◽

Basel Katt ◽

Ruth Breu ◽

Thomas Schabetsberger ◽

Richard Mair

Keyword(s):

Health Care ◽

Information System ◽

Access Control ◽

Data Privacy ◽

Evaluation Criteria ◽

Control Policy ◽

Health Data ◽

Personal Health ◽

Access Control Policy ◽

Authorization Policies

A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.

Download Full-text

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

Clinical Technologies ◽

10.4018/978-1-60960-561-2.ch211 ◽

2011 ◽

pp. 391-411 ◽

Cited By ~ 2

Author(s):

Luan Ibraimi ◽

Qiang Tang ◽

Pieter Hartel ◽

Willem Jonker

Keyword(s):

Access Control ◽

Health Data ◽

Personal Health Records ◽

Third Party ◽

Personal Health ◽

Encryption Scheme ◽

Web Based ◽

The Third ◽

Access Control Policies ◽

Identity Based

Download Full-text