research-article

Privacy in mobile technology for personal healthcare

Authors:
Sasikanth Avancha

Intel Labs Bangalore, Bangalore, India

Intel Labs Bangalore, Bangalore, India
View Profile

,
Amit Baxi

Intel Labs Bangalore, Bangalore, India

Intel Labs Bangalore, Bangalore, India
View Profile

,
David Kotz

Dartmouth College, Hanover, NH

Dartmouth College, Hanover, NH
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 45 Issue 1Article No.: 3pp 1–54https://doi.org/10.1145/2379776.2379779

Published:07 December 2012Publication History

ACM Computing Surveys

Abstract

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of mobile computing technologies that have the potential to transform healthcare. Such mHealth technology enables physicians to remotely monitor patients' health and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions.

References

Ackerman, M. S. and Mainwaring, S. D. 2005. Privacy issues and human-computer interaction. In Security and Usability: Designing Secure Systems that People Can Use, L. F. Cranor and S. Garfinkel, Eds., O'Reilly Media, 381--400. http://oreilly.com/catalog/9780596008277/.Google Scholar
ACLU 2009, American Civil Liberties Union. The American Recovery and Reinvestment Act of 2009: Health information technology, privacy summary. http://www.aclu.org/images/asset_upload_file625_38771.pdf. (last accessed 3/09).Google Scholar
Agrafioti, F. and Hatzinakos, D. 2008. Fusion of ECG sources for human identification. In Proceedings of the International Symposium on Communications, Control and Signal Processing (ISCCSP). IEEE Press, 1542--1547. DOI 10.1109/ISCCSP.2008.4537472.Google Scholar
Al Ameen, M., Liu, J., and Kwak, K. 2010. Security and privacy issues in wireless sensor networks for healthcare applications. J. Medical Syst. 1--9. DOI 10.1007/s10916-010-9449-4. Google ScholarDigital Library
AllOne Health. 2009. PHR access on mobile phone. http://www.allonemobile.com. (last accessed 3/09)Google Scholar
American Medical Association. 2009. HR.1, the American Recovery and Reinvestment Act of 2009: Explanation of privacy provisions. http://www.ama-assn.org/ama1/pub/upload/mm/399/arra-privacy-provisions.pdf. (last accessed 3/09).Google Scholar
Andersen, J. 2009. Secure group formation protocol for a medical sensor network prototype. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP). IEEE, 343--348. DOI 10.1109/ISSNIP.2009.5416771.Google ScholarCross Ref
Anvita Health. 2009. Google health on mobile phone. http://www.anvitahealth.com. (last accessed 3/09).Google Scholar
APEC 2005. APEC privacy framework. http://tinyurl.com/cusnax.Google Scholar
Appari, A. and Johnson, M. E. 2010. Information security and privacy in healthcare: Current state of research. Int. J. Internet Enterprise Manage. 6, 4, 279--314. http://mba.tuck.dartmouth.edu/pages/faculty/eric.johnson/pdfs/AJIJIEM.pdf.Google ScholarCross Ref
Aylward, R. and Paradiso, J. A. 2007. A compact, high-speed, wearable sensor network for biomotion capture and interactive media. In Proceedings of the International Workshop on Information Processing in Sensor Networks (IPSN). ACM, 380--389. DOI 10.1145/1236360.1236408. Google ScholarDigital Library
Baker, C. R., Armijo, K., Belka, S., Benhabib, M., Bhargava, V., Burkhart, N., Der Minassians, A., Dervisoglu, G., Gutnik, L., Haick, B. M., Ho, C., Koplow, M., Mangold, J., Robinson, S., Rosa, M., Schwartz, M., Sims, C., Stoffregen, H., Waterbury, A., Leland, E. S., Pering, T., and Wright, P. K. 2007. Wireless sensor networks for home health care. In Proceedings of the International Conference on Advanced Information Networking and Applications Workshops. IEEE Computer Society, 832--837. DOI 10.1109/AINAW.2007.376. Google ScholarDigital Library
Baldus, H., Klabunde, K., and Müsch, G. 2004. Reliable set-up of medical body-sensor networks. In Proceedings of the 1^st European Workshop on Wireless Sensor Networks. Lecture Notes in Computer Science, vol. 2920. Springer, 353--363. DOI 10.1007/978-3-540-24606-0-24.Google Scholar
Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. 2006. Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE Press, 15--29. DOI 10.1109/SP.2006.32. Google ScholarDigital Library
Barth, A. T., Hanson, M. A., Powell, H. C., Unluer, D., Wilson, S. G., and Lach, J. 2008. Body-coupled communication for body sensor networks. In Proceedings of the ICST International Conference on Body Area Networks (BodyNets). Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (ICST), 1--4. Online at http://portal.acm.org/citation.cfm&quest;id=1460257.1460273. Google ScholarDigital Library
Becher, E., Benenson, Z., and Dornseif, M. 2006. Tampering with motes: Real-world physical attacks on wireless sensor networks. In Proceedings of the International Conference on Security in Pervasive Computing (SPC). Springer-Verlag, 104--118. DOI 10.1007/11734666 9. Google ScholarDigital Library
Bekiaris, E., Damousis, I. G., and Tzovaras, D. 2008. Unobtrusive multimodal biometric authentication: The HUMABIO project concept. EURASIP J. Adv. Sig. Process. DOI 10.1155/2008/265767. Google ScholarDigital Library
Bellman, S., Johnson, E. J., and Lohse, G. L. 2001. To opt-in or opt-out&quest; it depends on the question. Comm. ACM 44, 2, 25--27. DOI 10.1145/359205.359241. Google ScholarDigital Library
Bichler, D., Stromberg, G., Huemer, M., and Löw, m. 2007. Key generation based on acceleration data of shaking processes. In Proceedings of Ubiquitous Computing (UbiComp). Lecture Notes in Computer Science Series, vol. 4717. Springer-Verlag, 304--317. DOI 10.1007/978-3-540-74853-3 18. Google ScholarDigital Library
Blough, D., Ahamad, M., Liu, L., and Chopra, P. 2008. MedVault: Ensuring security and privacy for electronic medical records. NSF CyberTrust Principal Investigators Meeting. Online at http://www.cs.yale.edu/cybertrust08/posters/posters/158 medvault_poster_CT08.pdf.Google Scholar
Boric-Lubecke, O. and Lubecke, V. M. 2002.Wireless house calls: using communications technology for health care and monitoring. IEEE Microwave Magazine 3, 3, 43--48. DOI 10.1109/MMW.2002.1028361.Google ScholarCross Ref
Brahmbhatt, B. 2010. Position and perspective of privacy laws in India. In AAAI Spring Symposium Series: Intelligent Information Privacy Management. AAAI. Online at http://www.aaai.org/ocs/index.php/SSS/SSS10/paper/view/1197/1474.Google Scholar
Bratus, S., Cornelius, C., Kotz, D., and Peebles, D. 2008. Active behavioral fingerprinting of wireless devices. In Proceedings of the ACM Conference on Wireless Network Security (WiSec). ACM, 56--61. DOI 10.1145/1352533.1352543. Google ScholarDigital Library
Breaux, T. D. and Antón, A. I. 2008. Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 1, 5--20. DOI 10.1109/TSE.2007.70746. Google ScholarDigital Library
Brik, V., Banerjee, S., Gruteser, M., and Oh, S. 2008. Wireless device identification with radiometric signatures. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 116--127. DOI 10.1145/1409944.1409959. Google ScholarDigital Library
Buckovich, S. A., Rippen, H. E., and Rozen, M. J. 1999. Driving toward guiding principles: A goal for privacy, confidentiality, and security of health information. J. AMIA 6, 2, 122--133. DOI 10.1136/jamia.1999.0060122.Google Scholar
CCHIT 2008. Consumer's guide to certification of personal health records. Booklet. Online at http://cchit. org/files/CCHITPHRConsumerGuide08.pdf.Google Scholar
CDT 2008. Comprehensive privacy and security: Critical for health information technology. White paper. Online at http://www.cdt.org/healthprivacy/20080514HPframe.pdf.Google Scholar
CDT 2009. Summary of health privacy provisions in the 2009 economic stimulus legislation. White paper. Online at http://www.cdt.org/healthprivacy/20090324_ARRAPrivacy.pdf.Google Scholar
CHCF 2008. Whose data is it anyway&quest; Expanding consumer control over personal health information. California Healthcare Foundation. Online at http://ehealth.chcf.org/topics/view. cfm&quest;itemID=133577.Google Scholar
Cherukuri, S., Venkatasubramanian, K. K., and Gupta, S. K. S. 2003. BioSec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In Proceedings of the International Conference on Parallel Processing Workshops. IEEE Computer Society, 432--439. DOI 10.1109/ICPPW.2003.1240399.Google Scholar
Choi, Y. B., Capitan, K. E., Krause, J. S., and Streeper, M. M. 2006. Challenges associated with privacy in healthcare industry: Implementation of HIPAA and security rules. J. Med. Syst. 30, 1, 57--64. DOI 10.1007/s10916-006-7405-0. Google ScholarDigital Library
Cohn, S. P. 2006. Privacy and confidentiality in the nationwide health information network. Online at http://www.ncvhs.hhs.gov/060622lt.htm.Google Scholar
Collins, T. 2006. NHS trust uncovers password sharing risk to patient data. Computer Weekly. Online at http://www.computerweekly.com/Articles/2006/07/11/216882/nhs-trust-uncovers-password-sharing-risk-to-patient.htm.Google Scholar
Cornelius, C., and Kotz, D. 2010. On usable authentication for wireless body area networks. In Proceedings of the USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth. edu/_dfk/papers/abstracts/cornelius-healthsec10.html.Google Scholar
Cornelius, C. and Kotz, D. 2011. Recognizing whether sensors are on the same body. In Proceedings of the International Conference on Pervasive Computing. Lecture Notes in Computer Science. Springer, 332--349. DOI 10.1007/978-3-642-21726-5 21. Google ScholarDigital Library
Covington, M., Moyer, M., and Ahamad, M. 2000. Generalized role-based access control for securing future applications. In Proceedings of the National Information Systems Security Conference. NIST. Online at http://csrc.nist.gov/nissc/2000/proceedings/papers/040.pdf.Google Scholar
Cranor, L. F. 2003. ‘I didn't buy it for myself’: Privacy and ecommerce personalization. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES). ACM, 111--117. DOI 10.1145/1005140.1005158. Google ScholarDigital Library
Cranor, L. F. 2005. Privacy policies and privacy preferences. In Security and Usability: Designing Secure Systems that People Can Use. L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 22, 447--469. Online at http://oreilly.com/catalog/9780596008277/.Google Scholar
Cranor, L. F. 2008. A framework for reasoning about the human in the loop. In Proceedings of the Conference on Usability, Psychology, and Security (UPSEC). USENIX Association, 1--15. Online at http://static.usenix.org/event/upsec08/tech/full_pasess/cranor/cranor.pdf. Google ScholarDigital Library
Dai Zovi, D. A. and Macaulay, S. A. 2005. Attacking automatic wireless network selection. In Proceedings of the IEEE SMC Information Assurance Workshop. IEEE Press, 365--372. DOI 10.1109/IAW.2005.1495975.Google Scholar
De Mulder, Y., Danezis, G., Batina, L., and Preneel, B. 2008. Identification via location-profiling in GSM networks. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES). ACM, 23--32. DOI 10.1145/1456403.1456409. Google ScholarDigital Library
DH 2008, Intel Research. Digital Home project. Online at http://www.intel.com/research/exploratory/digitalhome.htm, visited Mar. 2008.Google Scholar
DIT 2011, Government of India, Department of Information Technology (DIT). Information Technology Act 2000 {India}. Online at http://www.mit.gov.in/content/information-technology-act-2000, visited Feb. 2011.Google Scholar
Dixon, P. 2006. Medical identity theft: The information crime that can kill you. Online at http://www.worldprivacyforum.org/pdf/wpfmedicalidtheft2006.pdf.Google Scholar
Domingo-Ferrer, J., Martínez-Ballesté, A., Mateo-Sanz, J. M. and Sebé, F. 2006. Efficient multivariate data-oriented microaggregation. VLDB J. 15, 4, 355--369. DOI 10.1007/s00778-006-0007-0. Google ScholarDigital Library
DS 2009, Daily Strength. Dailystrength.org. Online at http://www.dailystrength.org/, visited Oct. 2009.Google Scholar
Eisenman, S. B., Miluzzo, E., Lane, N. D., Peterson, R. A., Ahn, G.-S., and Campbell, A. T. 2009. BikeNet: A mobile sensing system for cyclist experience mapping. ACM Trans. Sensor Netw. (TOSN) 6, 1, 1--39. DOI http://doi.acm.org/10.1145/1653760.1653766. Google ScholarDigital Library
Enck, W., Ongtang, M., and Mcdaniel, P. 2009. On lightweight mobile phone application certification. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 235--245. DOI 10.1145/1653662.1653691. Google ScholarDigital Library
EU 2009, Office of the Data Protection Commissioner. EU Directive 95/46/EC: The data protection directive. Online at http://www.dataprotection.ie/viewdoc.asp&quest;DocID=92, visited Mar. 2009.Google Scholar
Ferraiolo, D. and Kuhn, R. 1992. Role based access control. In Proceedings of the National Computer Security Conference. NIST. Online at http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf.Google Scholar
Frank, M., Streich, A. P., Basin, D., and Buhmann, J. M. 2009. A probabilistic approach to hybrid role mining. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 101--111. DOI 10.1145/1653662.1653675. Google ScholarDigital Library
Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J. V., and Sicker, D. 2006. Passive data link layer 802.11 wireless device driver fingerprinting. In Proceedings of the USENIX Security Symposium. USENIX Association, 167--178. Online at http://www.usenix.org/events/sec06/tech/franklin.html. Google ScholarDigital Library
Friedman, B., Lin, P., and Miller, J. K. 2005. Informed consent by design. In Security and Usability: Designing Secure Systems that People Can Use. L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 24, 495--521. Online at http://oreilly.com/catalog/9780596008277/.Google Scholar
Garcia-Morchon, O. and Baldus, H. 2008. Efficient distributed security for wireless medical sensor networks. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing. IEEE, 249--254. DOI 10.1109/ISSNIP.2008.4761995.Google Scholar
Garcia-Morchon, O., Falck, T., Heer, T., and Wehrle, K. 2009. Security for pervasive medical sensor networks. In Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous). IEEE Press. DOI 10.4108/ICST.MOBIQUITOUS2009.6832.Google Scholar
GD. 2011. Giesecke and Devrient GmbH. Online at http://www.gi-de.com/, visited Mar. 2011.Google Scholar
Gedik, B. and Liu, L. 2008. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Trans. Mobile Comput. 7, 1, 1--18. DOI 10.1109/TMC.2007.1062. Google ScholarDigital Library
GH 2008, Google. Google Health. Online at https://www.google.com/health, visited Nov. 2008.Google Scholar
Georgia Institute of Technology. 2008. Aware Home project. http://www.cc.gatech.edu/fce/ahri/. (last accessed 3/08).Google Scholar
Giannetsos, T., Dimitriou, T., and Prasad, N. R. 2011. People-centric sensing in assistive healthcare: Privacy challenges and directions. Secur. Commun. Netw. DOI 10.1002/sec.313. Google ScholarDigital Library
Gilbert, P., Cox, L. P., Jung, J., and Wetherall, D. 2010. Toward trustworthy mobile sensing. In Proceedings of the Workshop on Mobile Computing Systems & Applications (HotMobile). ACM, 31--36. DOI 10.1145/1734583.1734592. Google ScholarDigital Library
Goldman, J. 1998. Protecting privacy to improve health care. Health Affairs 17, 6, 47--60. DOI 10.1377/hlthaff.17.6.47.Google ScholarCross Ref
Golle, P. and Partridge, K. 2009. On the anonymity of home/work location pairs. In Proceedings of Pervasive Computing. Lecture Notes in Computer Science Series, vol. 5538. Springer-Verlag, 390--397. DOI 10.1007/978-3-642-01516-8_26. Google ScholarDigital Library
Goyal, V. 2007. Certificate revocation using fine grained certificate space partitioning. In Proceedings of the International Conference on Financial Cryptography and Data Security (FCDS). S. Dietrich and R. Dhamija, Eds. Lecture Notes in Computer Science Series, vol. 4888. Springer-Verlag, 247--259. DOI 10.1007/978-3-540-77366-5_24. Google ScholarDigital Library
Goyal, V., Pandey, O., Sahai, A., and Waters, B. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 89--98. DOI 10.1145/1180405.1180418. Google ScholarDigital Library
Greenstein, B., McCoy, D., Pang, J., Kohno, T., Seshan, S., and Wetherall, D. 2008. Improving wireless privacy with an identifier-free link layer protocol. In Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys). ACM Press, 40--53. DOI 10.1145/1378600.1378607. Google ScholarDigital Library
Gruteser, M. and Grunwald, D. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the International Conference on Mobile Systems, Applications and Services (MobiSys). ACM, 31--42. DOI 10.1145/1066116.1189037. Google ScholarDigital Library
Gutmann, P. 2002. PKI: It's not dead, just resting. IEEE Computer 35, 8, 41--49. DOI 10.1109/MC.2002.1023787. Google ScholarDigital Library
Halamka, J. 2008. Respecting patient privacy preferences. Blog-- Life as a Healthcare CIO. Online at http://geekdoctor.blogspot.com/2008/01/respecting-patient-privacy-preferences.html.Google Scholar
Halamka, J., Leavitt, M., and Tooker, J. 2009. A shared roadmap and vision for health IT. Position statement. Online at http://tinyurl.com/c8ztuy.Google Scholar
Halperin, D., Heydt-Benjamin, T. S., Ransford, B., Clark, S. S., Defend, B., Morgan, W., Fu, K., Kohno, T., and Maisel, W. H. 2008a. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE Press, 129--142. DOI 10.1109/SP.2008.31. Google ScholarDigital Library
Halperin, D., Thomas, Fu, K., Kohno, T., and Maisel, W. H. 2008b. Security and privacy for implantable medical devices. IEEE Pervas. Comput. 7, 1, 30--39. DOI 10.1109/MPRV.2008.16. Google ScholarDigital Library
HHS 2009, US Department of Human and Health Services. Draft model personal health record (PHR) privacy notice & facts-at-a-glance. Online at http://tinyurl.com/cxm4q3, visited Apr. 2009.Google Scholar
HIPAA 2010, HHS. HIPAA website. Online at http://www.hhs.gov/ocr/privacy/, visited Mar. 2010.Google Scholar
HITECH1 2009, Coppersmith Gordon Schermer and Brockelman. HITECH Act expands HIPAA privacy and security rules. Online at http://www.azhha.org/member_and_media_resources/documents/HITECHAct. pdf, visited Nov. 2009.Google Scholar
HITECH2 2009, HIPAA Survival Guide. HITECH Act text. Online at http://www.hipaasurvivalguide.com/hitech-act-text.php, visited Nov. 2009.Google Scholar
HITSP 2008. TP-30: HITSP manage consent directives transaction package. Online at http://www.hitsp.org/ConstructSet Details.aspx&quest;&PrefixAlpha=2&PrefixNumeric=30.Google Scholar
HL 2009, Health Law News and Notes. FAQs on ARRA/Stimulus Bill changes for business associates. Online at http://healthlawoffices. com/blog/&quest;p=85, visited Mar. 2009.Google Scholar
Hoh, B. and Gruteser, M. 2005. Protecting location privacy through path confusion. In Proceedings of the IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm). IEEE Press. DOI 10.1109/SECURECOMM.2005.33. Google ScholarDigital Library
Hoh, B., Gruteser, M., Xiong, H., and Alrabady, A. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 161--171. DOI 10.1145/1315245.1315266. Google ScholarDigital Library
HPP 1999. Best principles for health privacy. Georgetown University. Online at http://www.healthprivacy. org/usr doc/33807.pdf.Google Scholar
HPP 2007. Best practices for employers offering personal health records (PHRs). Developed by the Employers' Working Group on Personal Health Records (PHRs). Online at http://www.cdt.org/healthprivacy/2007Best Practices.pdf.Google Scholar
Hu, W., Corke, P., Shih, W. C., and Overs, L. 2009. secFleck: A public key technology platform for wireless sensor networks. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN). Springer-Verlag, 296--311. DOI 10.1007/978-3-642-00224-3 19. Google ScholarDigital Library
Iachello, G. and Hong, J. 2007. End-user privacy in human-computer interaction. Found. Trends Hum.-Comput. Interact. (FTHCI) 1, 1--137. DOI 10.1561/1100000004. Google ScholarDigital Library
IHE 2009, IHE International. IHE profiles. Online at http://www.ihe.net/profiles/index.cfm, visited Nov. 2009.Google Scholar
India 2011. Information technology rules GSR 313(E)-316(E). Government of India. http://deity.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf.Google Scholar
Irvine, J. M., Israel, S. A., Scruggs, T. W., and Worek, W. J. 2008. eigenPulse: Robust human identification from cardiovascular function. Patt. Recog. 41, 11, 3427--3435. DOI 10.1016/j.patcog. 2008.04.015. Google ScholarDigital Library
ISTPA 2007. Analysis of privacy principles: Making privacy operational. Online at http://www.istpa. org/pdfs/ISTPAAnalysisofPrivacyPrinciplesV2.pdf.Google Scholar
Jain, A. K., Flynn, P., and Ross, A. A., Eds. 2007. Handbook of Biometrics. Springer-Verlag. Online at http://www.springer.com/computer/computer+imaging/book/978-0-387-71040-2. Google ScholarDigital Library
Jain, A. K., Ross, A., and Prabhakar, S. 2004. An introduction to biometric recognition. IEEE Trans. Circ. Syst. Video Tech. 14, 1, 4--20. DOI 10.1109/TCSVT.2003.818349. Google ScholarDigital Library
Jana, S., Premnath, S. N., Clark, M., Kasera, S. K., Patwari, N., and Krishnamurthy, S. V. 2009. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 321--332. DOI 10.1145/1614320.1614356. Google ScholarDigital Library
Jea, D., Liu, J., Schmid, T., and Srivastava, M. B. 2008. Hassle free fitness monitoring. In Proceedings of the Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (HealthNet). ACM. DOI 10.1145/1515747.1515756. Google ScholarDigital Library
Johnson, M. E. 2009. Data hemorrhages in the health-care sector. In Financial Cryptography and Data Security. Springer-Verlag. DOI 10.1007/978-3-642-03549-4_5. Google ScholarDigital Library
Jones, V., Mei, H., Broens, T., Widya, I., and Peuscher, J. 2007. Context aware body area networks for telemedicine. In Advances in Multimedia Information Processing (PCM). Springer-Verlag, 590--599. DOI 10.1007/978-3-540-77255-2_74. Google ScholarDigital Library
Kaplan, D. 2009. Group unveils first-of-its-kind standard to secure patient data. SC Magazine. Online at http://www.scmagazineus.com/Group-unveils-first-of-its-kind-standard-to-secure-patient-data/article/128168/.Google Scholar
Karat, C., Brodie, C., and Karat, J. 2005. Usability design and evaluation for privacy and security solutions. In Security and Usability: Designing Secure Systems that People Can Use, L. F. Cranor and S. Garfinkel, Eds. O'Reilly Media, Chapter 4, 47--74. Online at http://oreilly.com/catalog/9780596008277/.Google Scholar
Kelley, P. G., Cesca, L., Bresee, J., and Cranor, L. F. 2010. Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the International Conference on Human Factors in Computing Systems (CHI). ACM, 1573--1582. DOI 10.1145/1753326.1753561. Google ScholarDigital Library
Kelley, P. G., Hankes Drielsma, P., Sadeh, N., and Cranor, L. F. 2008. User-controllable learning of security and privacy policies. In Proceedings of the ACM Workshop on Security and Artificial Intelligence (AIsec). ACM, 11--18. DOI 10.1145/1456377.1456380. Google ScholarDigital Library
Klasnja, P., Consolvo, S., Choudhury, T., and Beckwith, R. 2009. Exploring privacy concerns about personal sensing. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Springer-Verlag. DOI 10.1007/978-3-642-01516-8_13. Google ScholarDigital Library
Kleidermacher, D. 2008. Next generation secure mobile devices. Inf. Quart. 7, 4, 14--17. Online at http://www.iqmagazineonline.com/article.php&quest;issue=25&article_id=1041.Google Scholar
Kotz, D. 2011. A threat taxonomy for mHealth privacy. In Proceedings of the Workshop on Networked Healthcare Technology (NetHealth). IEEE Press. DOI 10.1109/COMSNETS.2011.5716518.Google ScholarCross Ref
Kotz, D., Avancha, S., and Baxi, A. 2009. A privacy framework for mobile health and home-care systems. In Proceedings of the Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS). ACM, 1--12. DOI 10.1145/1655084.1655086. Google ScholarDigital Library
Kuie, T. S. 2003. The impact of data privacy protection in medical practice in Singapore. SGH Proc. 12, 4, 201--207. Online at http://www.pgmi.com.sg/SGHproceeding/12-4/impact&percnt;20of&percnt;20data&percnt;20privacy.pdf.Google Scholar
Kulkarni, P. and ÖZtürk, Y. 2007. Requirements and design spaces of mobile medical care. SIGMOBILE Mobile Comput. Commun. Rev. 11, 3, 12--30. DOI 10.1145/1317425.1317427. Google ScholarDigital Library
Kumar, A., Saxena, N., Tsudik, G., and Uzun, E. 2009. A comparative study of secure device pairing methods. Pervas. Mobile Comput. 5, 6, 734--749. DOI 10.1016/j.pmcj.2009.07.008. Google ScholarDigital Library
Kumaraguru, P. and Cranor, L. 2006. Privacy in India: Attitudes and awareness. In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), G. Danezis and D. Martin, Eds. Springer, 243--258. DOI 10.1007/11767831_16. Google ScholarDigital Library
Liu, A. and Ning, P. 2008. TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In Proceedings of the International Workshop on Information Processing in Sensor Networks (IPSN). IEEE Press. DOI 10.1109/IPSN.2008.47. Google ScholarDigital Library
Lowrance, W. W. 2009. Privacy and health research: New laws in Europe. The HHS Data Council, US Department of Health and Human Services. Online at http://aspe.hhs.gov/datacncl/PHR5.htm.Google Scholar
Machanavajjhala, A., Gehrke, J., Kifer, D., and Venkitasubramaniam, M. 2006. l-diversity: Privacy beyond k-anonymity. In Proceedings of the International Conference on Data Engineering (ICDE). IEEE Press, 24--85. DOI 10.1109/ICDE.2006.1. Google ScholarDigital Library
Mack, D. C., Alwan, M., Turner, B., Suratt, P., and Felder, R. A. 2006. A passive and portable system for monitoring heart rate and detecting sleep apnea and arousals: Preliminary validation. In Proceedings of the Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare (D2H2). IEEE Computer Society, 51--54. DOI 10.1109/DDHH.2006.1624795.Google Scholar
Malan, D. J., Welsh, M., and Smith, M. D. 2008. Implementing public-key infrastructure for sensor networks. ACM Trans. Sensor Netw. (TOSN) 4, 4, 1--23. DOI 10.1145/1387663.1387668. Google ScholarDigital Library
Malasri, K. and Wang, L. 2007. Addressing security in medical sensor networks. In Proceedings of the Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments (HealthNet). ACM Press, 7--12. DOI 10.1145/1248054.1248058. Google ScholarDigital Library
Malasri, K. and Wang, L. 2008. Design and implementation of a secure wireless mote-based medical sensor network. In Proceedings of Conference on Ubiquitous Computing (UbiComp). ACM, 172--181. DOI 10.1145/1409635.1409660. Google ScholarDigital Library
Malin, B. 2006. Re-identification of familial database records. In Proceedings of the AMIA Annual Symposium. AMIA, 524--528. Online at http://view.ncbi.nlm.nih.gov/pubmed/17238396.Google Scholar
Malin, B. and Airoldi, E. 2007. Confidentiality preserving audits of electronic medical record access. Stud. Health Tech. Informat. 129, Part 1, 320--324. Online at http://view.ncbi.nlm.nih. gov/pubmed/17911731.Google Scholar
Mare, S. and Kotz, D. 2010. Is Bluetooth the right technology for mHealth&quest; In USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth.edu/dfk/papers/abstracts/mare-healthsec10.html.Google Scholar
Mare, S., Sorber, J., Shin, M., Cornelius, C., and Kotz, D. 2011. Adaptive security and privacy for mHealth sensing. In Proceedings of the USENIX Workshop on Health Security (HealthSec). Online at http://www.cs.dartmouth.edu/dfk/papers/mare-healthsec11.pdf. Google ScholarDigital Library
Martin, L. 2008. Identity-based encryption and beyond. IEEE Security and Privacy 6, 62--64. Online at DOI 10.1109/MSP,2008.120. Google ScholarDigital Library
Mary Hitchcock Memorial Hospital and Dartmouth-Hitchcock Clinics. 2009. The Dartmouth-Hitchcock Privacy Group policy statement on the privacy & confidentiality of patient information.Google Scholar
Mathur, S., Trappe, W., Mandayam, N., Ye, C., and Reznik, A. 2008. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 128--139. DOI 10.1145/1409944.1409960. Google ScholarDigital Library
Mayrhofer, R. and Gellersen, H. 2007. Shake well before use: Authentication based on accelerometer data. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Lecture Notes in Computer Science Series, vol. 4480. Springer-Verlag, 144--161. DOI 10.1007/978-3-540-72037-9_9. Google ScholarDigital Library
McDaniel, P. and Rubin, A. 2000. A response to “Can we eliminate certificate revocation lists&quest;”. In Proceedings of the International Conference on Financial Cryptography (FC), Y. Frankel, Ed. Lecture Notes in Computer Science Series, vol. 1962. Springer-Verlag, 245--258. DOI 10.1007/3-540-45472-1_17. Google ScholarDigital Library
Merkle, R. 1982. Method of providing digital signatures. US Patent 4309569. Online at http://patft.uspto.gov/netacgi/nph-Parser&quest;patentnumber=4309569.Google Scholar
Messmer, E. 2008. Health care organizations see cyberattacks as growing threat. Network World. Online at http://tinyurl.com/66b2py.Google Scholar
MF 2008. Common Framework for networked personal health information: Overview and principles. Connecting for Health. Online at http://connectingforhealth.org/phti/docs/Overview.pdf.Google Scholar
MFC 2009, Markle Foundation: Connecting for Health. Consumer consent to collections, uses, and disclosures of information. Online at http://connectingforhealth.org/phti/docs/CP3.pdf, visited Nov. 2009.Google Scholar
mH 2009, Wikipedia. mHealth. Online at http://en.wikipedia.org/wiki/Mhealth, visited Apr. 2009.Google Scholar
MHV 2008, Microsoft. The HealthVault web-based PHR. Online at http://www.healthvault.com, visited Nov. 2008.Google Scholar
Micali, S. 2002. NOVOMODO: Scalable certificate validation and simplified PKI management. In Proceedings of the PKI Research Workshop. NIST. Online at http://www.cs.dartmouth.edu/_pki02/Micali/paper.pdf.Google Scholar
MID. 2009, Wikipedia. Mobile internet device. Online at http://en.wikipedia.org/wiki/Mobile Internet Device, visited May 2009.Google Scholar
Mišić, J. 2008. Enforcing patient privacy in healthcare WSNs using ECC implemented on 802.15.4 beacon enabled clusters. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE Computer Society Press, 686--691. DOI 10.1109/PERCOM.2008.28. Google ScholarDigital Library
Mokbel, M. F., Chow, C.-Y., and Aref, W. G. 2006. The new Casper: query processing for location services without compromising privacy. In Proceedings of the International Conference on Very Large Data Bases (VLDB). VLDB Endowment, 763--774. Online at http://www.vldb.org/conf/2006/p763-mokbel.pdf. Google ScholarDigital Library
Molina, A. D., Salajegheh, M., and Fu, K. 2009. HICCUPS: Health information collaborative collection using privacy and security. In Proceedings of the Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS). ACM Press, 21--30. DOI 10.1145/1655084.1655089. Google ScholarDigital Library
Mont, M. C., Bramhall, P., and Harrison, K. 2003. A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care. In Proceedings of the International Workshop on Database and Expert Systems Applications. IEEE Press, 432--437. DOI 10.1109/DEXA.2003.1232060. Google ScholarDigital Library
Moore, J. 2009. The feds and PHR privacy. Government Health IT. Online at http://www.govhealthit.com/Articles/2009/01/26/The-feds-and-PHR-privacy.aspx.Google Scholar
Motta, G. H. and Furuie, S. S. 2003. A contextual role-based access control authorization model for electronic patient record. IEEE Trans. Inf. Tech. Biomed. 7, 3, 202--207. DOI 10.1109/TITB.2003.816562. Google ScholarDigital Library
MPWG. 2009, Trusted Computing Group. Mobile Phone Work Group. Online at http://www. trustedcomputinggroup.org/developers/mobile, visited May 2009.Google Scholar
MTM. 2008, Trusted Computing Group. Mobile Phone Work Group Mobile Trusted Module Specification, Version 1.0. Online at http://www.trustedcomputinggroup.org/resources/mobile_phone_workgroup_mobile_trusted_module_specification_version_10, visited June 2008.Google Scholar
Muralidhar, K. and Sarathy, R. 2005. An enhanced data perturbation approach for small data sets. Dec. Sci. 36, 3, 513--529. DOI 10.1111/j.1540-5414.2005.00082.Google Scholar
NAHIT 2008. Defining key health information technology terms. Report to the Office of the National Coordinator for Health Information Technology. Online at http://www.nahit.org/images/pdfs/HITTermsFinalReport_051508.pdf.Google Scholar
NCVHS 2008. Individual control of sensitive health information accessible via NHIN. NCVHS letter to HHS Secretary. Online at http://www.ncvhs.hhs gov/080220lt.pdf.Google Scholar
NHS 2009a, UK National Health Service. Connecting for Health. Online at http://www.connectingforhealth. nhs.uk/, visited Mar. 2009.Google Scholar
NHS 2009b, UK National Health Service. Connecting for Health: Systems and services. Online at http://www.connectingforhealth.nhs.uk/systemsandservices, visited Mar. 2009.Google Scholar
Ni, Q., Lin, D., Bertino, E., and Lobo, J. 2007a. Conditional privacy-aware role based access control. In Proceedings of the European Symposium On Research In Computer Security (ESORICS). Lecture Notes in Computer Science Series, vol. 4734. Springer-Verlag, 72--89. DOI 10.1007/978-3-540-74835-9_6. Google ScholarDigital Library
Ni, Q., Trombetta, A., Bertino, E., and Lobo, J. 2007b. Privacy-aware role based access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). ACM, 41--50. DOI 10.1145/1266840.1266848. Google ScholarDigital Library
Nissenbaum, H. 2004. Privacy as contextual integrity. Washington Law Review 79, 119--158. Online at http://www.nyu.edu/projects/nissenbaum/papers/washingtonlawreview.pdf.Google Scholar
NZHIPC. 2008. Health information privacy code 1994. New Zealand. 2008 revised edition. Online at http://www.privacy.org.nz/assets/Files/Codes-of-Practice-materials/HIPC-1994-2008-revised-edition.pdf.Google Scholar
NZPA. 1993. Privacy act 1993. New Zealand legislature, Public Act 1993 No. 28. Online at http://www. legislation.govt.nz/act/public/1993/0028/latest/096be8ed80604d98.pdf.Google Scholar
OECD. 1980. OECD guidelines on the protection of privacy and transborder flows of personal data. Online at http://preview.tinyurl.com/2of8ox.Google Scholar
ONC 2008. The nationwide privacy and security framework for electronic exchange of individually identifiable health information. Online at http://www.hhs.gov/healthit/privacy/framework.html.Google Scholar
OW 2009, Organized Wisdom. Organizedwisdom.com. Online at http://organizedwisdom.com, visited Oct. 2009.Google Scholar
Pang, J., Greenstein, B., Gummadi, R., Seshan, S., and Wetherall, D. 2007. 802.11 user fingerprinting. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom). ACM, 99--110. DOI 10.1145/1287853.1287866. Google ScholarDigital Library
Paradiso, R., Loriga, G., and Taccini, N. 2005. A wearable health care system based on knitted integrated sensors. IEEE Trans. Inf. Tech. Biomed. 9, 3, 337--344. DOI 10.1109/TITB.2005.854512. Google ScholarDigital Library
PL 2008, Intel Research. PlaceLab project. Online at http://www.placelab.org/, visited Mar. 2008.Google Scholar
Pounder, C. 2007. Why the APEC privacy framework is unlikely to protect privacy. Out-Law.com. Online at http://www.out-law.com/default.aspx&quest;page=8550.Google Scholar
Prasad, A. and Kotz, D. 2010. Can I access your data&quest; Privacy management in mHealth. In Proceedings of the USENIX Workshop on Health Security and Privacy. USENIX Association. Online at http://www.cs.dartmouth.edu/~dfk/papers/abstracts/prasad-healthsec10.html.Google Scholar
Prasad, A., Sorber, J., Stablein, T., Anthony, D., and Kotz, D. 2011. Exposing privacy concerns in mHealth. In Proceedings of theUSENIX Workshop on Health Security (HealthSec). Online at http://www.cs.dartmouth.edu/~dfk/papers/prasad-healthsec11.pdf. Google ScholarDigital Library
Ravichandran, R., Benisch, M., Kelley, P. G., and Sadeh, N. M. 2009. Capturing social networking privacy preferences. In Proceedings of the International Symposium on Privacy Enhancing Technologies (PETS). Lecture Notes in Computer Science Series, vol. 5672. Springer-Verlag, 1--18. DOI 10.1007/978-3-642-03168-7_1. Google ScholarDigital Library
Riedl, B., Neubauer, T., Goluch, G., Boehm, O., Reinauer, G., and Krumboeck, A. 2007. A secure architecture for the pseudonymization of medical data. In Proceedings of the International Conference on Availability, Reliability and Security (ARES). IEEE press, 318--324. DOI 10.1109/ARES.2007.22. Google ScholarDigital Library
Rivest, R. L. 1998. Can we eliminate certificate revocations lists&quest; In Proceedings of the International Conference on Financial Cryptography (FC), R. Hirschfeld, Ed. Lecture Notes in Computer Science Series, vol. 1465. Springer-Verlag, 178--183. DOI 10.1007/BFb0055482. Google ScholarDigital Library
Rouse, W. B. 2008. Health care as a complex adaptive system: Implications for design and management. The Bridge 38, 1. Online at http://www.nae.edu/nae/bridgecom.nsf/weblinks/MKEZ-7CLKRV&quest; OpenDocument.Google Scholar
Safe. 2010. U.S. Department of Commerce.Welcome to the U.S.-EU & Swiss safe harbor frameworks. Online at http://www.export.gov/safeharbor, visited Oct. 2010.Google Scholar
Sahai, A. and Waters, B. 2005. Fuzzy identity-based encryption. In Proceedings of Advances in Cryptology (EUROCRYPT). Lecture Notes in Computer Science Series, vol. 3494. Springer-Verlag, 457--473. DOI 10.1007/11426639 27. Google ScholarDigital Library
Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308. DOI 10.1109/PROC,1975,9939.Google ScholarCross Ref
Samarati, P. 2001. Protecting respondents' identities in microdata release. IEEE Trans. Knowl. Data Eng. 13, 6, 1010--1027. DOI 10.1109/69.971193. Google ScholarDigital Library
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. DOI 10.1109/2.485845. Google ScholarDigital Library
Sankar, P. and Jones, N. L. 2005. To tell or not to tell: primary care patients' disclosure deliberations. Arch. Intern. Med. 165, 20, 2378--2383. DOI 10.1001/archinte.165.20.2378.Google ScholarCross Ref
Scholl, M., Stine, K., Hash, J., Bowen, P., Johnson, A., Smith, C. D., and Steinberg, D. I. 2008. An introductory resource guide for implementing the Health Insurance Portability and Accountability Act (HIPAA) security rule. Tech. Rep. 800-66-Rev1, National Institute of Standards and Technology. Oct. Online at http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf. Google ScholarDigital Library
Schwingenschlögl, C., Eichler, S., and Müller-rathgeber, B. 2006. Performance of PKI-based security mechanisms in mobile ad hoc networks. Int. J. Electron. Commun. 60, 1, 20--24. DOI 10.1016/j.aeue.2005.10.004.Google ScholarCross Ref
SH 2008, University of Rochester. Smart Home project at Center for Future Health. Online at http://www.futurehealth.rochester.edu/smart_home, visited Mar. 2008.Google Scholar
Sinclair, S. and Smith, S. W. 2008. Preventative directions for insider threat mitigation via access control. In Insider Attack and Cyber Security: Beyond the Hacker. Advances in Information Security Series, vol. 39. Springer-Verlag, 173--202. DOI 10.1007/978-0-387-77322-3_10.Google Scholar
Singelée, D. and Preneel, B. 2006. Location privacy in wireless personal area networks. In Proceedings of the ACM Workshop on Wireless Security (WiSe). ACM, 11--18. DOI 10.1145/1161289.1161292. Google ScholarDigital Library
Solworth, J. A. 2008. Instant revocation. In Public Key Infrastructure. Lecture Notes in Computer ScienceSeries, vol. 5057. Springer-Verlag, 31--48. DOI 10.1007/978-3-540-69485-4_3. Google ScholarDigital Library
Srinivasan, V., Stankovic, J., and Whitehouse, K. 2008. Protecting your daily in-home activity information from a wireless snooping attack. In Proceedings of the Conference on Ubiquitous Computing (UbiComp). ACM, 202--211. DOI 10.1145/1409635.1409663. Google ScholarDigital Library
Srinivasan, V., Stankovic, J., and Whitehouse, K. 2010. Using height sensors for biometric identification in multi-resident homes. In Proceedings of the International Conference on Pervasive Computing (Pervasive). Lecture Notes in Computer Science Series, vol. 6030. Springer, Berlin Heidelberg, 337--354. DOI 10.1007/978-3-642-12654-3_20. Google ScholarDigital Library
Sriram, J., Shin, M., Choudhury, T., and Kotz, D. 2009a. Activity-aware ECG-based patient authentication for remote health monitoring. In Proceedings of the International Conference on Multimodal Interfaces and Workshop on Machine Learning for Multi-modal Interaction (ICMI-MLMI). ACM, 297--304. DOI 10.1145/1647314.1647378. Google ScholarDigital Library
Sriram, J., Shin, M., Kotz, D., Rajan, A., Sastry, M., and Yarvis, M. 2009b. Challenges in data quality assurance in pervasive health monitoring systems. In Future of Trust in Computing, D. Gawrock, H. Reimer, A.-R. Sadeghi, and C. Vishik, Eds. Vieweg+Teubner Verlag, 129--142. DOI 10.1007/978-3-8348-9324-6 14.Google Scholar
Stanford, V. 2002. Pervasive health care applications face tough security challenges. IEEE Pervas. Comput. 1, 2, 8--12. DOI 10.1109/MPRV.2002.1012332. Google ScholarDigital Library
Steinbrook, R. 2009. Health care and the American Recovery and Reinvestment Act. New Eng. J. Med. 360, 11, 1057--1060. DOI 10.1056/NEJMp0900665.Google ScholarCross Ref
Sun, Y., La porta, T. F., and Kermani, P. 2009. A flexible privacy-enhanced location-based services system framework and practice. IEEE Trans. Mobile Comput. 8, 3, 304--321. DOI 10.1109/TMC.2008.112. Google ScholarDigital Library
Sundaram, B. and Chapman, B. 2005. A grid authentication system with revocation guarantees. In Proceedings of the Symposium on High Performance Computing (HiPC). Lecture Notes in Computer Science Series, vol. 3769. Springer, 508--517. DOI 10.1007/11602569_52. Google ScholarDigital Library
Sweeney, L. 2002. k-anonymity: A model for protecting privacy. Int. J. Uncert., Fuzz., Knowl.-Based Syst. 10, 5, 557--570. DOI 10.1142/S0218488502001648. Google ScholarDigital Library
Tan, C. C., Wang, H., Zhong, S., and Li, Q. 2009. IBE-lite: A lightweight identity-based cryptography for body sensor networks. IEEE Trans. Inf. Tech. Biomed. 13, 6, 926--932. DOI 10.1109/TITB.2009.2033055. Google ScholarDigital Library
TPM. 2009, Trusted Computing Group (TCG). Trusted Platform Module. Online at http://www. trustedcomputinggroup.org/developers/trusted_platform_module, visited May 2009.Google Scholar
University of Washington. 2008. Assisted Cognition project. http://www.cs.washington.edu/Assistcog. (last accessed 3/08).Google Scholar
Vadehra, S. 2011, Kan & Krishme, Attorneys at Law. India: Data protection and the IT Act India. Online at http://www.gala-marketlaw.com/joomla4/index.php&quest;option=com_content&&num;&num;38; view=article&&num;&num;38;id=261&&num;&num;38;Itemid=138, visited Jan. 2011.Google Scholar
Varshavsky, A., Lamarca, A., and De Lara, E. 2007a. Enabling secure and spontaneous communication between mobile devices using common radio environment. In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile). ACM, 9--13. DOI 10.1109/HotMobile.2007.12. Google ScholarDigital Library
Varshavsky, A., Scannell, A., Lamarca, A., and De Lara, E. 2007b. Amigo: Proximity-based authentication of mobile devices. In Proceedings of Ubiquitous Computing (UbiComp). Lecture Notes in Computer Science Series, vol. 4717. Springer-Verlag, 253--270. DOI 10.1007/978-3-540-74853-3_15. Google ScholarDigital Library
Varshney, U. 2007. Pervasive healthcare and wireless health monitoring. Mobile Netw. Appl. 12, 2-3, 113--127. DOI 10.1007/s11036-007-0017-1. Google ScholarDigital Library
Vitaletti, A. and Palombizio, G. 2007. Rijndael for sensor networks: Is speed the main issue&quest; Electron. Notes Theoret. Comput. Sci. (ENTCS) 171, 1, 71--81. DOI 10.1016/j.entcs.2006.11.010. Google ScholarDigital Library
Wang, Q., Shin, W., Liu, X., Zeng, Z., Oh, C., Alshebli, B. K., Caccamo, M., Gunter, C. A., Gunter, E., Hou, J., Karahalios, K., and Sha, L. 2006. I-Living: An open system architecture for assisted living. In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC). Vol. 5. IEEE press, 4268--4275. DOI 10.1109/ICSMC.2006.384805.Google Scholar
Wang, W., Motani, M., and Srinivasan, V. 2008. Dependent link padding algorithms for low latency anonymity systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 323--332. DOI 10.1145/1455770.1455812. Google ScholarDigital Library
Watro, R., Kong, D., Cuti, S.-F., Gardiner, C., Lynn, C., and Kruus, P. 2004. TinyPK: securing sensor networks with public key technology. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN). ACM, 59--64. DOI 10.1145/1029102.1029113. Google ScholarDigital Library
Weerasinghe, D., Elmufti, K., Rajarajan, M., and Rakocevic, V. 2007. Securing electronic health records with novel mobile encryption schemes. Int. J. Electron. Healthcare 3, 4, 395--416. DOI 10.1504/IJEH.2007.015320.Google ScholarCross Ref
Wong, F.-L. and Stajano, F. 2005. Location privacy in Bluetooth. In Proceedings of the European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS). Lecture Notes in Computer Science Series, vol. 3813. Springer-Verlag, 176--188. DOI 10.1007/11601494_15. Google ScholarDigital Library
Wright, C. V., Ballard, L., Coull, S. E., Monrose, F., and Masson, G. M. 2010. Uncovering spoken phrases in encrypted voice over IP conversations. ACM Trans. Inf. Syst. Sec. (TISSEC) 13, 4, 35:1--35:30. DOI 10.1145/1880022.1880029. Google ScholarDigital Library
Wright, C. V., Coull, S. E., and Monrose, F. 2009. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS). Internet Society. Online at http://www.isoc.org/isoc/conferences/ndss/09/pdf/14.pdf.Google Scholar
Xiao, Y., Rayi, V. K., Sun, B., Du, X., Hu, F., and Galloway, M. 2007. A survey of key management schemes in wireless sensor networks. Computer Communications 30, 11-12, 2314--2341. Special issue on security on wireless ad hoc and sensor networks, DOI 10.1016/j.comcom.2007.04.009. Google ScholarDigital Library

Index Terms

Privacy in mobile technology for personal healthcare

Recommendations

A privacy framework for mobile health and home-care systems
SPIMACS '09: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems

In this paper, we consider the challenge of preserving patient privacy in the context of mobile healthcare and home-care systems, that is, the use of mobile computing and communications technologies in the delivery of healthcare or the provision of at-...
Read More
Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

With an increasing emphasis on pervasive healthcare services, providing a high degree of privacy to patients is becoming a major challenge due to: (a) an increased number of avenues, such as device, access points, switches and database; (b) more threats ...
Read More
Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease
Asian CHI '21: Proceedings of the Asian CHI Symposium 2021

Personal Health Record (PHR) is a technology that usually is targeted to people with chronic illness or in the elderly and designed to supplement medical care with health monitoring outside traditional care environments in hospitals such as in person-...
Read More

Reviews

Reviewer: John S Fitzgerald

When you are sick, everyone wants your data. Advances in mobile computing are helping to create systems that gather detailed data from patients in real-life settings, and convey it to clinicians for individualized care. This trove of data can also be used to inform research, to assist government with evidence-based decision making, or for insurers, or perhaps advertisers, for business purposes. The implications for privacy are considerable. The authors build a conceptual privacy framework for this model based on ten principles derived from a review of the many existing frameworks. Turning to privacy technology, the paper systematically reviews threats ranging from compromising identity, through access control and data integrity, to the loss of devices. It becomes challenging to select established security measures, such as encryption, to respond to these threats, especially in mobile computing, where power is limited. The paper identifies other open research questions. By far the most striking of these questions relates to the challenge of faithfully conveying the effects of access control decisions to lay people, and obtaining informed patient consent to the disclosure of data. Other major questions include privacy at the mobile node, enforcement of controls, data identity, anonymization, and accountability, and the trade-offs between these various issues. This thorough and informative paper provides a guide to privacy for researchers and practitioners in healthcare informatics. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

ACM Computing Surveys Volume 45, Issue 1
November 2012
455 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2379776
Issue’s Table of Contents

Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 December 2012
- Accepted: 1 July 2011
- Revised: 1 May 2011
- Received: 1 December 2009
Published in csur Volume 45, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
HIPAA
Privacy framework
e-health
electronic health record
home healthcare
mHealth
medicine
mobile healthcare
personal health record
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 139
  Total Citations
  View Citations
- 6,301
  Total Downloads
- Downloads (Last 12 months)159
- Downloads (Last 6 weeks)20
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Privacy in mobile technology for personal healthcare

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

A privacy framework for mobile health and home-care systems

Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease

Reviews

Access critical reviews of Computing literature here

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Privacy in mobile technology for personal healthcare

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

A privacy framework for mobile health and home-care systems

Design and application of a Health Insurance Portability and Accountability Act-compliant privacy framework for pervasive healthcare

Improving The Usability of Personal Health Record in Mobile Health Application for People with Autoimmune Disease

Reviews

Access critical reviews of Computing literature here

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media