Abstract
Mobile Health Data Collection Systems (MHDCS) use a combination of encryption and user access control to grant or deny permissions to data collectors. However, the data in MHDCS is of diverse value and types which calls for different security measures. The level of sensitivity of data in electronic health is a function of the context characterised by the social environment, patient and content among others. When mobile devices are used for data collection and tracking participants, there is need for a more refined security system that allows finer controlled access to specific data elements. In this paper, we provide a conceptual design and prototype implementation for a data sensitivity model that enables attribute-based data access control, based on the level of sensitivity of the data involved. By allowing specific form data elements to have different security levels, we enhance the security of MHDCS and allow more use cases including the use of a single form to collect data for different stakeholders with diverse data needs and concerns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Katarahweire, M., Bainomugisha, E., Mughal, K.A.: Authentication in selected mobile data collection systems: current state, challenges, solutions and gaps. In: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft), pp. 177–178 (2017)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. Secur. Commun. Netw. 5(6), 658–673 (2012)
DHIS2: Android tracker capture app (2016). https://docs.dhis2.org/2.25/en/android/html/android_tracker_capture.html. Accessed 1 Feb 2018
Open Data Kit: Open Data Kit Documentation (2017). https://docs.opendatakit.org/. Accessed 1 Feb 2018
mUzima: muzima (2016). http://muzima.org. Accessed 1 Feb 2018
Ministry of Health (Uganda): The health management information system (2014). http://www.gou.go.ug. Accessed 19 Nov 2018
Wang, G., Liu, Q., Wu, J.: Achieving fine-grained access control for secure data sharing on cloud servers. Concurrency Comput. Pract. Experience 23(12), 1443–1464 (2011)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
Pearson, S., Casassa-Mont, M.: Sticky policies: an approach for managing privacy across multiple parties. Computer 44(9), 60–68 (2011)
Andow, B., Wang, H.: A distributed Android security framework. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), pp. 1045–1052 (2015)
Wang, Y.: A formal syntax of natural languages and the deductive grammar. Fundamenta Informaticae 90(4), 353–368 (2009)
Ding, Y., Klein, K.: Model-driven application-level encryption for the privacy of e-health data. In: 2010 International Conference on Availability, Reliability and Security, pp. 341–346 (2010)
Mancini, F., Gejibo, S., Mughal, K.A., Valvik, R.A.B., Klungsøyr, J.: Secure mobile data collection systems for low-budget settings. In: 2012 Seventh International Conference on Availability, Reliability and Security, pp. 196–205 (2012)
Tawalbeh, L., Darwazeh, N.S., Al-Qassas, R.S., AlDosari, F.: A secure cloud computing model based on data classification. Procedia Comput. Sci. 52(Supplement C), 1153–1158 (2015)
Boukayoua, F., Lapon, J., De Decker, B., Naessens, V.: Secure storage on Android with context-aware access control. In: Proceedings of the Communications and Multimedia Security: 15th IFIP TC 6/TC 11 International Conference, CMS 2014, Aveiro, Portugal, 25–26 September 2014, pp. 46–59 (2014)
Keerie, C., Tuck, C., Milne, G., Eldridge, S., Wright, N., Lewis, S.C.: Data sharing in clinical trials - practical guidance on anonymising trial datasets. Trials 19(1), 25 (2018)
Tudur Smith, C., Hopkins, C., Sydes, M.R., Woolfall, K., Clarke, M., Murray, G., Williamson, P.: How should individual participant data (IPD) from publicly funded clinical trials be shared? BMC Med. 13(1), 298 (2015)
Chen, B.C., Kifer, D., LeFevre, K., Machanavajjhala, A.: Privacy-preserving data publishing. Found. Trends Databases 2(12), 1–167 (2009)
International Organisation for Standardisation: ISO 27799:2016 health informatics – information security management in health using ISO/IEC 27002 (2016). https://www.iso.org/standard/62777.html. Accessed 19 Jan 2018
Jones, E.: HIPAA ‘Protected Health Information’: What does PHI include? (2009). https://www.hipaa.com. Accessed 19 Dec 2017
Hrynaszkiewicz, I., Norton, M.L., Vickers, A.J., Altman, D.G.: Preparing raw clinical data for publication: guidance for journal editors, authors, and peer reviewers. BMJ 340(7741), 304–307 (2010)
Cooijmans, T., de Ruiter, J., Poll, E.: Analysis of secure key storage solutions on Android. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 11–20 (2014)
Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Katarahweire, M., Bainomugisha, E., Mughal, K.A. (2019). A Multi-level Data Sensitivity Model for Mobile Health Data Collection Systems. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S. (eds) New Knowledge in Information Systems and Technologies. WorldCIST'19 2019. Advances in Intelligent Systems and Computing, vol 932. Springer, Cham. https://doi.org/10.1007/978-3-030-16187-3_53
Download citation
DOI: https://doi.org/10.1007/978-3-030-16187-3_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16186-6
Online ISBN: 978-3-030-16187-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)