Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps
Joint Authors
Moura, Pedro
Fazendeiro, Paulo
Inácio, Pedro R. M.
Vieira-Marques, Pedro
Ferreira, Ana
Source
Journal of Healthcare Engineering
Issue
Vol. 2020, Issue 2020 (31 Dec. 2020), pp.1-14, 14 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2020-01-17
Country of Publication
Egypt
No. of Pages
14
Main Subjects
Abstract EN
Background.
Smartphones can tackle healthcare stakeholders’ diverse needs.
Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records.
Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content.
Objective.
To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies.
Methods.
Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks.
Results.
The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype.
Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system).
Conclusions.
Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.
American Psychological Association (APA)
Moura, Pedro& Fazendeiro, Paulo& Inácio, Pedro R. M.& Vieira-Marques, Pedro& Ferreira, Ana. 2020. Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps. Journal of Healthcare Engineering،Vol. 2020, no. 2020, pp.1-14.
https://search.emarefa.net/detail/BIM-1186276
Modern Language Association (MLA)
Moura, Pedro…[et al.]. Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps. Journal of Healthcare Engineering No. 2020 (2020), pp.1-14.
https://search.emarefa.net/detail/BIM-1186276
American Medical Association (AMA)
Moura, Pedro& Fazendeiro, Paulo& Inácio, Pedro R. M.& Vieira-Marques, Pedro& Ferreira, Ana. Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps. Journal of Healthcare Engineering. 2020. Vol. 2020, no. 2020, pp.1-14.
https://search.emarefa.net/detail/BIM-1186276
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1186276