Final published version
Licence: CC BY: Creative Commons Attribution 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Security and Privacy for mHealth and uHealth Systems
T2 - A Systematic Mapping Study
AU - Iwaya, Leonardo Horn
AU - Ahmad, Aakash
AU - Ali Babar, M.
N1 - Publisher Copyright: © 2013 IEEE.
PY - 2020/12/31
Y1 - 2020/12/31
N2 - An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research, (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation. In contrast, areas of data governance, security and privacy policies, and program management are under-represented, although these are critical to most of the organizations that employ m/uHealth systems. Most research proposes new solutions with limited validation, reflecting a lack of evaluation of security and privacy of m/uHealth in the real world. Empirical research, development, and validation of m/uHealth security and privacy is still incipient, which may discourage practitioners from readily adopting solutions from the literature. This SMS facilitates knowledge transfer, enabling researchers and practitioners to engineer security and privacy for emerging and next generation of m/uHealth systems.
AB - An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research, (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation. In contrast, areas of data governance, security and privacy policies, and program management are under-represented, although these are critical to most of the organizations that employ m/uHealth systems. Most research proposes new solutions with limited validation, reflecting a lack of evaluation of security and privacy of m/uHealth in the real world. Empirical research, development, and validation of m/uHealth security and privacy is still incipient, which may discourage practitioners from readily adopting solutions from the literature. This SMS facilitates knowledge transfer, enabling researchers and practitioners to engineer security and privacy for emerging and next generation of m/uHealth systems.
KW - health information management
KW - medical information systems
KW - mobile computing
KW - privacy
KW - reviews
KW - Security
KW - ubiquitous computing
U2 - 10.1109/ACCESS.2020.3015962
DO - 10.1109/ACCESS.2020.3015962
M3 - Journal article
AN - SCOPUS:85090292898
VL - 8
SP - 150081
EP - 150112
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
M1 - 9165743
ER -