ABSTRACT
BACKGROUND: The increased application of Internet of Things (IoT) in healthcare, has fueled concerns regarding the security and privacy of patient data. Lightweight Cryptography (LWC) algorithms can be seen as a potential solution to address this concern. Due to the high variation of LWC, the primary objective of this study was to identify a suitable yet effective algorithm for securing sensitive patient information on IoT devices. METHODS: This study evaluates the performance of eight LWC algorithms-AES, PRESENT, MSEA, LEA, XTEA, SIMON, PRINCE, and RECTANGLE-using machine learning models. Experiments were conducted on a Raspberry Pi 3 microcontroller using 16 KB to 2048 KB files. Machine learning models were trained and tested for each LWC algorithm and their performance was evaluated based using precision, recall, F1-score, and accuracy metrics. RESULTS: The study analyzed the encryption/decryption execution time, energy consumption, memory usage, and throughput of eight LWC algorithms. The RECTANGLE algorithm was identified as the most suitable and efficient LWC algorithm for IoT in healthcare due to its speed, efficiency, simplicity, and flexibility. CONCLUSIONS: This research addresses security and privacy concerns in IoT healthcare and identifies key performance factors of LWC algorithms utilizing the SLR research methodology. Furthermore, the study provides insights into the optimal choice of LWC algorithm for enhancing privacy and security in IoT healthcare environments.
Subject(s)
Computer Security , Internet of Things , Machine Learning , Humans , Computer Security/standards , Algorithms , Confidentiality/standardsABSTRACT
AbstractDespite broad ethical consensus supporting developmentally appropriate disclosure of health information to older children and adolescents, cases in which parents and caregivers request nondisclosure continue to pose moral dilemmas for clinicians. State laws vary considerably regarding adolescents' rights to autonomy, privacy, and confidentiality, with many states not specifically addressing adolescents' right to their own healthcare information. The requirements of the 21st Century Cures Act have raised important ethical concerns for pediatricians and adolescent healthcare professionals regarding the protection of adolescent privacy and confidentiality, given requirements that chart notes and results be made readily available to patients via electronic portals. Less addressed have been the implications of the act for adolescents' access to their health information, since many healthcare systems' electronic portals are available to patients beginning at age 12, sometimes requiring that the patients themselves authorize their parents' access to the same information. In this article, we present a challenging case of protracted disagreement about an adolescent's right to honest information regarding his devastating prognosis. We then review the legal framework governing adolescents' rights to their own healthcare information, the limitations of ethics consultation to resolve such disputes, and the potential for the Cures Act's impact on electronic medical record systems to provide one form of resolution. We conclude that although parents in cases like the one presented here have the legal right to consent to medical treatment on their children's behalf, they do not have a corresponding right to direct the withholding of medical information from the patient.
Subject(s)
Confidentiality , Parents , Humans , Adolescent , Confidentiality/legislation & jurisprudence , Confidentiality/ethics , Male , United States , Disclosure/legislation & jurisprudence , Disclosure/ethics , Personal Autonomy , Parental Consent/legislation & jurisprudence , Parental Consent/ethics , Patient Rights/legislation & jurisprudence , Child , Privacy/legislation & jurisprudence , Electronic Health Records/ethics , Electronic Health Records/legislation & jurisprudence , Access to Information/legislation & jurisprudence , Access to Information/ethicsABSTRACT
BACKGROUND: Use of electronic methods to support informed consent ('eConsent') is increasingly popular in clinical research. This commentary reports the approach taken to implement electronic consent methods and subsequent experiences from a range of studies at the Leeds Clinical Trials Research Unit (CTRU), a large clinical trials unit in the UK. MAIN TEXT: We implemented a remote eConsent process using the REDCap platform. The process can be used in trials of investigational medicinal products and other intervention types or research designs. Our standard eConsent system focuses on documenting informed consent, with other aspects of consent (e.g. providing information to potential participants and a recruiter discussing the study with each potential participant) occurring outside the system, though trial teams can use electronic methods for these activities where they have ethical approval. Our overall process includes a verbal consent step prior to confidential information being entered onto REDCap and an identity verification step in line with regulator guidance. We considered the regulatory requirements around the system's generation of source documents, how to ensure data protection standards were upheld and how to monitor informed consent within the system. We present four eConsent case studies from the CTRU: two randomised clinical trials and two other health research studies. These illustrate the ways eConsent can be implemented, and lessons learned, including about differences in uptake. CONCLUSIONS: We successfully implemented a remote eConsent process at the CTRU across multiple studies. Our case studies highlight benefits of study participants being able to give consent without having to be present at the study site. This may better align with patient preferences and trial site needs and therefore improve recruitment and resilience against external shocks (such as pandemics). Variation in uptake of eConsent may be influenced more by site-level factors than patient preferences, which may not align well with the aspiration towards patient-centred research. Our current process has some limitations, including the provision of all consent-related text in more than one language, and scalability of implementing more than one consent form version at a time. We consider how enhancements in CTRU processes, or external developments, might affect our approach.
Subject(s)
Consent Forms , Informed Consent , Humans , Confidentiality , Clinical Trials as Topic/ethics , Clinical Trials as Topic/methods , Randomized Controlled Trials as Topic/ethics , Randomized Controlled Trials as Topic/methods , Research Subjects/psychology , England , Research DesignABSTRACT
OBJECTIVES: Organizations recommend providing confidential adolescent health care to reduce the consequences of high-risk health behaviors such as substance use, unhealthy eating patterns, and high-risk sexual behaviors. Family physicians are uniquely positioned to provide confidential counseling and care to this vulnerable population but must be trained to provide such care. This study describes the impact of formal and informal training on the knowledge of and comfort level in providing confidential adolescent healthcare among a sample of US Family Medicine residents. METHODS: Electronic surveys were distributed to all Family Medicine residents throughout the United States. We used descriptive statistics and χ2 analysis where appropriate to determine the association between resident-reported receipt of training, confidence, and frequency in providing confidential adolescent health care. RESULTS: A total of 714 Family Medicine residents completed the survey. The majority reported no formal training in residency (50.3%). The receipt of formal and informal training in both medical school and residency was associated with a greater degree of comfort in providing confidential adolescent care and a higher likelihood of providing confidential time alone. Those reporting formal training were more likely to always provide confidential care (P = 0.001). CONCLUSIONS: Training focused on confidential adolescent health care in medical school or residency was associated with a greater degree of comfort and a higher likelihood of providing confidential adolescent health care.
Subject(s)
Confidentiality , Family Practice , Internship and Residency , Humans , Internship and Residency/statistics & numerical data , United States , Female , Family Practice/education , Male , Adolescent , Adult , Surveys and Questionnaires , Adolescent Health Services/statistics & numerical data , Clinical Competence/statistics & numerical data , Health Knowledge, Attitudes, PracticeABSTRACT
BACKGROUND: Confidentiality is one of the central preconditions for clinical ethics support (CES). CES cases which generate moral questions for CES staff concerning (breaching) confidentiality of what has been discussed during CES can cause moral challenges. Currently, there seems to be no clear policy or guidance regarding how CES staff can or should deal with these moral challenges related to (not) breaching confidentiality within CES. Moral case deliberation is a specific kind of CES. METHOD: Based on experiences and research into MCD facilitators' needs for ethics support in this regard, we jointly developed an ethics support tool for MCD facilitators: the Confidentiality Compass. This paper describes the iterative developmental process, including our theoretical viewpoints and reflections on characteristics of CES tools in general. RESULTS: The content and goals of the ethics support tool, which contains four elements, is described. Part A is about providing information on the concept of confidentiality in MCD, part B is a moral compass with reflective questions, part C focuses on courses of action for careful handling of moral challenges related to confidentiality. Part D contains general lessons, best practices and tips for dealing with confidentiality in future cases. CONCLUSIONS: This paper concludes with providing some lessons-learned related to developing ethics support tools and some reflections on issues of quality and normativity of ethics support tools.
Subject(s)
Confidentiality , Ethics Consultation , Morals , Confidentiality/ethics , Humans , Ethics, Clinical , EmpathyABSTRACT
Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.
Subject(s)
Computer Security , Confidentiality , India , Humans , Confidentiality/legislation & jurisprudence , Computer Security/legislation & jurisprudence , Computer Security/standards , Physician-Patient Relations/ethics , Privacy/legislation & jurisprudenceABSTRACT
BACKGROUND: The involvement of pregnant women in vaccine clinical trials presents unique challenges for the informed consent process. We explored the expectations and experiences of the pregnant women, spouses/partners, health workers and stakeholders of the consent process during a Group B Streptococcus maternal vaccine trial. METHODS: We interviewed 56 participants including pregnant women taking part in the trial, women not in the trial, health workers handling the trial procedures, spouses, and community stakeholders. We conducted 13 in-depth interviews and focus group discussions with 23 women in the trial, in-depth interviews with 5 spouses, and 5 women not in the trial, key informant interviews with 5 health workers and 5 other stakeholders were undertaken. RESULTS: Decision-making by a pregnant woman to join a trial was done in consultation with spouse, parents, siblings, or trusted health workers. Written study information was appreciated by all but they suggested the use of audio and visual presentation to enhance understanding. Women stressed the need to ensure that their male partners received study information before their pregnant partners joined a clinical trial. Confidentiality in research was emphasised differently by individual participants; while some emphasised it for self, others were keen to protect their family members from being exposed, for allowing them to be involved in research. However, others wanted their community participation to be acknowledged. CONCLUSION: We found that pregnant women make decisions to join a clinical trial after consulting with close family. Our findings suggest the need for an information strategy which informs not only the pregnant woman, but also her family about the research she is invited to engage in.
Subject(s)
Breast Feeding , Decision Making , Informed Consent , Pregnant Women , Qualitative Research , Humans , Female , Pregnancy , Uganda , Informed Consent/ethics , Adult , Pregnant Women/psychology , Male , Spouses , Focus Groups , Clinical Trials as Topic/ethics , Streptococcal Infections/prevention & control , Confidentiality , Research Subjects/psychology , Young Adult , Health Personnel/psychology , Streptococcus agalactiaeABSTRACT
This study investigated people's ethical concerns of surveillance technology. By adopting the spectrum of technological utopian and dystopian narratives, how people perceive a society constructed through the compulsory use of surveillance technology was explored. This study empirically examined the anonymous online expression of attitudes toward the society-wide, compulsory adoption of a contact tracing app that affected almost every aspect of all people's everyday lives at a societal level. By applying the structural topic modeling approach to analyze comments on four Hong Kong anonymous discussion forums, topics concerning the technological utopian, dystopian, and pragmatic views on the surveillance app were discovered. The findings showed that people with a technological utopian view on this app believed that the implementation of compulsory app use can facilitate social good and maintain social order. In contrast, individuals who had a technological dystopian view expressed privacy concerns and distrust of this surveillance technology. Techno-pragmatists took a balanced approach and evaluated its implementation practically.
Subject(s)
Attitude , Mobile Applications , Privacy , Humans , Hong Kong , Contact Tracing/ethics , Contact Tracing/methods , Trust , Confidentiality , Technology/ethics , Internet , Female , Male , Adult , NarrationABSTRACT
BACKGROUND: Integrating artificial intelligence (AI) into healthcare has raised significant ethical concerns. In pharmacy practice, AI offers promising advances but also poses ethical challenges. METHODS: A cross-sectional study was conducted in countries from the Middle East and North Africa (MENA) region on 501 pharmacy professionals. A 12-item online questionnaire assessed ethical concerns related to the adoption of AI in pharmacy practice. Demographic factors associated with ethical concerns were analyzed via SPSS v.27 software using appropriate statistical tests. RESULTS: Participants expressed concerns about patient data privacy (58.9%), cybersecurity threats (58.9%), potential job displacement (62.9%), and lack of legal regulation (67.0%). Tech-savviness and basic AI understanding were correlated with higher concern scores (p < 0.001). Ethical implications include the need for informed consent, beneficence, justice, and transparency in the use of AI. CONCLUSION: The findings emphasize the importance of ethical guidelines, education, and patient autonomy in adopting AI. Collaboration, data privacy, and equitable access are crucial to the responsible use of AI in pharmacy practice.
Subject(s)
Artificial Intelligence , Humans , Cross-Sectional Studies , Female , Male , Adult , Artificial Intelligence/ethics , Middle East , Surveys and Questionnaires , Africa, Northern , Informed Consent/ethics , Confidentiality/ethics , Middle Aged , Beneficence , Pharmacists/ethics , Computer Security , Young Adult , Attitude of Health Personnel , Social Justice , PrivacyABSTRACT
BACKGROUND: There is data paucity regarding users' awareness of privacy concerns and the resulting impact on the acceptance of mobile health (mHealth) apps, especially in the Saudi context. Such information is pertinent in addressing users' needs in the Kingdom of Saudi Arabia (KSA). OBJECTIVE: This article presents a study protocol for a mixed method study to assess the perspectives of patients and stakeholders regarding the privacy, security, and confidentiality of data collected via mHealth apps in the KSA and the factors affecting the adoption of mHealth apps. METHODS: A mixed method study design will be used. In the quantitative phase, patients and end users of mHealth apps will be randomly recruited from various provinces in Saudi Arabia with a high population of mHealth users. The research instrument will be developed based on the emerging themes and findings from the interview conducted among stakeholders, app developers, health care professionals, and users of mHealth apps (n=25). The survey will focus on (1) how to improve patients' awareness of data security, privacy, and confidentiality; (2) feedback on the current mHealth apps in terms of data security, privacy, and confidentiality; and (3) the features that might improve data security, privacy, and confidentiality of mHealth apps. Meanwhile, specific sections of the questionnaire will focus on patients' awareness, privacy concerns, confidentiality concerns, security concerns, perceived usefulness, perceived ease of use, and behavioral intention. Qualitative data will be analyzed thematically using NVivo version 12. Descriptive statistics, regression analysis, and structural equation modeling will be performed using SPSS and partial least squares structural equation modeling. RESULTS: The ethical approval for this research has been obtained from the Biomedical and Scientific Research Ethics Committee, University of Warwick, and the Medical Research and Ethics Committee Ministry of Health in the KSA. The qualitative phase is ongoing and 15 participants have been interviewed. The interviews for the remaining 10 participants will be completed by November 25, 2023. Preliminary thematic analysis is still ongoing. Meanwhile, the quantitative phase will commence by December 10, 2023, with 150 participants providing signed and informed consent to participate in the study. CONCLUSIONS: The mixed methods study will elucidate the antecedents of patients' awareness and concerns regarding the privacy, security, and confidentiality of data collected via mHealth apps in the KSA. Furthermore, pertinent findings on the perspectives of stakeholders and health care professionals toward the aforementioned issues will be gleaned. The results will assist policy makers in developing strategies to improve Saudi users'/patients' adoption of mHealth apps and addressing the concerns raised to benefit significantly from these advanced health care modalities. INTERNATIONAL REGISTERED REPORT IDENTIFIER (IRRID): DERR1-10.2196/54933.
Subject(s)
Computer Security , Confidentiality , Mobile Applications , Telemedicine , Humans , Saudi Arabia , Surveys and Questionnaires , Male , Female , Privacy , Adult , Qualitative Research , Stakeholder ParticipationABSTRACT
The innovative performance of manufacturing and service companies can be impacted by the existing relationship between open innovation (OI) and the generation of confidentiality agreements (NDAs) as a tool for the protection of intellectual property. Based on the analysis of a cross-sectional sample of 6,798 industrial companies (2019-2020) and 9,304 companies in the service sector (2017-2019) that are part of the directory of the National Administrative Department of Statistics (DANE) in its Technological Innovation and Development Survey (EDIT and EDITS), it can be suggested that the interaction of these two variables (OI and NDAs) generate positive effects for the manufacturing industry but negative ones for the service sector. It could be deduced that the positive effect is due to the greater tradition of OI in the manufacturing industry and the negative effect to the caution that the service sector presents when collaborating with external actors.
Subject(s)
Confidentiality , Humans , Cross-Sectional Studies , Manufacturing Industry , Inventions , Intellectual Property , Industry , Surveys and QuestionnairesABSTRACT
This paper explores the security, privacy, and ethical implications of e-health data in Iran's healthcare network. A framework is proposed to ensure security and privacy in electronic health information processing across various institutions. The framework addresses aspects such as software/hardware, communication networks, patient safety, privacy, confidentiality, online health service regulations, commercial and judicial exploitation, and education/research. The study categorizes these requirements into seven main categories to safeguard health-oriented service recipients' security and privacy.
Subject(s)
Computer Security , Confidentiality , Electronic Health Records , Iran , Computer Security/ethics , Confidentiality/ethics , Electronic Health Records/ethics , Telemedicine/ethics , HumansABSTRACT
With the rapid development of modern medical technology and the dramatic increase in the amount of medical data, traditional centralized medical information management is facing many challenges. In recent years blockchain, which is a peer-to-peer distributed database, has been increasingly accepted and adopted by different industries and use cases. Key areas of healthcare blockchain applications include electronic medical record (EMR) management, medical device supply chain management, remote condition monitoring, insurance claims and personal health data (PHD) management, among others. Even so, there are a number of challenges in applying blockchain concepts to healthcare and its data, including interoperability, data security privacy, scalability, TPS and so on. While these challenges may hinder the development of blockchain in healthcare scenarios, they can be improved with existing technologies In this paper, we propose a blockchain-based healthcare operations management framework that is combined with the Interplanetary File System (IPFS) for managing EMRs, protects data privacy through a distributed approach while ensuring that this medical ledger is tamper-proof. Doctors act as full nodes, patients can participate in network maintenance either as light nodes or as full nodes, and the hospital acts as the endpoint database of data, i.e., the IPFS node, which saves the arithmetic power of nodes and allows the data stored in the hospitals and departments to be shared with the other organizations that have uploaded the data. Therefore, the integration of blockchain and zero-knowledge proof proposed in this paper helps to protect data privacy and is efficient, better scalable, and more throughput.
Subject(s)
Blockchain , Computer Security , Confidentiality , Electronic Health Records , Humans , PrivacyABSTRACT
The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.
Subject(s)
Computer Security , Computer Security/standards , Humans , Australia , Focus Groups , Delivery of Health Care/standards , Confidentiality/standardsABSTRACT
This paper examines the legal challenges associated with medical robots, including their legal status, liability in cases of malpractice, and concerns over patient data privacy and security. And this paper scrutinizes China's nuanced response to these dilemmas. An analysis of Chinese judicial practices and legislative actions reveals that current denial of legal personality to AI at this stage is commendable. To effectively control the financial risks associated with medical robots, there is an urgent need for clear guidelines on responsibility allocation for medical accidents involving medical robots, the implementation of strict data protection laws, and the strengthening of industry standards and regulations.
Subject(s)
Liability, Legal , Robotics , Humans , China , Robotics/legislation & jurisprudence , Malpractice/legislation & jurisprudence , Computer Security/legislation & jurisprudence , Confidentiality/legislation & jurisprudenceABSTRACT
BACKGROUND: Approaches to implementing online record access (ORA) via patient portals for minors and guardians vary internationally, as more countries continue to develop patient-accessible electronic health records (PAEHR) systems. Evidence of ORA usage and country-specific practices to allow or block minors' and guardians' access to minors' records during adolescence (i.e. access control practices) may provide a broader understanding of possible approaches and their implications for minors' confidentiality and guardian support. AIM: To describe and compare minors' and guardian proxy users' PAEHR usage in Sweden and Finland. Furthermore, to investigate the use of country-specific access control practices. METHODS: A retrospective, observational case study was conducted. Data were collected from PAEHR administration services in Sweden and Finland and proportional use was calculated based on population statistics. Descriptive statistics were used to analyze the results. RESULTS: In both Sweden and Finland, the proportion of adolescents accessing their PAEHR increased from younger to older age-groups reaching the proportion of 59.9 % in Sweden and 84.8 % in Finland in the age-group of 17-year-olds. The PAEHR access gap during early adolescence in Sweden may explain the lower proportion of users among those who enter adulthood. Around half of guardians in Finland accessed their minor children's records in 2022 (46.1 %), while Swedish guardian use was the highest in 2022 for newborn children (41.8 %), and decreased thereafter. Few, mainly guardians, applied for extended access in Sweden. In Finland, where a case-by-case approach to access control relies on healthcare professionals' (HCPs) consideration of a minor's maturity, 95.8 % of minors chose to disclose prescription information to their guardians. CONCLUSION: While age-based access control practices can hamper ORA for minors and guardians, case-by-case approach requires HCP resources and careful guidance to ensure equality between patients. Guardians primarily access minors' records during early childhood and adolescents show willingness to share their PAEHR with parents.
Subject(s)
Minors , Patient Portals , Humans , Finland , Sweden , Retrospective Studies , Adolescent , Patient Portals/statistics & numerical data , Male , Female , Confidentiality , Child , Electronic Health Records/statistics & numerical data , Patient Access to Records , Legal GuardiansABSTRACT
In the modern day, multimedia and digital resources play a crucial role in demystifying complex topics and improving communication. Additionally, images, videos, and documents speed data administration, fostering both individual and organizational efficiency. Healthcare providers use tools like X-rays, MRIs, and CT scans to improve diagnostic and therapeutic capacities, highlighting the importance of these tools in contemporary communication, data processing, and healthcare. Protecting medical data becomes essential for maintaining patient confidentiality and service dependability in a time when digital assets are crucial to the healthcare industry. In order to overcome this issue, this study analyses the DWT-HD-SVD algorithm-based invisible watermarking in medical data. The main goal is to verify medical data by looking at a DWT-based hybrid technique used on X-ray images with various watermark sizes (256*256, 128*128, 64*64). The algorithm's imperceptibility and robustness are examined using metrics like Peak Signal-to-Noise Ratio (PSNR) and Structural Similarity Index (SSIM) and are analyzed using Normalized Connection (NC), Bit Error Rate (BER), and Bit Error Rate (BCR) in order to evaluate its resistance to various attacks. The results show that the method works better with smaller watermark sizes than it does with larger ones.
Subject(s)
Algorithms , Computer Security , Humans , Confidentiality , Signal-To-Noise RatioABSTRACT
OBJECTIVE: To examine patient and provider perspectives on privacy and security considerations in telemedicine during the COVID-19 pandemic. STUDY DESIGN: Qualitative study with patients and providers from primary care practices in 3 National Patient-Centered Clinical Research Network sites in New York, New York; North Carolina; and Florida. METHODS: Semistructured interviews were conducted, audio recorded, transcribed verbatim, and coded using an inductive process. Data related to privacy and information security were analyzed. RESULTS: Sixty-five patients and 21 providers participated. Patients and providers faced technology-related security concerns as well as difficulties ensuring privacy in the transformed shared space of telemedicine. Patients expressed increased comfort doing telemedicine from home but often did not like their providers to offer virtual visits from outside an office setting. Providers initially struggled to find secure and Health Insurance Portability and Accountability Act-compliant platforms and devices to host the software. Whereas some patients preferred familiar platforms such as FaceTime, others recognized potential security concerns. Audio-only encounters sometimes raised patient concerns that they would not be able to confirm the identity of the provider. CONCLUSIONS: Telemedicine led to novel concerns about privacy because patients and providers were often at home or in public spaces, and they shared concerns about software and hardware security. In addition to technological safeguards, our study emphasizes the critical role of physical infrastructure in ensuring privacy and security. As telemedicine continues to evolve, it is important to address and mitigate concerns around privacy and security to ensure high-quality and safe delivery of care to patients in remote settings.
