Iberian Journal of Information Systems and Technologies, No 13 (2014), 35-50, Jun 2014
doi:10.4304/risti.13.35-50

Seguridad y Privacidad en Carpetas Personales de Salud para Android e iOS

Belén Cruz Zapata, Antonio Hernández Niñirola, José Luis Fernández-Alemán, Ambrosio Toval

Abstract


 

Durante los últimos años, el uso de dispositivos móviles como teléfonos inteligentes y tabletas ha suscitado gran interés entre los proveedores de servicios de salud en el mundo de la mSalud. Las Carpetas Personales de Salud (en inglés Personal Health Record o PHR) móviles proporcionan numerosas ventajas y aunque hay estudios que indican que los pacientes están dispuestos a utilizarlos, los índices de uso son aún bajos. La seguridad y la privacidad han sido identificadas como una importante barrera para lograr su amplia adopción. Haciendo uso de un método adaptado de la revisión sistemática de literatura se identificaron 24 PHRs móviles para Android e iOS. La seguridad y privacidad de estos PHRs móviles fueron evaluadas usando un cuestionario de 12 preguntas. Nuestra investigación muestra que los desarrolladores de PHRs móviles han de mejorar sustancialmente sus políticas de privacidad.

 

 



Keywords


mSalud; Carpeta Personal de Salud Móvil; Android; iOS.

References


Al-Nayadi, F., & Abawajy, J. H. (2007). An Authentication Framework for e-Health Systems. In 2007 IEEE International Symposium on Signal Processing and Information Technology (pp. 616–620).
http://dx.doi.org/10.1109/ISSPIT.2007.4458207
 
Archer, N., Fevrier-Thomas, U., Lokker, C., McKibbon, K. A., & Straus, S. E. (2011). Personal health records: a scoping review. Journal of the American Medical Informatics Association, 18(4), 515–522.
http://dx.doi.org/10.1136/amiajnl-2011-000105
 
Aungst, T. (2013, July 12). Apple app store still leads Android in total number of medical apps. iMedicalApps. Retrieved October 17, 2013, from http://www.imedicalapps.com/2013/07/apple-android-medical-app/
 
Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., & Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software, 80(4), 571–583.
http://dx.doi.org/10.1016/j.jss.2006.07.009
 
Carrion, I., Fernandez Aleman, J., & Toval, A. (2012). Personal Health Records: New Means to Safely Handle our Health Data? Computer, 45(11), 77–33.
 
Carrión Se-or, I., Fernández-Alemán, J. L., & Toval, A. (2012). Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies. Journal of Medical Internet Research, 14(4), e114.
http://dx.doi.org/10.2196/jmir.1904
 
Cliff Saran. (2014, February 24). Apple users at risk of SSL man-in-the-middle attacks. Retrieved July 4, 2014, from http://www.computerweekly.com/news/2240214897/Apple-users-at-risk-of-SSL-man-in-the-middle-attackDirective2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, § Official Journal of the European Communities (2002). Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:en:PDF International Organization for Standardization. (2011). ISO/TS 13606-4:2009: Health informatics -- Electronic Health Record Communication -- Part 4: Security. Retrieved from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50121
 
Eysenbach, G., & Köhler, C. (2004). Health-related searches on the Internet. JAMA: The Journal of the American Medical Association, 291(24), 2946. doi:10.1001/jama.291.24.2946
http://dx.doi.org/10.1001/jama.291.24.2946
 
Fernández Alemán, J. L., Hernández, I., & Sánchez García, A. B. (2013). Opinion survey on the use of personal health records in the Region of Murcia (Spain). Gaceta sanitaria / S.E.S.P.A.S, 27(5), 454–458.
http://dx.doi.org/10.1016/j.gaceta.2012.12.001
 
Fernández-Alemán, J. L., Se-or, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: a systematic literature review. Journal of Biomedical Informatics, 46(3), 541–562.
http://dx.doi.org/10.1016/j.jbi.2012.12.003
 
Huba, N., & Zhang, Y. (2012). Designing patient-centered personal health records (PHRs): health care professionals' perspective on patient-generated data. Journal of Medical Systems, 36(6), 3893–3905.
http://dx.doi.org/10.1007/s10916-012-9861-z
 
Jahns, R.-G., & Houck, P. (2013). Mobile Health Market Report 2013-2017. Retrieved November 23, 2013, from http://www.research2guidance.com/shop/index.php/mobile-health-trends-and-figures-2013-2017
 
Kaelber, D., & Pan, E. C. (2008). The Value of Personal Health Record (PHR) Systems. AMIA Annual Symposium Proceedings, 2008, 343–347.
 
Kharrazi, H., Chisholm, R., VanNasdale, D., & Thompson, B. (2012). Mobile personal health records: An evaluation of features and functionality. International Journal of Medical Informatics, 81(9), 579–593.
http://dx.doi.org/10.1016/j.ijmedinf.2012.04.007
 
Kobsa, A. (2007). The Adaptive Web. In P. Brusilovsky, A. Kobsa, & W. Nejdl (Eds.), (pp. 628–670). Berlin, Heidelberg: Springer-Verlag.
http://dx.doi.org/10.1007/978-3-540-72079-9_21
 
Landis, J. R., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33(1), 159–174.
http://dx.doi.org/10.2307/2529310
 
Li, M., Yu, S., Ren, K., & Lou, W. (2010). Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings. In S. Jajodia & J. Zhou (Eds.), Security and Privacy in Communication Networks (pp. 89–106). Springer Berlin Heidelberg.
http://dx.doi.org/10.1007/978-3-642-16161-2_6
 
Liu, L. S., Shih, P. C., & Hayes, G. R. (2011). Barriers to the Adoption and Use of Personal Health Record Systems. In Proceedings of the 2011 iConference (pp. 363–370). New York, NY, USA: ACM.
 
Lober, W., Zierler, B., Herbaugh, A., Shinstrom, S., Stolyar, A., Kim, E., & Kim, Y. (2006). Barriers to the use of a Personal Health Record by an Elderly Population. Proceedings of the AMIA Annual Symposium, 2006, 514–518.
 
Markle Foundation. (2003). Connecting For Health: The Personal Health Working Group Final Report. New York, NY. Retrieved from http://www.policyarchive.org/handle/10207/bitstreams/15473.pdf
 
Microsoft HealthVault. (n.d.). Microsoft HealthVault. Retrieved April 3, 2014, from http://www.healthvault.com
 
Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. Annals of Internal Medicine, 151(4), 264–269.
http://dx.doi.org/10.7326/0003-4819-151-4-200908180-00135
 
MyActiveHealth. (n.d.). MyActiveHealth. Retrieved April 3, 2014, from http://www.myactivehealth.com
 
Oh, H., Rizo, C., Enkin, M., & Jadad, A. (2005). What is eHealth (3): a systematic review of published definitions. Journal of Medical Internet Research, 7(1), e1.
http://dx.doi.org/10.2196/jmir.7.1.e1
 
Palmer, S. (2007). Web Application Vulnerabilities: Detect, Exploit, Prevent. Syngress Publishing.
 
Pino, F. J., García, F., & Piattini, M. (2006). Revisión Sistemática de Mejora de Procesos Software en Micro, Peque-as y Medianas Empresas. Revista Espa-ola de Innovación, Calidad E Ingeniería Del Software, 2(001), 6–23.
 
Rodrigues, P., & Santos, H. (2013). Health users' perception of biometric authentication technologies. In Proceedings of the IEEE 26th International Symposium on Computer-Based Medical Systems (pp. 320–325).
http://dx.doi.org/10.1109/CBMS.2013.6627809
 
Stone, P. (2002). Popping the (PICO) question in research and evidence-based practice. Applied Nursing Research, 15(3), 197–8.
http://dx.doi.org/10.1053/apnr.2002.34181
 
Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., & Sands, D. Z. (2006). Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption. Journal of the American Medical Informatics Association, 13(2), 121–126.
http://dx.doi.org/10.1197/jamia.M2025
 
US Department of Health and Human Services, Office for Civil Rights. (2008). Personal Health Records and the HIPAA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf
 
Van De Belt, T. H., Engelen, L. J., Berben, S. A., & Schoonhoven, L. (2010). Definition of Health 2.0 and Medicine 2.0: A Systematic Review. Journal of Medical Internet Research, 12(2).
http://dx.doi.org/10.2196/jmir.1350
 
Van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International Journal of Medical Informatics, 78(3), 141–160.
http://dx.doi.org/10.1016/j.ijmedinf.2008.06.013
 
Weitzman, E. R., Kaci, L., & Mandl, K. D. (2010). Sharing Medical Data for Health Research: The Early Personal Health Record Experience. Journal of Medical Internet Research, 12(2), e14.
http://dx.doi.org/10.2196/jmir.1356
 
World Health Organization. (2011). mHealth: New horizons for health through mobile technologies. Retrieved from http://www.who.int/goe/publications/ehealth_series_vol3/en/
 
Wu, K.-W., Huang, S. Y., Yen, D. C., & Popova, I. (2012). The effect of online privacy policy on consumer privacy concern and trust. Computers in Human Behavior, 28(3), 889–897.
http://dx.doi.org/10.1016/j.chb.2011.12.008
 
Zuniga, A. E. F., Win, K. T., & Susilo, W. (2010). Biometrics for Electronic Health Records. Journal of Medical Systems, 34(5), 975–983.
http://dx.doi.org/10.1007/s10916-009-9313-6
 


Full Text: PDF


Iberian Journal of Information Systems and Technologies (RISTI, ISSN 1646-9895)

Copyright @ 2006-2014 by ACADEMY PUBLISHER – All rights reserved.