Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
BackgroundPatients’ privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users’ evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice.ObjectiveThis study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation.MethodsWe chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers’ perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor’s perspective of EHR data redaction control were used.ResultsWe found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor’s signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients’ redactions and the design of redaction templates for guidance and control.ConclusionsFor the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.
Purpose The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made. Design/methodology/approach A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used. Findings Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced. Practical implications Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations. Originality/value The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.
Machine Learning–Based Analysis of Encrypted Medical Data in the Cloud: Qualitative Study of Expert Stakeholders’ Perspectives
Background Third-party cloud-based data analysis applications are proliferating in electronic health (eHealth) because of the expertise offered and their monetary advantage. However, privacy and security are critical concerns when handling sensitive medical data in the cloud. Technical advances based on “crypto magic” in privacy-preserving machine learning (ML) enable data analysis in encrypted form for maintaining confidentiality. Such privacy-enhancing technologies (PETs) could be counterintuitive to relevant stakeholders in eHealth, which could in turn hinder adoption; thus, more attention is needed on human factors for establishing trust and transparency. Objective The aim of this study was to analyze eHealth expert stakeholders’ perspectives and the perceived tradeoffs in regard to data analysis on encrypted medical data in the cloud, and to derive user requirements for development of a privacy-preserving data analysis tool. Methods We used semistructured interviews and report on 14 interviews with individuals having medical, technical, or research expertise in eHealth. We used thematic analysis for analyzing interview data. In addition, we conducted a workshop for eliciting requirements. Results Our results show differences in the understanding of and in trusting the technology; caution is advised by technical experts, whereas patient safety assurances are required by medical experts. Themes were identified with general perspectives on data privacy and practices (eg, acceptance of using external services), as well as themes highlighting specific perspectives (eg, data protection drawbacks and concerns of the data analysis on encrypted data). The latter themes result in requiring assurances and conformance testing for trusting tools such as the proposed ML-based tool. Communicating privacy, and utility benefits and tradeoffs with stakeholders is essential for trust. Furthermore, stakeholders and their organizations share accountability of patient data. Finally, stakeholders stressed the importance of informing patients about the privacy of their data. Conclusions Understanding the benefits and risks of using eHealth PETs is crucial, and collaboration among diverse stakeholders is essential. Assurances of the tool’s privacy, accuracy, and patient safety should be in place for establishing trust of ML-based PETs, especially if used in the cloud.
This paper presents an eHealth use case based on a privacy-preserving machine learning platform to detect arrhythmia developed by the PAPAYA project that can run in an untrusted domain. It discusses legal privacy and user requirements that we elicited for this use case from the GDPR and via stakeholder interviews. These include requirements for secure pseudonymisation schemes, for allowing also pseudonymous users to exercise their data subjects rights, for not making diagnostic decisions fully automatically and for assurance guarantees, conformance with specified standards and informing clinicians and patients about the privacy protection. The requirements are not only relevant for our use case but also for other use cases utilising privacy-preserving data analytics to classify medical data.
The unprecedented pandemic of the infectious coronavirus disease (COVID-19) is still ongoing. Considering the limitations and restrictions imposed by COVID-19, we explored the role of technology and the extent of usage by end-users. In our online survey, we investigated users' perspectives on their use of technologies in diferent contexts (e.g., work, entertainment), taking into consideration intrinsic factors such as health consciousness, perceived social isolation, and pandemic-related concerns. Results from 218 respondents show a signifcant increase in technology use in all investigated contexts after the pandemic occurred. Moreover, the results suggest that diferent factors may contribute to such increases, depending on the context. It appears that perceived social isolation, concerns about the pandemic, and tracking have the most prominent infuence on diferent use of technology. Furthermore, open-ended responses include benefcial opportunities, concerns & consequences, and behavioral transformations & adaptations due to COVID-19. Our fndings provide insights for designing and developing new technologies, especially for communication and entertainment, to support users' needs during a pandemic. CCS CONCEPTS• Human-centered computing → Empirical studies in HCI.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
