General Terms: Security, Legal Aspects, Human Factors Additional Key Words and Phrases: Privacy framework, medicine, electronic health record, personal health record, home healthcare, mobile healthcare, mHealth, e-health, HIPAA

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of mobile computing technologies that have the potential to transform healthcare. Such mHealth technology enables physicians to remotely monitor patients’ health and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions.

[1]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2009, IEEE Transactions on Mobile Computing.

[2]  Neeli R. Prasad,et al.  People-centric sensing in assistive healthcare: Privacy challenges and directions , 2011, Secur. Commun. Networks.

[3]  Ling Liu,et al.  CT-T: MedVault-ensuring security and privacy for electronic medical records , 2011 .

[4]  David Kotz,et al.  Exposing Privacy Concerns in mHealth , 2011, HealthSec.

[5]  Minho Shin,et al.  Adaptive Security and Privacy for mHealth Sensing , 2011, HealthSec.

[6]  David Kotz,et al.  Recognizing whether sensors are on the same body , 2011, Pervasive Mob. Comput..

[7]  David Kotz,et al.  A threat taxonomy for mHealth privacy , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[8]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[9]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[10]  Charles V. Wright,et al.  Uncovering Spoken Phrases in Encrypted Voice over IP Conversations , 2010, TSEC.

[11]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[12]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[13]  Kamin Whitehouse,et al.  Using Height Sensors for Biometric Identification in Multi-resident Homes , 2010, Pervasive.

[14]  Lorrie Faith Cranor,et al.  Standardizing privacy notices: an online study of the nutrition label approach , 2010, CHI.

[15]  Bijan Jyotindrakumar Brahmbhatt Position and Perspective of Privacy Laws in India , 2010, AAAI Spring Symposium: Intelligent Information Privacy Management.

[16]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[17]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[18]  Emiliano Miluzzo,et al.  BikeNet: A mobile sensing system for cyclist experience mapping , 2009, TOSN.

[19]  David Kotz,et al.  Can I Access Your Data? Privacy Management in Mhealth , 2010 .

[20]  Cory Cornelius,et al.  On Usable Authentication for Wireless Body Area Networks , 2010 .

[21]  R. Steinbrook Health care and the American Recovery and Reinvestment Act. , 2009, The New England journal of medicine.

[22]  Jacob Andersen Secure group formation protocol for a medical sensor network prototype , 2009, 2009 International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP).

[23]  Arun Kumar,et al.  Article in Press Pervasive and Mobile Computing ( ) – Pervasive and Mobile Computing a Comparative Study of Secure Device Pairing Methods , 2022 .

[24]  Kevin Fu,et al.  HICCUPS: health information collaborative collection using privacy and security , 2009, SPIMACS '09.

[25]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[26]  Joachim M. Buhmann,et al.  A probabilistic approach to hybrid role mining , 2009, CCS.

[27]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[28]  Tanzeem Choudhury,et al.  Activity-aware ECG-based patient authentication for remote health monitoring , 2009, ICMI-MLMI '09.

[29]  Sheng Zhong,et al.  IBE-Lite: A Lightweight Identity-Based Cryptography for Body Sensor Networks , 2009, IEEE Transactions on Information Technology in Biomedicine.

[30]  M. Eric Johnson,et al.  Data Hemorrhages in the Health-Care Sector , 2009, Financial Cryptography.

[31]  Norman M. Sadeh,et al.  Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? , 2009, Privacy Enhancing Technologies.

[32]  Klaus Wehrle,et al.  Security for pervasive medical sensor networks , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.

[33]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[34]  Predrag V. Klasnja,et al.  Exploring Privacy Concerns about Personal Sensing , 2009, Pervasive.

[35]  Thomas F. La Porta,et al.  A Flexible Privacy-Enhanced Location-Based Services System Framework and Practice , 2009, IEEE Transactions on Mobile Computing.

[36]  Peter I. Corke,et al.  secFleck: A Public Key Technology Platform for Wireless Sensor Networks , 2009, EWSN.

[37]  Lan Wang,et al.  Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network , 2008, Sensors.

[38]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[39]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[40]  Minho Shin,et al.  Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems , 2009 .

[41]  Oscar Garcia Morchon,et al.  Efficient distributed security for wireless medical sensor networks , 2008, 2008 International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[42]  W. Todd Scruggs,et al.  eigenPulse: Robust human identification from cardiovascular function , 2008, Pattern Recognit..

[43]  Wei Wang,et al.  Dependent link padding algorithms for low latency anonymity systems , 2008, CCS.

[44]  Lorrie Faith Cranor,et al.  User-controllable learning of security and privacy policies , 2008, AISec '08.

[45]  Yoni De Mulder,et al.  Identification via location-profiling in GSM networks , 2008, WPES '08.

[46]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[47]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[48]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[49]  Luther Martin Identity-Based Encryption and Beyond , 2008, IEEE Security & Privacy Magazine.

[50]  Michael D. Smith,et al.  Implementing public-key infrastructure for sensor networks , 2008, TOSN.

[51]  Srinivasan Seshan,et al.  Improving wireless privacy with an identifier-free link layer protocol , 2008, MobiSys '08.

[52]  Jason Liu,et al.  Hassle free fitness monitoring , 2008, HealthNet '08.

[53]  Jon A. Solworth Instant Revocation , 2008, EuroPKI.

[54]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[55]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[56]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[57]  Sergey Bratus,et al.  Active behavioral fingerprinting of wireless devices , 2008, WiSec '08.

[58]  J. Misic Enforcing Patient Privacy in Healthcare WSNs Using ECC Implemented on 802.15.4 Beacon Enabled Clusters , 2008, Annual IEEE International Conference on Pervasive Computing and Communications.

[59]  Stephen G. Wilson,et al.  Body-coupled communication for body sensor networks , 2008, BODYNETS.

[60]  D. Hatzinakos,et al.  Fusion of ECG sources for human identification , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[61]  Peter Short,et al.  Connecting for health. , 2008, The British journal of general practice : the journal of the Royal College of General Practitioners.

[62]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[63]  Dimitrios Tzovaras,et al.  Unobtrusive Multimodal Biometric Authentication: The HUMABIO Project Concept , 2008, EURASIP J. Adv. Signal Process..

[64]  Sean W. Smith,et al.  Preventative Directions For Insider Threat Mitigation Via Access Control , 2008, Insider Attack and Cyber Security.

[65]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[66]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[67]  Tom H. F. Broens,et al.  Context Aware Body Area Networks for Telemedicine , 2007, PCM.

[68]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[69]  Muttukrishnan Rajarajan,et al.  Securing electronic health records with novel mobile encryption schemes , 2007, Int. J. Electron. Heal..

[70]  Arun Ross,et al.  Handbook of Biometrics , 2007 .

[71]  Jason I. Hong,et al.  End-User Privacy in Human-Computer Interaction , 2007, Found. Trends Hum. Comput. Interact..

[72]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[73]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[74]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[75]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[76]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[77]  Prajakta Kulkarni,et al.  Requirements and design spaces of mobile medical care , 2007, MOCO.

[78]  Lan Wang,et al.  Addressing security in medical sensor networks , 2007, HealthNet '07.

[79]  Artin Der Minassians,et al.  Wireless Sensor Networks for Home Health Care , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[80]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[81]  J.A. Paradiso,et al.  A Compact, High-Speed, Wearable Sensor Network for Biomotion Capture and Interactive Media , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[82]  Thomas Neubauer,et al.  A secure architecture for the pseudonymization of medical data , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[83]  Andrea Vitaletti,et al.  Rijndael for Sensor Networks: Is Speed the Main Issue? , 2007, Electron. Notes Theor. Comput. Sci..

[84]  Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment , 2007, Eighth IEEE Workshop on Mobile Computing Systems and Applications.

[85]  Upkar Varshney,et al.  Pervasive Healthcare and Wireless Health Monitoring , 2007, Mob. Networks Appl..

[86]  Vipul Goyal Certificate Revocation Using Fine Grained Certificate Space Partitioning , 2007, Financial Cryptography.

[87]  Edoardo M. Airoldi,et al.  Confidentiality Preserving Audits of Electronic Medical Record Access , 2007, MedInfo.

[88]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[89]  Bart Preneel,et al.  Location privacy in wireless personal area networks , 2006, WiSe '06.

[90]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[91]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[92]  Pam Dixon Medical Identity Theft: the Information Crime That Can Kill You , 2006 .

[93]  Zinaida Benenson,et al.  Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[94]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[95]  P. Suratt,et al.  A Passive and Portable System for Monitoring Heart Rate and Detecting Sleep Apnea and Arousals: Preliminary Validation , 2006, 1st Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare, 2006. D2H2..

[96]  Lui Sha,et al.  I-Living: An Open System Architecture for Assisted Living , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[97]  Barbara M. Chapman,et al.  A Grid Authentication System with Revocation Guarantees , 2005, HiPC.

[98]  Pamela Sankar,et al.  To tell or not to tell: primary care patients' disclosure deliberations. , 2005, Archives of internal medicine.

[99]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[100]  Rita Paradiso,et al.  A wearable health care system based on knitted integrated sensors , 2005, IEEE Transactions on Information Technology in Biomedicine.

[101]  Rathindra Sarathy,et al.  An Enhanced Data Perturbation Approach for Small Data Sets , 2005, Decis. Sci..

[102]  Frank Stajano,et al.  Location Privacy in Bluetooth , 2005, ESAS.

[103]  Lorrie Faith Cranor,et al.  Privacy in India: Attitudes and Awareness , 2005, Privacy Enhancing Technologies.

[104]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[105]  Kevin M. Stine,et al.  Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule [revision 1] , 2005 .

[106]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[107]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[108]  Heribert Baldus,et al.  Reliable Set-Up of Medical Body-Sensor Networks , 2004, EWSN.

[109]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[110]  Lorrie Faith Cranor,et al.  'I didn't buy it for myself' privacy and ecommerce personalization , 2003, WPES '03.

[111]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[112]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[113]  Marco Casassa Mont,et al.  A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[114]  Marco Gruteser,et al.  USENIX Association , 1992 .

[115]  O. Boric-Lubeke,et al.  Wireless house calls: using communications technology for health care and monitoring , 2002 .

[116]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[117]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[118]  Vincent M. Stanford,et al.  Pervasive Health Care Applications Face Tough Security Challenges , 2002, IEEE Pervasive Comput..

[119]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[120]  Gerald L. Lohse,et al.  On site: to opt-in or opt-out?: it depends on the question , 2001, CACM.

[121]  Patrick D. McDaniel,et al.  A Response to ''Can We Eliminate Certificate Revocation Lists?'' , 2000, Financial Cryptography.

[122]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[123]  Suzy A. Buckovich,et al.  Viewpoint: Driving Toward Guiding Principles: A Goal for Privacy, Confidentiality, and Security of Health Information , 1999, J. Am. Medical Informatics Assoc..

[124]  J Goldman Protecting privacy to improve health care. , 1998, Health affairs.

[125]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[126]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[127]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.