Premium
Form‐based security in mobile health data collection systems
Author(s) -
Katarahweire Marriette,
Bainomugisha Engineer,
Mughal Khalid A.,
Ngubiri John
Publication year - 2021
Publication title -
security and privacy
Language(s) - English
Resource type - Journals
ISSN - 2475-6725
DOI - 10.1002/spy2.155
Subject(s) - computer science , data collection , sensitivity (control systems) , suite , context (archaeology) , process (computing) , data security , mobile device , computer security , engineering , encryption , world wide web , operating system , paleontology , statistics , mathematics , archaeology , electronic engineering , biology , history
Mobile Health Data Collection Systems (MHDCS) use electronic forms for data collection in place of paper surveys. Data is entered into the electronic forms by community health workers with smartphones. These systems are used in clinical trials and continuous monitoring of participants. Data collected in MHDCS is diverse with varying sensitivity levels. This therefore calls for the application of different security mechanisms to protect the data. In this paper, a data sensitivity classification model is proposed. It determines the sensitivity levels of form attributes depending on the context and sensitive parameters. The electronic form is the starting point of the data collection process. We augment the form with sensitivity levels and a mapping of security mechanisms to the sensitivity levels is made. Through threat modeling, we identify potential threats and possible mitigations. We demonstrate the feasibility of our approach by prototyping the proposed model into the Open Data Kit tool suite. Tests show that the security mitigations specified during form design are executed once the secure form is loaded on the mobile device during data collection. Our ultimate aim is to facilitate the addition of security requirements into the data collection processes right from the start of the design process.