Feasibility analysis of the privacy attributes of the personal wellness information model Pirkko Nykänen, Antto Seppälä, Pekka Ruotsalainen, Bernd Blobel

- Introduction - Privacy and privacy attributes - User wellness scenario with privacy attributes - Details of component walk-through - Conclusions

Introduction Feasibility study –Outline and clarify things and factors connected to developed models and solutions – Proof-of-concept Wellness information model

Privacy Personal health information – confidential, needs to be protected from un-authorised use, access and disclosure -Person’s ability to control the collection, use and dissemination of one’s personal information –Persons, groups, institutions to determine themselves WHEN, HOW and TO WHAT EXTENT information about them is communicated to others –Privacy is personal and situation dependent concept Privacy metrics - to assess the degree to which a particular application complies with privacy requirements – no control, control over one kind of information, control over two kinds of information or three kinds - Contents, location, identity TRUST- mediating between privacy and willingness to disclose private information

Privacy attributes Context – Type of domain, phenomena that exist, time(when), location (where), occupation (who), culture (with whom), rationale (why) Capability – ability of the information entity to show the attribute values Competence –Level of privacy demonstration Reliability –How reliable information or source is considered by the person Benefit –Privacy benefits Benevolance –Extent to which an individual is perceived to have good intention towards others without profit motive Confidence –How confident the user is with the information Value –How valuable privacy is considered by a person in action/activity.

User wellness scenario with privacy attributes Lifestyle Health care Social networks Emotional and mental wellness Receives treatment, medication and guidance for home care of DM T2 Starts to improve his lifestyle, uses a personal wellness diary system in PC Searches for peer-support in the Internet, and for information on DM T2 Searches for recovery from depressed moods and support for higher spirits Case – A 50-year old healthy, employed male, diagnosed recently on Diabetes Mellitus T2

Privacy attributes:Component - health care ContextRegulated CapabilityCapable to provide privacy and trust CompetenceAssumed to be high ReliabilityOrganisation-based trust BenefitHigh personal benefit BenevolanceGood intention ConfidenceRequired procedures, standards and safeguards have been implemented Health care Receives treatment, medication and guidance for home care of DM T2 Privacy attributeContents

Privacy attributes: Component lifestyle Lifestyle Starts to improve his lifestyle, uses a personal wellness diary system in PC ContextNon-regulated ConfidenceReputation-based ReliabilityPast history-based BenefitHigh personal benefit ValueHigh personal value Privacy attributeContents

Details of lifestyle component walk-through Person searches for information on DM T2, on medication and treatment, on healthy lifestyle, on peer-support in the Internet Privacy attribute – one’s ability to control Context - Internet, non-regulated, Ability to control: only with certified sites which provide trust, other sites: no control Confidence – Certified sites provide some confidence, otherwise confidence does not exist Reliability – Certified sites are considered somewhat reliable, otherwise no reliability Benefit – Considered high, controlled by a person Value – Information value is high, very meaningful for the person, value is determined and controlled by a person

Details of lifestyle component walk-through Person starts a healthy diet and documents his eating and blood sugar levels in his own wellness diary in a PC Privacy attribute – one’s ability to control Context – Non-regulated, control by the person – what to document, where and when to document Confidence – The person may or may not be confident, depending his abilities and on the security status of his PC Reliability – PC diary system reliability is controlled normally by PC security service provider, sometimes by a person. Blood glucose meter reliability is not controlled by a person Benefit – Benefit is considered high, controlled by a person Value – High value for the person’s DM management and healthy lifestyle

Details of lifestyle component walk-through Person stores the data he receives from a doctor in health care into his PC diary system for his Personal use Privacy attribute – one’s ability to control Context – data is coming from a regulated context, stored in a non-regulated context, person controls (where, what) Confidence – the person may, or may not, be confident Reliability – Data is considered reliable, high trust by a person, data is transferred from an organisational trusted source Benefit – Considered high, controlled by a person Value – Information value is high, important for home care, DM management and for healthy lifestyle

How to achieve good privacy status Integration of regulated and non-regulated domains –Person has to be aware and have means to control Need to develop privacy services for non-regulated environments –To monitor and control privacy attributes Trust-building measures –Thirs-party certificates, branding, owner disclosure, self- regulating policies –Pervasive health > Self-regulating policies – For each model concept the privacy attributes are defined, made known, controllable and measurable

Trust building measures and processes Processes for pervasive ubiquitous health –Predictive - reputation-based trust building –Intentionality – trust is developed if we have perceptions on the intensions of the service, provider –Capability – person is able to evaluate the ability of the service, provider –Transference – information is transferred from regulated context to non-regulated pervasive context

Conclusions Privacy management is important – Citizens are reluctant to adopt personal health and wellness systems –Privacy is a driver for non-regulated health service business model –Many existing personal health systems do not cover privacy and security regulations Privacy attributes defined to each model concept help citizens to be aware of and to control the privacy of his/her personal health information – Technical solutions are needed to implement the privacy attributes, to make them known, available and controllable by a person

Thank you! Seppälä A, Nykänen P, Ruotsalainen P (2012), Development of personal wellness information model for pervasive healthcare. Journal of Computer Networks and Communication, article , 10 pages Ruotsalainen P, Blobel B, Seppälä A, Sorvari H, Nykänen P (2012), A Conceptual Framework and Principles for Trusted Pervasive Health. J Med Internet Res 14(2):e52 Nykänen P and Seppälä A (2012), Collaborative approach for sustainable citizen- centered health care. In: N Wickramasinghe, R K Bali, S Kirn and R Suomi (eds.), Critical issues of sustainable E-health solutions. Health care delivery in the information age. Springer Verlag, Seppälä A, Nykänen P (2011), Contextual analysis and modeling of personal wellness. In: Joaquim Filipe and Jan L. G. Dietz (Eds.) KEOD 2011, Proceedings of the International Conference Knowledge Engineering and Ontology Development - Paris, France, October 2011: SciTePress - Science and Technology Publications, P Ruotsalainen, B Blobel, P Nykänen, A Seppälä, H Sorvari (2011), Framework model and principles for trusted information sharing in pervasive health. In: A Moen, SK Andersen, J Aarts and P Hurlen (eds.), User Centred Networked Health Care. Proccedings of MIE2011, Oslo. IOS Press, Amsterdam, Nykänen P, Ruotsalainen P, Blobel B and Seppälä A (2009), Research on trusted personal health and wellness information in ubiquitous health information space. In: O. Dössel and WC Schlegel (Eds.): World Congress 2009, IFMBE Proceedings 25/XII, 432–435