Form-based data security in mobile health data collection systems in low-resource settings
Abstract
Mobile Health Data Collection Systems (MHDCS) enable extension of health services to the community through use of mobile devices. Health data is collected using electronic forms in lieu of paper forms by community health workers. While this has great potential especially in low-resource settings, several security concerns arise. The data involved in such systems are highly sensitive in nature. Therefore the data collected, both at rest on the mobile device, and in transit to the server, need to be protected from unauthorized access, disclosure and modification to preserve confidentiality, integrity and availability.
Data collected in these systems are diverse, both in terms of type and value, and have varying levels of sensitivity. This calls for different protection measures depending on the sensitivity levels of the data. Current approaches do not provide tools to developers to easily define sensitivity levels and matching security mechanisms for MHDCS. From a comparative study of four representative MHDCS and a systematic literature review, security challenges and requirements were identified. Through threat modeling, possible security threats and mitigation strategies were described. The mitigation strategies translate into security controls that are executed during data collection. By this, we ensure security at the application level. Through prototyping, a Secure Data Classification Model (SDCM) was developed. In the model, data from form fields are provided custom security mechanisms based on their level of sensitivity. The sensitivity level of data is determined by using a mapping scheme that relies on context and different sensitive parameters that relate to a specific form field. Data sensitivity classification maybe static during form design or dynamic during data collection. A proof of concept for the SDCM is demonstrated using ODK Collect, a widely used MHDCS. Results show that security policies defined during form definition are executed on the mobile device during data collection, are maintained during storage of the data both on the mobile device and on the server, and transmission of data to and from the server.
The SDCM addresses a practical challenge, with the need to maintain the security goals of confidentiality, integrity and availability while building security into the systems early in the development process. A developer is equipped with means to build secure MHDCS right from the form design phase.