{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T18:39:00Z","timestamp":1769020740292,"version":"3.49.0"},"reference-count":23,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,1,17]],"date-time":"2020-01-17T00:00:00Z","timestamp":1579219200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"TagUBig-Taming Your Big Data","award":["IF\/00693\/2015"],"award-info":[{"award-number":["IF\/00693\/2015"]}]},{"name":"TagUBig-Taming Your Big Data","award":["UID\/EEA\/50008\/2019"],"award-info":[{"award-number":["UID\/EEA\/50008\/2019"]}]},{"DOI":"10.13039\/501100001871","name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","doi-asserted-by":"publisher","award":["IF\/00693\/2015"],"award-info":[{"award-number":["IF\/00693\/2015"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001871","name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","doi-asserted-by":"publisher","award":["UID\/EEA\/50008\/2019"],"award-info":[{"award-number":["UID\/EEA\/50008\/2019"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Healthcare Engineering"],"published-print":{"date-parts":[[2020,1,17]]},"abstract":"<jats:p><jats:italic>Background<\/jats:italic>. Smartphones can tackle healthcare stakeholders\u2019 diverse needs. Nonetheless, the risk of data disclosure\/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals\/content. <jats:italic>Objective<\/jats:italic>. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. <jats:italic>Methods<\/jats:italic>. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. <jats:italic>Results<\/jats:italic>. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). <jats:italic>Conclusions<\/jats:italic>. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.<\/jats:p>","DOI":"10.1155\/2020\/5601068","type":"journal-article","created":{"date-parts":[[2020,1,17]],"date-time":"2020-01-17T18:32:40Z","timestamp":1579285960000},"page":"1-14","source":"Crossref","is-referenced-by-count":10,"title":["Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps"],"prefix":"10.1155","volume":"2020","author":[{"given":"Pedro","family":"Moura","sequence":"first","affiliation":[{"name":"CINTESIS\u2014Center for Health Technologies and Services Research, Faculty of Medicine, University of Porto, Porto, Portugal"},{"name":"Department of Computer Science, Universidade da Beira Interior and Instituto de Telecomunica\u00e7\u00f5es, Covilh\u00e3, Portugal"}]},{"given":"Paulo","family":"Fazendeiro","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Universidade da Beira Interior and Instituto de Telecomunica\u00e7\u00f5es, Covilh\u00e3, Portugal"}]},{"given":"Pedro R. M.","family":"In\u00e1cio","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Universidade da Beira Interior and Instituto de Telecomunica\u00e7\u00f5es, Covilh\u00e3, Portugal"}]},{"given":"Pedro","family":"Vieira-Marques","sequence":"additional","affiliation":[{"name":"CINTESIS\u2014Center for Health Technologies and Services Research, Faculty of Medicine, University of Porto, Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0953-9411","authenticated-orcid":true,"given":"Ana","family":"Ferreira","sequence":"additional","affiliation":[{"name":"CINTESIS\u2014Center for Health Technologies and Services Research, Faculty of Medicine, University of Porto, Porto, Portugal"}]}],"member":"311","reference":[{"key":"2","doi-asserted-by":"publisher","DOI":"10.3233\/thc-161263"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.2196\/jmir.3133"},{"key":"4","year":"2012"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1016\/J.DCAN.2017.04.003"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.4017\/gt.2013.11.4.015.00"},{"key":"7","year":"2016"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.2196\/jmir.1994"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1016\/j.jaad.2012.10.045"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1007\/s13244-013-0274-4"},{"issue":"1","key":"13","first-page":"143","volume":"36","year":"2014","journal-title":"Alcohol Research: Current Reviews"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1016\/j.gerinurse.2013.02.005"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1186\/1472-6947-13-23"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1093\/ejcts\/ezw444"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1097\/DSS.0000000000000916"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1089\/tmj.2016.0259"},{"key":"21","year":"2016"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2008.03.014"},{"key":"29","year":"2009"},{"key":"32","year":"2011"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.03.010"},{"key":"35","volume-title":"Improving web application security: threats and countermeasures","year":"2003"},{"key":"36","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.9.3.458"},{"key":"39","doi-asserted-by":"publisher","DOI":"10.1177\/1460458210377468"}],"container-title":["Journal of Healthcare Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/jhe\/2020\/5601068.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/jhe\/2020\/5601068.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/jhe\/2020\/5601068.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,17]],"date-time":"2020-01-17T18:32:44Z","timestamp":1579285964000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/jhe\/2020\/5601068\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,17]]},"references-count":23,"alternative-id":["5601068","5601068"],"URL":"https:\/\/doi.org\/10.1155\/2020\/5601068","relation":{},"ISSN":["2040-2295","2040-2309"],"issn-type":[{"value":"2040-2295","type":"print"},{"value":"2040-2309","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,17]]}}}