Shadow Health-Related Data: Definition, Categorization, and User Perspectives
Details
Serval ID
serval:BIB_703F3D2D6542
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
Shadow Health-Related Data: Definition, Categorization, and User Perspectives
Title of the conference
Proceedings of the European Symposium on Usable Security (EuroUSEC)
Address
Karlstad, Sweden
Publication state
Published
Issued date
09/2024
Peer-reviewed
Oui
Language
english
Abstract
Health-related data (HRD) about individuals are increasingly generated and processed. The sources and volume of such data have grown larger over the past years, including wearable devices, health-related mobile apps, and electronic health records. HRD are sensitive, have important privacy implications, and therefore hold a special status under existing privacy laws and regulations. In this work, we focus on what we refer to as "shadow" HRD, which are HRD that are generated and/or processed by individuals using general-purpose digital tools outside of a professional health care information system. Some examples are health-related queries made by individuals on general-purpose search engines and LLM-based chatbots, or medical appointments and contact information of health professionals synced to the cloud. Such data, and the privacy risks stemming from them, are often overlooked when studying digital health. Based on two focus group sessions (23 participants in total), we identified and categorized a broad variety of user behaviors, including the aforementioned examples, that lead to the creation of shadow HRD. Then, informed by this categorization, we designed a questionnaire and deployed it through an online survey (300 respondents) to assess the prevalence of such behaviors among the general public, as well as user awareness of (and concerns about) the privacy risks stemming from their shadow HRD. Our findings show that most respondents adopt numerous and diverse behaviors that create shadow HRD, and very few resort to mechanisms to protect their privacy.
Keywords
health-related data, privacy, user study
Open Access
Yes
Create date
06/08/2024 23:11
Last modification date
05/09/2024 9:00