Alaqra Ala Sarah, Kane Bridget, Fischer-Hübner Simone
Computer Science and Information Systems, Karlstad University, Karlstad, Sweden.
Information Systems, Karlstad University Business School, Karlstad, Sweden.
JMIR Hum Factors. 2021 Sep 16;8(3):e21810. doi: 10.2196/21810.
Third-party cloud-based data analysis applications are proliferating in electronic health (eHealth) because of the expertise offered and their monetary advantage. However, privacy and security are critical concerns when handling sensitive medical data in the cloud. Technical advances based on "crypto magic" in privacy-preserving machine learning (ML) enable data analysis in encrypted form for maintaining confidentiality. Such privacy-enhancing technologies (PETs) could be counterintuitive to relevant stakeholders in eHealth, which could in turn hinder adoption; thus, more attention is needed on human factors for establishing trust and transparency.
The aim of this study was to analyze eHealth expert stakeholders' perspectives and the perceived tradeoffs in regard to data analysis on encrypted medical data in the cloud, and to derive user requirements for development of a privacy-preserving data analysis tool.
We used semistructured interviews and report on 14 interviews with individuals having medical, technical, or research expertise in eHealth. We used thematic analysis for analyzing interview data. In addition, we conducted a workshop for eliciting requirements.
Our results show differences in the understanding of and in trusting the technology; caution is advised by technical experts, whereas patient safety assurances are required by medical experts. Themes were identified with general perspectives on data privacy and practices (eg, acceptance of using external services), as well as themes highlighting specific perspectives (eg, data protection drawbacks and concerns of the data analysis on encrypted data). The latter themes result in requiring assurances and conformance testing for trusting tools such as the proposed ML-based tool. Communicating privacy, and utility benefits and tradeoffs with stakeholders is essential for trust. Furthermore, stakeholders and their organizations share accountability of patient data. Finally, stakeholders stressed the importance of informing patients about the privacy of their data.
Understanding the benefits and risks of using eHealth PETs is crucial, and collaboration among diverse stakeholders is essential. Assurances of the tool's privacy, accuracy, and patient safety should be in place for establishing trust of ML-based PETs, especially if used in the cloud.
由于提供的专业知识和经济优势,基于第三方云的数据分析应用程序在电子健康(eHealth)领域迅速增加。然而,在云端处理敏感医疗数据时,隐私和安全是至关重要的问题。基于隐私保护机器学习(ML)中“加密魔法”的技术进步,能够以加密形式进行数据分析以维护机密性。这种隐私增强技术(PET)对于电子健康领域的相关利益相关者而言可能违反直觉,进而可能阻碍其采用;因此,在建立信任和透明度方面,需要更多关注人为因素。
本研究的目的是分析电子健康专家利益相关者对云端加密医疗数据进行数据分析的观点以及感知到的权衡,并得出开发隐私保护数据分析工具的用户需求。
我们采用半结构化访谈,并报告了对14位在电子健康领域具有医学、技术或研究专业知识的个人的访谈情况。我们使用主题分析来分析访谈数据。此外,我们举办了一次研讨会以引出需求。
我们的结果显示了在对技术的理解和信任方面存在差异;技术专家建议谨慎行事,而医学专家则要求保证患者安全。确定了关于数据隐私和实践的一般观点(例如,接受使用外部服务)的主题,以及突出特定观点(例如,数据保护缺点和对加密数据进行数据分析的担忧)的主题。后一类主题导致需要对诸如所提议的基于ML的工具等信任工具进行保证和一致性测试。与利益相关者沟通隐私、效用益处和权衡对于信任至关重要。此外,利益相关者及其组织对患者数据负有共同责任。最后,利益相关者强调了告知患者其数据隐私的重要性。
了解使用电子健康PET的益处和风险至关重要,不同利益相关者之间的合作必不可少。为建立对基于ML的PET的信任,应确保工具的隐私、准确性和患者安全,特别是在云端使用时。
