Privacy and Security for Digital Health: Assessing Risks and Harms to Users

Electronic Health (e-Health), such as mobile health (mHealth) and Health Information Systems (HIS), benefits healthcare consumers and professionals. However, it also poses potential privacy risks, as security, privacy, and human factors remain challenges in the rapid digitization of healthcare. Considering an impact assessment of the planned processing helps identify and prevent privacy risks early in the development of digital health technologies. When such risks are exploited, they can result in various privacy harms to individuals, including physical, psychological, financial, reputational, and societal harms. This thesis deals with the overarching objective of analyzing security and privacy risks in health-related systems. Specifically, it focuses on four main topics: (i.) the analysis of a selected category of mHealth apps, specifically, COVID-19 contact tracing apps; (ii.) the exploration of the potential impact on the privacy of patients in the context of cyberwar; (iii.) identification and modeling of privacy harms after a healthcare data breach; and, (iv.) an assessment of whether privacy harms enhance privacy risk assessments. It incorporates empirical methods, including in-depth document analysis through narrative reviews and a systematic literature review. A qualitative approach is also applied, using semi-structured interviews and a privacy risk assessment (PRA) exercise. Our results show that rapidly developed digital health apps present security and privacy risks that could impact healthcare consumers' privacy. While integrating Information and Communications Technology (ICT) in healthcare is advantageous, it also introduces new risks. State-sponsored attackers may exploit these risks, potentially causing privacy harm to healthcare service users. We identify actual privacy impacts and use this to model privacy harms by modifying a PRA methodology. In addition to identifying methods for evaluating Privacy Impact Assessments (PIAs) and PRAs, we assess the coverage of privacy harms within these existing methodologies. Furthermore, we gain insight into the operationalization of privacy harms from practitioners and how this improves PRAs.  Among the main contributions, the research creates an awareness of the risks associated with a lack of data protection mechanisms, and data breaches as well as their impact on patient privacy. In addition, a comprehensive systematic literature review on PIAs and PRAs was conducted, which led us to focus on operationalizing privacy harms that can be integrated into PRAs to assess the impact on the privacy of healthcare consumers. As a result, privacy experts and IT practitioners in healthcare will be better informed and guided in understanding privacy harms during privacy risk assessments. This ensures that appropriate safeguards are in place to prevent the materialization of actual privacy harms