Source-free unsupervised domain adaptation: A survey

Unsupervised domain adaptation (UDA) via deep learning has attracted appealing attention for tackling domain-shift problems caused by distribution discrepancy across different domains. Existing UDA approaches highly depend on the accessibility of source domain data, which is usually limited in practical scenarios due to privacy protection, data storage and transmission cost, and computation burden. To tackle this issue, many source-free unsupervised domain adaptation (SFUDA) methods have been proposed recently, which perform knowledge transfer from a pre-trained source model to the unlabeled target domain with source data inaccessible. A comprehensive review of these works on SFUDA is of great significance. In this paper, we provide a timely and systematic literature review of existing SFUDA approaches from a technical perspective. Specifically, we categorize current SFUDA studies into two groups, i.e., white-box SFUDA and black-box SFUDA, and further divide them into finer subcategories based on different learning strategies they use. We also investigate the challenges of methods in each subcategory, discuss the advantages/disadvantages of white-box and black-box SFUDA methods, conclude the commonly used benchmark datasets, and summarize the popular techniques for improved generalizability of models learned without using source data. We finally discuss several promising future directions in this field.

PPPCT: Privacy-Preserving framework for Parallel Clustering Transcriptomics data

Single-cell transcriptomics data provides crucial insights into patients' health, yet poses significant privacy concerns. Genomic data privacy attacks can have deep implications, encompassing not only the patients' health information but also extending widely to compromise their families'. Moreover, the permanence of leaked data exacerbates the challenges, making retraction an impossibility. While extensive efforts have been directed towards clustering single-cell transcriptomics data, addressing critical challenges, especially in the realm of privacy, remains pivotal. This paper introduces an efficient, fast, privacy-preserving approach for clustering single-cell RNA-sequencing (scRNA-seq) datasets. The key contributions include ensuring data privacy, achieving high-quality clustering, accommodating the high dimensionality inherent in the datasets, and maintaining reasonable computation time for big-scale datasets. Our proposed approach utilizes the map-reduce scheme to parallelize clustering, addressing intensive calculation challenges. Intel Software Guard eXtension (SGX) processors are used to ensure the security of sensitive code and data during processing. Additionally, the approach incorporates a logarithm transformation as a preprocessing step, employs non-negative matrix factorization for dimensionality reduction, and utilizes parallel k-means for clustering. The approach fully leverages the computing capabilities of all processing resources within a secure private cloud environment. Experimental results demonstrate the efficacy of our approach in preserving patient privacy while surpassing state-of-the-art methods in both clustering quality and computation time. Our method consistently achieves a minimum of 7% higher Adjusted Rand Index (ARI) than existing approaches, contingent on dataset size. Additionally, due to parallel computations and dimensionality reduction, our approach exhibits efficiency, converging to very good results in less than 10 seconds for a scRNA-seq dataset with 5000 genes and 6000 cells when prioritizing privacy and under two seconds without privacy considerations. Availability and implementation Code and datasets availability: https://github.com/University-of-Windsor/PPPCT.

Privacy preserving image registration

Image registration is a key task in medical imaging applications, allowing to represent medical images in a common spatial reference frame. Current approaches to image registration are generally based on the assumption that the content of the images is usually accessible in clear form, from which the spatial transformation is subsequently estimated. This common assumption may not be met in practical applications, since the sensitive nature of medical images may ultimately require their analysis under privacy constraints, preventing to openly share the image content. In this work, we formulate the problem of image registration under a privacy preserving regime, where images are assumed to be confidential and cannot be disclosed in clear. We derive our privacy preserving image registration framework by extending classical registration paradigms to account for advanced cryptographic tools, such as secure multi-party computation and homomorphic encryption, that enable the execution of operations without leaking the underlying data. To overcome the problem of performance and scalability of cryptographic tools in high dimensions, we propose several techniques to optimize the image registration operations by using gradient approximations, and by revisiting the use of homomorphic encryption trough packing, to allow the efficient encryption and multiplication of large matrices. We focus on registration methods of increasing complexity, including rigid, affine, and non-linear registration based on cubic splines or diffeomorphisms parameterized by time-varying velocity fields. In all these settings, we demonstrate how the registration problem can be naturally adapted for accounting to privacy-preserving operations, and illustrate the effectiveness of PPIR on a variety of registration tasks.

Securing the future of IoT-healthcare systems: A meta-synthesis of mandatory security requirements

INTRODUCTION

Healthcare-based Internet of Things (Healthcare-IoT) is a turning point in the development of health information systems. This emerging trend significantly contributes to enhancing users' awareness of their health, ultimately leading to an extension in life expectancy. Security and privacy are among the greatest challenges for H-IoT systems. To establish complete safety and security in these systems, the implementation of mandatory security requirements is imperative. For this reason, this study identifies the necessary security requirements for H-IoT systems using a Meta-Synthesis approach.

METHODS

Initially, following the Seven-Stage Sandelowski & Barroso approach, the existing literature was searched in the Scopus and Web of Science databases. Among the 844 extracted articles from the period of 2010 to 2020, 78 final articles were reviewed and analyzed, leading to the identification of 51 security requirements. Subsequently, to assess the quality of the identified requirements and their overlap, interviews were conducted with two experts.

RESULTS

Finally, 14 security requirements, predominantly with technical and quantitative aspects, were identified for designing a Healthcare-IoT system and implementing security mechanisms.

CONCLUSION

The findings of this study emphasize that addressing the identified 14 security requirements is crucial for safeguarding Healthcare-IoT systems and ensuring their robustness in the evolving health information landscape.

The Costs of Anonymization: Case Study Using Clinical Data

BACKGROUND

Sharing data from clinical studies can accelerate scientific progress, improve transparency, and increase the potential for innovation and collaboration. However, privacy concerns remain a barrier to data sharing. Certain concerns, such as reidentification risk, can be addressed through the application of anonymization algorithms, whereby data are altered so that it is no longer reasonably related to a person. Yet, such alterations have the potential to influence the data set's statistical properties, such that the privacy-utility trade-off must be considered. This has been studied in theory, but evidence based on real-world individual-level clinical data is rare, and anonymization has not broadly been adopted in clinical practice.

OBJECTIVE

The goal of this study is to contribute to a better understanding of anonymization in the real world by comprehensively evaluating the privacy-utility trade-off of differently anonymized data using data and scientific results from the German Chronic Kidney Disease (GCKD) study.

METHODS

The GCKD data set extracted for this study consists of 5217 records and 70 variables. A 2-step procedure was followed to determine which variables constituted reidentification risks. To capture a large portion of the risk-utility space, we decided on risk thresholds ranging from 0.02 to 1. The data were then transformed via generalization and suppression, and the anonymization process was varied using a generic and a use case-specific configuration. To assess the utility of the anonymized GCKD data, general-purpose metrics (ie, data granularity and entropy), as well as use case-specific metrics (ie, reproducibility), were applied. Reproducibility was assessed by measuring the overlap of the 95% CI lengths between anonymized and original results.

RESULTS

Reproducibility measured by 95% CI overlap was higher than utility obtained from general-purpose metrics. For example, granularity varied between 68.2% and 87.6%, and entropy varied between 25.5% and 46.2%, whereas the average 95% CI overlap was above 90% for all risk thresholds applied. A nonoverlapping 95% CI was detected in 6 estimates across all analyses, but the overwhelming majority of estimates exhibited an overlap over 50%. The use case-specific configuration outperformed the generic one in terms of actual utility (ie, reproducibility) at the same level of privacy.

CONCLUSIONS

Our results illustrate the challenges that anonymization faces when aiming to support multiple likely and possibly competing uses, while use case-specific anonymization can provide greater utility. This aspect should be taken into account when evaluating the associated costs of anonymized data and attempting to maintain sufficiently high levels of privacy for anonymized data.

TRIAL REGISTRATION

German Clinical Trials Register DRKS00003971; https://drks.de/search/en/trial/DRKS00003971.

INTERNATIONAL REGISTERED REPORT IDENTIFIER (IRRID)

RR2-10.1093/ndt/gfr456.

A data-driven approach to choosing privacy parameters for clinical trial data sharing under differential privacy

OBJECTIVES

Clinical trial data sharing is crucial for promoting transparency and collaborative efforts in medical research. Differential privacy (DP) is a formal statistical technique for anonymizing shared data that balances privacy of individual records and accuracy of replicated results through a "privacy budget" parameter, ε. DP is considered the state of the art in privacy-protected data publication and is underutilized in clinical trial data sharing. This study is focused on identifying ε values for the sharing of clinical trial data.

MATERIALS AND METHODS

We analyzed 2 clinical trial datasets with privacy budget ε ranging from 0.01 to 10. Smaller values of ε entail adding greater amounts of random noise, with better privacy as a result. Comparison of rates, odds ratios, means, and mean differences between the original clinical trial datasets and the empirical distribution of the DP estimator was performed.

RESULTS

The DP rate closely approximated the original rate of 6.5% when ε > 1. The DP odds ratio closely aligned with the original odds ratio of 0.689 when ε ≥ 3. The DP mean closely approximated the original mean of 164.64 when ε ≥ 1. As ε increased to 5, both the minimum and maximum DP means converged toward the original mean.

DISCUSSION

There is no consensus on how to choose the privacy budget ε. The definition of DP does not specify the required level of privacy, and there is no established formula for determining ε.

CONCLUSION

Our findings suggest that the application of DP holds promise in the context of sharing clinical trial data.

YJMob100K: City-scale and longitudinal dataset of anonymized human mobility trajectories

Modeling and predicting human mobility trajectories in urban areas is an essential task for various applications including transportation modeling, disaster management, and urban planning. The recent availability of large-scale human movement data collected from mobile devices has enabled the development of complex human mobility prediction models. However, human mobility prediction methods are often trained and tested on different datasets, due to the lack of open-source large-scale human mobility datasets amid privacy concerns, posing a challenge towards conducting transparent performance comparisons between methods. To this end, we created an open-source, anonymized, metropolitan scale, and longitudinal (75 days) dataset of 100,000 individuals' human mobility trajectories, using mobile phone location data provided by Yahoo Japan Corporation (currently renamed to LY Corporation), named YJMob100K. The location pings are spatially and temporally discretized, and the metropolitan area is undisclosed to protect users' privacy. The 90-day period is composed of 75 days of business-as-usual and 15 days during an emergency, to test human mobility predictability during both normal and anomalous situations.

An efficient and compromise-resilient image encryption scheme for resource-constrained environments

The secret keys produced by current image cryptosystems, which rely on chaotic sequences, exhibit a direct correlation with the size of the image. As the image dimensions expand, the generation of extensive chaotic sequences in the encryption and decryption procedures becomes more computationally intensive. Secondly, a common problem in existing image encryption schemes is the compromise between privacy and efficiency. Some existing lightweight schemes reveal patterns in encrypted images, while others impose heavy computational burdens during encryption/decryption due to the need for large chaotic sequences. In this study, we introduce a lightweight image encryption scheme that involves partitioning the image into uniformly sized tiles and generating a chaotic sequence accordingly. This approach diminishes the necessity to create extensive chaotic sequences equal to the tile size, which is significantly smaller than the original image. As a result, it alleviates the processing burden associated with generating sequences equivalent to the original image size. The results confirm that our proposed scheme is lightweight and secure compared to the latest state-of-the-art image encryption schemes. Additionally, sensitivity analysis demonstrates that the proposed image encryption technique, with a UACI value of 33.48 and NPRC value of 99.96, affirms its resistance to differential attacks.

[Digital environment and population health]

Health and risk of disease are determined by exposure to the physical, socio-economic, and political environment and to this has been added exposure to the digital environment. Our increasingly digital lives have major implications for people's health and its monitoring, as well as for prevention and care. Digital health, which encompasses the use of health applications, connected devices and artificial intelligence medical tools, is transforming medical and healthcare practices. Used properly, it could facilitate patient-centered, inter-professional and data-driven care. However, its implementation raises major concerns and ethical issues, particularly in relation to privacy, equity, and the therapeutic relationship.

Sparsified federated learning with differential privacy for intrusion detection in VANETs based on Fisher Information Matrix

With the continuous development of vehicular ad hoc networks (VANET) security, using federated learning (FL) to deploy intrusion detection models in VANET has attracted considerable attention. Compared to conventional centralized learning, FL retains local training private data, thus protecting privacy. However, sensitive information about the training data can still be inferred from the shared model parameters in FL. Differential privacy (DP) is sophisticated technique to mitigate such attacks. A key challenge of implementing DP in FL is that non-selectively adding DP noise can adversely affect model accuracy, while having many perturbed parameters also increases privacy budget consumption and communication costs for detection models. To address this challenge, we propose FFIDS, a FL algorithm integrating model parameter pruning with differential privacy. It employs a parameter pruning technique based on the Fisher Information Matrix to reduce the privacy budget consumption per iteration while ensuring no accuracy loss. Specifically, FFIDS evaluates parameter importance and prunes unimportant parameters to generate compact sub-models, while recording the positions of parameters in each sub-model. This not only reduces model size to lower communication costs, but also maintains accuracy stability. DP noise is then added to the sub-models. By not perturbing unimportant parameters, more budget can be reserved to retain important parameters for more iterations. Finally, the server can promptly recover the sub-models using the parameter position information and complete aggregation. Extensive experiments on two public datasets and two F2MD simulation datasets have validated the utility and superior performance of the FFIDS algorithm.

Generative adversarial networks for anonymous acneic face dataset generation

It is well known that the performance of any classification model is effective if the dataset used for the training process and the test process satisfy some specific requirements. In other words, the more the dataset size is large, balanced, and representative, the more one can trust the proposed model's effectiveness and, consequently, the obtained results. Unfortunately, large-size anonymous datasets are generally not publicly available in biomedical applications, especially those dealing with pathological human face images. This concern makes using deep-learning-based approaches challenging to deploy and difficult to reproduce or verify some published results. In this paper, we propose an efficient method to generate a realistic anonymous synthetic dataset of human faces, focusing on attributes related to acne disorders at three distinct levels of severity (Mild, Moderate, and Severe). Notably, our approach initiates from a small dataset of facial acne images, leveraging generative techniques to augment and diversify the dataset, ensuring comprehensive coverage of acne severity levels while maintaining anonymity and realism in the synthetic data. Therefore, a specific hierarchy StyleGAN-based algorithm trained at distinct levels is considered. Moreover, the utilization of generative adversarial networks for augmentation offers a means to circumvent potential privacy or legal concerns associated with acquiring medical datasets. This is attributed to the synthetic nature of the generated data, where no actual subjects are present, thereby ensuring compliance with privacy regulations and legal considerations. To evaluate the performance of the proposed scheme, we consider a CNN-based classification system, trained using the generated synthetic acneic face images and tested using authentic face images. Consequently, we show that an accuracy of 97.6% is achieved using InceptionResNetv2. As a result, this work allows the scientific community to employ the generated synthetic dataset for any data processing application without restrictions on legal or ethical concerns. Moreover, this approach can also be extended to other applications requiring the generation of synthetic medical images.

Achieving sustainable medical tourism: unpacking privacy concerns through a tripartite game theoretic lens

Introduction

Medical tourism has grown significantly, raising critical concerns about the privacy of medical tourists. This study investigates privacy issues in medical tourism from a game theoretic perspective, focusing on how stakeholders' strategies impact privacy protection.

Methods

We employed an evolutionary game model to explore the interactions between medical institutions, medical tourists, and government departments. The model identifies stable strategies that stakeholders may adopt to protect the privacy of medical tourists.

Results

Two primary stable strategies were identified, with E6(1,0,1) emerging as the optimal strategy. This strategy involves active protection measures by medical institutions, the decision by tourists to forgo accountability, and strict supervision by government departments. The evolution of the system's strategy is significantly influenced by the government's penalty intensity, subsidies, incentives, and the compensatory measures of medical institutions.

Discussion

The findings suggest that medical institutions are quick to make decisions favoring privacy protection, while medical tourists tend to follow learning and conformity. Government strategy remains consistent, with increased subsidies and penalties encouraging medical institutions towards proactive privacy protection strategies. We recommend policies to enhance privacy protection in medical tourism, contributing to the industry's sustainable growth.

Hierarchical Perceptual Noise Injection for Social Media Fingerprint Privacy Protection

Billions of people share images from their daily lives on social media every day. However, their biometric information (e.g., fingerprints) could be easily stolen from these images. The threat of fingerprint leakage from social media has created a strong desire to anonymize shared images while maintaining image quality, since fingerprints act as a lifelong individual biometric password. To guard the fingerprint leakage, adversarial attack that involves adding imperceptible perturbations to fingerprint images have emerged as a feasible solution. However, existing works of this kind are either weak in black-box transferability or cause the images to have an unnatural appearance. Motivated by the visual perception hierarchy (i.e., high-level perception exploits model-shared semantics that transfer well across models while low-level perception extracts primitive stimuli that result in high visual sensitivity when a suspicious stimulus is provided), we propose FingerSafe, a hierarchical perceptual protective noise injection framework to address the above mentioned problems. For black-box transferability, we inject protective noises into the fingerprint orientation field to perturb the model-shared high-level semantics (i.e., fingerprint ridges). Considering visual naturalness, we suppress the low-level local contrast stimulus by regularizing the response of the Lateral Geniculate Nucleus. Our proposed FingerSafe is the first to provide feasible fingerprint protection in both digital (up to 94.12%) and realistic scenarios (Twitter and Facebook, up to 68.75%). Our code can be found at https://github.com/nlsde-safety-team/FingerSafe.

How do opt-in versus opt-out settings nudge patients toward electronic health record adoption? An exploratory study of facilitators and barriers in Austria and France

BACKGROUND

Electronic health records (EHR) are becoming an integral part of the health system in many developed countries, though implementations and settings vary across countries. Some countries have adopted an opt-out policy, in which patients are enrolled in the EHR system following a default nudge, while others have applied an opt-in policy, where patients have to take action to opt into the system. While opt-in systems may exhibit lower levels of active user requests for access, this contrasts with opt-out systems where a notable percentage of users may passively retain access. Thus, our research endeavor aims to explore facilitators and barriers that contribute to explaining EHR usage (i.e., actively accessing the EHR system) in two countries with either an opt-in or opt-out setting, exemplified by France and Austria.

METHODS

A qualitative exploratory approach using a semi-structured interview guideline was undertaken in both countries: 1) In Austria, with four homogenously composed group discussions, and 2) in France, with 19 single patient interviews. The data were collected from October 2020 to January 2021.

RESULTS

Influencing factors were categorized into twelve subcategories. Patients have similar experiences in both countries with regard to all facilitating categories, for instance, the role of health providers, awareness of EHR and social norms. However, we highlighted important differences between the two systems regarding hurdles impeding EHR usage, namely, a lack of communication as well as transparency or information security about EHR.

CONCLUSION

Implementing additional safeguards to enhance privacy protection and supporting patients to improve their digital ability may help to diminish the perception of EHR-induced barriers and improve patients' health and commitment in the long term.

PRACTICAL IMPLICATIONS

Understanding the differences and similarities will help to develop practical implications to tackle the problem of low EHR usage rates in the long run. This problem is prevalent in countries with both types of EHR default settings.

Performing Platform Governance: Facebook and the Stage Management of Data Relations

Controversies surrounding social media platforms have provided opportunities for institutional reflexivity amongst users and regulators on how to understand and govern platforms. Amidst contestation, platform companies have continued to enact projects that draw upon existing modes of privatized governance. We investigate how social media companies have attempted to achieve closure by continuing to set the terms around platform governance. We investigate two projects implemented by Facebook (Meta)-authenticity regulation and privacy controls-in response to the Russian Interference and Cambridge Analytica controversies surrounding the 2016 U.S. Presidential Election. Drawing on Goffman's metaphor of stage management, we analyze the techniques deployed by Facebook to reinforce a division between what is visible and invisible to the user experience. These platform governance projects propose to act upon front-stage data relations: information that users can see from other users-whether that is content that users can see from "bad actors", or information that other users can see about oneself. At the same time, these projects relegate back-stage data relations-information flows between users constituted by recommendation and targeted advertising systems-to invisibility and inaction. As such, Facebook renders the user experience actionable for governance, while foreclosing governance of back-stage data relations central to the economic value of the platform. As social media companies continue to perform platform governance projects following controversies, our paper invites reflection on the politics of these projects. By destabilizing the boundaries drawn by platform companies, we open space for continuous reflexivity on how platforms should be understood and governed.

Brain Data in Context: Are New Rights the Way to Mental and Brain Privacy?

The potential to collect brain data more directly, with higher resolution, and in greater amounts has heightened worries about mental and brain privacy. In order to manage the risks to individuals posed by these privacy challenges, some have suggested codifying new privacy rights, including a right to "mental privacy." In this paper, we consider these arguments and conclude that while neurotechnologies do raise significant privacy concerns, such concerns are-at least for now-no different from those raised by other well-understood data collection technologies, such as gene sequencing tools and online surveillance. To better understand the privacy stakes of brain data, we suggest the use of a conceptual framework from information ethics, Helen Nissenbaum's "contextual integrity" theory. To illustrate the importance of context, we examine neurotechnologies and the information flows they produce in three familiar contexts-healthcare and medical research, criminal justice, and consumer marketing. We argue that by emphasizing what is distinct about brain privacy issues, rather than what they share with other data privacy concerns, risks weakening broader efforts to enact more robust privacy law and policy.

Importance-aware adaptive dataset distillation

Herein, we propose a novel dataset distillation method for constructing small informative datasets that preserve the information of the large original datasets. The development of deep learning models is enabled by the availability of large-scale datasets. Despite unprecedented success, large-scale datasets considerably increase the storage and transmission costs, resulting in a cumbersome model training process. Moreover, using raw data for training raises privacy and copyright concerns. To address these issues, a new task named dataset distillation has been introduced, aiming to synthesize a compact dataset that retains the essential information from the large original dataset. State-of-the-art (SOTA) dataset distillation methods have been proposed by matching gradients or network parameters obtained during training on real and synthetic datasets. The contribution of different network parameters to the distillation process varies, and uniformly treating them leads to degraded distillation performance. Based on this observation, we propose an importance-aware adaptive dataset distillation (IADD) method that can improve distillation performance by automatically assigning importance weights to different network parameters during distillation, thereby synthesizing more robust distilled datasets. IADD demonstrates superior performance over other SOTA dataset distillation methods based on parameter matching on multiple benchmark datasets and outperforms them in terms of cross-architecture generalization. In addition, the analysis of self-adaptive weights demonstrates the effectiveness of IADD. Furthermore, the effectiveness of IADD is validated in a real-world medical application such as COVID-19 detection.

Reversible gender privacy enhancement via adversarial perturbations

The significant advancement in deep learning has made it feasible to extract gender from faces accurately. However, such unauthorized extraction would pose potential threats to individual privacy. Existing protection schemes for gender privacy have exhibited satisfactory performance. Nevertheless, they suffer from gender inference from gender-related attributes and fail to support the recovery of the original image. In this paper, we propose a novel gender privacy protection scheme that aims to enhance gender privacy while supporting reversibility. Firstly, our scheme utilizes continuously optimized adversarial perturbations to prevent gender recognition from unauthorized classifiers. Meanwhile, gender-related attributes are concealed for classifiers, which prevents the inference of gender from these attributes, thereby enhancing gender privacy. Moreover, an identity preservation constraint is added to maintain identity preservation. Secondly, reversibility is supported by a reversible image transformation, allowing the perturbations to be securely removed to losslessly recover the original face when required. Extensive experiments demonstrate the effectiveness of our scheme in gender privacy protection, identity preservation, and reversibility.

Perception of Privacy: An Ethnocentric Study of Turkish Muslim Female Surgical Patients

PURPOSE

This study aimed to investigate the perception of privacy among Turkish Muslim female patients who have undergone surgery.

DESIGN

A descriptive-qualitative study design was employed.

METHODS

In-depth interviews were conducted with 10 study participants.

FINDINGS

The findings revealed three main themes and two subthemes. The main themes were physical privacy, the influence of culture, and responses to privacy violations. The subthemes pertained solely to responses to privacy violations and included behavioral and emotional responses.

CONCLUSIONS

The participants' perception of privacy was primarily focused on the physical aspects of privacy. Muslim and Turkish cultures played a significant role in shaping the patients' perception of privacy. The participants reported experiencing emotional and behavioral responses when their privacy was violated. This study reveals the perception of privacy among 10 Turkish Muslim female patients, emphasizing the significance of understanding and considering this perception in nursing care.

User Information Sharing and Hospital Website Privacy Policies

Importance

Hospital websites frequently use tracking technologies that transfer user information to third parties. It is not known whether hospital websites include privacy policies that disclose relevant details regarding tracking.

Objective

To determine whether hospital websites have accessible privacy policies and whether those policies contain key information related to third-party tracking.

Design, Setting, and Participants

In this cross-sectional content analysis of website privacy policies of a nationally representative sample of nonfederal acute care hospitals, hospital websites were first measured to determine whether they included tracking technologies that transferred user information to third parties. Hospital website privacy policies were then identified using standardized searches. Policies were assessed for length and readability. Policy content was analyzed using a data abstraction form. Tracking measurement and privacy policy retrieval and analysis took place from November 2023 to January 2024. The prevalence of privacy policy characteristics was analyzed using standard descriptive statistics.

Main Outcomes and Measures

The primary study outcome was the availability of a website privacy policy. Secondary outcomes were the length and readability of privacy policies and the inclusion of privacy policy content addressing user information collected by the website, potential uses of user information, third-party recipients of user information, and user rights regarding tracking and information collection.

Results

Of 100 hospital websites, 96 (96.0%; 95% CI, 90.1%-98.9%) transferred user information to third parties. Privacy policies were found on 71 websites (71.0%; 95% CI, 61.6%-79.4%). Policies were a mean length of 2527 words (95% CI, 2058-2997 words) and were written at a mean grade level of 13.7 (95% CI, 13.4-14.1). Among 71 privacy policies, 69 (97.2%; 95% CI, 91.4%-99.5%) addressed types of user information automatically collected by the website, 70 (98.6%; 95% CI, 93.8%-99.9%) addressed how collected information would be used, 66 (93.0%; 95% CI, 85.3%-97.5%) addressed categories of third-party recipients of user information, and 40 (56.3%; 95% CI, 44.5%-67.7%) named specific third-party companies or services receiving user information.

Conclusions and Relevance

In this cross-sectional study of hospital website privacy policies, a substantial number of hospital websites did not present users with adequate information about the privacy implications of website use, either because they lacked a privacy policy or had a privacy policy that contained limited content about third-party recipients of user information.

Addressing Privacy Concerns Surrounding Oocyte Donation in the United States: Gone With Anonymity

Oocyte donation has greatly expanded in the past several decades since the first procedure was performed in 1983. According to the Centers for Disease Control, the number of cycles using donor oocytes increased from 18,011 cycles in 2010 to 27,131 cycles in 2019. Oocyte donation has become an important reproductive option for women with diminished ovarian reserve, recurrent failed in vitro fertilization, or heritable genetic conditions. It is also particularly important for single men, same-sex male couples, and men with a transgender woman partner. More recently, societal changes accompanying the expansion of social media and broader access to direct-to-consumer DNA testing have raised concerns about privacy and anonymity. In this article, we review two specific aspects of donor privacy: privacy related to personal identifiers provided by clinics or donor egg bank websites and privacy related to direct-to-consumer genetic testing. We also provide clinical recommendations specific to the United States for working with oocyte donors and donor oocyte recipients.

SecBERT: Privacy-preserving pre-training based neural network inference system

Pre-trained models such as BERT have made great achievements in natural language processing tasks in recent years. In this paper, we investigate the privacy-preserving pre-training based neural network inference in a two-server framework based on additive secret sharing technique. Our protocol allows a resource-restrained client to request two powerful servers to cooperatively process the natural processing tasks without revealing any useful information about its data. We first design a series of secure sub-protocols for non-linear functions used in BERT model. These sub-protocols are expected to have broad applications and of independent interest. Based on the building sub-protocols, we propose SecBERT, a privacy-preserving pre-training based neural network inference protocol. SecBERT is the first cryptographically secure privacy-preserving pre-training based neural network inference protocol. We show security, efficiency and accuracy of SecBERT protocol through comprehensive theoretical analysis and experiments.

Preserving privacy in the era of openness: Commentary on open science requirements for identifiable data in psychological science journals

Psychological science journals are increasingly adopting open science (OS) policies (e.g., Transparency and Openness Promotion) requiring researchers to make all data and materials publicly available in an effort to drive research toward greater transparency and accessibility. These policies certainly have many benefits to the scientific community and public in helping ensure the quality of published research. However, the Center for Open Science has not offered any explicit guidelines regarding when exceptions to OS policies should be made, with only vague guidelines offered such as "when ethical or legal constraints prevent it." We argue that these ambiguous policies may create bias in decisions made by journal editors as to whom and what type of research is granted exceptions. When journals are too rigid in their exception policies, this may unintentionally contradict OS's goals to create a more valid and ethical science. We argue that journals should never mandate identifiable data to be posted publicly as a publication prerequisite. Maintaining participant anonymity should always come before OS policies to (a) align with psychologists' primary obligation of maintaining participant confidentiality, (b) encourage participation from the broader population and more specifically from marginalized communities, and (c) maintain unbiased, representative, and valid data. From empirical and ethical insights, we offer several solutions to ease the tensions between OS and participant privacy during the data collection and publication process. (PsycInfo Database Record (c) 2024 APA, all rights reserved).

An assessment of ten popular pregnancy applications (Apps) available for women in Australia

OBJECTIVE

Given the growing popularity of health Apps, this study aimed to evaluate popular pregnancy Apps among Australian women.

DESIGN

Ten popular pregnancy mobile device Apps accessible within Australia were assessed using the Deakin Health E-technologies Assessment Lab (HEAL) framework, the Australian Privacy Principles (APP) and other context-specific criteria.

RESULTS

Most Apps were robust in use and user-friendly in terms of design. Based on the HEAL assessment, all the Apps scored between 70 and 89 out of 120. Only two of the ten Apps were locally hosted and operated. Only one App could search local health services using Victorian postcodes. All ten Apps were aligned with various privacy policy guidelines, but only one was reported to be fully aligned with the APP as it is locally hosted and operated. None of the Apps had accessibility features such as for visual or hearing difficulties. Only one App could be assessed as able to interface with the electronic medical record system in Australia due to a lack of publicly available information on this capability.

CONCLUSIONS

Due to privacy concerns, pregnancy Apps accessible in Australia should be used with caution unless care is taken to select an App that fully complies with local requirements or international equivalents. All Apps were subjectively rated as moderate in quality, and more attention to accessibility and privacy features by App developers is recommended, along with the focus on integration with Australian digital health services.

Need for Nation-wide Regulatory Laws to Govern Privacy and Genomic Data in Healthcare

Null.

Generation, division and training: A promising method for source-free unsupervised domain adaptation

Conventional unsupervised domain adaptation (UDA) methods often presuppose the existence of labeled source domain samples while adapting the source model to the target domain. Nevertheless, this premise is not always tenable in the context of source-free UDA (SFUDA) attributed to data privacy considerations. Some existing methods address this challenging SFUDA problem by self-supervised learning. But inaccurate pseudo-labels are always unavoidable to degrade the performance of the target model among these methods. Therefore, we propose a promising SFUDA method, namely Generation, Division and Training (GDT) which aims to promote the reliability of pseudo-labels for self-supervised learning and encourage similar features to have closer predictions than dissimilar ones by contrastive learning. Specifically in our GDT method, we first refine pseudo-labels with deep clustering for target samples and then split them into reliable samples and unreliable samples. After that, we adopt self-supervised learning and information maximization for reliable samples training. And for unreliable samples, we conduct contrastive learning via the perspective of similarity and disparity to attract similar samples and repulse dissimilar samples, which helps pull the similar features closed and push the dissimilar features away, leading to efficient feature clustering. Thorough experimentation on three benchmark datasets substantiates the excellence of our proposed approach.

MoodSensing: A smartphone app for digital phenotyping and assessment of bipolar disorder

BACKGROUND

Daily life tracking has proven to be of great help in the assessment of patients with bipolar disorder. Although there are many smartphone apps for tracking bipolar disorder, most of them lack academic verification, privacy policy and long-term maintenance.

METHODS

Our developed app, MoodSensing, aims to collect users' digital phenotyping for assessment of bipolar disorder. The data collection was approved by the Institutional Review Board. This study collaborated with professional clinicians to ensure that the app meets both clinical needs and user experience requirements. Based on the collected digital phenotyping, deep learning techniques were applied to forecast participants' weekly HAM-D and YMRS scale scores.

RESULTS

In experiments, the data collected by our app can effectively predict the scale scores, reaching the mean absolute error of 0.84 and 0.22 on the scales. The statistical data also demonstrate the increase in user engagement.

CONCLUSIONS

Our analysis reveals that the developed MoodSensing app can not only provide a good user experience, but also the recorded data have certain discriminability for clinical assessment. Our app also provides relevant policies to protect user privacy, and has been launched in the Apple Store and Google Play Store.

TCN-attention-HAR: human activity recognition based on attention mechanism time convolutional network

Wearable sensors are widely used in medical applications and human-computer interaction because of their portability and powerful privacy. Human activity identification based on sensor data plays a vital role in these fields. Therefore, it is important to improve the recognition performance of different types of actions. Aiming at the problems of insufficient time-varying feature extraction and gradient explosion caused by too many network layers, a time convolution network recognition model with attention mechanism (TCN-Attention-HAR) was proposed. The model effectively recognizes and emphasizes the key feature information. The ability of extracting temporal features from TCN (temporal convolution network) is improved by using the appropriate size of the receiver domain. In addition, attention mechanisms are used to assign higher weights to important information, enabling models to learn and identify human activities more effectively. The performance of the Open Data Set (WISDM, PAMAP2 and USC-HAD) is improved by 1.13%, 1.83% and 0.51%, respectively, compared with other advanced models, these results clearly show that the network model presented in this paper has excellent recognition performance. In the knowledge distillation experiment, the parameters of student model are only about 0.1% of those of teacher model, and the accuracy of the model has been greatly improved, and in the WISDM data set, compared with the teacher's model, the accuracy is 0.14% higher.

Secure Cloud-Based Electronic Health Records: Cross-Patient Block-Level Deduplication with Blockchain Auditing

In today's data-driven world, the exponential growth of digital information poses significant challenges in data management. In recent years, the adoption of cloud-based Electronic Health Records (EHR) sharing schemes has yielded numerous advantages like improved accessibility, availability, and enhanced interoperability. However, the centralized nature of cloud storage presents challenges in terms of information storage, privacy protection, and security. Despite several approaches that have been presented to ensure secure deduplication of similar EHRs, the validation of data integrity without a third-party auditor (TPA) remains a persistent task. Because involving a TPA raises concerns about the confidentiality and privacy of crucial healthcare information. To tackle this challenge, a novel cloud storage auditing technique is proposed that incorporates cross-patient block-level deduplication while upholding strong privacy protection, ensuring that EHR is not compromised. Here, we introduced blockchain technology to achieve integrity verification, thus eliminating the need for a TPA by providing a decentralized and transparent mechanism. Additionally, an index for all EHRs has been generated to facilitate block-level duplicate checks and employ a novel strategy to prevent adversaries from acquiring original information saved in the cloud storage. The security of the proposed approach is established against factorization attacks and decrypt exponent attacks. The performance evaluation demonstrates the superior efficiency of the proposed scheme in terms of file authenticator generation, challenge creation, and proof verification to other existing client-side deduplication approaches.

Systematic review and meta-analysis for a Global Patient co-Owned Cloud (GPOC)

Cloud-based personal health records increase globally. The GPOC series introduces the concept of a Global Patient co-Owned Cloud (GPOC) of personal health records. Here, we present the GPOC series' Prospective Register of Systematic Reviews (PROSPERO) registered and Preferred Reporting Items Systematic and Meta-Analyses (PRISMA)-guided systematic review and meta-analysis. It examines cloud-based personal health records and factors such as data security, efficiency, privacy and cost-based measures. It is a meta-analysis of twelve relevant axes encompassing performance, cryptography and parameters based on efficiency (runtimes, key generation times), security (access policies, encryption, decryption) and cost (gas). This aims to generate a basis for further research, a GPOC sandbox model, and a possible construction of a global platform. This area lacks standard and shows marked heterogeneity. A consensus within this field would be beneficial to the development of a GPOC. A GPOC could spark the development and global dissemination of artificial intelligence in healthcare.

Generative AI in Medical Practice: In-Depth Exploration of Privacy and Security Challenges

As advances in artificial intelligence (AI) continue to transform and revolutionize the field of medicine, understanding the potential uses of generative AI in health care becomes increasingly important. Generative AI, including models such as generative adversarial networks and large language models, shows promise in transforming medical diagnostics, research, treatment planning, and patient care. However, these data-intensive systems pose new threats to protected health information. This Viewpoint paper aims to explore various categories of generative AI in health care, including medical diagnostics, drug discovery, virtual health assistants, medical research, and clinical decision support, while identifying security and privacy threats within each phase of the life cycle of such systems (ie, data collection, model development, and implementation phases). The objectives of this study were to analyze the current state of generative AI in health care, identify opportunities and privacy and security challenges posed by integrating these technologies into existing health care infrastructure, and propose strategies for mitigating security and privacy risks. This study highlights the importance of addressing the security and privacy threats associated with generative AI in health care to ensure the safe and effective use of these systems. The findings of this study can inform the development of future generative AI systems in health care and help health care organizations better understand the potential benefits and risks associated with these systems. By examining the use cases and benefits of generative AI across diverse domains within health care, this paper contributes to theoretical discussions surrounding AI ethics, security vulnerabilities, and data privacy regulations. In addition, this study provides practical insights for stakeholders looking to adopt generative AI solutions within their organizations.

Access authentication via blockchain in space information network

Space Information Network (SIN) has significant benefits of providing communication anywhere at any time. This feature offers an innovative way for conventional wireless customers to access enhanced internet services by using SIN. However, SIN's characteristics, such as naked links and maximum signal latency, make it difficult to design efficient security and routing protocols, etc. Similarly, existing SIN authentication techniques can't satisfy all of the essentials for secure communication, such as privacy leaks or rising authentication latency. The article aims to develop a novel blockchain-based access authentication mechanism for SIN. The proposed scheme uses a blockchain application, which has offered anonymity to mobile users while considering the satellites' limited processing capacity. The proposed scheme uses a blockchain application, which offers anonymity to mobile users while considering the satellites' limited processing capacity. The SIN gains the likelihood of far greater computational capacity devices as technology evolves. Since authenticating in SIN, the technique comprises three entities: low Earth orbit, mobile user, and network control centre. The proposed mutual authentication mechanism avoids the requirement of a ground station, resulting in less latency and overhead during mobile user authentication. Finally, the new blockchain-based authentication approach is being evaluated with AVISPA, a formal security tool. The simulation and performance study results illustrate that the proposed technique delivers efficient security characteristics such as low authentication latency, minimal signal overhead and less computational cost with group authentication.

The Roles of Trust in Government and Sense of Community in the COVID-19 Contact Tracing Privacy Calculus: Mixed Method Study Using a 2-Wave Survey and In-Depth Interviews

BACKGROUND

Contact tracing technology has been adopted in many countries to aid in identifying, evaluating, and handling individuals who have had contact with those infected with COVID-19. Singapore was among the countries that actively implemented the government-led contact tracing program known as TraceTogether. Despite the benefits the contact tracing program could provide to individuals and the community, privacy issues were a significant barrier to individuals' acceptance of the program.

OBJECTIVE

Building on the privacy calculus model, this study investigates how the perceptions of the 2 key groups (ie, government and community members) involved in the digital contact tracing factor into individuals' privacy calculus of digital contact tracing.

METHODS

Using a mixed method approach, we conducted (1) a 2-wave survey (n=674) and (2) in-depth interviews (n=12) with TraceTogether users in Singapore. Using structural equation modeling, this study investigated how trust in the government and the sense of community exhibited by individuals during the early stage of implementation (time 1) predicted privacy concerns, perceived benefits, and future use intentions, measured after the program was fully implemented (time 2). Expanding on the survey results, this study conducted one-on-one interviews to gain in-depth insights into the privacy considerations involved in digital contact tracing.

RESULTS

The results from the survey showed that trust in the government increased perceived benefits while decreasing privacy concerns regarding the use of TraceTogether. Furthermore, individuals who felt a connection to community members by participating in the program (ie, the sense of community) were more inclined to believe in its benefits. The sense of community also played a moderating role in the influence of government trust on perceived benefits. Follow-up in-depth interviews highlighted that having a sense of control over information and transparency in the government's data management were crucial factors in privacy considerations. The interviews also highlighted surveillance as the most prevalent aspect of privacy concerns regarding TraceTogether use. In addition, our findings revealed that trust in the government, particularly the perceived transparency of government actions, was most strongly associated with concerns regarding the secondary use of data.

CONCLUSIONS

Using a mixed method approach involving a 2-wave survey and in-depth interview data, we expanded our understanding of privacy decisions and the privacy calculus in the context of digital contact tracing. The opposite influences of privacy concerns and perceived benefit on use intention suggest that the privacy calculus in TraceTogether might be viewed as a rational process of weighing between privacy risks and use benefits to make an uptake decision. However, our study demonstrated that existing perceptions toward the provider and the government in the contact tracing context, as well as the perception of the community triggered by TraceTogether use, may bias user appraisals of privacy risks and the benefits of contact tracing.

Continual learning framework for a multicenter study with an application to electrocardiogram

Deep learning has been increasingly utilized in the medical field and achieved many goals. Since the size of data dominates the performance of deep learning, several medical institutions are conducting joint research to obtain as much data as possible. However, sharing data is usually prohibited owing to the risk of privacy invasion. Federated learning is a reasonable idea to train distributed multicenter data without direct access; however, a central server to merge and distribute models is needed, which is expensive and hardly approved due to various legal regulations. This paper proposes a continual learning framework for a multicenter study, which does not require a central server and can prevent catastrophic forgetting of previously trained knowledge. The proposed framework contains the continual learning method selection process, assuming that a single method is not omnipotent for all involved datasets in a real-world setting and that there could be a proper method to be selected for specific data. We utilized the fake data based on a generative adversarial network to evaluate methods prospectively, not ex post facto. We used four independent electrocardiogram datasets for a multicenter study and trained the arrhythmia detection model. Our proposed framework was evaluated against supervised and federated learning methods, as well as finetuning approaches that do not include any regulation to preserve previous knowledge. Even without a central server and access to the past data, our framework achieved stable performance (AUROC 0.897) across all involved datasets, achieving comparable performance to federated learning (AUROC 0.901).

SIA: A sustainable inference attack framework in split learning

Split learning is a widely recognized distributed learning framework suitable for joint training scenarios with limited computing resources. However, recent research indicates that the malicious server can achieve high-quality reconstruction of the client's data through feature space hijacking attacks, leading to severe privacy leakage concerns. In this paper, we further enhance this attack to enable efficient data reconstruction while maintaining acceptable performance on the main task. Another significant advantage of our attack framework lies in its ability to fool the state-of-the-art attack detection mechanism, thus minimizing the risk of attacker exposure and making sustainable attacks possible. Moreover, we adaptively refine and adjust the attack strategy, extending the data reconstruction attack for the first time to the more challenging scenario of vertically partitioned data in split learning. In addition, we introduce three training modes for the attack framework, allowing the attacker to choose according to their requirements freely. Finally, we conduct extensive experiments on three datasets and evaluate the attack performance of attack frameworks in different scenarios, parameter settings, and defense mechanisms. The results demonstrate our attack framework's effectiveness, invisibility, and generality. Our research comprehensively highlights the potential privacy risks associated with split learning and sounds the alarm for secure applications of split learning.

[Social inequality in the context of digital health applications: digital divides in access, use, effectiveness, and privacy]

Given the massive increase in digital health tools, the question about the impact of these tools on health equity has gained importance. The aim of this narrative review is to discuss the extent and central aspects of the digital divide. To illustrate the extent of the digital divide, we draw on data from the Liter@te study, which interviewed low-literacy individuals regarding their use of digital health tools and their digital health literacy. The results of the Liter@te study are compared with population surveys conducted in parallel. Four areas can be distinguished in relation to digital divides: access, use, effectiveness, and privacy. Inequalities can be observed in all four areas. While differences in access or material infrastructure, as well as in usage patterns and the required literacies, have already been investigated in some studies, the data basis for a comprehensive assessment of the unequal effects of digital health tools in different population groups is still lacking. Digital divides in the area of privacy protection is an emerging field. However, transparent and understandable privacy measures will undoubtedly be an important prerequisite for the widespread use of digital health tools. Overall, in addition to a better data base, involvement of disadvantaged population groups in the development of digital health interventions is necessary.

Factors Predicting Intentions of Adoption and Continued Use of Artificial Intelligence Chatbots for Mental Health: Examining the Role of UTAUT Model, Stigma, Privacy Concerns, and Artificial Intelligence Hesitancy

Background: Artificial intelligence-based chatbots (AI chatbots) can potentially improve mental health care, yet factors predicting their adoption and continued use are unclear. Methods: We conducted an online survey with a sample of U.S. adults with symptoms of depression and anxiety (N = 393) in 2021 before the release of ChatGPT. We explored factors predicting the adoption and continued use of AI chatbots, including factors of the unified theory of acceptance and use of technology model, stigma, privacy concerns, and AI hesitancy. Results: Results from the regression indicated that for nonusers, performance expectancy, price value, descriptive norm, and psychological distress are positively related to the intention of adopting AI chatbots, while AI hesitancy and effort expectancy are negatively associated with adopting AI chatbots. For those with experience in using AI chatbots for mental health, performance expectancy, price value, descriptive norm, and injunctive norm are positively related to the intention of continuing to use AI chatbots. Conclusions: Understanding the adoption and continued use of AI chatbots among adults with symptoms of depression and anxiety is essential given that there is a widening gap in the supply and demand of care. AI chatbots provide new opportunities for quality care by supporting accessible, affordable, efficient, and personalized care. This study provides insights for developing and deploying AI chatbots such as ChatGPT in the context of mental health care. Findings could be used to design innovative interventions that encourage the adoption and continued use of AI chatbots among people with symptoms of depression and anxiety and who have difficulty accessing care.

The Importance, Challenges, and Possible Solutions for Sharing Proteomics Data While Safeguarding Individuals' Privacy

Proteomics data sharing has profound benefits at the individual level as well as at the community level. While data sharing has increased over the years, mostly due to journal and funding agency requirements, the reluctance of researchers with regard to data sharing is evident as many shares only the bare minimum dataset required to publish an article. In many cases, proper metadata is missing, essentially making the dataset useless. This behavior can be explained by a lack of incentives, insufficient awareness, or a lack of clarity surrounding ethical issues. Through adequate training at research institutes, researchers can realize the benefits associated with data sharing and can accelerate the norm of data sharing for the field of proteomics, as has been the standard in genomics for decades. In this article, we have put together various repository options available for proteomics data. We have also added pros and cons of those repositories to facilitate researchers in selecting the repository most suitable for their data submission. It is also important to note that a few types of proteomics data have the potential to re-identify an individual in certain scenarios. In such cases, extra caution should be taken to remove any personal identifiers before sharing on public repositories. Data sets that will be useless without personal identifiers need to be shared in a controlled access repository so that only authorized researchers can access the data and personal identifiers are kept safe.