Abstract Data-drivenhealthcareistrulyvaluableandpromising.Aslongasrele- vant data are gathered, probed, used, and managed in a good fashion, significant improvements in the dependability of healthcare practices are achievable. Neverthe- less, unless privacy facets of relevant sensitive data are addressed, there are notable concerns regarding data-driven healthcare policies and applications. In general, tech- nical and engineering facets of such interventions are concentered on to a greater extent, but privacy facets are not adequately addressed. This chapter highlights and discusses privacy issues in data-driven health care. A comprehensive review and distillation of pertinent literature and works yielded relevant results and interpreta- tions. Purposefully, generic privacy issues are elaborated in the beginning. Addition- ally, areas for improvement regarding privacy issues in data-driven health care are underlined and discussed. People, policy, and technology aspects are also explained and deliberated. Moreover, how privacy is related to people and policy to ensure the success in data-driven healthcare practices is discussed in this chapter. Besides, people’s perceptions about privacy are distilled and reported. The focal impact of this chapter is to deliver a contemporary interpretation and discussion regarding privacy issues in data-driven health care. Product developers and managers, policy-makers, and pertinent researchers might benefit from this chapter in order to improve related knowledge and implementations.

1. Chapter 2
Privacy Issues in Data-Driven Health
Care
M. Degerli
Abstract Data-driven health care is truly valuable and promising. As long as rele-
vant data are gathered, probed, used, and managed in a good fashion, significant
improvements in the dependability of healthcare practices are achievable. Neverthe-
less, unless privacy facets of relevant sensitive data are addressed, there are notable
concerns regarding data-driven healthcare policies and applications. In general, tech-
nical and engineering facets of such interventions are concentered on to a greater
extent, but privacy facets are not adequately addressed. This chapter highlights and
discusses privacy issues in data-driven health care. A comprehensive review and
distillation of pertinent literature and works yielded relevant results and interpreta-
tions. Purposefully, generic privacy issues are elaborated in the beginning. Addition-
ally, areas for improvement regarding privacy issues in data-driven health care are
underlined and discussed. People, policy, and technology aspects are also explained
and deliberated. Moreover, how privacy is related to people and policy to ensure
the success in data-driven healthcare practices is discussed in this chapter. Besides,
people’s perceptions about privacy are distilled and reported. The focal impact of this
chapter is to deliver a contemporary interpretation and discussion regarding privacy
issues in data-driven health care. Product developers and managers, policy-makers,
and pertinent researchers might benefit from this chapter in order to improve related
knowledge and implementations.
Keywords Privacy · Policy · People · Technology · Health care · Big data ·
Blockchain
1 Introduction
Thanks to the availability and assemblage of huge amounts of data in healthcare
settings, the data-driven healthcare line has become a reality for practitioners and
researchers. Owing to the expected improvements with respect to the dependability
M. Degerli (B)
Graduate School of Informatics, Middle East Technical University, 06800 Ankara, Turkey
e-mail: mustafa.degerli@metu.edu.tr
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023
N. Dey (ed.), Data-Driven Approach for Bio-medical and Healthcare,
Data-Intensive Research, https://doi.org/10.1007/978-981-19-5184-8_2
23

2. 24 M. Degerli
of healthcare practices, relevant shareholders in the field appreciate that a data-
driven healthcare approach is essential and favorable. In fact, the data-driven health
care is not a new concept. For decades, healthcare professionals have been using
certain amount of data for numerous diagnosis and treatment purposes. Nevertheless,
what is quite novel is the availability of larger data and possibilities introduced by
contemporary technological improvements concerning these health-related data.
There are distinguished and enduring enhancements in healthcare settings. The
pertinent excursion started with Healthcare 1.0 (doctor-centric), continued with
Healthcare 2.0 (electronic records) and Healthcare 3.0 (patient-centric scenarios),
and finally, there is Healthcare 4.0 (cloud, data-driven, IoT, fog, edge, and 5G) [1].
The latest and greatest recent version of health care (Healthcare 4.0) is absolutely
promising, but it has major confronts such as privacy and security. It is appreciated
that thanks to relevant big data and their sound utilization, voluminous healthcare
practices are being significantly improved while pertinent expenditures are being
notably reduced. On the other hand, there are some challenges that may drasti-
cally shadow this prospect [2]. These challenges are generally related to technology,
policy, and people aspects. Interoperability problems, technical issues, costs, security
problems, privacy issues, deficiency of relevant policies, and awareness and adop-
tion/acceptance of people can be listed as salient challenges in this environment.
Furthermore, correctness, completeness, and coherence of relevant data are essential
for successful implementations.
By definition, privacy is predominantly there to guarantee that the owners of
data solely decide on the usage and sharing of their relevant data [3]. For reason-
ably private and sensitive data and information like health-related data, the vitality
of privacy considerably firmly sprouts. In this context, unless practical benefits are
supported by rigorous privacy and security measures and capabilities, the expected
potentials and benefits of relevant solutions and systems are possibly to be jeopar-
dized [4]. Consequently, a comprehensive solution is required to cover all pertinent
facets (technology, policy, and people). This solution needs to encompass active
contributions and collaborations of all stakeholders to ensure the expected success.
When the relevant content and context is health care, privacy ought to be more
than the basic right of people to manage their own data. Opportunities to let people
comprehensively track their data and guiding them to increase their conceivable
benefits should be merged into cultivated privacy measures and applications [5].
This level of established privacy approach is the result of both recent developments
and people’s expectations. The data are an essential part of healthcare practices
owing to that cloud, data-driven, IoT, fog, edge, and 5G implementations remarkably
increase in healthcare domains. Data analytics by means of machine learning or
artificial intelligence, Internet of Medical Things (medical devices and wearables),
and lately trendy virtual reality and augmented reality applications can be listed as
the main data-driven healthcare technologies that are privacy-sensitive. As all these
frameworks are based on relevant data, the privacy of relevant data is imperative.
This veracity makes the concept of privacy more fundamental and vital. Therefore,

3. 2 Privacy Issues in Data-Driven Health Care 25
addressing privacy issues in relevant solutions and services is not an option, but a
must to be successful. Otherwise, invaluable technological efforts and investments
might not ensure the expected yields.
Not surprisingly, owing to technological developments and potential benefits,
digital automation practices are at the center of the present and future of health care
[6]. Additionally, system network architectures, machine learning algorithms, artifi-
cial intelligence applications, and natural language programs are to use the applicable
big data introduced by electronic health records, the Internet of Things, wearable
medical devices, and mobile health applications [7]. Thanks to the availability of
such sources and technologies, more personalized, proactive, effective, and efficient
practices regarding health care are becoming a reality. When all these particulars are
concerned, interoperability, privacy, and security aspects become much more central.
Wearable medical devices are one of the growing healthcare solutions that try
to maximize the benefit of relevant available data. The prominence of privacy as
a prominent instrument for the success of wearable medical devices was verified
with existing and potential wearable medical device users. People noted they want
to have the right to decide on all dissemination details of their own data [8]. Big data
is another trendy area in health care-relevant settings. Besides, a lightweight, usable,
and satisfactory security and privacy solution is needed for big data applications,
and this kind of solution is still open for significant improvements [9]. These two
technology branches of electronic health recently become widespread and popular.
The potentials of IoT applications in healthcare settings are promising while
privacy and security in these contexts need further efforts [10]. Besides, thanks to big
data availability and relevant developments concerning methods of analytics (artifi-
cial intelligence and machine learning algorithms and applications), it is legitimately
achievable to design and implement proactive and preventive healthcare strategies
and practices. Nevertheless, such endeavors might be negatively affected by legal
aspects and privacy issues, as these cases might redact the availability of accessible
and usable data [11]. Additionally, clustering is one of the benefits of data-driven
healthcare practices to segment different groups to meet healthcare needs. Owing to
this opportunity, it may be possible to come up with effective and efficient solutions
for varying groups or sub-groups. The more amount and quality of data, the more
focused and refined analyses can be achieved in the context of data-driven health care
[12]. In this context, the significance and meaning of data and relevant use become
clearer for all relevant stakeholders.
What mainly drives people’s privacy concerns with respect to their health infor-
mation is also another important point to be taken into account to achieve the success.
Researchers [13] highlighted that distribution of relevant information and people’s
knowledge of computing are major drivers in this context. The more people do know
about these facets and details, the more concerned they are going to be regarding
their health information. Actually, there is also a privacy utility tradeoff fact. That
is, the more privacy may lead to less available and usable data, and this can dramat-
ically decrease the benefits of data-driven healthcare practices [14]. In this context,
privacy by policy and privacy by design are two important concepts to be concen-
trated on. Specifically, it must be known that there is no all-purpose solution to

4. 26 M. Degerli
fit all privacy surroundings. A sensibly tailored and fine-tuned approach is needed
for different scenarios, and this makes the relevant work even more challenging for
policy-makers and developers [15]. Based on the general principles, a tailored solu-
tion becomes a must for each unique setting. Through analyzing the expectations of
all relevant stakeholders, a distilled solution needs to be defined and applied.
Correspondingly, the broad-spectrum goal of this chapter is to distill, high-
light, and discuss contemporary privacy issues in data-driven healthcare settings.
The subsequent parts of this chapter comprehensively embrace relevant material
concerning fundamental privacy issues (Sect. 2) and the principal dimensions of
privacy (Sect. 3). Furthermore, people’s perceptions about privacy (Sect. 4) are
presented and elaborated on in the later segment of the chapter. The pertinent chapter
concludes with the relevant discussion (Sect. 5) and the conclusions (Sect. 6).
2 Privacy Issues and Relevant Challenges
Although there are certain salient works based on the data-driven approach in the
healthcare domain, privacy issues are still valid and require devoted efforts. Unless
a well-established privacy dimension is encompassed in relevant solutions (products
or services), the anticipated achievement is to be obstructed.
Researchers [16] developed and published a comprehensive solution to take
advantage of big data for health purposes, and they also noted the vitality of privacy
for such solutions. The use of big data in the healthcare domain is fairly encouraging.
Nonetheless, privacy and security issues, competent workforce, and engineering
confronts are the fundamental issues considering big data applications in healthcare
settings [17]. This also highlights the need for extra efforts and works to improve
relevant understanding and applications regarding privacy issues in health-related
situations.
Additionally, rules and regulations regarding privacy and security of recent data-
driven healthcare practices in the European Union and United States of America
zones are still open for improvements for alignment, update, and guidance [18].
In this context, there is a necessity to catch a conventional equilibrium between
the Health Insurance Portability and Accountability Act and the Health Information
Technology for Economic and Clinical Health Act to guarantee both privacy and
accessibility/availability of healthcare data [19]. As long as such a balance is attained
and sustained, all stakeholders are to be confident and happy. All these particulars
make this work stimulating. Obviously, this equilibrium is quite difficult to achieve
and sustain, but this is a fundamental requirement to be met for the anticipated
success.
Privacy and security issues are also at the center of smart city efforts, which are
not far from reality and practical applications [20]. Data-driven healthcare practices
can easily be thought of as a part of wider smart city settings. As the importance
of sustainability becomes clearer, the importance of smartness for pertinent solu-
tions remarkably grows. In a notable study, researchers developed a model including

5. 2 Privacy Issues in Data-Driven Health Care 27
different permissions for cloud data and relevant accesses are made trackable by
the owners. Furthermore, most of the healthcare applications based on wireless
sensor networks have deficiencies considering privacy and security measures [21].
Researchers or product developers mostly defer these issues, which may create huge
risks, threats, and undesirable consequences. These possible negative consequences
may even interrupt larger settings and infrastructures.
One of the other issues and challenges is that the definition, scope, and contexts
of privacy evolve and diverge based on the demands and changing conditions. These
kinds of fluctuations create ambiguities and discrepancies regarding precisely what
is to be protected [22]. It is quite normal and expected to have some divergences
among some countries. Yet, international organizations like World Health Organiza-
tion (WHO) may improve this case with the contributions of the bodies involved to set
the contemporary and up-to-date standards and best practices. This case underlines
the significance of mutual understandings and collaborative efforts.
Certain governments have notable initiatives in the context of data-intensive
healthcare applications. For example, Israel’s register for national hospital discharges
is there to actively monitor and improve relevant practices by pertinent government
bodies [23]. Moreover, regarding data-driven healthcare innovations by public and
private partnerships in Netherland, a study [24] concluded that diversity of relevant
data, deficiency concerning the share of pertinent data, and inadequate data attributes
were found to be the top three challenges. In addition to these top three items,
deficiencies in data management and competencies were noted as salient constructs.
Additionally, retrieving electronic health records, host incidents, Internet and
system security problems, traffic monitoring, and operational risks are some of the
main problems related to electronic health systems [25]. All of these also generate
some kind of complications related to the privacy of data-driven healthcare imple-
mentations and initiatives in local and global arenas. As seen, these kinds of issues are
the main challenges regarding the privacy of data-driven healthcare practices. There
need to be additional measures to address people, policy, and technology dimensions
of privacy to ensure the pertinent dependability and success of relevant systems.
All these challenges can be overcome with the cooperation and collaboration of
relevant stakeholders (developers, policy-makers, and users).
3 Focal Dimensions of Privacy
While the technology facet of privacy is predominantly studied and discussed, the
people and policy dimensions shall get the same concentration and importance.
Otherwise, expected benefits are not to be fully realized. That’s why this part of
the chapter highlights and discusses the principal dimensions of privacy. Figure 1
shows the principal dimensions of privacy.

6. 28 M. Degerli
Fig. 1 Principal dimensions
of privacy
3.1 Technology
As the size of relevant data abruptly increases and the relevant content of data
becomes more sensitive, more technological and engineering efforts and develop-
ments are expected and required to ensure the dependability of data-intensive health-
care solutions [26]. For instance, in another study, the salience of privacy along
with confidentiality and security was proved by relevant users for the success of
the Internet of Things in the scope of health venues [27]. Differential privacy and
anonymization of pertinent data are the two important technologies to boost data
privacy [28]. Ensuring full privacy of pertinent data can be achieved by contributions
of both relevant organizations and data owners. To balance privacy concerns and
usable data availability, there are some salient attempts. For example, in a study [29],
a framework was developed to benefit from privacy metadata and process mining.
Managing trust and establishing relevant sound policy are two important elements
to be concentrated on to safeguard the success regarding health Internet of Things
[30]. One conceivable problem with strict privacy regulations and applications is
reported as possible difficulties to access required data in certain emergency cases
[31]. Vigorous consent management should be incorporated into the data-driven
healthcare systems to ensure that patient privacy is adequately addressed [32]. These
solutions must combine new data sources with existing electronic health records of
patients. Fully integrated solutions ought to be designed and implemented so that
relevant subsystems healthily talk to each other and no privacy leakages take place.
Blockchain technology can also be justifiably instrumental to support and ensure
the privacy of healthcare data in data-driven healthcare situations [33]. Blockchain
is characterized as a favorable and working means to develop the technical side of
privacy practices in healthcare domains [34]. From the technical and engineering
perspective, there can be different measures (algorithmic, architectural, and tech-
nical) to address privacy issues in the context of data-driven healthcare infrastruc-
tures [35]. In this scope, when compared to conventional encryption approaches,
attribute-based encryption differentiates itself thanks to the authorizations of the
sharing parties.

7. 2 Privacy Issues in Data-Driven Health Care 29
Regrettably, it is predicted that no sole and pure computing solution is to fully
resolve privacy issues as the omnipresence of computing exponentially enlarges [36].
Therefore, in addition to engineering and technical resolutions, policy and people
domains shall be satisfactorily addressed. In another notable effort [37], researchers
implemented a privacy-centered architecture with a trust-query framework to enable
user consent authorization. This sort of solution improved relevant privacy solicita-
tions. Both delegation and retention systems ought to be concentrated on to diminish
possible privacy leakages [38]. Additionally, the possibility of losing a beneficial
part of the whole data during anonymization should not be overlooked.
It is moderately clear that there are several notable works to address the technical
side of privacy in healthcare settings using data-intensive services and infrastructures.
Nonetheless, this facet needs to be complemented by the people and policy facets of
privacy to attain and sustain the expected accomplishment.
3.2 People and Policy
Privacy awareness of people using or benefiting from data-driven healthcare solutions
is an important issue, and this understanding should be promoted by healthcare
organizations and relevant governing parties [39]. As long as privacy awareness is
provided and promoted, all people involved are to feel more confident in the relevant
contexts.
Providing ethical concerns and practices are taken into thorough consideration,
legitimately good data practices can be accomplished and retained by relevant stake-
holders, who are doctors, nurses, caregivers, scientists, engineers, policy-makers,
governors, managers, and patients [40]. Therefore, ethics should be prioritized and
addressed just like technical or engineering facets in the context of data-driven
healthcare arrangements and applications.
In one study, scholars note that although people are less worried about the collec-
tion of their health information, they worry more about the process after collection.
People noted their distress about the privacy of relevant data collected [41]. More-
over, it has been shown [42] that government regulations and organizational policies
for privacy are preconditions to ensure the across-the-board accomplishment of data-
driven healthcare solutions. Such erects are to fundamentally let people feel confident
to allow the dissemination and use of their data.
In fact, privacy should be taken into account from the very beginning of relevant
engineering efforts. It is not legitimate to deal with privacy facets once the design and
development phases are completed. From the concept or requirements engineering
phases, privacy should be itemized and prioritized to ensure compatible design and
development are implemented. For this purpose, the involvement of people to distill
and document their expectations and views is a fundamental particular [43]. Besides,
a well-designed and established information security management system may help
to achieve privacy, security, and compliance of pertinent cloud systems [44]. This
kind of effort is to improve relevant trust among stakeholders.

8. 30 M. Degerli
As long as a trustworthy relationship is established and maintained among parties
in the healthcare domain, people’s legitimate concerns about privacy issues are to
be sufficiently addressed [45]. In this context, informing people well about the
anonymity, limits, and possibilities might be accommodating. Otherwise, people
with increasing question marks in their minds may fundamentally shock the systems
with their reluctance for providing data and granting usage.
Accordingly, people and policy facets of privacy shall be appreciated and
addressed by relevant stakeholders. Technology-related efforts are invaluable and
required, but these efforts are deficient without consideration of people and policy
domains of privacy.
4 People’s Perceptions
In order to better understand people’s current perceptions about the privacy of data-
driven healthcare settings, semi-structured interviews were conducted with 35 people
from Turkey by means of convenience sampling. These interviews took 35–45 min
each, and the researcher took causal notes and recorded the voices of sessions while
ensuring the consent of participants. By using a pre-defined question list as a guide,
the researcher had interactive talks with the participants.
Following predetermined questions were primarily used by the researcher in this
context:
• May you please talk about yourself regarding your gender, age, education, and
income?
• May you please define what privacy means for you regarding your health data?
• What do you think about the existing actions to be taken to improve privacy
understanding?
• Do you agree that your government policy is sufficient to ensure the privacy of
your relevant data?
• Do you think that your health-related data can be used for bad or unsuitable
purposes by some means?
• Do you know how to protect your own sensitive data? These data can be your
health-related data.
• What do you think about the government’s role to ensure that your data are not
misused or used without consent?
• How do you feel about the dependability of current regulations and pertinent
practices regarding privacy? Do you see any risks/threats regarding these?
• Imagine that the doctors or nurses need your previous or current health-related
data in an emergency case. Do you approve that they should access your relevant
data or not?
• Do you agree that trust and dependability are the main elements to ensure privacy?
What else, if any?
• Do you agree that privacy issues are only technical and engineering works?

9. 2 Privacy Issues in Data-Driven Health Care 31
• Is privacy important for you? Some people note that it is intensified. Do you agree?
• Do you want to have the opportunity to completely delete all of your data whenever
you like to do so?
• How do you want to use your smartphone regarding privacy matters? May you
like to use your mobile devices to manage privacy issues?
• Under which conditions, do you want to contribute to privacy practices? What are
your limits regarding these?
Table 1 shows the demographic details of the participants who were interviewed.
Frequency statistics and quasi-statistics were principally used to evaluate and
analyze the pertinent data collected. The followings are the leading results derived
from analyses-collected data from 35 people through semi-structured interviews:
• More than 80% of participants think that additional measures must be taken to
improve privacy awareness. People’s awareness of privacy ought to be improved.
• About 50% of participants note that government policy is not enough to ensure the
privacy of their data. In this context, either pertinent policies should be improved
or they should be communicated more effectively.
• Less than 20% of participants argue that they do not think their data can be used for
bad or unsuitable purposes. The majority of the people see some risks concerning
the use of their data.
Table 1 Demographic details of the participants interviewed
Dimension
N = 35
# %
Gender
Women 18 51.4
Men 17 48.6
Age
18–25 4 11.4
26–44 20 57.1
45–64 8 22.9
65+ 3 8.6
Education level
Ph.D. 4 11.4
Master’s 13 37.1
Bachelor’s 17 48.6
High school 1 2.9
Income level
High 6 17.1
Middle 24 68.6
Low 5 14.3

10. 32 M. Degerli
• About 50% of participants note that they know how to protect their own sensitive
data. More people must be educated to better know how to protect their relevant
data.
• More than 90% of participants think that it is the government’s or responsible
bodies’ responsibility to ensure that their data are not misused or used without
consent. Related organizations ought to be aware of this expectation and act
accordingly.
• More than 50% of participants note that they have doubts and concerns about
the dependability of current regulations and pertinent practices regarding privacy.
Regulations and practices must be improved or communicated more effectively.
• All participants claim that all data can be accessed and used in emergency cases.
The emergency case is the most influential gadget above all concerns.
• About 95% of participants think trust and dependability are the main constructs
for them to ensure privacy. People want to have the confidence regarding their
privacy issues.
• Lessthan20%ofparticipantsacceptthatprivacyisjustatechnicalandengineering
issue, and they believe this is to be fixed in near the future. Majority of the people
see the privacy more than a technical or engineering work.
• About 50% of participants state that they should have a right to completely delete
all of their data whenever they want. This option should be available on-demand
for users.
• About 80% of participants note that they can use their smartphones to manage the
privacy of their data, as long as it is required. For developers, it may be a good
idea to benefit from people’s smartphones to manage privacy issues.
• None of the participants claim that privacy is something that is exaggerated. This
can be interpreted as all interviewed people being aware of the meaning of privacy
and relevant consequences.
• About 90% of participants state that they want to share their all data relevant to
improve healthcare practices as long as they are confident with the privacy and
security of relevant systems. People are principally open to sharing their pertinent
data as long as they think that relevant services or products are dependable.
All these findings impeccably confirm that privacy issues in data-driven health
care necessitate more attention and devoted efforts. People generally have positive
attitudes and views regarding data-driven healthcare practices, yet they want to be
sure that relevant privacy concerns are legitimately and satisfactorily addressed.
5 Discussion
The presence of relevant data and the introduction of data-driven venues generate
prominent opportunities and threats to healthcare settings [2, 7, 15, 16]. Provi-
dentially, there are notable engineering efforts (anonymization, authorization, and

11. 2 Privacy Issues in Data-Driven Health Care 33
blockchain) to support privacy issues in healthcare arenas [28, 34, 35]. These tech-
nical developments are instrumental and promising. Besides, ethics, awareness, trust,
and policy sides of data-intensive healthcare implementations are vital for expected
success [30, 39, 40, 42, 45]. Similar to engineering works, these issues are also imper-
ative for success. On the other hand, a sound balance shall be attained between privacy
and accessibility/availability of health-relevant data [14, 19, 29]. This equilibrium is
difficult to attain, but needs to be accomplished. Under these circumstances, there is
a domineering need to improve privacy policies and practices in data-driven health-
care settings. In addition to appreciable technology-related efforts, supplementary
determinations based on policy and people facets are firmly required and expected.
Product and service development organizations should collaborate with relevant
parties to let people feel confident about the privacy of their data. These organizations
mayincludedevotedunitsormodulestoletpeoplemanagetheirowndatawithrespect
to their exclusive wishes regarding privacy matters. That is, by making use of relevant
units or modules, people should be able to determine sharing and use settings of their
data. Additionally, product and service development organizations should openly
communicate how they collect, use, share, and process data to let people know about
the whole story to build and maintain relevant trust. All these pertinent processes
should be defined and refined so that relevant people appropriately manage their
privacywitheaseandfunctionality.Incorporatingtechnicalandengineeringsolutions
to address privacy issues is surely required but not sufficient. In this context, product
and service development organizations ought to work with relevant bodies and users
to complete the puzzle to realize the big picture. Outputs of such efforts should be
clearly reported to all pertinent stakeholders.
The roles and responsibilities of relevant government bodies and pertinent orga-
nizations are also fundamental for privacy topics regarding data-driven health care.
Users and development organizations legitimately demand pertinent regulations and
accountability particulars from policy-making and regulatory organizations. Accord-
ingly, these organizations must develop proactive and comprehensive policies to fully
orchestrate the relevant elements. Once development organizations get such details,
they will be able to obey the rules of the game. Additionally, government bodies and
pertinent organizations ought to define and implement all-encompassing practices
to ensure the awareness of people regarding relevant privacy policies. These efforts
to increase awareness are going to firmly foster trust among parties. In this context,
supplementary responsible government organizations should audit the whole process
andpracticestosafeguardfullcompliance.Thisexaminationshouldbedonetocollect
shreds of evidence for conformity and report any non-conformities to improve the
relevant settings. This kind of checking and assurance mechanism will also help to
improve people’s relevant trust. Continuous improvement is an instrumental tool in
this context and improves stakeholders’ confidence and satisfactions.
People (users) benefiting from data-driven healthcare practices also have some
roles and responsibilities to ensure acceptable privacy practices in data-driven health-
caresettings.Theyshouldbeawareofthecriticalityoftheirsensitivedataandrelevant
applicable policies. While taking into account the balance of accessibility and privacy
of their data, they should decide on answers for how, what, where, why, when, and

12. 34 M. Degerli
who questions. As relevant data are owned by users, users have a central role in the
relevant settings. If they have suggestions or objections, they should report these to
responsible authorities. If people ignore any privacy concerns, such behaviors are to
potentially lead to unwanted conclusions. As the whole elements are interrelated in
the relevant settings, people should remember the principle of the weakest link.
Internet of health-related things, analytics, and recently popular augmented reality
and virtual reality topics should not be designed and implemented deprived of
comprehensive privacy facets. Doing the right thing right the first time for such
efforts can only be achieved by involving the privacy as a salient factor. Especially
for the latest efforts considering augmented reality and virtual reality applications
for healthcare settings, the importance of privacy should not be overlooked. In addi-
tion to developers, policy-makers and users ought to take part in the game from the
very beginning in order not to repeat the same mistakes done in previous technology
waves.
Accordingly, as long as technical and engineering solutions are supported by
policy and people aspects of privacy, the full potential and benefits of data-driven
health care can be expediently realized and enhanced. This promising journey
requires the active assistance of relevant all stakeholders (users, developers, and regu-
lators). The conceptual design and applications of privacy subjects shall be addressed
by all relevant actors. Unless such a collaborative resolution is attained, the expected
benefits are to be remarkably jeopardized.
6 Conclusions
This chapter fundamentally underlined and elaborated privacy issues in data-driven
healthcare settings. The importance of technological developments and necessities
for people and policy facets of privacy were carefully analyzed, discussed, and
emphasized. This chapter moderately conveyed an up-to-date understanding and
dialogue considering privacy issues in data-driven healthcare scenarios. People’s
perspectives considering privacy for data-driven health care were also elaborated and
reported in this chapter. It was concluded that more deliberate and dedicated works
are indispensable to improve privacy dynamics in the relevant venues. Supplemen-
tary determined efforts should be focused on people and policy facets of privacy to
achieve the pertinent attainment. As long as a sound privacy framework incorporating
all momentous facets (technology, people, and policy) is designed and realized, the
expected benefits of data-driven healthcare practices are to be accomplished and
enhanced. Organizations designing and developing products or services for data-
driven healthcare settings, government associations making regulations and poli-
cies for the relevant contexts, and researchers exploring the pertinent subject might
legitimately take the advantage of this chapter to elevate the expected advantages.

13. 2 Privacy Issues in Data-Driven Health Care 35
References
1. HathaliyaJJ,TanwarS(2020)AnexhaustivesurveyonsecurityandprivacyissuesinHealthcare
4.0. Comput Commun 153:311–335. https://doi.org/10.1016/j.comcom.2020.02.018
2. Raghupathi W, Raghupathi V (2014) Big data analytics in healthcare: promise and potential.
Health Inf Sci Syst 2:3. https://doi.org/10.1186/2047-2501-2-3
3. Yasnoff WA (2003) Privacy, confidentiality, and security of public health information. In:
O’Carroll PW, Ripp LH, Yasnoff WA et al (eds) Public health informatics and information
systems. Health informatics. Springer, New York, pp 199–212
4. Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information
technology. In: 2006 International conference of the IEEE engineering in medicine and biology
society. IEEE, pp 5453–5458
5. Kondylakis H, Stefanidis K, Rao P (2021) Report on the third international workshop on
semantic web meets health data management (SWH 2020). ACM SIGMOD Rec 50:32–35.
https://doi.org/10.1145/3503780.3503792
6. Chaki J (2021) Introduction to digital future of healthcare. In: Digital future of healthcare. CRC
Press, pp 1–10
7. Kolasa K, Goettsch W, Petrova G, Berler A (2020) Without data, you’re just another person
with an opinion. Expert Rev Pharmacoecon Outcomes Res 20:147–154. https://doi.org/10.
1080/14737167.2020.1751612
8. Degerli M, Ozkan Yildirim S (2020) Identifying critical success factors for wearable medical
devices: a comprehensive exploration. Univ Access Inf Soc. https://doi.org/10.1007/s10209-
020-00763-2
9. Ullah K, Shah MA, Zhang S (2016) Effective ways to use the Internet of Things in the field
of medical and smart health care. In: 2016 international conference on intelligent systems
engineering (ICISE). IEEE, pp 372–379
10. Dey N, Ashour AS, Bhatt C (2017) Internet of Things driven connected healthcare. Internet of
Things and big data technologies for next generation healthcare. Springer, Cham, pp 3–12
11. Batarseh FA, Ghassib I, Chong D, Su P-H (2020) Preventive healthcare policies in the US:
solutions for disease management using big data analytics. J Big Data 7:38. https://doi.org/10.
1186/s40537-020-00315-8
12. Low LL, Yan S, Kwan YH et al (2018) Assessing the validity of a data-driven segmenta-
tion approach: a 4 year longitudinal study of healthcare utilization and mortality. PLoS ONE
13:e0195243. https://doi.org/10.1371/journal.pone.0195243
13. Rahim FA, Ismail Z, Samy GN (2013) Information privacy concerns in electronic health-
care records: a systematic literature review. In: 2013 international conference on research and
innovation in information systems (ICRIIS). IEEE, pp 504–509
14. Sohail SA, Bukhsh FA, van Keulen M (2021) Multilevel privacy assurance evaluation of
healthcare metadata. Appl Sci 11:10686. https://doi.org/10.3390/app112210686
15. de Fuentes JM, Gonzalez-Manzano L, Lopez J et al (2019) Editorial: security and privacy in
Internet of Things. Mob Netw Appl 24:878–880. https://doi.org/10.1007/s11036-018-1150-8
16. Hahanov V, Miz V (2015) Big data driven healthcare services and wearables. In: The experience
of designing and application of CAD systems in microelectronics. IEEE, pp 310–312
17. Abouelmehdi K, Beni-Hessane A, Khaloufi H (2018) Big healthcare data: preserving security
and privacy. J Big Data 5:1. https://doi.org/10.1186/s40537-017-0110-7
18. Martínez-Pérez B, de la Torre-Díez I, López-Coronado M (2015) Privacy and security in mobile
health apps: a review and recommendations. J Med Syst 39:181. https://doi.org/10.1007/s10
916-014-0181-3
19. Brusil P (2015) Healthcare security and privacy. In: Computer security handbook. Wiley,
Hoboken, pp 71.1–71.66
20. Kasar S, Kshirsagar M (2021) Open challenges in smart cities: privacy and security. In: Studies
in systems, decision and control, pp 25–36

14. 36 M. Degerli
21. Agrawal V (2015) Security and privacy issues in wireless sensor networks for healthcare. In:
Giaffreda R, Vieriu R-L, Pasher E et al (eds) Internet of Things. User-centric IoT. Springer
International Publishing, Cham, pp 223–228
22. Florczak KL (2021) Privacy: an elusive concept. Nurs Sci Q 34:113–113. https://doi.org/10.
1177/0894318420987172
23. Haklai Z, Mostovoy D, Gordon ES et al (2014) The Israel national hospital discharge register:
an essential component of data driven healthcare. Stud Health Technol Inf 197:59–63. https://
doi.org/10.3233/978-1-61499-389-6-59
24. Witjas-Paalberends ER, van Laarhoven LPM, van de Burgwal LHM et al (2018) Challenges
and best practices for big data-driven healthcare innovations conducted by profit–non-profit
partnerships—a quantitative prioritization. Int J Healthc Manag 11:171–181. https://doi.org/
10.1080/20479700.2017.1371367
25. Jahan S, Chowdhury M, Islam R, Gao J (2018) Security and privacy protection for eHealth
data. In: Communications in computer and information science. Springer, pp 197–205
26. Kupwade Patil H, Seshadri R (2014) Big data security and privacy issues in healthcare. In:
2014 IEEE international congress on big data. IEEE, pp 762–765
27. Degerli M, Ozkan Yildirim S (2021) Enablers for IoT regarding wearable medical devices
to support healthy living: the five facets. In: Studies in computational intelligence. Springer,
Singapore, pp 201–222
28. Chong KM (2021) Privacy-preserving healthcare informatics: a review. ITM Web of Conf
36:04005. https://doi.org/10.1051/itmconf/20213604005
29. Pika A, Wynn MT, Budiono S et al (2020) Privacy-preserving process mining in healthcare.
Int J Environ Res Public Health 17:1612. https://doi.org/10.3390/ijerph17051612
30. Karunarathne SM, Saxena N, Khan MK (2021) Security and privacy in IoT smart healthcare.
IEEE Internet Comput 25:37–48. https://doi.org/10.1109/MIC.2021.3051675
31. Avancha S, Baxi A, Kotz D (2012) Privacy in mobile technology for personal healthcare. ACM
Comput Surv 45:1–54. https://doi.org/10.1145/2379776.2379779
32. Asghar MR, Lee T, Baig MM et al (2017) A review of privacy and consent management in
healthcare: a focus on emerging data sources. In: 2017 IEEE 13th international conference on
e-science (e-science). IEEE, pp 518–522
33. Wang L, Jones R (2019) Big data, cybersecurity, and challenges in healthcare. In: 2019
SoutheastCon. IEEE, pp 1–6
34. Kumar D, Kumar SA, Kumar P, Wahab MHA (2019) The importance of healthcare information
privacy through blockchain. In: Security and privacy of electronic healthcare records: concepts,
paradigms and solutions. Institution of Engineering and Technology, pp 321–344
35. Singh N, Jangra A, Elamvazuthi I, Kashyap K (2017) Healthcare data privacy measures to cure
& care cloud uncertainties. In: 2017 4th international conference on signal processing,
computing and control (ISPCC). IEEE, pp 402–407
36. Caine K (2016) Privacy is healthy. IEEE Pervasive Comput 15:14–19. https://doi.org/10.1109/
MPRV.2016.61
37. Su X, Hyysalo J, Rautiainen M et al (2016) Privacy as a service: protecting the individual in
healthcare data processing. Computer 49:49–59. https://doi.org/10.1109/MC.2016.337
38. Singh A, Chatterjee K (2019) Security and privacy issues of electronic healthcare system: a
survey. J Inf Optim Sci 40:1709–1729. https://doi.org/10.1080/02522667.2019.1703265
39. Rahim FA, Muruti G, Ismail Z, Samy GN (2018) A qualitative analysis of information privacy
concerns among healthcare employees. Int J Secur Appl 12:69–78. https://doi.org/10.14257/
ijsia.2018.12.1.06
40. Wehrens R, Stevens M, Kostenzer J et al (2021) Ethics as discursive work: the role of ethical
framing in the promissory future of data-driven healthcare technologies. Sci Technol Human
Values 016224392110536.https://doi.org/10.1177/01622439211053661
41. Adu EK, Mills A, Todorova N (2021) Factors influencing individuals’ personal health infor-
mation privacy concerns. A study in Ghana. Inf Technol Dev 27:208–234. https://doi.org/10.
1080/02681102.2020.1806018

15. 2 Privacy Issues in Data-Driven Health Care 37
42. Hwang H-G, Lin Y (2020) Evaluating people’s concern about their health information privacy
based on power-responsibility equilibrium model: a case of Taiwan. J Med Syst 44:112. https://
doi.org/10.1007/s10916-020-01579-6
43. Alghanim AA, Rahman SMM, Hossain MA (2017) Privacy analysis of smart city healthcare
services. In: 2017 IEEE international symposium on multimedia (ISM). IEEE, pp 394–398
44. Beck EJ, Gill W, de Lay PR (2016) Protecting the confidentiality and security of personal
health information in low- and middle-income countries in the era of SDGs and Big Data. Glob
Health Action 9:32089. https://doi.org/10.3402/gha.v9.32089
45. Gille F, Brall C (2021) Limits of data anonymity: lack of public awareness risks trust in health
system activities. Life Sci Soc Policy 17:7. https://doi.org/10.1186/s40504-021-00115-9