The importance of privacy in personal health care has increased due to the widespread use of technology. Therefore, it has become increasingly relevant to incorporate privacy considerations into these socio-technical systems. This has led to the emergence of the use of privacy engineering in the healthcare context, which is based on the principle of privacy by design. The significance of context is emphasized by the diverse norms and principles inherent in each socio-technical system, especially in healthcare information systems. This paper presents a novel approach to privacy engineering by integrating the concept of contextual integrity into a framework for analyzing privacy threats. Contextual integrity, which considers privacy as context-dependent, serves as the theoretical foundation of this approach. The steps of decision heuristics in contextual integrity are aligned with the workflow of privacy threat analysis to increase the tangibility of contextual integrity and incorporate the knowledge of contextual integrity into the privacy threat analysis. A case study in personal e-health application is used to demonstrate the methodology's practical application in the context of privacy protection in healthcare.

Top