CURRICULUM VITAE › ~amlaf › CV-GB-Jun2020.pdf · curriculum vitae ana margarida leite de almeida ferreira june 2020 . Índice ... 9 iv. scientific activity .....11 a. scientific

CURRICULUM VITAE

Ana Margarida Leite de Almeida Ferreira

June 2020

ÍNDICE

I. PERSONAL DATA ............................................................................................ 5

II. CURRICULAR SYNTHESIS ................................................................................ 7

III. ACADEMIC EDUCATION ................................................................................. 9

IV. SCIENTIFIC ACTIVITY .................................................................................... 11

A. SCIENTIFIC PRODUCTION .................................................................................................. 12

B. INSERTION IN THE SCIENTIFIC COMMUNITY .................................................................... 22

C. ACTIVITY IN SCIENTIFIC PROJECTS .................................................................................... 30

V. PEDAGOGICAL ACTIVITY .............................................................................. 36

A. LECTURING ACTIVITY......................................................................................................... 37

B. PEDAGOGICAL MATERIAL ................................................................................................. 38

C. SUPERVISION ACTIVITIES .................................................................................................. 40

VI. EMPLOYMENT .............................................................................................. 44

A. EMPLOYMENT ................................................................................................................... 45

B. PRODUCT DEVELOPMENT ................................................................................................. 47

C. OTHERS ............................................................................................................................. 48

VII. CONTINUOUS EDUCATION .......................................................................... 49

A. NON-ACADEMIC EDUCATION ........................................................................................... 50

B. TECHNICAL PROFICIENCY .................................................................................................. 53

C. LANGUAGES ...................................................................................................................... 53

VIII. OTHER INFORMATION ................................................................................. 54

4

I. PERSONAL DATA

I. PERSONAL DATA

6

NAME Ana Margarida Leite de Almeida Ferreira

NATIONALITY Portuguese

EMAIL [email protected]

WEBPAGE http://users.med.up.pt/amlaf/

PROFESSIONAL ACTIVITY IT Specialist

Faculty of Medicine, University of Porto

PROFESSIONAL ADDRESS Faculdade de Medicina, Universidade do Porto.

Rua Dr. Plácido da Costa, s/n, 4200 - 319 Porto,

Portugal

Tel: (+351) 22 042 6964

Ext: 26964

tel:%28%2B351%29%2022%20042%206963

II. CURRICULAR SYNTHESIS

II. CURRICULAR SYNTHESIS

8

Ana is currently a full-time researcher, for the next five years (01/2017 - 12/2021), within

a self-proposed project, entitled “TagUBig-Taming your Big data” and accepted for

funding in the ambit of Programa Investigador FCT 2015 – Starting Grant (Portuguese

Science Foundation).

She is an IT specialist at the Informatics’ Service, at the Faculty of Medicine, University

of Porto, Portugal, since 2004 (currently on a no paid leave).

Ana is a member of the Centre for Health Technologies and Services’ Research

(CINTESIS) from the University of Porto, since 2007, and has successfully participated as

a researcher in: 3 internationally funded projects (2 European and the other from

Luxembourg), 5 projects funded by the Portuguese Science Foundation (FCT) and 6 other

national projects funded by other entities. She is the author of 100 scientific

publications (50 as a first author), 81 of which are indexed in Thomson Reuters and/or

Scopus databases, with an ISI h-index of 9 and a SCOPUS h-index of 13.

Ana has a Post-doc from the SnT – Interdisciplinary Centre for Security, Reliability and

Trust, at the University of Luxembourg, within the research project entitled: Socio-

Technical Aspects in Security and Trust (STAST), from FNR - Fondation Nationale de

Rechérche, since 2015, a joint supervision PhD in Computer Science from the

Universities of Porto (Faculty of Science) and Kent, UK, since 2010, and detains an MSc

in Information Security, with Distinction, from Royal Holloway, University of London,

UK, since 2002.

She is currently responsible for 2 curricular units of the Health Data Science (HEADS)

Doctoral Program at the Faculty of Medicine, University of Porto. She has experience in

teaching various medical informatics’ subjects to undergraduate and postgraduate

students from the Medicine course, at the same University, where she has created the

module of information security for healthcare systems, together with the corresponding

materials, which is being taught there since 2003.

She obtained 8 scholarships to support her academic education (5 for the PhD, 1 for the

Post-doc and 2 for participation in USA conferences), 1 distinction and 11 prizes: (1) a

Best Student Paper Award – HEALTHINF2019, (2) a Best communication award at 4th IPLeiria

Int Health Congress 2018, (3) a Best poster award at ICEIS2018, (4) SPAIC – ASTRAZENECA 2017

– FRASIS – Monitorização da função respiratória na asma utilizando os sensores integrados do

smartphone, (5) & (6) two Best paper awards at ICISSP2019 and Human Computer Interaction

International 2015, (7) an honourable mention of the prize Ensaio CNPD2012, (8) the 1st place

in the Fraunhofer Portugal Challenge: “Research for Practical Use”, PhD category, in October

2010, (9) the prize Fernandes Costa with "ICU: Informação Clínica do Utente", in 2005, (10) the

prize "Hospital do Futuro", for the best e-government initiative in Healthcare, in 2004/2005,

and (11) “Jorge Manuel de Jesus Rodrigues”. Pharmaceutical and chemical products’

wholesalers. Best student of the area of Informatics’ at Oliveira Martins High School. Academic

year of 1992/93.

Also, Ana is a CISSP - Certified Information Systems Security Professional, since 2004,

and a HCISPP – Healthcare Information Security and Privacy Practicioner, since 2018.

III. ACADEMIC EDUCATION

III. ACADEMIC EDUCATION

10

Nov2012 - Fev2015 Post-doc position as a research associate at the Interdisciplinary Centre for Security, Reliability and Trust – SnT, University of Luxembourg, in the STAST – Socio-Technical Aspects of Security and Trust, project funded by FNR – Fonds National de la Recherche du Luxembourg. Member and collaborator of COSA – Institute of Cognitive Science and Assessment Group, at the same University.

2006 – 2010 PhD in Computer Science, joint supervision between the Universities of Porto (Portugal) and Kent (UK), with the thesis entitled: Modelling Access Control for Healthcare Information systems: how to control access through policies, human processes and legislation.

2001 – 2002 MSc in Information Security, at Royal Holloway, University of London, UK. Dissertation entitled: Electronic Patient Record Security. (with Distinction).

1994 – 1998 Licenciatura (similar to BSc) in Computer Science, Faculty of Science, University of Porto. Training project entitled: Development of graphical interfaces for the Web. Biostatistics’ module from the subject of Introduction to Medicine, from the Medicine course at Faculty of Medicine, University of Porto.

1993 – 1994 12th year – subjects: Mathematics, Physics and Descriptive Geometry at Secondary School Alexandre Herculano, Porto, Portugal.

1989 – 1993 11th Year – domain of informatics at Secondary School Oliveira

Martins, Porto, Portugal.

IV. SCIENTIFIC ACTIVITY


12

A. SCIENTIFIC PRODUCTION

This section presents a complete list of publications for Ana Ferreira, organized by: (1) list of

publications indexed in THOMSON REUTERS and/or SCOPUS, each with the number of citations and

impact factor, if applicable; and (2) list of non-indexed publications. All publications are ordered

chronologically, according to the type of publication (i.e., journal, conference proceedings, book

chapter and poster).

1. METRICS OF CITATIONS - ISI, SCOPUS AND GOOGLE SCHOLAR

- THOMSON REUTERS (http://www.researcherid.com/rid/H-8666-2013) (16/06/2020)

http://www.researcherid.com/rid/H-8666-2013


13

SCOPUS (Author ID: 56213849200) (16/06/2020)

- GOOGLE SCHOLAR (https://scholar.google.pt/citations?user=xDSzrhcAAAAJ&hl=en) (16/06/2020)


14

2. PUBLICATIONS INDEXED IN THOMSON REUTERS AND/OR SCOPUS, WITH

CITATIONS

Journals

1. Teles, S., Napolskij, M. S., Paúl, C., Ferreira, A., & Seeher, K. (2020). Training and support for

caregivers of people with dementia: The process of culturally adapting the World Health

Organization iSupport programme to Portugal. Dementia, 147130122091033.

doi:10.1177/1471301220910333. [SCOPUS][ISI][IF:2.238]

2. Teles, S., Zincke, R., Napolskij, M., Ferreira, A., Paúl, C. iSupport-Portugal: Adapting an

evidence-based online intervention for dementia caregivers to a different culture.

Alzheimer’s & Dementia. [IF: 14.423] (Abstract) (In Press).

3. Teles, S., Ferreira, A., Seeher, K., Fréel, S. & Paúl, C. (2020). Online training and support

program (iSupport) for informal dementia caregivers: protocol for an intervention study in

Portugal. BMC Geriatrics 20 (1), 10. doi:10.1186/s12877-019-1364-z.

[SCOPUS:2][ISI:3][IF:2.02]

4. Pedro Moura, Paulo Fazendeiro, Pedro Inácio, Pedro Vieira-Marques, Ana Ferreira.

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health

Data and Provide Risk Assessment for Mobile Apps. Journal of Healthcare Engineering

2020(1): 1-14. [SCOPUS][ISI][IF:1.295]

5. Teles, S., Sousa, R. T., Abrantes, D., Bertel, D., Ferreira, A., and Paúl, C. (2019). Bridging the

gap between technology and older adults: insights from a collaborative workshop on R&D

methodologies for Ambient Assisted Living solutions. Journal of Reliable Intelligent

Environments, 5 (4), 195–207. [SCOPUS]

6. Ferreira A, Teles S and Vieira-Marques P. SoTRAACE for smart security in Ambient Assisted Living. Journal of Ambient Intelligence and Smart Environments, vol. 11, no. 4, pp. 323-334. IOS Press. 2019. [SCOPUS:2][ISI] [IF:1.186]

7. Ferreira A; Teles S. Persuasion: How phishing emails can influence users and bypass security measures. International Journal of Human Computer Studies, 2019. 125, pp. 19-31. [SCOPUS:5[ISI:2][IF: 2.006]

8. Teles S., Ferreira A., Bertel, D., & Sousa, R.T. (2019). Market implementation and end users’

adoption of Ambient Assisted Living solutions: a literature review. BMC Health Services

Research 2019 13(Suppl 5):5. ISSN: 1753-6561. [IF:1.932] (Abstract)

9. Sa-Sousa, A; Fonseca, JA; Pereira, AM; Ferreira, A; Arrobas, A; et al. The Portuguese Severe Asthma Registry: Development, Features, and Data Sharing

Policies. Biomed Research International, 2018. DOI: 10.1155/2018/1495039. [ISI] [SCOPUS:1][IF: 2.197]

10. Jácome, Cristina; Ferreira, A; et al. MINSPIRERS – Feasibility of a mobile application to measure and improve adherence to inhaled controller medications among adolescents and adults with persistent asthma: Protocol for a multicentre observational study. Rev Port Imunoalergologia, 2018. 26(1): 47-61. [SCOPUS:3]

11. Mariana Couto, Rute Almeida, Cristina Jácome, Luís Conceição, Ana Ferreira, Pedro Marques, Ana Almeida, Rita Amaral, Ana Sá -Sousa, Constantino Martins, Tiago Jacinto, Mariana Pereira, Bernardo Pinho, Pedro Pereira Rodrigues, Alberto Freitas, Goreti Marreiros, Altamiro Costa Pereira, Susana Caldas Fonseca. FRASIS – Respiratory function monitoring in asthma using embedded smartphone sensors. Rev Port Imunoalergologia, 2018. 26 (4): 273-283. [SCOPUS:2]

https://content.iospress.com/journals/journal-of-ambient-intelligence-and-smart-environments

https://www.scopus.com/record/display.uri?eid=2-s2.0-85058685151&origin=resultslist&sort=plf-f&src=s&st1=Persuasion%3a+How+phishing+emails+can+influence+users+and+bypass+security+measures&st2=&sid=1679d4139a6861a246dc8db7f58c2f36&sot=b&sdt=b&sl=95&s=TITLE-ABS-KEY%28Persuasion%3a+How+phishing+emails+can+influence+users+and+bypass+security+measures%29&relpos=0&citeCnt=0&searchTerm=

https://www.scopus.com/record/display.uri?eid=2-s2.0-85058685151&origin=resultslist&sort=plf-f&src=s&st1=Persuasion%3a+How+phishing+emails+can+influence+users+and+bypass+security+measures&st2=&sid=1679d4139a6861a246dc8db7f58c2f36&sot=b&sdt=b&sl=95&s=TITLE-ABS-KEY%28Persuasion%3a+How+phishing+emails+can+influence+users+and+bypass+security+measures%29&relpos=0&citeCnt=0&searchTerm=

https://www.scopus.com/sourceid/12960?origin=resultslist

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Sa-Sousa,%20A&dais_id=29212856&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Fonseca,%20JA&dais_id=178732&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Pereira,%20AM&dais_id=659958&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Ferreira,%20A&dais_id=27741331&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Arrobas,%20A&dais_id=6292788&excludeEventConfig=ExcludeIfFromFullRecPage


15

12. Soraia Teles, Ana Ferreira, Pedro Vieira-Marques, Diotima Bertel, Constança Paúl, Andrea Ch. Kofler. Trust Requirements for the Uptake of Ambient Assisted Living Digital Advisory Services. BMC Health Research Services, 2018. 18(2): 684. [IF: 1.932] (Abstract)

13. Ricardo J Cruz-Correia, Isabel Boldt, Luis Lapão, Cátia Santos-Pereira, Pedro P Rodrigues, Ana M Ferreira and Alberto Freitas. Analysis of the quality of Hospital Information Systems audit trails. BMC Medical Informatics and Decision Making, 2013. 13: 84. DOI: 10.1186/1472-6947-13-84. [ISI:11][SCOPUS:14][IF: 2.067]

14. Ferreira A, Antunes L, Chadwick D, Cruz-Correia R. Grounding Information Security in Healthcare. International Journal of Medical Informatics, 2010. 79(4): 268-283. DOI: 10.1016/j.ijmedinf.2010.01.009. [ISI:13][SCOPUS:14][IF: 3.210]

15. Cruz-Correia RJ, Vieira-Marques PM, Ferreira AM, Almeida FC, Wyatt JC, Costa-Pereira AM. Reviewing the integration of patient data: how systems are evolving in practice to meet patient needs. BMC Medical Informatics and Decision Making, 2007. 7(1): p. 14. DOI: 10.1186/1472-6947-7-14. [ISI:39][SCOPUS:54][IF: 2.067]

16. Cruz-Correia R, Vieira-Marques P, Costa P, Ferreira A, Oliveira-Palhares E, Araújo F, Costa-Pereira A. Integration of Hospital data using Agent Technologies – a case study. AICommunications special issue of ECAI, 2005. 18(3): 191-200. [ISI:46][SCOPUS:58] [IF:0.765]

17. Ferreira A, Cruz-Correia R, and Costa-Pereira A. Teaching information security to medical students. Technology and Health Care. 2005. 13(5): 389-90. [SCOPUS] [IF:0.787]

Protocols (repeated from the list above)

18. Cristina Jácome, Rui Guedes, Rute Almeida, João Fonseca Teixeira, Bernardo Pinho, Pedro Vieira-Marques, Rita Vilaça, José Fernandes, Ana Ferreira, Mariana Couto, Tiago Jacinto, Altamiro da Costa Pereira, João Almeida Fonseca. Protocolo de um estudo observacional multicêntrico, mINSPIRERS - Estudo da exequibilidade de uma aplicação móvel para medição e melhoria da adesão à medicação inalada de controlo em adolescentes e adultos com asma persistente. Revista Portuguesa de Imunoalergologia. 2018. [SCOPUS]

Proceedings of international conferences and book chapters

19. Ana Ferreira, Soraia Teles, Rui Chilro, Milaysis Sosa-Napolskij. Netphishing: network and

linguistic analysis of phishing email subject lines. ICEIS2020 – 22nd International Conference

on Enterprise Information Systems. 2020. (In Press).

20. Ana Ferreira. GDPR: What’s in a year (and a half)? ICEIS2020 – 22nd International Conference

on Enterprise Information Systems. 2020. (In Press).

21. Rafael Almeida, Pedro Vieira-Marques, Ana Ferreira. Patients to mobilize their data: secure

and flexible mHealth delegation. ICISSP2020 – 6th International Conference on Informations

Systems Security and Privacy. 2020. 552-560. [SCOPUS]

22. Dayana Spagnuelo, Ana Ferreira and Gabriele Lenzini. Transparency Enhancing Tools and

the GDPR: Do they Match? Springer 2020 (In Press) (Book Chapter).

23. Teles S., Paúl C., Ferreira A.M. (2020) Internet Use Among Informal Caregivers of People

with Dementia: Results of an Online Survey. In: García-Alonso J., Fonseca C. (eds)

Gerontechnology. IWoG 2019. Communications in Computer and Information Science, vol

1185 CCIS, 44-55. Springer, Cham. [SCOPUS] (Book Chapter)


16

24. Muchagata J., Vieira-Marques P., Teles S., Abrantes D., Ferreira A. (2020) Secure

Visualization When Using Mobile Applications for Dementia Scenarios. In: Ahram T.,

Karwowski W., Pickl S., Taiar R. (eds) Human Systems Engineering and Design II. IHSED 2019.

Advances in Intelligent Systems and Computing, vol 1026, 318-324. Springer, Cham.

[SCOPUS]

25. Ferreira A., Almeida R., Muchagata J. (2020) How Secure Is Your Mobile Health?. In:

Henriques J., Neves N., de Carvalho P. (eds) XV Mediterranean Conference on Medical and

Biological Engineering and Computing – MEDICON 2019. MEDICON 2019. IFMBE

Proceedings, vol 76: 1377-1385. Springer, Cham. [SCOPUS]

26. Ana Ferreira, Pedro Vieira-Marques, Rute Almeida, José Fernandes and João Fonseca. How

inspiring is your app: a usability take on an app for asthma medication adherence. 11th

International Conference on e-Health. 2019. pp. 225-229. [SCOPUS]

27. Joana Muchagata, Pedro Vieira-Marques and Ana Ferreira. mHealth Applications: can

User-adaptive Visualization and Context Affect the Perception of

Security and Privacy? 21st international Conference on Enterprise Information Systems –

ICEIS2019. pp. 444-451. [SCOPUS]

28. Joana Muchagata and Ana Ferreira. Visual Schedule: a Mobile Application

for Autistic Children - Preliminary Study. 21st international Conference on Enterprise

Information Systems – ICEIS2019. pp. 452-459. [SCOPUS:1]

29. Dayana Spagnuelo, Ana Ferreira and Gabriele Lenzini. Accomplishing Transparency within

the General Data Protection Regulation. ICISSP2019 - 5th International Conference on

Information Systems Security and Privacy. Pp 114-125. [SCOPUS] Best Paper Award.

30. Joana Muchagata and Ana Ferreira. Mobile apps for people with dementia: Are they

compliant with the general data protection regulation (GDPR)? HEALTHINF2019 - 12th

International Joint Conference on Biomedical Engineering Systems and Technologies. Pp 68-

77. [SCOPUS:1]

31. Sandra Reis, Ana Ferreira, Pedro Marques and Ricardo Cruz-Correia. Usability study of a tool

for patients’ access control to their health data. HEALTHINF2019 - 12th International Joint

Conference on Biomedical Engineering Systems and Technologies. Pp. 94-102. [SCOPUS]

Best Student Paper Award.

32. Ana Ferreira and Joana Muchagata. TagUBig-Taming Your Big Data. Proceedings of the 52nd International Carnahan Conference on Security Technology, ICCST 2018. Pp. 222-226. [ISI] [SCOPUS]

33. Joana Muchagata and Ana Ferreira. Translating GDPR into the mHealth practice. Proceedings of the 52nd International Carnahan Conference on Security Technology, ICCST 2018. Pp. 232-236. [ISI] [SCOPUS:1]

34. Ana Ferreira. Why ransomware needs a human touch. Proceedings of the 52nd International Carnahan Conference on Security Technology, ICCST 2018. Pp. 237-241. [ISI] [SCOPUS:2]

35. Reis, Sandra; Ferreira, Ana; Vieira-Marques, Pedro; et al. Do patients want to know who

accesses their personal health information?: A questionnaire to university students. Iberian

Conference on Information Systems and Technologies, CISTI 2018. Pp. 1-6. [ISI] [SCOPUS:1]

36. Joana Muchagata and Ana Ferreira. How can visualization affect security? 20th International Conference on Enterprise Information Systems. 2018. 2: 503-510. [SCOPUS:6]. Best Poster Award.

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Reis,%20Sandra&dais_id=28290022&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Ferreirao,%20Ana&dais_id=29098551&excludeEventConfig=ExcludeIfFromFullRecPage

http://apps.webofknowledge.com/DaisyOneClickSearch.do?product=WOS&search_mode=DaisyOneClickSearch&colName=WOS&SID=F6PqDutoP2n8niRQvqg&author_name=Vieira-Marques,%20Pedro&dais_id=2430526&excludeEventConfig=ExcludeIfFromFullRecPage

https://www.scopus.com/record/display.uri?eid=2-s2.0-85049902681&origin=resultslist&sort=plf-f&src=s&st1=Do+patients+want+to+know+who+accesses+their+Personal+Health+Information&st2=&sid=1679d4139a6861a246dc8db7f58c2f36&sot=b&sdt=b&sl=86&s=TITLE-ABS-KEY%28Do+patients+want+to+know+who+accesses+their+Personal+Health+Information%29&relpos=0&citeCnt=0&searchTerm=

https://www.scopus.com/record/display.uri?eid=2-s2.0-85049902681&origin=resultslist&sort=plf-f&src=s&st1=Do+patients+want+to+know+who+accesses+their+Personal+Health+Information&st2=&sid=1679d4139a6861a246dc8db7f58c2f36&sot=b&sdt=b&sl=86&s=TITLE-ABS-KEY%28Do+patients+want+to+know+who+accesses+their+Personal+Health+Information%29&relpos=0&citeCnt=0&searchTerm=


17

37. Ana Ferreira and Pedro Marques. Phishing through time: a ten year story based on abstracts. 4th International Conference on Information Systems Security and Privacy. 2018. Vol. 1, 225-232. [SCOPUS:3]

38. Cristina Jácome, Rute Almeida, João Pedro Teixeira, Pedro Vieira-Marques, Rita Vilaça, José Manuel Fernandes, Ana Ferreira and João Almeida Fonseca. INSPIRERS: AN APP TO MEASURE AND IMPROVE ADHERENCE TO INHALED TREATMENT. 9th International Conference on eHealth. 2017. 135-139. [SCOPUS:7]

39. Pedro Moura, Paulo Fazendeiro, Pedro Marques, Ana Ferreira. SoTRAACE - Socio-technical risk-adaptable access control model. Proceedings of the 51st IEEE Carnahan Conference on Security Technology (ICCST). 2017. Pp. 1-6. [ISI:4] [SCOPUS:8]

40. Ana Ferreira and Rui Chilro. What to phish in a subject? Financial Cryptography and Data Security - 10323 LNCS. 2017. 597-609. [SCOPUS:2]

41. Ana Ferreira and Gabriele Lenzini. Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare. ICISSP2016 - 2nd International Conference on Information Systems Security and Privacy. 1: 63-73. [SCOPUS]

42. Ana Ferreira. Persuasion in Scams. Understanding Social Engineering Based Scams. Markus Jakobsson, PhD (Editor). ISBN 978-1-4939-6457-4, 2016. 29-47. [SCOPUS:11] (Book Chapter)

43. Ana Ferreira, Jean-Louis Huynen, Gabriele Lenzini and Vincent Koenig. In Cyber-Space noone can hear you S-CREAM: A Root Cause Analysis of Technique for Socio-Technical Attacks. 11th Workshop on Security and Trust Management (ESORICS 2015). 9331: 255-264. [ISI:1] [SCOPUS:3].

44. Ana Ferreira and Gabriele Lenzini. An Analysis of Social Engineering Principles in Effective Phishing. 5th Workshop on Socio-Technical Aspects in Security and Trust within the 28th IEEE Computer Security Foundations Symposium (CSF). 2015. 9-16. [ISI:11] [SCOPUS:17]

45. Ana Ferreira, Lynne Coventry and Gabriele Lenzini. Principles of Persuasion in Social Engineering and their Use in Phishing. 17th International Conference on Human Computer Interaction. 2015. 9190: 36-47. [SCOPUS:21]

46. Ana Ferreira, Jean-Louis Huynen, Gabriele Lenzini, Vincent Koenig, Salvador Rivas. Do Graphical Cues Effectively Inform Users? A Socio-technical Security Study in Accessing WiFi Networks. 17th International Conference on Human Computer Interaction. 2015. 9190: 323-334. [SCOPUS:4]. Best paper award.

47. Ana Ferreira and Gabriele Lenzini. Can transparency enhancing tools support patient’s accessing electronic health records? 3rd World Conference on Information Systems and Technologies. Advances in Intelligent Systems and Computing, 2015. 353: 1121-1132. [ISI:1] [SCOPUS:1]

48. Ana Ferreira, Jean-Louis Huynen, Vincent Koenig and Gabriele Lenzini. Socio-technical Security Analysis of Wireless Hotspots. 16th International Conference on Human-Computer Interaction – HCII2014. Human Aspects of Information Security, Privacy and Trust. Lecture Notes in Computer Science, 2014. 8533: 306-317. [SCOPUS:8]

49. Ana Ferreira, Jean-Louis Huynen, Vincent Koenig and Gabriele Lenzini. A Conceptual Framework to Study Socio-Technical Security. 16th International Conference on Human-Computer Interaction – HCII2014. Human Aspects of Information Security, Privacy and Trust. Lecture Notes in Computer Science, 2014. 8533: 318-329. [SCOPUS:8]

50. Ana Ferreira, Gabriele Lenzini, Cátia Santos-Pereira, Alexandre B. Augusto, Manuel E. Correia. Envisioning secure and usable access control for patients. IEEE 3rd International Conference on Serious Games and Applications for Health, 2014. 1-8. [SCOPUS:2]

51. Ana Ferreira, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini and Salvador Rivas. Socio-Technical Study on the effect of Trust and Context when choosing Wifi names. 9th Workshop on Security and Trust Management (ESORICS 2013). Lecture Notes in Computer Science, 2013. 8203: 131-143. [ISI:6][SCOPUS:10]

http://csf2015.di.univr.it/

http://csf2015.di.univr.it/

https://cms.hci.international/2015/index.php?module=hciiProposalAdmin&op=view&id=891





http://www.scopus.com/source/sourceInfo.url?sourceId=5100152904&origin=resultslist

http://link.springer.com/book/10.1007/978-3-319-07620-1

http://link.springer.com/bookseries/558


http://link.springer.com/book/10.1007/978-3-319-07620-1




18

52. Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini. Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates. 3rd IEEE International Symposium on Trust and Identity in Mobile Internet, Computing and Communications (TRUSTID2013), 2013. 1553:1558. [ISI:3] [SCOPUS:7]

53. Ferreira A, Farinha P, Santos-Pereira C, Cruz-Correia R, Rodrigues P, Costa-Pereira A, Orvalho V. Log analysis of human computer interactions regarding break the glass accesses. In Proceedings of the 15th International Conference on Enterprise Information Systems, 2013. 3: 46-53. [ISI:2] [SCOPUS:1]

54. Santos-Pereira, Cátia, Augusto, Alexandre, Correia, Manuel, Ferreira, Ana, Cruz-Correia, Ricardo. A Mobile Based Authorization Mechanism for Patient Managed Role Based Access Control. Information Technology in Bio and Medical Informatics, Lecture Notes in Computer Science, 2012. 7451: 54-68. [SCOPUS:11]

55. Cátia Santos-Pereira, Luis Antunes, Ricardo Cruz-Correia, and Ana Ferreira. One way to patient empowerment - A proposal for an authorization model. In proceedings of the International Conference on Health Informatics, 2012. pp. 249-255. [SCOPUS:3]

56. Ferreira A, Cruz-Correia R, Marta Brito, Antunes L. Usable access control policy and model for healthcare. Proceedings of the 24th IEEE Symposium on Computer-Based Medical Systems, 2011. Pp.1-6. [ISI] [SCOPUS:9]

57. Ferreira A, Cruz-Correia R, Antunes L. Usability of authentication and access control: a case study in healthcare. Proceedings of the 45th IEEE Carnahan Conference on Security Technology, 2011. 1-7. [ISI] [SCOPUS:4]

58. Carla Pereira, Ana Ferreira. Luis Antunes. Evaluation of a teleradiology system: impact and user satisfaction. Proceedings of the International Conference on Health Informatics, 2011. 295-302. [ISI] [SCOPUS]

59. Pereira C, Oliveira C, Vilaça C, Ferreira A. Protection of clinical data: comparison of European with American legislation and respective technological applicability. Proceedings of the International Conference on Health Informatics, 2011. 567-570. [ISI] [SCOPUS:2]

60. Ana Ferreira, Ricardo Correia, David Chadwick, Henrique Santos, Rui Gomes, Diogo Reis, Luis Antunes. Password sharing and how to reduce it. Certification and Security in Health-Related Web Applications: Concepts and Solutions. Dr. Ioannis Apostolakis, Anargyros Chryssanthou, Dr. Iraklis Varlamis (Editors). ISBN 978-1616928957, 2011. 243-263. [SCOPUS:2] (Book Chapter)

61. Ferreira A, Cruz-Correia R, Chadwick D, Antunes L. Access control in healthcare: the methodology from legislation to practice. Proceedings of the 13th MEDINFO Congress. IOS Press, 2010. 160: 666-70. [ISI:3] [SCOPUS:5]

62. Farinha P, Cruz-Correia R, Antunes L, Filipe Almeida, Ferreira A. From legislation to practice: a case study of break the glass in healthcare. Proceedings of the International Conference on Health Informatics, 2010. 114-120. [ISI:1] [SCOPUS:1]

63. Ana Ferreira, David Chadwick, Gansen Zao, Pedro Farinha, Ricardo Correia, Rui Chilro, Luis Antunes. How to securely break into RBAC: the BTG-RBAC model. Proceedings from 25th Annual Computer Security Applications Conference - ACSAC2009, Dez 2009. 23-31. DOI: 10.1109/acsac.2009.12. [ISI:37] [SCOPUS:82]

64. Ana Ferreira, Luís Barreto, Pedro Brandão, Ricardo Correia, Susana Sargento, Luís Antunes. Chapter II: Accessing an existing virtual electronic patient record with a secure wireless architecture. Phillip Olla, Joseph Tan (Editors). Mobile Health Solutions for Biomedical Applications. Medical Information Science Reference. ISBN 978-1605663326, Mar 2009. 24-45. [SCOPUS] (Book Chapter)

65. Ana Ferreira, Ricardo Correia, David Chadwick, Luis Antunes. Improving the implementation of access control in EMR. Proceedings of the 42nd IEEE International Carnahan Conference on Security Technology, 2008. 47-50. [ISI:17] [SCOPUS:7]

http://apps.webofknowledge.com.proxy.bnl.lu/full_record.do?product=UA&search_mode=GeneralSearch&qid=17&SID=P1wb64HZUtrp4iQVAMP&page=1&doc=1



19

66. Ferreira A, Antunes L, Pinho C, Sá C, Mendes E, Santos E, Silva F, Sousa F, Gomes F, Abreu F, Mota F, Aguiar F, Faria F, Macedo F, Martins S, Cruz-Correia R. Who should access electronic patient records. Proceedings of the International Conference on Health Informatics, 2008. 182-185. [ISI] [SCOPUS]

67. Ana Ferreira, Ricardo Cruz-Correia, Luís Antunes, David Chadwick. Chapter III: Security of Electronic Medical Records. Handbook of Research on Distributed Medical Informatics and E-Health. A. Lazakidou, K. Siassiakos (Editors). Medical Information Science Reference. ISBN 978-1-60566-002-8, Aug 2008. 30-47. [SCOPUS:1] (Book Chapter)

68. Ferreira A, Correia A, Silva A, Corte A, Pinto A, Saavedra A, Pereira AL, Pereira AF, Cruz-Correia R, Antunes LF. Why facilitate patient access to medical records. Studies in Health Technologies and Informatics. IOS Press, 2007. 127: 77-90. [ISI:30] [SCOPUS:37]

69. Ferreira A, Cruz-Correia R, Antunes LF, Chadwick D. Access Control: how can it improve patients' healthcare? Studies in Health Technologies and Informatics. IOS Press. 2007. 127: 65-76. [ISI:22] [SCOPUS:28]

70. Ana M. Ferreira, Ricardo Cruz-Correia, Altamiro Costa-Pereira. Why teach computer security to medical students? Studies in Health Technologies and Informatics. IOS Press, 2007. 129: 1469-1470. [ISI:1] [SCOPUS:1]

71. Cristina Costa-Santos, Ana Coutinho, Ricardo Cruz-Correia, Ana Ferreira, Altamiro Costa-Pereira. E-learning at porto faculty of medicine. a case study for the subject 'introduction to medicine'. Studies in Health Technologies and Informatics. IOS Press, 2007. 129: 1366-1371. [ISI:4] [SCOPUS:6]

72. Ana Ferreira, David Chadwick, Luís Antunes. Modelling access control for healthcare information systems: how to control access through policies, human processes and legislation. Proceedings of the 5th Doctoral Consortium – DCEIS, 2007. 3-13. [SCOPUS:2]

73. Ferreira A, Barreto L, Brandão P, Cruz-Correia R, Sargento S, Antunes L. A secure wireless architecture to access a virtual electronic patient record. IEEE Pervasive Health Conference and Workshops, 2006. 1-8. [SCOPUS:3]

74. Cruz-Correia R, Vieira-Marques P, Ferreira A, Oliveira-Palhares E, Costa P, Costa-Pereira A. Monitoring the integration of hospital information systems: how it may ensure and improve the quality of data. Stud Health Technol Inform IOS Press 2006. 121: p. 176-82. [ISI:11] [SCOPUS:16]

75. Ricardo Correia, Pedro Marques, Ana Ferreira, Ernesto Palhares, Pedro Costa, Fernando Araújo. Automatic detection of patient data inconsistencies on integrated Health Information Systems. Actas da 1ª Conferência Ibérica de sistemas e Tecnologia de Informação, 2006. 1: 689-696. [ISI] [SCOPUS]

76. Pedro Farinha, Ana Ferreira, Ricardo Correia. Web.care - management of resources and access to multicentric clinical studies online. Actas da 1ª Conferência Ibérica de sistemas e Tecnologia de Informação, 2006. 1: 631-640. [ISI] [SCOPUS:4]

77. Vieira-Marques P, Cruz-Correia R., Costa P., Palhares E., Ferreira A., Costa-Pereira A. MAID – Multi Agent for the Integration of Data. Actas da 1ª Conferência Ibérica de sistemas e Tecnologia de Informação, 2006. 1: 603-614. [ISI:3] [SCOPUS:3]

78. Ferreira A, Cruz-Correia R, Antunes L, Farinha P, Oliveira-Palhares E, Chadwick D W, Costa-Pereira A. How to break access control in a controlled manner? Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, 2006. 847-851. [ISI:57] [SCOPUS:84]

79. Ferreira A, Oliveira-Palhares E, Correia R, Costa-Pereira A. From a wired to a wireless secure EPR: Can we re-use existing security solutions. Proceedings of the 39th IEEE International Carnahan Conference on Security Technology, 2005. 39: 93-6. [ISI] [SCOPUS]

80. Ferreira A, Cruz-Correia R, and Costa-Pereira A. Securing a web-based EPR: An approach to secure a centralized EPR within a hospital. In Proceedings of the 6th International Conference on Enterprise Information Systems, 2004. 3: 54-9. [SCOPUS:8]



http://www-scopus-com.proxy.bnl.lu/record/display.url?eid=2-s2.0-84859347796&origin=resultslist&sort=plf-f&src=s&st1=E-learning+at+Porto&sid=0F4316AFE5F5D957857EB99F1536F5CE.fM4vPBipdL1BpirDq5Cw%3a1800&sot=b&sdt=b&sl=34&s=TITLE-ABS-KEY%28E-learning+at+Porto%29&relpos=11&relpos=11&citeCnt=1&searchTerm=TITLE-ABS-KEY%28E-learning+at+Porto%29

http://www-scopus-com.proxy.bnl.lu/record/display.url?eid=2-s2.0-84859347796&origin=resultslist&sort=plf-f&src=s&st1=E-learning+at+Porto&sid=0F4316AFE5F5D957857EB99F1536F5CE.fM4vPBipdL1BpirDq5Cw%3a1800&sot=b&sdt=b&sl=34&s=TITLE-ABS-KEY%28E-learning+at+Porto%29&relpos=11&relpos=11&citeCnt=1&searchTerm=TITLE-ABS-KEY%28E-learning+at+Porto%29

http://ieeexplore.ieee.org/xpl/RecentCon.jsp?punumber=4205139

http://ieeexplore.ieee.org/xpl/RecentCon.jsp?punumber=4205139


20

81. Ferreira A, Cruz-Correia R, Antunes L, Palhares E, Marques P, Costa P, Costa-Pereira A. Integrity for Electronic Patient Record Reports. Proceedings of the 17th IEEE Symposium on Computer-Based Medical Systems, 2004. 4-9. [ISI:5] [SCOPUS:16]

82. Ana Ferreira, Simon Shiu, Adrian Baldwin. Towards Accountability for Electronic Patient Records. 16th IEEE Symposium Proceedings on Computer-Based Medical Systems (CBMS2003), 2003. 189-94. [ISI:6] [SCOPUS:17]

3. NON-INDEXED PUBLICATIONS

Journals

1. Sá-Couto, Carla; Ferreira, Ana Margarida; Almeida, Diana; Nicolau, Abel; Vieira-Marques,

Pedro. Evaluation of skills acquisition using a new low-cost tool for CPR self-training. Porto

Biomedical Journal, 2018. 3(1): p e8.

Journal abstracts

1. Carla Sá-Couto, Pedro Vieira-Marques, Abel Nicolau, Diana Almeida, Ana Ferreira. CPR

Personal Trainer: a low-cost for CPR self-training. Advances in Simulation. 2017. 2(Suppl

1):A4. Pages 2-3.

Abstracts accepted for presentation and discussion (no publication)

2. Jácome C, Guedes R, Almeida R, Fonseca Teixeira J, Vieira-Marques P, Pinho B, Fernandes JM; Ferreira, A; Almeida Fonseca J. InspirerMundi: an app to measure and improve adherence to inhaled medication. 9th International Primary Care Respiratory Group (IPCRG) World Conference. 2018.

3. Almeida D, Nicolau A, Ferreira A, Monteiro LP, Vieira-Marques P, Sá-Couto CD.

Development and evaluation of a new scoring and feedback system for a low-cost CPR

training tool. SESAM – Society in Europe for Simulation Applied to Medicine. 2016

4. Ana Ferreira, Markus Jakobsson, Damon McCoy, Elaine Shi, Youngsam Park, Ting-Fang Yen and Arthur Jakobsson. Trends in social-engineering: how to detect and quantify persuasion. RSAConference 2016 – SessionID – HUM-W02, San Francisco, February 2016.

Proceedings of international and national conferences

1. Nicolau A, Vieira-Marques P, Monteiro LP, Ferreira A, Sá-Couto. Development of a Cardiopulmonary Resuscitation Personal Trainer. IJUP – 9th Meeting for Young Researchers at University of Porto, 2016.

2. Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen and Gabriele Lenzini. On tools for socio-technical security analysis. Grande Region Security and Reliability Day, 2013.

3. Santos-Pereira C, Cruz-Correia R, Ferreira A. Providing for patient empowerment. Customizable access control models for patients: a systematic review. Proceedings of MEDINFOR II – “A medicina na era da informação”. 2011.

4. Rui Chilro, Ana Ferreira, Bruno Oliveira, Ricardo Morla. Contact times in the Message Ferry Delay Tolerant Network. DSIE’11 – 6th Doctoral Symposium on Informatics Engineering, 2011.

5. Cruz-Correia Ricardo, Vieira-Marques Pedro, Ferreira Ana, Almeida Filipa, Wyatt Jeremy and Costa-Pereira Altamiro. Projects Integrating Information Systems Are Going Regional - a Systematic Review. Studies in Health Technologies and Informatics. IOS Press, 2007. 129: 2064-2066.

http://csl.cs.uni-saarland.de/grsrd/2014/

http://ofelia.dcc.fc.up.pt/publications?f%5bauthor%5d=5

http://ofelia.dcc.fc.up.pt/publications?f%5bauthor%5d=4


21

6. Ferreira A, Correia R, Antunes L, Oliveira-Palhares E, Farinha P, Costa-Pereira A. How to start modelling access control in a healthcare organization. Proceedings of the 10th International Symposium for Health Information Management Research, 2005.

7. Ferreira A, Cruz-Correia R, Costa-Pereira A. The Creation of a Secure Web-Based EPR. Technology and health care - official journal of the European Society for Engineering and Medicine: Proceedings of MedNet Eighth World Congress on the Internet in Medicine, 2003. 11(5): 390-9.

8. Ana Ferreira, Simon Shiu, Adrian Baldwin. Towards Secure Electronic Patient Records. MEDINF2003. 5(3): 341-344.

9. Correia R, Marques P, Ferreira A, Vieira P, Bernardes J, Costa-Pereira A. Acquisition, processing and storage of vital signals in an electronic patient record system. Proceedings of MEDNET2001.

10. Teixeira-Pinto A, Ferreira A, Parry G, Costa-Pereira A. Estatística Médica na WEB: um manual para uso de estudantes, investigadores e profissionais de Saúde. Actas da 1ª Conferência sobre redes de computadores, 1998. 9-10.

Posters (no publication)

11. Active visualization to assist and improve online accessibility and privacy in AAL solutions.

AAL Forum 2018.

12. Bridging the gap between technology and older adults: insights from a workshop conduct at the AAL Forum 2017. AAL Forum 2018.

13. Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini, Sjouke Mauw, Peter Y. A. Ryan. Socio-Technical Analysis of Security (STAST). SnT – Partnership Day, 2013.

14. Chuva MT, Fernandes MT, Correia C, Barbosa L, Silva MJ, Gomes MJ, Moreira MM, Gomes

MM, Vinhas MS, Dias M, Moreira M, Ferreira A. Atitudes e opiniões de profissionais de

saúde e doentes quanto à utilização de computadores em cuidados primários – Revisão

sistemática. IX Jornadas Científicas dos Estudantes de Medicina. Faculdade de Medicina da

Universidade do Porto. 2006.


22

B. INSERTION IN THE SCIENTIFIC COMMUNITY

This section presents the oral communications both in international seminars/workshops (by

invitation) and conferences. It also describes the participations as a jury in academic defenses, the

obtained prizes, distinctions, scholarship awards, as well as the participation in technical

committees of international conferences and membership of research units.

1. EUROPEAN EXPERT EVALUATOR – European Commission

1. H2020-SU-ICT-2019

2. H2020-SU-DS-2019

3. H2020-OnlineSecurityPrize-2017

4. H2020-SU-ICT-2018

5. Secure Society Calls evaluation - Oct 2017

2. INVITED SPEAKER

International seminars and workshops

1. 10th Edition of Fraunhofer Portugal Challenge. Closing event and Awards ceremony. October 2019.

2. 1ª Conferência eCuidHaMUs. Escola Superior de Saúde da Universidade de Aveiro. June 2019

3. ISG - Royal Holloway, University of London. July 2015.

4. BlueSky Conference – FET–EYE conference for young researchers. June 2014.

5. Lab@Surfing – FET–EYE conference for young researchers. February 2014.

6. SOUPS – Symposium on Usable Privacy and Security (Lightning talk). July 2013.

7. SRM Seminar. SnT, University of Luxembourg. April 2012.

8. ISG Group Seminars. Royal Holloway, University of London. December 2008.

9. 1st Information Security Group Alumni Reunion Conference. Royal Holloway, University of London. July 2008.

10. (ISC)2 London – Scholarship award. PhD presentation. October 2007.

11. (ISC)2 London – Scholarship award. PhD presentation. May 2006.

12. Security and access control in healthcare. Philips Research Eindhoven. June 2005.

National seminars

1. Proteção de dados – Comissões de Ética e Investigação em Saúde – impacto das alterações na lei e desafios para o futuro. 2019. MEDCIDS – Faculdade de Medicina do Porto.

2. Segurança em Investigação de Saúde. Seminário do curso MIMED, 2019.

3. Segurança em Investigação Clínica e Regulamento Geral de Proteção de dados. Escola de Verão, 2019. MEDCIDS – Faculdade de Medicina do Porto.


23

4. How to elaborate a H2020 proposal in Biotechnology? GPPQ. CINTESIS, Faculty of Medicine, University of Porto. 2018.

5. TagUBig-Taming Your Big Data. GMEPE-PAHCE 2018 Conference. CINTESIS. March 2018.

6. Interact with (the) Security. 9º Simposium Master in Medical Informatics, MEDCIDS, Faculty of Medicine, University of Porto. September 2016.

7. Break security to improve security. Conference on informatics’ security. Business Science School of Valença. March 2011.

8. Security in Programming. Master in Medical Informatics, Biostatistics and Medical Informatics (currently CIDES), Faculty of Medicine, University of Porto. March 2010.

9. PhD research work presentation. Workshop Grounded Theory Methodology, Prof. Antony Bryant. University Fernando Pessoa. June 2009.

10. Information Security. Workshop on access control in healthcare. Master in Medical Informatics, Biostatistics and Medical Informatics (currently CIDES), Faculty of Medicine, University of Porto. May 2009.

11. Information Security – Integration in healthcare. National Administration Institute (INA). 2007

12. Information Security. National Administration Institute (INA). 2006

13. Security in Healthcare. Master in Informatics, Computer Science Department, Faculty of Science, University of Porto. 2006.

3. ORAL COMMUNICATIONS AT INTERNATIONAL CONFERENCES

1. ICISSP2020 Patients to mobilize their data: secure and flexible mHealth delegation. February 2020.

2. MEDICON2019 How secure is your mobile health? Portugal. September 2019

3. eHEALTH2019 How inspiring is your app: a usability take on an app for astHma medication adherence. Portugal. July 2019

4. IEEE CARNAHAN2018 Translating GDPR into the mHealth Practice

5. TagUBig – Taming Your Big Data

6. Why ransomware needs a human touch. Canada. October 2018.

7. TA2017 What to phish in a subject? Malta. April 2017.

8. WORLDCIST2015 Can transparency enhancing tools support patient’s accessing electronic health records? Ponta Delgada, Azores, Portugal. April 2015.

9. IEEE SEGAH2014 Envisioning secure and usable access control for patients. Rio de Janeiro, Brazil. May 2014.

10. SOUPS2013 Designing defenses against socio-technical attacks. Newcastle, UK. July 2013.

11. ICEIS2013 Log analysis of human computer interactions regarding break the glass accesses. Angers, France. July 2013.

12. IEEE CARNAHAN2011 Usability of authentication and access control: a case study in healthcare. Barcelona, Spain. October 2011.


24

13. ACSAC2009 How to securely break into RBAC: the BTG-RBAC model. Honolulu, Hawaii. December 2009.

14. IEEE CARNAHAN2008 Improving the implementation of access control to electronic medical records. Prague, Czech Republic. October 2008.

15. HEALTHINF2008 Who should access electronic patient records. Funchal, Portugal. January 2008.

16. ICMCC2007 Why facilitate patient access to medical records. Empowering the patient. Amesterdam, Holand. June 2007.

17. ICMCC2007 Access Control: how can it improve patients' healthcare? Empowering the patient. Amesterdam, Holand. June 2007.

18. DCEIS2007 Modelling access control for healthcare information systems: how to control access through policies, human processes and legislation. Funchal, Portugal. June 2007.

19. IEEE CBMS2006 How to break access control in a controlled manner? Salt Lake City, USA. June 2006.

20. IEEE PervasiveHealth2006 A secure wireless architecture to access a virtual electronic patient record. Innsbruck, Austria. November 2006.

21. IEEE CARNAHAN2005 From a wired to a wireless secure EPR: Can we re-use existing security solutions? Las Palmas de Gran Canaria, Spain. October 2005.

22. MedNet2005 Teaching information security to medical students. Prague, Czech Republic. December 2005.

23. IEEE CBMS2004 Integrity for Electronic Patient Record Reports. Bethesda, Maryland, USA. June 2004.

24. ICEIS2004 Securing a web-based EPR: An approach to secure a centralized EPR within a hospital. Porto, Portugal. April 2004.

25. MedNet2003 The Creation of a Secure Web-Based EPR. Geneva, Switzerland. December 2003.

26. MEDINF2003 Towards Secure Electronic Patient Records. Craiova, Romania. October 2003.

4. ACADEMIC JURIES

External

1. INSTITUTION: Faculty of Science, University of Porto

NAME: Ana Cristina de Melo Carvalho

PROGRAM: Mini viva (not final defence) - PhD in Computer Science

TITLE: Privacy Enhancing Technologies: Collection and Management of Online Consent Request.

DATE: December 2019


25

2. INSTITUTION: Faculty of Science, University of Lisbon

NAME: Diogo Marques

PROGRAM: Mini viva (not final defence) - PhD in Informatics Engineering

TITLE: The social insider threat to end users of smartphones.

DATE: June 2017 and July 2018

3. INSTITUTION: Faculty of Medicine, University of Porto

NAME: Ricardo Jorge Tomé Rodrigues Pires

PROGRAM: Master in Medical Informatics

TITLE: mHealth: O impacto da nova diretiva Europeia de Proteção de Dados, caso de uso e avaliação.

DATE: December 2016

4. INSTITUIÇÃO: Universidade do Porto – Faculdade de Ciências

NOME: João Sá

PROGRAM: MSc in Computer Science

TÍTULO: View and Verify Access Control Policies

DATE: December 2015

5. INSTITUTION: University of Minho

NAME: Vítor Júlio da Silva Sá

PROGRAM: PhD

TITLE: Gestual Dynamic with skin conductivity – a multimodal approach for biometrics authentication

DATE: April 2014


NAME: Ricardo Filipe Sousa Santos


TITLE: Securing a Health Information System with a Government issued Digital Identification Card

DATE: March 2010

Internal


NAME: Ana Cláudia de Loureiro e Nogueira


TITLE: Validação da identificação de utentes num integrador de mensagens HL7 para monitorização e portabilidade de dados na área da saúde.


26

DATE: December 2019

Supervisor


NAME: Ana Sofia da Silva Maria


TITLE: Comparação do controlo de acesso em instituições de saúde privadas e públicas da região Norte

DATE: December 2017


NAME: Cátia Andreia Santos Pereira


TITLE: One way to patient empowerment. A proposal for an authorisation model

DATE: March 2012


NAME: Carla Marina Ventura Pereira


TITLE: Evaluation of a teleradiology system: impact and user satisfaction

DATE: March 2011

Co-supervisor


NAME: Pedro Ferreira Farinha Silva

PROGRAM: Master

TITLE: From legislation to practice: a use-case of break-the-glass

DATE: October 2010

5. OTHER JURIES

1. 2nd Vogal suplente for the job application of an administrative assistant to the Informatics’ Service at Faculty of Medicine, University of Porto. November 2005.


27

6. PRIZES AND DISTINCTIONS

1. Best Paper Award. ICISSP 2019.

2. Best Student Paper Award. HEALTHINF 2019.

3. Best communication award at 4th IPLeiria Int Health Congress 2018.

4. Best poster award at ICEIS2018.

5. SPAIC – ASTRAZENECA 2017 – FRASIS – Monitorização da função respiratória na asma utilizando os sensores integrados do smartphone.

6. Best paper award at the 17th International Conference on Human Computer Interaction. 2015.

7. Honourable mention. Controlo de acesso à informação de saúde. Da legislação à prática: um caso de estudo do Break-The-Glass. Master student’s work. European for Data Protection Day. Assembleia da República. 2013.

8. 1st prize: Fraunhofer Portugal Challenge – “Research of practical utility”, category: PhD. October 2010. Value: 3000€.

9. Prize “Hospital do Futuro”, category: E-Health – Best initiative of e-government in healthcare. Cruz-Correia R, Vieira-Marques P, Costa P, Ferreira A, Oliveira-Palhares E, Costa-Pereira A. Project "ICU: Informação Clínica do Utente". 2004/2005.

10. Prize “Fernandes Costa”. Informatics’ Institute from the Ministry of Finance. Project "ICU: Informação Clínica do Utente". 2005.

11. Distinction. MSC in Information Security, Royal Holloway, University of London, UK. 2002.

12. Prize “Jorge Manuel de Jesus Rodrigues”. Pharmaceutical and chemical products’ wholesalers. Best student of the area of Informatics’ at Oliveira Martins High School. Academic year of 1992/93.

7. SCHOLARSHIPS

1. Post-doctoral. SnT - Interdisciplinary Center for Security, Reliability and Trust, University of Luxembourg (from November 2012 until February 2015). Position: Research Associate.

2. Program to help execute the PhD thesis. Human Resources Advanced Education. Foundation for the Science and Technology - Portugal. December 2010. Value: 750€.

3. (ISC)2 Scholarship Award 2008. PhD Scholarship in Information Security. Duration: 12 months. Value: US$12,500.

4. Scholarship from Calouste Gulbenkian Foundation in Portugal. PhD project abroad. Duration: 10 months (from January until November 2008). Monthly value: 1.073,00€; fees: 4.600,00€.



7. Scholarship to participate in USA conferences. Luso-American Foundation (FLAD). Oral communication of a scientific paper. Conference: CBMS2006. Value: 1000€.


28

8. Scholarship to participate in USA conferences. Luso-American Foundation (FLAD). Oral communication of a scientific paper. Conference: CBMS2004. Value: 900€.

8. EDITOR

1. Lead Guest Editor of Special Issue – Emerging Security Approaches in Healthcare. Journal of Healthcare Engineering, 2017/2018.

9. COMMITTEES OF INTERNATIONAL CONFERENCES

1. Member of Scientific Committee - Annual Privacy Forum (AFP) 2020

2. Member of Scientific Committee - Medinfo2019

3. Member of Scientific Committee - GMEPE-PAHCE 2019

4. Member of Scientific Committee - GMEPE-PAHCE 2018

5. Member of Program Committee – Targeted Attacks 2018 – Workshop from the Financial Cryptography 2018.

6. Member of Scientific Committee – MEDINFOR IV – A medicina na era da informação. Nov 2017.

7. Chair of the Special Track - ST12: Security and privacy in healthcare IT. CBMS – 27th IEEE International Symposium on Computer Based Medical Systems, 2014.

8. Member of the Technical Committee of the Special Track - ST12: Security and privacy in healthcare IT. CBMS – 26th IEEE International Symposium on Computer Based Medical Systems, 2013.

9. Member of the Technical Committee of the Workshop Security and Privacy for Mobile Health Care, 2006.

10. WORKSHOP ORGANISER

1. Forum AAL 2017 – organiser of the workshop 12 entitled: How to make the process of UD

easier in ALL projects: increasing adoption through UCD.

11. REVIEW OF SCIENTIFIC PAPERS

• Reviewer of the World Journal of Computer Application and Technology since June 2015

1. IJMI – International Journal of Medical Informatics (2017): 1

2. Journal BIT – Behaviour and Information Technology (2015): 1

3. IEEE Journal of Biomedical and Health Informatics (2015): 1

4. Journal BMC Medical Informatics and Decision Making (2014): 1

5. CBMS2014 - International Symposium on Computer-Based Medical Systems: 2

6. Journal BIT – Behaviour and Information Technology (2013 and 2014): 4

http://www.dcc.fc.up.pt/sph.cbms2013/cfp.html




29

7. CBMS2013 – International Symposium on Computer-Based Medical Systems: 2

8. IEEE HEALTHCOM2013 – Int. Conf. on e-Health Networking Application & Services: 1

12. MEMBER OF RESEARCH UNITS AND LABS

1. CINTESIS – Center for Health Technology and Services Research. [FCT, SAU-Norte 753], Research Unit from the Faculty of Medicine, University of Porto. Since 2007.

2. SnT – Interdisciplinary Centre for Security, Reliability and Trust. University of Luxembourg. From November 2012 until February 2015.

3. COSA - Institute of Cognitive Science and Assessment. University of Luxembourg. From November 2012 until February 2015.

4. HP Labs Bristol. UK. From September 2002 until May 2003.

13. ARTICLES IN NON-SCIENTIFIC MAGAZINES

1. Is my smartwatch sharing too much? Active Advice Hub. http://www.activeadvice.eu/news. March 2018.

2. Business email compromise (BEC) attack trends report. AGARI. January 2018.

3. Fraunhofer Prize for the PhD student at FCUP. Merit - UPORTO ALUMNI – “Revista dos Antigos Estudantes da Universidade do Porto”, Nº 12, II Série. December 2010, p43.

4. Jumping from Academy to the Market by hitchhiking the practice of Fraunhofer. “Jornal de Negócios”. Research. Sep 2010, p16.

5. Human touch for Healthcare. SC Magazine: For IT Security Professionals. Oct 2007, p78.

6. (ISC)2 scholarship winner aims to please users. InfosecurityToday. Volume 3, Issue 4. July-

August 2006. 6 Pages.

http://www.activeadvice.eu/news.%20March%202018

http://www.activeadvice.eu/news.%20March%202018


30

C. ACTIVITY IN SCIENTIFIC PROJECTS

This section shows the successful participation in European, International and National research

projects, as well as recently accepted proposals.

1. EUROPEAN PROJECT

NAME: Trusted Architecture for Securely Shared Services (TAS3), FP7

DURATION: 4 years (from January 2008 until December 2011)

TOTAL BUDGET: 13.200.000€

BUDGET EC: 9.400.000€

ID: FP7 IP 216287 TAS3

POSITION: Research Trainee (full-time). From September until December 2008

PLACE: Centre for International ePortfolio Development, School of Education, University of Nottingham (partner)

WEBPAGE: http://vds1628.sivit.org/tas3/

2. FNR PROJECT – FONDATION NATIONALE DE RECHÉRCHE, LUXEMBOURG

NAME: Socio-Technical Aspects in Security and Trust (STAST)

DURATION: 3 years (From May 2012 until May 2015)

TOTAL BUDGET: 1 132 124€

BUDGET FNR: 765 000€

ID: I2R-APS-PFN-11STAS

POSITION: Post-doc. Research Associate (full-time). Duration: 2 years and 4 months. From November 2012 until February 2015.

PLACE: SnT – Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg

WEBPAGE: http://www.fnr.lu/en/Research-Programmes/Funding-by-Call-

Type/Projects/Socio-Technical-Analysis-of-Security-and-Trust-STAST


31

2. FCT PROJECTS – FUNDAÇÃO PARA A CIÊNCIA E TECNOLOGIA

1. NAME: mINSPIRERS—mHealth para medição e melhoria da adesão à medicação nas doenças respiratórias obstrutivas crónicas—generalização e avaliação de tecnologias de gamificação, suporte por pares e processamento avançado de imagem

DURATION: 36 months. Started: July 2018

ID: [POCI-01-0145-FEDER-029130]

POSITION: Researcher

INSTITUTIONS: CINTESIS – FMUP

2. NAME: Decision Support Solutions for Independent Living using an Intelligent AAL Product and Service Cloud

DURATION: 28 months. Started: January 2017

TOTAL BUDGET: 92.054,10€

ID: [AAL/0007/2015]


INSTITUTIONS: CINTESIS – FMUP

3. NAME: OFELIA – Open Federated Environments Leveraging Identity and Authorisation

DURATION: 3 years. Started: April 2010 (concluded)

TOTAL BUDGET: 120.000€

ID: [PTDC/EIA-EIA/104328/2008]

POSITION: Researcher (Master, 30% of the time, with CORE CV)

INSTITUTIONS: INESC (CRACS), Associação OpenID Portugal, CINTESIS, University of Minho (Centro Algoritmi)

WEBPAGE: https://www.fct.pt/apoios/projectos/consulta/vglobal_

projecto.phtml.en?idProjecto=104328&idElemConcurso=2769

4. NAME: OPTIM – Optimizing Information Systems for Healthcare: Improving Graphical User Interface and Storage Management Trough Machine Learning Techniques on User Logs Data

DURATION: 33 months. Started: May 2010 (concluded)


ID: [PTDC/EIA-EIA/099920/2008]

POSITION: Researcher (Master, 5% of the time)

INSTITUTIONS: CINTESIS and University of Dundee

WEBPAGE: http://www.fct.pt/apoios/projectos/consulta/vglobal_

projecto?idProjecto=99920&idElemConcurso=2769


32

5. NAME: SAHIB – Enhancing multi-institutional health data availability through multi-agent systems

DURATION: 3 years and 6 months. Started: March 2010 (concluded)


ID: [PTDC/EIA-EIA/105352/2008].

POSITION: Researcher (Master, 10% of the time)

INSTITUTIONS: CINTESIS, University “Autónoma” of Barcelona, Dublin Institute of

Technology, University of Dundee

WEBPAGE: http://www.fct.pt/apoios/projectos/consulta/vglobal_

projecto?idProjecto=105352&idElemConcurso=2769

4. OTHER PROJECTS

1. NAME: AIRDOC - “Aplicação móvel Inteligente para suporte individualizado e monitorização da função e sons Respiratórios de Doentes Obstrutivos Crónicos

FUNDING: FCT and NORTE2020

ID: NORTE-01-0247-FEDER-033275

DURATION: 3 years. Started: September 2018


INSTITUTIONS: CINTESIS, ISEP, MEDIDA

2. NAME: NanoSTIMA – Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics

FUNDING: CCRN – Comissão de Coordenação da Região Norte

ID: NORTE-01-0145-FEDER-000016

DURATION: 3 years. Concluded.

TOTAL BUDGET: 6.137.187,90€

POSITION: Researcher – Leader of WP 3.2

INSTITUTIONS: INESC TEC, FMUP, IT, Univ. de Trás os Montes e Alto Douro

3. NAME: Healthcare Anywhere (HCA) – Interoperability between clinical systems

FUNDING: QRen – projects I&DT Enterprises in co-promotion

DURATION: 2 years. Started: August 2010 (concluded)

TOTAL BUDGET: 357.220€ (First) + 54.689€ (CINTESIS)

POSITION: Collaborator


33

INSTITUTIONS: First Solutions, S.A. and CINTESIS

WEBPAGE: http://projectos.adi.pt/actions/project?

id=C16/2009/5391&search=global&actionbean=actions/project

4. NAME: HSJ.ICU – Patient’s Clinical Information In use since 2003

FUNDING: Hospital S. João

POSITION: Research Trainee (full-time). From May 2003 until April 2004

INSTITUTION: Biostatistics and Medical Informatics (currently CIDES), Faculty of Medicine, University of Porto

TASKS: design and implementation of digital signatures of patient reports (around 3.000.000), as well as an authentication and access control system for 2300 registered users; 1525 reports are daily accessed with a mean of 1674 sessions.

5. NAME: “Prontuário Terapêutico”

FUNDING: Infarmed

YEAR: 2001 (concluded)

POSITION: Research Trainee (full-time). 1999-2001


6. NAME: Intercare – Integrated system of medical care applied to the cardiotocography and electrocardiography

FUNDING: Support to the development of Technological Competencies in PME (Small and Medium Enterprises). P0014/II/IC-PME/S from PME. 2000

POSITION: Research Trainee (full-time). 1998-2001


WEBPAGE: http://www.adi.pt/sectores%20de%20actividade/projectos/intercare.htm

5. SUPERVISION OF RESEARCH TRAINEES

NAME: Joana Muchagata WP TITLE: Security visualization (Since May 2018) PROJECT: TagUBig – Taming Your Big Data SUPERVISOR: Ana Margarida Leite de Almeida Ferreira

NAME: Diogo Abrantes WP TITLE: Usability (since April 2018) PROJECT: AAL SUPERVISOR: Ana Margarida Leite de Almeida Ferreira


34

NAME: Pedro Moura WP TITLE: User Centric aggregation IdM (concluded) PROJECT: NanoSTIMA MILESTONE: RL3 – WP2-M1 SUPERVISOR: Ana Margarida Leite de Almeida Ferreira NAME: Joana Muchagata WP TITLE: Socio-technical security frameworks (concluded) PROJECT: NanoSTIMA MILESTONE: RL3 – WP2-M2 SUPERVISOR: Ana Margarida Leite de Almeida Ferreira

6. ACCEPTED PROPOSALS

1. NAME: TYPAMED - Transparent Yet Private Access to Medical Data

PROGRAM: PhD Proposal

FUNDING: FNR – AFR - PhD (Aides à Formation-Rechérche, Luxembourg)

STATUS: Accepted in June 2014

DATE: December 2014 (to start)

ID: PhD 2014-1; ID: 7842804

POSITION: Co-supervisor

INSTITUTIONS: SNT & LCSB – University of Luxembourg; CINTESIS at University of Porto; and LabSec - University Federal of Santa Catarina, Brazil

OBJECTIVE: study access control models and mechanisms to solve main conflicts between transparency and privacy of patient’s medical data

2. NAME: PRIVGRID - Privacy-dependable Smart-Grid Infrastructure

PLACE: FET-EYE – BLueSky conference

BUDGET: 375€

DATE: June 2014

OBJECTIVE: 1st stage of a proposal for the call FET-OPEN

3. NAME: HATOR – Health aT yOur caRe

PLACE: FET-EYE – LabSurfing@Brussels

BUDGET: 300€

DATE: February 2014

OBJECTIVE: 1st stage of a proposal for the call FET-OPEN


35

6. SUPERVISION OF RESEARCH TRAINEES

NAME: Joana Muchagata WP TITLE: Security visualization (Concluded 2019) PROJECT: TagUBig – Taming Your Big Data SUPERVISOR: Ana Margarida Leite de Almeida Ferreira

NAME: Diogo Abrantes WP TITLE: Usability (Concluded 2018) PROJECT: AAL SUPERVISOR: Ana Margarida Leite de Almeida Ferreira NAME: Pedro Moura WP TITLE: User Centric aggregation IdM (Concluded - 2017) PROJECT: NanoSTIMA MILESTONE: RL3 – WP2-M1 SUPERVISOR: Ana Margarida Leite de Almeida Ferreira NAME: Joana Muchagata WP TITLE: Socio-technical security frameworks (Concluded - 2017) PROJECT: NanoSTIMA MILESTONE: RL3 – WP2-M2 SUPERVISOR: Ana Margarida Leite de Almeida Ferreira

36

V. PEDAGOGICAL ACTIVITY


37

A. LECTURING ACTIVITY

This section presents the lecturing activity performed for undergraduate and postgraduate courses,

at Faculty of Medicine, University of Porto, and also at other teaching institutions.

1. DOCTORAL PROGRAM IN HEALTH DATA SCIENCE (HEADS)

• Responsible for two subjects: HI.PRESENT and HI.MANAGE.

• Lecturer of HI.PRESENT.

2. INTEGRATED MASTER IN MEDICINE

1. Theoretical lecture in information security for healthcare systems. Subject of Introduction to Medicine from the Medicine course, Faculty of Medicine, University of Porto. Academic years: from 2007/2008 until 2011/2012.

3. MEDICINE COURSE

1. Theoretical lecture in information security for healthcare systems. Subject of Introduction to Medicine from the Medicine course, Faculty of Medicine, University of Porto. Academic years: from 2003/2004 until 2006/2007.

2. Theoretical-practical lectures. Subject of Introduction to Medicine from the Medicine and Medical Dental courses, Faculties of Medicine and Dental Medicine, University of Porto. Academic years: 2003/2004 and 2004/2005.

4. TEACHING POSTGRADUATE COURSES

1. Break security to improve security. Conference in Information Security. Superior School of Business Sciences, Valença, Portugal. March 2011.

2. Security in Programming. Master course in Medical Informatics at Biostatistics and Medical Informatics’ Department (currently CIDES), Faculty of Medicine, University of Porto. March 2010.

3. Information Security. Workshop on Access Control to Healthcare Information Systems. Master course in Medical Informatics at Biostatistics and Medical Informatics’ Department (currently CIDES), Faculty of Medicine, University of Porto. May 2009.

4. Security in Healthcare. MSc in Informatics, Department of Computer Science, Faculty of Science, University of Porto. 2006.

5. TEACHING IN OTHER COURSES

1. Information Security – Integration in Healthcare. INA – National Institute for Public Administration. 2007.

2. Information Security – Integration in Healthcare. INA – National Institute for Public Administration. 2006.


38

B. PEDAGOGICAL MATERIAL

This section lists the creation of course modules, pedagogical material, and the management and

configuration of online platforms to support student’s study and course material.

1. COURSE CREATION – FACULTY OF MEDICINE, UNIVERSITY OF PORTO

1. Creation of the module of Information Security in Healthcare. Introduction to Medicine from the Medicine course, Faculty of Medicine, University of Porto. This module is being maintained and taught since 2003.

2. Creation and maintenance of pedagogical material regarding databases and information security. Introduction to Medicine from the Medicine course, Faculty of Medicine, University of Porto. Academic years: 2003/2004 and 2004/2005.

Summer School Courses

1. Ferreira A, et al. Information Security in Healthcare. Duration: 12h. Summer School 2010. Biostatistics and Medical Informatics’ Department (currently CIDES), Faculty of Medicine, University of Porto. Coordination, organization and lecturing.

2. Strübing J., Ferreira A. Qualitative Analysis and Grounded Theory. Summer School 2009. Biostatistics and Medical Informatics’ Department (currently CIDES), Faculty of Medicine, University of Porto. Coordination and organization.

2. CREATION OF ONLINE TOOLS FOR LECTURING

- Creation of Web based Graphical Interfaces for an online tutorial in Biostatistics. Introduction to Medicine from the Medicine course, Faculty of Medicine, University of Porto. 1998.

3. CREATION AND MANAGEMENT OF E-LEARNING PLATFORMS

1. Creation and management of a Moodle instance to support lectures with their teaching activity, students’ work correction and online testing. From 2005 until 2012.

2. Creation and management of a Moodle instance to support study activities for the students’ commissions from various academic years. From 2008 until 2012.

4. PEDAGOGICAL PUBLICATIONS

1. Ana M. Ferreira, Ricardo Cruz-Correia, Altamiro Costa-Pereira. Why teach computer security to medical students? Proceedings of the 12th MEDINFO Congress. IOS Press, 2007. 129: 1469-1470.

2. Cristina Costa-Santos, Ana Coutinho, Ricardo Cruz-Correia, Ana Ferreira, Altamiro Costa-Pereira. E-learning at Porto Faculty of Medicine: a case study of blended-learning. Proceedings of the 12th MEDINFO Congress. IOS Press, 2007. 129: 1366-1371.


39

3. Ferreira A, Cruz-Correia R, and Costa-Pereira A. Teaching information security to medical students. Technology and health care - official journal of the European Society for Engineering and Medicine: Proceedings of the 10th World Congress on the Internet in Medicine, 2005. 13(5): 389-90.

4. Teixeira-Pinto A, Ferreira A, Parry G, Costa-Pereira A. Estatística Médica na WEB. Actas da 1ª Conferência sobre redes de computadores, 1998. 9-10.

5. FOCUS GROUPS

- Organisation and moderation of 7 focus groups to healthcare professionals, in the ambit of PhD and Master’s courses.


40

C. SUPERVISION ACTIVITIES

This section describes supervision activities ordered by PhD, Master and Undergraduate projects,

together with their associated publications.

1. PhD COURSES

FACULTY OF ENGINEERING - UNIVERSITY OF PORTO

NAME: Cátia Andreia Santos Pereira Augusto

TITLE: A mobile based authorization mechanism for patients to access and manage their electronic health records

COURSE: PhD – Doctoral Programme

SUPERVISOR: Ricardo João Cruz Correia

CO-SUPERVISORS: Luís Filipe Antunes and Ana Ferreira

STARTING YEAR: 2015 (in course)

NAME: Abel Nicolau

TITLE: Development and validation of a low-cost tool for CRP Self-Training

COURSE: Mestrado integrado in Biomedical Engineering

SUPERVISOR: Carla Sá Couto

CO-SUPERVISORS: Pedro Marques e Ana Ferreira

YEAR OF CONCLUSION: 2018

SNT at the UNIVERSITY OF LUXEMBOURG

NAME: Dayana Pierina Brustolin Spagnuelo

TITLE: Defining, Measuring, and Enabling Transparency for Electronic Medical Systems


SUPERVISOR: Peter Y. Ryan

CO-SUPERVISORS: Ana Ferreira, Gabriele Lenzini and Jean Martina


COLLABORATIONS: LCSB (Luxembourg Centre for Systems Biomedicine) – University of Luxembourg and LabSec - Federal University of Santa Catarina


41

NAME: Jean-Louis Huynen

TITLE: Socio-Technical Aspects of Security


SUPERVISOR: Peter Y. Ryan

CO-SUPERVISORS: Gabriele Lenzini, Ana Ferreira and Vincent Koenig


COLLABORATIONS: COSA - The Institute of Cognitive Science and Assessment, University of Luxembourg

MEDCIDS, FACULDADE DE MEDICINA, UP - 3º CICLO DE ESTUDOS – PDICSS –

Doctoral Program in Clinical and Health Services Research

NAME: Soraia Teles

TITLE: Internet-based support and training for informal caregivers

of people living with dementia

PROGRAMA: PhD – Programa Doutoral (Started in 2017 - in course)

ORIENTADOR: Constança Paúl

CO-ORIENTADORES: Ana Ferreira

2. MASTER COURSES - UNIVERSITY OF BEIRA INTERIOR

NAME: Pedro Moura

TITLE: Security issues in mobile access to Portuguese electronic health records

COURSE: Master in Informatics Engineering

SUPERVISOR: Paulo Fazendeiro

CO-SUPERVISOR: Ana Margarida Leite de Almeida Ferreira


FINAL CLASSIFICATION: 18 out of 20

3. MASTER COURSES - CIDES, FACULTY OF MEDICINE, UNIVERSITY OF PORTO

NAME: Sandra Ribeiro

TITLE: A prototype to promote patient empowerment using audit trails

COURSE: Master in Medical Informatics

SUPERVISOR: Ricardo Correia

CO-SUPERVISORS: Ana Margarida Leite de Almeida Ferreira and Pedro Vieira Marques




42

NAME: Ana Sofia da Silva Maria

TITLE: Comparação do controlo de acesso em instituições de saúde privadas e públicas da região Norte


SUPERVISOR: Ana Margarida Leite de Almeida Ferreira



NAME: Diana Filipa Sousa Almeida

TITLE: Evaluation of a new scoring and feedback system for a low-cost CPR training tool


SUPERVISOR: Carla Sá Couto

CO-SUPERVISORS: Pedro Vieira Marques, Ana Margarida Leite de Almeida Ferreira



NAME: Cátia Andreia Santos Pereira

TITLE: One way to patient empowerment a proposal for an authorization model



CO-SUPERVISORS: Ricardo João Cruz Correia



NAME: Carla Marina Ventura Pereira

TITLE: Evaluation of a teleradiology system: impact and user satisfaction



CO-SUPERVISORS: Mário Monteiro, Escola Superior de Tecnologia da Saúde de Coimbra



NAME: Pedro Ferreira Farinha Silva

TITLE: Access control to healthcare information. From legislation to practice: a use-case of Break-The-Glass



43

SUPERVISOR: Luís Filipe Antunes

CO-SUPERVISORS: Ana Margarida Leite de Almeida Ferreira



PRIZE: this work received an honourable mention in the competition “Prémio Ensaio CNPD – Comissão Nacional de Proteção de Dados, 2012”

4. UNDERGRADUATE COURSES - CIDES, FACULTY OF MEDICINE, UNIVERSITY

OF PORTO

Supervision of undergraduate projects of first year students from the Medicine course

1. The Access to Medical Records: a systematic review. Group 2. 2005. (concluded)

2. Electronic Patient Records. Who can access what? Group 8. 2005. (concluded)

3. Impact of the use of computers in the performance of healthcare professionals in primary healthcare – Systematic Review. Group 4. 2004. (concluded)

4. Attitudes and opinions of healthcare professionals and patients regarding the use of computers – Systematic Review. Group 13. 2004. (concluded)

5. Security in healthcare information systems – Medical perspective. Class 9, Group 1. 2003. (concluded)

6. Security in healthcare information systems of the Obstetrics department of Hospital S. João - Nurses perspective. Class 23, Group 1. 2003. (concluded)

7. Security in healthcare information systems. Opinions and beliefs of Medical students. Class 23, Group 2. 2003. (concluded)

8. Security in healthcare information systems. What do medical doctors think? Class 24, Group 1. 2003. (concluded)

9. Ethics allied to the confidentiality of patient medical records. Class 24 – Group 2. 2003. (concluded)

http://www.cnpd.pt/bin/relacoes/REGULAMENTO-PREMIO-2012.pdf

http://www.cnpd.pt/bin/relacoes/REGULAMENTO-PREMIO-2012.pdf

VI. EMPLOYMENT

VI. EMPLOYMENT

45

A. EMPLOYMENT

This section introduces employment, tool development and other relevant activities.

SINCE JANUARY 2017

Currently a researcher at Programa Investigador FCT 2015 – Starting Grant, within a

self-proposed project, entitled “TagUBig-Taming your Big data”.

Main research Question: Can individuals use their BiDa (personal Big Data) to control and

improve transparency, privacy and usability, when interacting with an application?

Objective: To develop an access control decision model which automatically learns from an

individual's BiDa and from social and technical context at that moment the request is made, and

decides what is the most transparent, secure, private and usable way to display it to the user.

SINCE OCTOBER 2004 (currently with a no paid leave)

Informatics’ Service, Faculty of Medicine, University of Porto

IT Specialist, Grade 1, Level 3. Tasks include (but are not exclusive): supporting the teaching, research and administrative environment, network and information systems’ installation, configuration, development, implementation and management, helpdesk to students, academic and administrative staff, backup performance and management as well as development and implementation of access control policies, database creation and administration, e-learning configuration and support as well as wireless networks configuration and management.

APRIL 2004 – OCTOBER 2004

Informatics’ Service, Faculty of Medicine, University of Porto

Training for IT Specialist position, Grade 1, Level 2. Technical report entitled: Implementation of an access control policy.

MAY 2003 – APRIL 2004

SBIM (currently CIDES), Faculty of Medicine, University of Porto

Research Trainee in Electronic Health Records.

SEPTEMBER 2002 – APRIL 2003

Trusted Systems Laboratory, Hewlett Packard, Bristol, UK

Research Trainee. Development of a prototype to use secure hardware to protect electronic patient records. An NHS use-case was presented to the NHS Information Authority and produced 2 scientific papers published in international conferences. Publications number 39 (indexed) and 7 (non-indexed) in this CV.

VI. EMPLOYMENT

46

1999 – 2001


Research Trainee. Project Intercare (Integrated Healthcare System). Implementation of a prototype for telemedicine.

1998 – 1999


BSc trainee. Development of dynamic graphical interfaces for an online biostatistics’ tutorial (e-learning).

VI. EMPLOYMENT

47

B. PRODUCT DEVELOPMENT This section describes the creation and implementation of 6 tools that were developed in the ambit

of academic, scientific and professional activities.

1. In 2009 – Implementation of BTG-RBAC model. This tool is working at Hospital S. João - Porto, Portugal, since 2004.

Publications: Ana Ferreira, David Chadwick, Gansen Zao, Pedro Farinha, Ricardo Correia, Rui Chilro, Luis Antunes. How to securely break into RBAC: the BTG-RBAC model. Proceedings from 25th Annual Computer Security Applications Conference - ACSAC2009, 2009. 23-31.

Ferreira A, Cruz-Correia R, Antunes L, Farinha P, Oliveira-Palhares E, Chadwick D W, Costa-Pereira A. How to break access control in a controlled manner? Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, 2006. 847-851.

2. In 2008 – Implementation of a Break-The-Glass demo at PERMIS platform, as specified in technical annex of the European project TAS3, FP7 - TAS3.

3. In 2006 – Implementation of a tool to manage access control to a virtual electronic patient record, at Hospital S. João - Porto, Portugal, since 2004, and is based on RBAC.

Publication: Pedro Farinha, Ana Ferreira, Ricardo Correia. Web.care - gestão de acessos e recursos para estudos clínicos multicêntricos on-line. Actas da 1ª Conferência Ibérica de sistemas e Tecnologia de Informação, 2006. 1: 631-640.

4. In 2004 – Implementation of a tool to perform digital signatures to electronic patient reports. This tool is working at Hospital S. João - Porto, Portugal, since 2004, and uses GnuPG.

Publication: Ferreira A, Cruz-Correia R, Antunes L, Palhares E, Marques P, Costa P, Costa-Pereira A. Integrity for Electronic Patient Record Reports. Proceedings of the 17th IEEE Symposium on Computer-Based Medical Systems, 2004. 4-9.

5. In 2003 and 2004 – Development of all the database infrastructure to store patient reports that are generated from various hospital departments. This tool is working at Hospital S. João - Porto, Portugal, since 2004.

6. In 2003 – Implementation of a prototype of an access control model to electronic patient records at the HSA – Hardware Secure Appliance, da Hewlett Packard, for storage, auditing and detection of unauthorised accesses. HPLabs, Bristol, UK.

Publications: Ana Ferreira, Simon Shiu, Adrian Baldwin. Towards Accountability for Electronic Patient Records. 16th IEEE Symposium Proceedings on Computer-Based Medical Systems (CBMS2003), 2003. 189-94.

Ana Ferreira, Simon Shiu, Adrian Baldwin. Towards Secure Electronic Patient Records. MEDINF2003. 5(3): 341-344.

VI. EMPLOYMENT

48

C. OTHERS

1. Participation in the security working group for the Electronic Health Record (RSE). National Commissions for the RSE. 2010 and 2011.

2. Organization (2006) and member of the jury (2008), of the First Lego League Competition (http://www.firstlegoleague.org/). University of Kent. UK.

3. Organization and participation in the event InfoSecurity2003, at Hewlet Packard stand to show a demo regarding Identity-based encryption. HP Labs Bristol, UK. April 2003.

VII. CONTINUOUS EDUCATION


50

A. NON-ACADEMIC EDUCATION

This section presents courses that were attended as part of professional education. These are

chronologically ordered.

2018

- NetSci Porto 2018: Porto Winter School on Network Science. Duration: 21h

- EAIA 2018: Advanced School on Data Science for Big Data. Duration: 32h

- HCISPP Certification – Healthcare Information Security and Privacy Practicioner. (ISC)2 - The International Information Systems Security Certification Consortium, Inc.

2017

- HCISPP - HealthCare Information Security and Privacy Practitioner - Online course.

Duration: 25h

- UX Foundations Workshop. EDIT – Disruptive Digital Education. Duration: 16h.

2014

- Supervision of PhD candidates. Seminar by Kate Exley. University of Luxembourg. Duration: 3h.

2013

- Introduction to R. University of Luxembourg

- AFR Networking Day. “Chambre de Commerce”. Luxembourg.

- FNR Media Training. “Chambre de Commerce”. Luxembourg.

2012

- Organizational Processes for Supporting Sustainable Security. Dagstuhl Seminar 12501. Schloss Dagstuhl, Wadern Germany.

2011

- State of the Art of Information Technology in Healthcare: Perspectives and Evolution. University Fernando Pessoa. 2011. Duration: 2h.

2009

- Introduction to Biostatistics with SPSS. Summer School 2009. CIDES. Faculty of Medicine, University of Porto. Duration: 20h.

2008

- Interpretative Methods: The making of qualitative data and analysis. ECPR Summer School in Methods and Techniques. Duration: 40h.

- NVivo7 – The use of Informatics in the analysis of qualitative data. University Fernando Pessoa. Duration: 6h.

http://www.tomsitpro.com/articles/healthcare-it-certifications,2-696-4.html


51

2007

- Advanced Security Implementation. RUMOS. Duration: 30h

- VPN implementation techniques. IGAP. Duration: 12h

- Introduction to Focus Groups. 1 Day course in Social Research. University of Surrey. Duration: 8h.

- Creation of Computer Security Incident Response Teams (CSIRTs). CERT.PT. Duration: 14h.

- The informatics’ shock in healthcare. “Centro de Cultura e Congressos da Secção Regional do Norte da Ordem dos Médicos”. Duration: 2h.

- E-learning – creation of an on-line course (MOODLE). IRICUP. Duration: 4h.

- Surveys. IRICUP. Duration: 1h.

2006

- STMS skills programme at Kent University: Getting started on the literature; Start Writing; An Introduction to use Endnote 9 for reference management; Interview Techniques; Nuts and Bolts; Assertiveness Training; Writing clearly; Guided Tour of a Thesis; Skills Audit; The Bigger Picture; Drop in Session; Publication Process Part I and II. Education courses as part of the PhD.

2005

- E321 - Virtual Private Networks (VPN). IRICUP and RUMOS. Duration: 12h.

- Oracle Database 10g: Advanced PL/SQL. ORACLE University. Duration: 12h.

- Building HL7 Solutions with Microsoft BizTalk Server. Microsoft Portugal.

- Management of Patient’s Clinical Information. Interface, “Jornadas Saúde”. Culturgest.

- Security of Patient’s Clinical Data. Interface, “Jornadas Saúde”. “Quinta das Lágrimas”.

2004

- Introduction to Database Architecture and Application Server ORACLE 10G. ORACLE Education. Duration: 24h.

- CISSP Certification - Certified Information Systems Security Professional. (ISC)2 - The International Information Systems Security Certification Consortium, Inc.

- Associate of (ISC)2 – Passed CISSP exam.

- Wireless LAN’s – wireless network equipment configuration and access control implementation, vulnerabilities and good security practice. Duration: 40h.

- CISSP exam revision - Royal Holloway, University of London. UK.

2003

- High Tech Crime. The British Computer Society – BCS. Bristol Branch. DC Andy Joyce. Avon and Somerset Constabulary. Duration: 1h.

2002

- Hacking Overview & Introduction to CheckPoint Firewall-1 NG. Royal Holloway, University of London, UK. Education courses as part of the MSc.


52

2000

- Implementing a Database Design on Microsoft SQLServer 7.0. Microsoft Official Curriculum Course Certification. Duration: 30h.

1993-1998

- English. British Council. Porto.


B. TECHNICAL PROFICIENCY

Programming PHP, Python, C, SQL, PL/SQL, HTML, JavaScript, VBScript, TCL/TK, Assembly, Pascal, COBOL, .NET. Basic knowledge of Java and C#.

Database systems Oracle RDBMS, SQLServer and MYSQL (configuration, administration and usage).

Management of identities Active Directory, Oracle Internet Directory, LDAP, OpenLDAP, Radiator/Radius and Kerberos (configuration, administration and usage).

Operating systems Linux (RedHat, CentOs and Ubuntu) and Windows NT/2000/XP/Vista/7 (configuration, administration and usage).

Web technologies Technologies ASP and CGI.

Others GnuPG, UML and Microsoft Office tools.

C. LANGUAGES

PORTUGUESE Native speaker

ENGLISH Excellent – written and spoken

CPE – Certificate of Proficiency in English, university of Cambridge Examinations, December 1998

FCE – First Certificate in English, university of Cambridge Examinations, June 1995

FRENCH Very good - written and spoken

French (Prolingua - Formation Carte Blanche. Français à orientation proféssionnelle. Level B2.2)

SPANISH Conversational

GERMAN Basic knowledge

Introductory course - 10h

VIII. OTHER INFORMATION

55

This section presents information regarding courses, hobbies and interests outside the professional and academic activities.

ART

- Origami folding and participation in workshops (Flower Origami 2010 and Christmas Origami 2010) and meetings, with some original works on sale at (http://etsy.com/shop/Anorigana/).

- Voice workshop – A voz assim e assado. António Miguel Trigueiro. EMAAG. Portugal. 2009.

- Winner of Gran Premio in Veneza in Musica, with the choir EVPM - Ensemble Vocal Pro Musica. Venice, Italy. September 2007.

- Dramatic Expression – Level I. APCC – Porto, Portugal. Duration: 21h. 2001.

- Piano degree from Porto’s Music Conservatory, Portugal. Between December 1991 and July 2000.

- Piano Masterclass, as a participant. Jorge Moyano. Porto’s Music Conservatory. 2000.

- Piano Masterclass, as a participant. Luíz Moura Castro. Vilar do Paraíso Music Academy. Portugal. 2000.

- Vocal Direction Masterclass, as a participant. Eugenia Vacarescu Necula. International Music Courses in Porto. Porto’s Music Conservatory. Portugal. 1999.

- Seminar on interpretation and pianistic techniques, as a listener. Carlos Cebro. Academia de Música de S. João da Madeira. Portugal. 1997.

- Porto School of Jazz, Portugal. Piano, 1987-1991.

- Ruvina School of Music, Porto, Portugal. Organ, 1986-1987.

SPORTS

- Amateur runner since May 2014.

- Swimming at competition level, “Futebol Clube do Porto”, Portugal. 1985-1987.

OTHERS

- Basic First-Aid course.

- Clean driving license.

Documents

CURRICULUM VITAE › ~amlaf › CV-GB-Jun2020.pdf · curriculum vitae ana margarida leite de almeida ferreira june 2020 . Índice ... 9 iv. scientific activity .....11 a. scientific