Study: mHealth privacy, security issues need collaboration to solve

Better privacy and security is needed for the true benefits of smartphone-based health technology to be realized, especially in light of increasing consumer interest and tool advancements.

A Dartmouth College study outlines a slew of challenges facing mHealth innovation, from data sharing and authentication to policy and compliance, according to an announcement.

Solving such challenges will require a collaborative effort, lead author of the study, David Kotz, the Champion International Professor in the Department of Computer Science at Dartmouth College, told FierceMobileHealthcare in an email.

“The application developer should consider privacy from the ground up, designing the application (device, app, cloud, etc) with privacy in mind but any party using the data collected by such applications must protect the privacy of the patients/subjects/individuals whose data they have collected and are using,” Kotz said. He added that providers need to adhere to regulatory rules such as HIPAA and HITECH.

“For researchers, the responsibility is typically covered by their IRB in the research protocols; but for others, I believe it is their ethical responsibility to handle the data in ways that respect the privacy of those people whose data has been collected,” he said. Kotz said he devised a 10-point privacy framework for mHealth. 

Security and user privacy have long been cited as prime obstacles to mHealth adoption. Last month the Health and Human Services Department's Office for Civil Rights issued an email alert regarding how third-party software applications can put healthcare organizations at risk for security vulnerabilities.

Kotz said vulnerabilities don’t fall in just one bucket; though he added that the weakest link is the practice of bolting security on at the end of app development. Users must play a role as well, he said.

“I always advise consumers to pay attention to the privacy issues in the use of mHealth technology--to understand the privacy policy and to consider the data-collection and data-sharing settings in the app or on the vendor’s website. But ultimately it is the designer’s responsibility to implement the technology with appropriate security and with a thoughtful approach to protecting the users’ privacy.”

For more information:
- read the study
- read the announcement