Why mHealth security must be a shared responsibility for patients, physicians

Communication between providers and patients is critical to ensuring mHealth security, and both parties must put privacy protection at top of mind, according to University of Illinois at Chicago Health Informatics Professor Eric Swirsky.

Swirsky, in a recent interview with HealthITSecurity, says that people, for the most part, have really poor security practices when it comes to their mobile devices.

"In general, we're very giving with our information and people don't secure their information," he says. "At least in my experience, people are very open to giving and sharing until they perceive that a line has been crossed and then they have a problem with it."

On the provider side, there must be secure communication channels in connecting with patients. In addition, patients should not ignore notice of privacy practices or terms of service regarding mobile device and mHealth app use, Swirsky says.

Device and app security remains a top obstacle to mHealth tech adoption by patients, providers and payers. A new Infinite Convergence Solutions report notes that the healthcare industry, among others, is not keeping pace with growth of messaging app use when it comes to secure communications and adopting HIPAA-compliant software. 

However, security-focused organizations are making strides in helping educate the healthcare industry regarding risks. One guide, from the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence, includes ways to keep data secure "throughout the mobile device lifecycle."

Swirsky suggests physicians stay abreast of American Medical Association guidance and help educate patients regarding risks related to sharing data via email and other communication avenues.

For more information:
- read the Health IT Security article