Abstract
Research suggests that the interactions between a patient and a health professional through an mHealth app (a mobile health application), can improve the efficiency and quality of healthcare. However, the risk of disclosure of personal or health related data can be higher when using such devices, as there is a lack of specific security standards or guidelines for their deployment. Also, there are commonly no controls to comprehensively verify and minimize security and privacy vulnerabilities that may exist in those apps before they are released in the “wild”. To make matters worse, the medical record has a significantly higher financial value (on the black market) compared with other personal records (e.g., credit card or bank account details), which obviously increases the motivation for unauthorised accesses and misuse. In order to mitigate these problems, socio-technical security as well as privacy and legal aspects need to be taken into account when developing mHealth apps. In this work, essential recommendations regarding the previously itemized are provided as a means to guide both developers and users alike, into more secure, private and usable mHealth apps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mirkovic, J., Bryhni, H., Ruland, C.M.: Secure solution for mobile access to patient’s health care record. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 296–303 (2011)
Ventola, C.L.: Mobile devices and apps for health care professionals: uses and benefits. Pharm. Ther. 39(5), 356 (2014)
Plachkinova, M., Andrés, S., Chatterjee, S.: A taxonomy of mHealth apps - security and privacy concerns. In: 48th Hawaii International Conference on System Sciences, pp. 3187–3196 (2015)
Luxton, D.D., McCann, R.A., Bush, N.E., Mishkind, M.C., Reger, G.M.: mHealth for mental health: integrating smartphone technology in behavioral healthcare. Prof. Psychol. Res. Pract. 42, 505–512 (2011)
Ferreira, A., Lenzini, G., Santos-Pereira, C., Augusto, A.B., Correia, M.E.: Envisioning secure and usable access control for patients. In: 2014 IEEE 3rd International Conference on Serious Games and Applications for Health (SeGAH), pp. 1–8 (2014)
Pyper, C., Amery, J., Watson, M., Crook, C.: Access to electronic health records in primary care-a survey of patients’ views. Med. Sci. Monit. Int. Med. J. Exp. Clin. Res. 10, SR17–SR22 (2004)
Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., Antunes, L.: How to securely break into RBAC: the BTG-RBAC model. In: 2009 Annual Computer Security Applications Conference, pp. 23–31 (2009)
Parati, G., Torlasco, C., Omboni, S., Pellegrini, D.: Smartphone applications for hypertension management: a potential game-changer that needs more control (2017)
Muchagata, J., Ferreira, A.: Visual schedule: a mobile application for autistic children - preliminary study. In: 21st International Conference on Enterprise Information Systems, pp. 452–459 (2019)
Larson, R.S.: A path to better-quality mHealth apps. JMIR Mhealth Uhealth 6, e10414 (2018)
Cook, V.E., Ellis, A.K., Hildebrand, K.J.: Mobile health applications in clinical practice: pearls, pitfalls, and key considerations. Ann. Allergy Asthma Immunol. 117, 143–149 (2016)
Papageorgiou, A., Strigkos, M., Politou, E., Alepis, E., Solanas, A., Patsakis, C.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access 6, 9390–9403 (2018)
European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council L 119. Official Journal of the European Union (2016)
Sampat, B.H., Prabhakar, B.: Privacy risks and security threats in mHealth apps. J. Int. Technol. Inf. Manage. 26, 126–153 (2017)
Maymi, F., Harris, S.: CISSP all-in-one exam guide (2016)
Shugalo, I. https://thedoctorweighsin.com/mhealth-apps-security-privacy. Accessed March 2019
He, D., Naveed, M., Gunter, C.A., Nahrstedt, K.: Security concerns in Android mHealth apps. In: AMIA … Annual Symposium Proceedings. AMIA Symposium 2014, pp. 645–654 (2014)
Muchagata, J., Ferreira, A.: How can visualization affect security? In: ICEIS 2018 - 20th International Conference on Enterprise Information Systems. SCITEPRESS Digital Library, Poster Presentation in Funchal, Madeira – Portugal, vol. 2, pp. 503–510 (2018)
Moura, P., Fazendeiro, P., Vieira-Marques, P., Ferreira, A.: SoTRAACE – socio-technical risk-adaptable access control model. In: 2017 International Carnahan Conference on Security Technology (ICCST), Madrid, pp. 1–6 (2017)
Acknowledgments
TagUBig - Taming Your Big Data (IF/00693/2015) from Researcher FCT Program funded by National Funds through FCT - Fundação para a Ciência e a Tecnologia; COMPETE2020, and NORTE-01-0247-FEDER-033275 (AIRDOC, project NORTE-01-0247-FEDER-033275, financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF). AIRDOC is with ITEA 3 16040 PHE - Personal Health Empowerment project consortium).
Rute Almeida is supported by ERDF (European Regional Development Fund) through the operation POCI-01-0145-FEDER-029130 (mINSPIRERS — mHealth to measure and improve adherence to medication in chronic obstructive respiratory diseases - generalisation and evaluation of gamification, peer support and advanced image processing technologies) funded by COMPETE2020 and by National Funds through FCT.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ferreira, A., Almeida, R., Muchagata, J. (2020). How Secure Is Your Mobile Health?. In: Henriques, J., Neves, N., de Carvalho, P. (eds) XV Mediterranean Conference on Medical and Biological Engineering and Computing – MEDICON 2019. MEDICON 2019. IFMBE Proceedings, vol 76. Springer, Cham. https://doi.org/10.1007/978-3-030-31635-8_168
Download citation
DOI: https://doi.org/10.1007/978-3-030-31635-8_168
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31634-1
Online ISBN: 978-3-030-31635-8
eBook Packages: EngineeringEngineering (R0)