Privacy and Security in Mobile Health Apps: A Review and Recommendations
In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users’ personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.
KeywordsApps Recommendations Laws Mobile health (m-health) Privacy Security
Advanced Encryption Standard
Security and privacy in Body Sensor Network
Children’s Online Privacy Protection Act
Electronic Health Records
Federal Trade Commission
Healthcare Information and Management Systems Society
Health Insurance Portability and Accountability Act
International Mobile Equipment Identity
National Committee for Vital and Health Statistics
Personal Health Information
Public Key Infrastructure
Radio Frequency Identification
Rivest, Shamir and Adleman
Subscriber Identity Module
Transport Layer Security
United States of America
Virtual Private Network
- 1.El Khaddar, M. A., Harroud, H., Boulmalf, M., and Elkoutbi, M., Habbani A (2012) Emerging wireless technologies in e-health Trends, challenges, and framework design issues. International Conference on Multimedia Computing and Systems (ICMCS) 10–12:440–445, 2012. doi:10.1109/ICMCS.2012.6320276.Google Scholar
- 10.Coleman, N., Mapping subscribers for better mobile networks. GEO: connexion 12(8):43–44, 2013.Google Scholar
- 13.Nakatani, K., New technology trends in touch panel sensing. Proceedings of the International Display Workshops 3:1842–1845, 2012.Google Scholar
- 16.ITU (2014) ICT Facts and Figures. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf (accessed 21 September 2014).
- 17.Gartner (2013) Gartner Says Annual Smartphone Sales Surpassed Sales of Feature Phones for the First Time in 2013. http://www.gartner.com/newsroom/id/2665715 (accessed 21 September 2014).
- 18.Jones C (2013) Apple and Google Continue to Gain US Smartphone Market Share. Forbes. http://www.forbes.com/sites/chuckjones/2013/01/04/apple-and-google-continue-to-gain-us-smartphone-market-share/ (accessed 21 September 2014).
- 19.Canalys (2013) Top iOS and Android apps largely absent on Windows Phone and BlackBerry 10. http://www.canalys.com/newsroom/top-ios-and-android-apps-largely-absent-windows-phone-and-blackberry-10 (accessed 21 September 2014).
- 20.Apple (2014) iTunes. http://www.apple.com/itunes/ (accessed 21 September 2014).
- 21.Google (2014) Google play. https://play.google.com/store (accessed 21 September 2014).
- 22.Rowinski D (2013) The Data Doesn’t Lie: iOS Apps Are Better Than Android. Readwrite Mobile. http://readwrite.com/2013/01/30/the-data-doesnt-lie-ios-apps-are-better-quality-than-android (accessed 21 September 2014).
- 23.World Health Organization (2011) mHealth: New Horizons for Health through Mobile Technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). http://www.who.int/goe/publications/goe_mhealth_web.pdf (accessed 22 September 2014).
- 24.Cohn SP, National Committee on Vital and Health Statistics (2006) Privacy and confidentiality in the nationwide health information network. http://www.ncvhs.hhs.gov/060622lt.htm (accessed 22 September 2014).
- 25.HIMMS Analytics (2012) 2nd Annual HIMSS Mobile Technology Survey. http://www.himssanalytics.org/research/AssetDetail.aspx?pubid=81559&tid=131 (accessed 22 September 2014).
- 27.The Wall Street Journal – Deloitte (2013) Security and Privacy in Mobile Health. http://deloitte.wsj.com/cio/2013/08/06/security-and-privacy-in-mobile-health/ (accessed 22 September 2014).
- 28.Lindy Benton (2013) Marrying the BYOD phenomenon to HIPAA compliance. HIMMS. http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (accessed 22 September 2014).
- 29.Vodafone Global Enterprise (2013) Evaluating mHealth Adoption Barriers: Privacy and Regulation – Protecting your patients privacy in a mobile world. http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation.pdf (accessed 22 September 2014).
- 32.Green, H., Strategies for safeguarding security of mobile computing. Healthc Financ Manage 67(2):88–90, 2013. PMID: 23413675.Google Scholar
- 33.Gardazi SU, Shahid AA, Salimbene C (2012) HIPAA and QMS based architectural requirements to cope with the OCR audit program. Proceedings of 3rd FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing (MUSIC) 2012; pp. 246–253. DOI: 10.1109/MUSIC.2012.50.
- 38.Chen CL, Yang TT, Chiang ML, Shih TF (2014) A privacy authentication scheme based on cloud for medical environment. J Med Syst;38(11):143. DOI: 10.1007/s10916-014-0143-9.
- 40.ISO (2013) ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. http://www.iso27001security.com/html/27001.html (accessed 23 September 2014).
- 41.Martínez-Pérez B, de la Torre-Díez I, López-Coronado M (2014) Comparison of Mobile Apps for the Leading Causes of Death Among Different Income Zones: A Review on Literature and Apps Stores. JMIR Mhealth Uhealth;2(1):e1. DOI: 10.2196/mhealth.2779.
- 42.Martínez-Pérez B, de la Torre-Díez I, López-Coronado M, Sainz-de-Abajo B, Robles M, García-Gómez JM (2014) Mobile Clinical Decision Support Systems and Applications: A Literature and Commercial Review. J Med Syst;38(4). DOI: 10.1007/s10916-013-0004-y.
- 43.Official Journal L (1995) DIRECTIVE 95/46/EC of the European Parliament and of the Council of 24 October 1995; P. 0031 – 0050.Google Scholar
- 44.European Commission (2012) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM(2012) 11 final.Google Scholar
- 45.Pub. L (1996) Health Insurance Portability and Accountability Act of 1996. No. 104–191, 110 Stat. 1936 (1996). 42 U.S.C. § 1320d-9.Google Scholar
- 46.Federal Trade Commission Act. 15 U.S.C §45.Google Scholar
- 47.FTC Staff Report (2013) Mobile Privacy Disclosures: Building Trust Through Transparency. http://www.ftc.gov/sites/default/files/documents/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission-staff-report/130201mobileprivacyreport.pdf (accessed 26 September 2014).
- 48.Pub.L (1998) Children’s Online Privacy Protection Act of 1998 (COPPA). No. 105–277, 112 Stat. 1998. 15 U.S.C. § 6501–6506.Google Scholar
- 49.Thomson Reuters Foundation (2013) Patient Privacy in a Mobile World. A Framework to Adress Privacy Law Issues in Mobile Health. http://www.mhealthalliance.org/images/content/trustlaw_connect_report.pdf (accessed 26 September 2014).
- 50.Sorber J, Shin M, Peterson R, Cornelius C, Mare S, et al. (2012) An Amulet for trustworthy wearable mHealth. HotMobile - 13th Workshop on Mobile Computing Systems and Applications 2012;7. DOI: 10.1145/2162081.2162092.
- 53.Shin M (2012) Secure remote health monitoring with unreliable mobile devices. Journal of Biomedicine and Biotechnology;546021. DOI: 10.1155/2012/546021.
- 55.Albrecht, U. V., Von Jan, U., and Pramann, O., Standard reporting for medical apps. Stud Health Technol Inform 190:201–203, 2013. PMID: 23823422.Google Scholar
- 56.Silva BM, Rodrigues JJ, Canelo F, Lopes IC, Zhou L (2013) A Data Encryption Solution for Mobile Health Apps in Cooperation Environments. J Med Internet Res;15(4):e66. DOI: 10.2196/jmir.2498.