Journal of Medical Systems

, 39:181 | Cite as

Privacy and Security in Mobile Health Apps: A Review and Recommendations

  • Borja Martínez-Pérez
  • Isabel de la Torre-Díez
  • Miguel López-Coronado
Mobile Systems
Part of the following topical collections:
  1. Mobile Systems

Abstract

In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users’ personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.

Keywords

Apps Recommendations Laws Mobile health (m-health) Privacy Security 

Abbreviations

AES

Advanced Encryption Standard

BSN

Security and privacy in Body Sensor Network

BYOD

Bring-Your-Own-Device

COPPA

Children’s Online Privacy Protection Act

EHR

Electronic Health Records

EU

European Union

FTC

Federal Trade Commission

HIMMS

Healthcare Information and Management Systems Society

HIPAA

Health Insurance Portability and Accountability Act

IMEI

International Mobile Equipment Identity

IT

Information Technology

NCVHS

National Committee for Vital and Health Statistics

PHI

Personal Health Information

PKI

Public Key Infrastructure

RFID

Radio Frequency Identification

RSA

Rivest, Shamir and Adleman

SIM

Subscriber Identity Module

TLS

Transport Layer Security

USA

United States of America

VPN

Virtual Private Network

References

  1. 1.
    El Khaddar, M. A., Harroud, H., Boulmalf, M., and Elkoutbi, M., Habbani A (2012) Emerging wireless technologies in e-health Trends, challenges, and framework design issues. International Conference on Multimedia Computing and Systems (ICMCS) 10–12:440–445, 2012. doi:10.1109/ICMCS.2012.6320276.Google Scholar
  2. 2.
    Lin, C. F., Mobile telemedicine: a survey study. J Med Syst 36(2):511–20, 2012. doi:10.1007/s10916-010-9496-x.CrossRefGoogle Scholar
  3. 3.
    Martínez-Pérez, B., de la Torre-Díez, I., and López-Coronado, M., Mobile Health Applications for the Most Prevalent Conditions by the World Health Organization: Review and Analysis. J Med Internet Res 15(6):e120, 2013. doi:10.2196/jmir.2600.CrossRefGoogle Scholar
  4. 4.
    Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., et al., A comprehensive survey of Wireless Body Area Networks. J Med Syst 36(3):1065–94, 2012. doi:10.1007/s10916-010-9571-3.CrossRefGoogle Scholar
  5. 5.
    Kumar, B., Singh, S. P., and Mohan, A., Emerging mobile communication technologies for health. International Conference on Computer and Communication Technology, ICCCT 17–19:828–832, 2010. doi:10.1109/ICCCT.2010.5640393. Allahabad.Google Scholar
  6. 6.
    Gupta, R., and Mitra, M., Wireless electrocardiogram transmission in ISM band: an approach towards telecardiology. J Med Syst 38(10):90, 2014. doi:10.1007/s10916-014-0090-5.CrossRefGoogle Scholar
  7. 7.
    Yan, H., Huo, H., Xu, Y., and Gidlund, M., Wireless sensor network based E-health system - implementation and experimental results. IEEE Transactions on Consumer Electronics 56(4):2288–2295, 2010. doi:10.1109/TCE.2010.5681102.CrossRefGoogle Scholar
  8. 8.
    Sinha, A., and Couderc, P., A framework for interacting smart objects. Lecture Notes in Computer Science 8121:72–83, 2013. doi:10.1007/978-3-642-40316-3_7.CrossRefGoogle Scholar
  9. 9.
    Touati, F., and Tabish, R., u-Healthcare system: state-of-the-art review and challenges. J Med Syst 37(3):9949, 2013. doi:10.1007/s10916-013-9949-0.CrossRefGoogle Scholar
  10. 10.
    Coleman, N., Mapping subscribers for better mobile networks. GEO: connexion 12(8):43–44, 2013.Google Scholar
  11. 11.
    Bert, F., Giacometti, M., Gualano, M. R., and Siliquini, R., Smartphones and health promotion: a review of the evidence. J Med Syst 38(1):9995, 2014. doi:10.1007/s10916-013-9995-7.CrossRefGoogle Scholar
  12. 12.
    Xiao, Z., and Camino, F. E., The fabrication of carbon nanotube field-effect transistors with semiconductors as the source and drain contact materials. Nanotechnology 20(13):135205, 2009. doi:10.1088/0957-4484/20/13/135205.CrossRefGoogle Scholar
  13. 13.
    Nakatani, K., New technology trends in touch panel sensing. Proceedings of the International Display Workshops 3:1842–1845, 2012.Google Scholar
  14. 14.
    Benfdila, A., Abbas, S., Izquierdo, R., Talmat, R., and Vaseashta, A., On the drain current saturation in carbon nanotube field effect transistors. Nano 5(3):161–165, 2010. doi:10.1142/S1793292010002062.CrossRefGoogle Scholar
  15. 15.
    Bremer, M., Kirsch, P., Klasen-Memmer, M., and Tarumi, K., The TV in your pocket: Development of liquid-crystal materials for the new millennium. Angew Chem Int Ed Engl 52(34):8880–8896, 2013. doi:10.1002/anie.201300903.CrossRefGoogle Scholar
  16. 16.
    ITU (2014) ICT Facts and Figures. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf (accessed 21 September 2014).
  17. 17.
    Gartner (2013) Gartner Says Annual Smartphone Sales Surpassed Sales of Feature Phones for the First Time in 2013. http://www.gartner.com/newsroom/id/2665715 (accessed 21 September 2014).
  18. 18.
    Jones C (2013) Apple and Google Continue to Gain US Smartphone Market Share. Forbes. http://www.forbes.com/sites/chuckjones/2013/01/04/apple-and-google-continue-to-gain-us-smartphone-market-share/ (accessed 21 September 2014).
  19. 19.
    Canalys (2013) Top iOS and Android apps largely absent on Windows Phone and BlackBerry 10. http://www.canalys.com/newsroom/top-ios-and-android-apps-largely-absent-windows-phone-and-blackberry-10 (accessed 21 September 2014).
  20. 20.
    Apple (2014) iTunes. http://www.apple.com/itunes/ (accessed 21 September 2014).
  21. 21.
    Google (2014) Google play. https://play.google.com/store (accessed 21 September 2014).
  22. 22.
    Rowinski D (2013) The Data Doesn’t Lie: iOS Apps Are Better Than Android. Readwrite Mobile. http://readwrite.com/2013/01/30/the-data-doesnt-lie-ios-apps-are-better-quality-than-android (accessed 21 September 2014).
  23. 23.
    World Health Organization (2011) mHealth: New Horizons for Health through Mobile Technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). http://www.who.int/goe/publications/goe_mhealth_web.pdf (accessed 22 September 2014).
  24. 24.
    Cohn SP, National Committee on Vital and Health Statistics (2006) Privacy and confidentiality in the nationwide health information network. http://www.ncvhs.hhs.gov/060622lt.htm (accessed 22 September 2014).
  25. 25.
    HIMMS Analytics (2012) 2nd Annual HIMSS Mobile Technology Survey. http://www.himssanalytics.org/research/AssetDetail.aspx?pubid=81559&tid=131 (accessed 22 September 2014).
  26. 26.
    Whipple, E. C., Allgood, K. L., and Larue, E. M., Third-year medical students’ knowledge of privacy and security issues concerning mobile devices. Med Teach 34(8):532–548, 2012. doi:10.3109/0142159X.2012.670319.CrossRefGoogle Scholar
  27. 27.
    The Wall Street Journal – Deloitte (2013) Security and Privacy in Mobile Health. http://deloitte.wsj.com/cio/2013/08/06/security-and-privacy-in-mobile-health/ (accessed 22 September 2014).
  28. 28.
    Lindy Benton (2013) Marrying the BYOD phenomenon to HIPAA compliance. HIMMS. http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (accessed 22 September 2014).
  29. 29.
    Vodafone Global Enterprise (2013) Evaluating mHealth Adoption Barriers: Privacy and Regulation – Protecting your patients privacy in a mobile world. http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation.pdf (accessed 22 September 2014).
  30. 30.
    Hsu, C. L., Lee, M. R., and Su, C. H., The role of privacy protection in healthcare information systems adoption. J Med Sys 37(5):9966, 2013. doi:10.1007/s10916-013-9966-z.CrossRefGoogle Scholar
  31. 31.
    Rosenbaum, B. P., Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption. J Med Syst 38(3):19, 2014. doi:10.1007/s10916-014-0019-z.CrossRefGoogle Scholar
  32. 32.
    Green, H., Strategies for safeguarding security of mobile computing. Healthc Financ Manage 67(2):88–90, 2013. PMID: 23413675.Google Scholar
  33. 33.
    Gardazi SU, Shahid AA, Salimbene C (2012) HIPAA and QMS based architectural requirements to cope with the OCR audit program. Proceedings of 3rd FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing (MUSIC) 2012; pp. 246–253. DOI: 10.1109/MUSIC.2012.50.
  34. 34.
    Luxton, D. D., Kayl, R. A., and Mishkind, M. C., mHealth data security: the need for HIPAA-compliant standardization. Telemedicine journal and e-health: the official journal of the American Telemedicine Association 18(4):284–288, 2012. PMID: 22400974.CrossRefGoogle Scholar
  35. 35.
    Yeh, C. K., Chen, H. M. B., and Lo, J. W., An authentication protocol for ubiquitous health monitoring systems. Journal of Medical and Biological Engineering 33(4):415–419, 2013. doi:10.5405/jmbe.1478.CrossRefGoogle Scholar
  36. 36.
    Ren, J., Wu, G., and Yao, L., A sensitive data aggregation scheme for body sensor networks based on data hiding. Personal and Ubiquitous Computing 17(7):1317–1329, 2013. doi:10.1007/s00779-012-0566-6.CrossRefGoogle Scholar
  37. 37.
    Li, X., Wen, Q., Li, W., Zhang, H., and Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J Med Syst 38(11):139, 2014. doi:10.1007/s10916-014-0139-5.CrossRefGoogle Scholar
  38. 38.
    Chen CL, Yang TT, Chiang ML, Shih TF (2014) A privacy authentication scheme based on cloud for medical environment. J Med Syst;38(11):143. DOI: 10.1007/s10916-014-0143-9.
  39. 39.
    Kim, J. T., Enhanced secure authentication for mobile RFID healthcare system in wireless sensor networks. Communications in Computer and Information Science 352:190–197, 2012. doi:10.1007/978-3-642-35603-2_28.CrossRefGoogle Scholar
  40. 40.
    ISO (2013) ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. http://www.iso27001security.com/html/27001.html (accessed 23 September 2014).
  41. 41.
    Martínez-Pérez B, de la Torre-Díez I, López-Coronado M (2014) Comparison of Mobile Apps for the Leading Causes of Death Among Different Income Zones: A Review on Literature and Apps Stores. JMIR Mhealth Uhealth;2(1):e1. DOI: 10.2196/mhealth.2779.
  42. 42.
    Martínez-Pérez B, de la Torre-Díez I, López-Coronado M, Sainz-de-Abajo B, Robles M, García-Gómez JM (2014) Mobile Clinical Decision Support Systems and Applications: A Literature and Commercial Review. J Med Syst;38(4). DOI: 10.1007/s10916-013-0004-y.
  43. 43.
    Official Journal L (1995) DIRECTIVE 95/46/EC of the European Parliament and of the Council of 24 October 1995; P. 0031 – 0050.Google Scholar
  44. 44.
    European Commission (2012) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM(2012) 11 final.Google Scholar
  45. 45.
    Pub. L (1996) Health Insurance Portability and Accountability Act of 1996. No. 104–191, 110 Stat. 1936 (1996). 42 U.S.C. § 1320d-9.Google Scholar
  46. 46.
    Federal Trade Commission Act. 15 U.S.C §45.Google Scholar
  47. 47.
  48. 48.
    Pub.L (1998) Children’s Online Privacy Protection Act of 1998 (COPPA). No. 105–277, 112 Stat. 1998. 15 U.S.C. § 6501–6506.Google Scholar
  49. 49.
    Thomson Reuters Foundation (2013) Patient Privacy in a Mobile World. A Framework to Adress Privacy Law Issues in Mobile Health. http://www.mhealthalliance.org/images/content/trustlaw_connect_report.pdf (accessed 26 September 2014).
  50. 50.
    Sorber J, Shin M, Peterson R, Cornelius C, Mare S, et al. (2012) An Amulet for trustworthy wearable mHealth. HotMobile - 13th Workshop on Mobile Computing Systems and Applications 2012;7. DOI: 10.1145/2162081.2162092.
  51. 51.
    Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.CrossRefGoogle Scholar
  52. 52.
    Sahoo, P. K., Efficient security mechanisms for mHealth applications using wireless body sensor networks. Sensors (Switzerland) 12(9):12606–12633, 2012. doi:10.3390/s120912606.CrossRefMathSciNetGoogle Scholar
  53. 53.
    Shin M (2012) Secure remote health monitoring with unreliable mobile devices. Journal of Biomedicine and Biotechnology;546021. DOI: 10.1155/2012/546021.
  54. 54.
    Fife, E., and Orjuela, J., The privacy calculus: Mobile apps and user perceptions of privacy and security. International Journal of Engineering Business Management 4(1):1–10, 2012. doi:10.5772/51645.CrossRefGoogle Scholar
  55. 55.
    Albrecht, U. V., Von Jan, U., and Pramann, O., Standard reporting for medical apps. Stud Health Technol Inform 190:201–203, 2013. PMID: 23823422.Google Scholar
  56. 56.
    Silva BM, Rodrigues JJ, Canelo F, Lopes IC, Zhou L (2013) A Data Encryption Solution for Mobile Health Apps in Cooperation Environments. J Med Internet Res;15(4):e66. DOI: 10.2196/jmir.2498.

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Borja Martínez-Pérez
    • 1
  • Isabel de la Torre-Díez
    • 1
  • Miguel López-Coronado
    • 1
  1. 1.Department of Signal Theory and Communications, and Telematics EngineeringUniversity of ValladolidValladolidSpain

Personalised recommendations