Skip to main content

Developing a comprehensive information security framework for mHealth: a detailed analysis


It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9


  1. World Health Organisation (2011) mHealth: new horizons for health through mobile technologies (online). Accessed 6 Jan 2017

  2. European Commission (2014) GREEN PAPER on mobile Health (“mHealth”) (online). Accessed 10 Jan 2017

  3. Germanakos P, Mourlas C, Samaras G (2005) A mobile agent approach for ubiquitous and personalized eHealth Information Systems. In: Proceedings of the workshop on ’Personalization for e-Health’ of the 10th international conference on user modeling (UM’05), Edinburgh, pp 67–70

  4. European Commission (2014) Healthcare in your pocket: unlocking the potential of mHealth (online). Accessed 10 Jan 2017

  5. Whittaker R (2012) Issues in mHealth: finding from key informant interviews (online). Accessed 10 Jan 2017

  6. Avancha S, Baxi A, Kotz D (2012) Privacy in mobile technology for personal healthcare. ACM Comput Surv 45(1):Article 2

    Article  Google Scholar 

  7. Vodafone Global Enterprise (2013) Evaluating mHealth barriers: privacy and regulation (online). Accessed 20 Jan 2017

  8. Adesina AO, Agbele KK, Februarie R, Abidoye AP, Nyongesa HO (2011) Ensuring the security and privacy of information in mobile health-care communication systems. S Afr J Sci 107(9/10):Art. #508. doi:10.4102/sajs.v107i9/10.508

    Article  Google Scholar 

  9. Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75

    Article  Google Scholar 

  10. Takabi H, Joshi JBD, Ahn GJ (2010) SecureCloud: towards a comprehensive security framework for cloud computing environments. In: International computer software and applications conference, pp 393–398

  11. Brock M, Goscinski A (2010) Toward a framework for cloud security. In: Lecture Notes in Computer Science, vol 6082. Springer, Berlin, pp 254–263

  12. Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Future Gener Comput Syst 28:583–592

    Article  Google Scholar 

  13. Mapp G, Aiash M, Ondiege B, Clarke M (2014) Exploring a new security framework for cloud storage using capabilities. 2014 IEEE 8th symposium on service oriented system engineering (SOSE). IEEE, Oxford, pp 484–489

    Google Scholar 

  14. Hunter A (2017) Taxonomies (online). Accessed 25 Jan 2017

  15. Noy NF, McGuinness DL (2001) Ontology development 101: a guide to creating your first ontology (online). Accessed 19 Jan 2017

  16. Gonzalez NM, Miers CC, Redigolo FF, Simplicio M, Carvalho T, Naslund M, Pourzandi M (2011) A taxonomy model for cloud computing services. First international conference on cloud computing and services science (CLOSER). Springer, Netherlands, pp 56–65

    Google Scholar 

  17. Mell P, Grance T (2010) The NIST definition of cloud computing. Commun ACM 53(6):50

    Google Scholar 

  18. Johnston S (2008) Taxonomy: the 6 layer cloud computing stack (online). Accessed 16 March 2017

  19. U.S. Food and Drug Administration (2015) Implants and prosthetics (online). Accessed 10 Jan 2017

  20. Medical Device and Diagnostic Industry (2013) Body hackers implant homemade health monitor (online). Accessed 10 Jan 2017

  21. Karulf E (2008) Body area networks (BAN) (online). Accessed 10 Jan 2017

  22. Jovanov E (2005) Wireless technology and system integration in body area networks for m-health applications. 2005 27th annual international conference of the IEEE engineering in medicine and biology science (EMBS). IEEE, Shanghai, pp 7158–7160

    Chapter  Google Scholar 

  23. (2016) Are there different types of personal health records (PHRs)? (online). Accessed 11 Jan 2017

  24. Dumortier J, Verhenneman G (2013) Legal regulation of electronic health records: a comparative analysis of Europe and the US. In: George C, Whitehouse D, Duquenoy P (eds) eHealth: legal, ethical and governance challenges. Springer, Berlin

    Google Scholar 

  25. Yahya F, Walters RJ, Wills GB (2016) Goal-based security components for cloud storage security framework: a preliminary study. In: 2016 international conference on cyber security and protection of digital services (cyber security). IEEE, London, pp 1–5

  26. Martin K (2012) Everyday cryptography. Oxford University Press Inc, United States of America

    Book  MATH  Google Scholar 

  27. Kang J, Adibi S (2015) A review of security protocols in mHealth wireless body area networks (WBAN). The series of communications in computer and information science, vol 523, pp 61–83

  28. Convery S (2007) Network authentication, authorization, and accounting. Internet Protocol J 10:2–11

    Google Scholar 

  29. International Organization for Standardization (2011) ISO27005:2011 information security—security techniques—information security risk management (online). Accessed 17 March 2017

  30. El-Abed M, Giot R, Hemery B, Schwartzmann J, Rosenberger C (2012) Towards the security evaluation of biometric authentication systems. IACSIT Int J Eng Technol 4(3):315–320

    Article  Google Scholar 

  31. CSA (2016) The treacherous 12 cloud computing top threats in 2016 (online). Accessed 17 March 2017

  32. Savage M (2012) Mobile device protection: tackling mobile device security risks. (online). Accessed 15 Jan 2017

  33. Gejibo S, Mancini F, Mughal KA, Valvik RA, Klungsoyr J (2012) Secure data storage for Java ME-based mobile data collection systems. In: 2012 IEEE 14th international conference on e-Health networking, applications and services (Healthcom 2012). IEEE, Beijing, pp 498–501

  34. Jung C (2011) Mobile data collection systems: a review of the current state of the field (online). Accessed 18 Jan 2017

  35. Gejibo SH (2015) Towards a secure framework for mHealth, PhD thesis. University of Bergen, Bergen

    Google Scholar 

  36. Halderman JA, Schoen SD, Heninger N, Clarkson W, Paul W, Calandrino JA, Feldman AJ, Appelbaum J, Felten EW (2008) Lest we remember: cold boot attack on encryption keys. In: Proceedings of 17th USENIX security symposium (Sec’08), San Jose

  37. Scarfone K, Souppaya M (2013) Guidelines for managing the security of mobile devices in the enterprise (online). Accessed 15 Jan 2017

  38. Gardner RW, Garera S, Pagano MW, Green M, Rubin AD (2009) Securing medical records on smart phones. 2009 16th ACM conference on computer and communications security (CCS). ACM, Chicago, pp 31–40

    Google Scholar 

  39. Schneider FB (2017) Something you know, have, or are (online). Accessed 18 Jan 2017

  40. ICD Security Solutions (2012) Access control continued: biometrics and other forms of access authorization (online). Accessed 18 Jan 2017

  41. Luxton DD, Kayl RA, Mishkind MC (2012) mHealth data security: the need for HIPAA compliant standardization. Telemed e-Health 18(4):284

    Article  Google Scholar 

  42. Cloud Standards Customer Council (2012) Impact of cloud computing on healthcare (online). Accessed 18 Jan 2017

  43. Mapp G, Riley L (2014) yRFC3: the simple protocol lite (SP-Lite) specification (online). Accessed 20 Jan 2017

  44. Padiy A, Mapp G (2017) Simple protocol—Java userspace implementation (online). Accessed 22 Jan 2017

  45. TayloyWessing (2017) How secure is blockchain? (online). Accessed 23 Jan 2017

  46. Korolov M (2016) The blockchain is now being hyped as the solution to all inefficient information processing systems (online). Accessed 23 Jan 2017

  47. ENISA (2017) Distributed ledger technology and cyber security—improving information security in the financial sector (online). Accessed 25 Jan 2017

  48. Pair S (2015) The secure blockchain is Bitcoin’s biggest asset (online). Accessed 23 Jan 2017

  49. Hall M, Barry J (2013) The sun technology papers. Springer, The United States of America

    Google Scholar 

  50. Sardis F, Mapp G, Loo J, Aiash M, Vinel A (2013) On the investigation of cloud-based mobile media environments with service-populating and QoS-aware mechanisms. IEEE Trans Multimedia 15(4):769–777

    Article  Google Scholar 

  51. TopQuadrant (2013) Controlled vocabularies, taxonomies, and thesauruses (and ontologies) (online). Accessed 25 Jan 2017

  52. Moreira ES, Martimiano LAF, Brandao AJS, Bernardes MC (2008) Ontologies for information security management and governance. Inf Manag Comput Secur 16(2):150–165

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Nattaruedee Vithanwattana.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Vithanwattana, N., Mapp, G. & George, C. Developing a comprehensive information security framework for mHealth: a detailed analysis. J Reliable Intell Environ 3, 21–39 (2017).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • mHealth
  • Information security
  • Wearable devices
  • Cloud computing
  • Security framework
  • Security requirements