To maintain the confidentiality of patient records, healthcare providers implement their own security measures; yet, consumers may not have access to such systems for their home-based devices. To ensure that protected health information (PHI) remains confidential and secure through mHealth technologies, the authors pose a series of research challenges in the areas of: data sharing and consent management; access control and authentication; confidentiality and anonymity; mHealth smartphone apps; policies and compliance; accuracy and data provenance; and security technology.
Many mHealth systems have the ability to continuously collect and transmit individual health data - but to what end? Among the challenges, researchers highlight the need for mHealth systems to provide users with the opportunity to specify how their PHI will be used, to prevent mHealth systems from collecting information that extends beyond the clinical setting. To verify that a personal device reporting health-related information is in fact being used by the rightful owner, access control and continuous authentication measures, such as building biometric sensors into a device, are also needed. In mHealth, GPS can be used to collect information about geo-exposures, movement patterns and other data about users; however, even when GPS is turned off, there's a risk that remote sensor data could disclose an individual's location and other private information. Anonymizing data would help mitigate this risk.
"We encourage colleagues with research expertise in mobile health, medical devices, and secure computing to engage with these issues and help bring pervasive mobile-health technology to the world," said lead author David Kotz, the Champion International Professor in the Department of Computer Science at Dartmouth College.
With 45 percent of Americans facing chronic disease, which accounts for 75 percent of the annual $2.6+ trillion spent on healthcare, and many developed countries facing aging populations, mobile technology can serve as a great resource to help address these problems provided mHealth companies and other stakeholders are able to meet the privacy and security challenges associated with these technologies. This new paper outlines the most critical research challenges required to achieve those goals.
David Kotz, Carl A. Gunter, Santosh Kumar, Jonathan P. Weiner.
Privacy and Security in Mobile Health: A Research Agenda
Computer, vol.49, no. 6, pp. 22-30, June 2016. doi:10.1109/MC.2016.185