Mobile Solutions, From Start to Finish

“Patient Privacy in a Mobile World” analyzed privacy and security policies throughout the world.  Together, these organizations have offered recommendations to secure data sent through mobile devices. 

Upon review, the paper focuses on region-specific variances in privacy laws as a way to explain and publicize available options to the mHealth community as it looks at privacy and security.  After evaluating all of the information, the report considers the technical, cultural and legal considerations of mHealth security to be the most important.

     *  Technical: Data security, whether it be for a mobile application or the Internet itself, is a constant, evolving threat.  To combat this, an agile response is required, but can be hampered by detailed regulations.  Security legislation can also create conflict across countries.  The report recognizes that the hardest challenge faced by developers is trying to deploy applications across the world and dealing with conflicting security regulations.  Collaborating to ensure security interoperability worldwide will continue to be a pressing issue moving forward. 

     *  Culture: This consideration is one of the most complex when it comes to privacy and security.  As HealthIT Security writes: “The law, in general, is culturally-specific.” Crimes around the world are defined differently based on the cultural implications of the area.  This tends to be a sensitive subject and legal reform should take this into consideration.  Additionally, shared mobile phone users in countries outside the United States may be concerned about the transmission of diseases. 

     *  Law: Privacy laws are vastly different when it comes to regulation.  Because of these different approaches, it’s hard to analyze results in terms of achieving the goal of providing individuals with the ability to control collection, recording, access and dissemination of personal information. 

After evaluating these three areas, the report looks to establish parameters around functional privacy law.  This framework may go beyond privacy laws, as many countries around the world are mandating SIM card registries for the linking of phones with individual citizens. 

When looking at the United States, we have no overarching privacy law.  The current law states that mobile app developers should provide clear, readily-identifiable and easy-to-understand methods to ensure a user knows when data is collected or transmitted.  Additionally, laws require organizations to maintain reasonable security over personal data. 

Furthermore, the report looked at the differences between the Privacy Rule and Security Rule. The Privacy Rule requires those who transmit health information to ensure the confidentiality of certain health-related information.  It also refers to other laws, including The Children’s Online Privacy Protection Act.  HIPPA is an obvious player as well. 

For mHealth to take off worldwide, trust needs to be built between the users of mHealth solutions in privacy and security of health data.  Findings and recommendations from reports like these will move us in the right direction for securing health data.

According to iHealthBeat, the results of the online survey, conducted May 22 to May 24, were based on 2,050 Americans ages 18 and older.

the online survey was conducted between May 22 and May 24 to 2,050 Americans aged 18 years and older.

Those surveyed are interested in using their smartphones and tablets to monitor blood pressure and blood sugar. The 25 to 29 year old demographic is most interested in diagnostic testing via these devices. The researchers behind the survey recognize that the applications available to conduct these tests are either new in the market place or are not yet available. 

Additionally, one-third of those surveyed are interested in using mobile devices to make doctor’s appointments, review test results and communicate with providers.

While this all sounds simple, it comes with one challenge – privacy.  Respondents were very concerned about their mobile devices’ ability to keep their information private, especially information related to their health. Only 13% were confident in the privacy of their online medical information. 

As the mHealth field continues to grow, it will be interesting to watch how adoption rates continue to rise and what security tactics will be utilized to address these concerns.  

The news of publication has caused a stir, with the Bipartisan Policy Center pressuring the HHS to delay publication.  One hundred and twenty nine companies and associations signed a letter to urge the administration to hold off until an Office of the National Coordinator for Health Information Technology (ONC) workgroup responsible for risk-based framework for health IT concludes.  On the list of those against release are McKesson, Microsoft, Oracle, athenahealth, Epocrates, Siemens, UnitedHealth Group, Teladoc, Silicon Valley Chapter of Health 2.0 and StartupHealth. 

The formation of the ONC workgroup is separate from the FDASIA legislation passed last year.  Recommendations from the FDASIA legislation are not expected until the end of the fiscal year. 

Not all companies are looking to stop the release. The mHealth Regulatory Coalition, made up of 20 companies that represent the pioneers of the mobile health industry, has sent a letter urging the FDA to publish their recommendations immediately.  The coalition writes as published by mobihealthnews: “FDA’s guidance, on the other hand, is focused on providing specific details of whether different mobile medical apps will be regulated or not – this is the level of regulatory detail app developers need now.”

All that’s left to do is wait to see if the FDA findings are released within the next week. Without the guidelines, mobile health will continue to be in a holding pattern.