Securing information in an mHealth world
As mobile technology becomes predominant in the healthcare sector, security of data has become a large concern. Recognizing this issue, the mHealth Alliance, the Thomson Reuters Foundation, Merk and Baker & McKenzie teamed up, recently released a new report.
“Patient Privacy in a Mobile World” analyzed privacy and security policies throughout the world. Together, these organizations have offered recommendations to secure data sent through mobile devices.
Upon review, the paper focuses on region-specific variances in privacy laws as a way to explain and publicize available options to the mHealth community as it looks at privacy and security. After evaluating all of the information, the report considers the technical, cultural and legal considerations of mHealth security to be the most important.
* Technical: Data security, whether it be for a mobile application or the Internet itself, is a constant, evolving threat. To combat this, an agile response is required, but can be hampered by detailed regulations. Security legislation can also create conflict across countries. The report recognizes that the hardest challenge faced by developers is trying to deploy applications across the world and dealing with conflicting security regulations. Collaborating to ensure security interoperability worldwide will continue to be a pressing issue moving forward.
* Culture: This consideration is one of the most complex when it comes to privacy and security. As HealthIT Security writes: “The law, in general, is culturally-specific.” Crimes around the world are defined differently based on the cultural implications of the area. This tends to be a sensitive subject and legal reform should take this into consideration. Additionally, shared mobile phone users in countries outside the United States may be concerned about the transmission of diseases.
* Law: Privacy laws are vastly different when it comes to regulation. Because of these different approaches, it’s hard to analyze results in terms of achieving the goal of providing individuals with the ability to control collection, recording, access and dissemination of personal information.
After evaluating these three areas, the report looks to establish parameters around functional privacy law. This framework may go beyond privacy laws, as many countries around the world are mandating SIM card registries for the linking of phones with individual citizens.
When looking at the United States, we have no overarching privacy law. The current law states that mobile app developers should provide clear, readily-identifiable and easy-to-understand methods to ensure a user knows when data is collected or transmitted. Additionally, laws require organizations to maintain reasonable security over personal data.
Furthermore, the report looked at the differences between the Privacy Rule and Security Rule. The Privacy Rule requires those who transmit health information to ensure the confidentiality of certain health-related information. It also refers to other laws, including The Children’s Online Privacy Protection Act. HIPPA is an obvious player as well.
For mHealth to take off worldwide, trust needs to be built between the users of mHealth solutions in privacy and security of health data. Findings and recommendations from reports like these will move us in the right direction for securing health data.