July 21, 2016 — A new paper published in the June issue of Computer cautions that while mobile health (mHealth) is poised for a boom, greater privacy and security measures are needed to realize the full benefits of the technology.
Over two-thirds of U.S. adults now own a smartphone, and the rise in miniaturized sensors and low-power body area networks that are used for remote health monitoring are all driving the growth of mHealth. The technology has the potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health.
To maintain the confidentiality of patient records, healthcare providers implement their own security measures; yet, consumers may not have access to such systems for their home-based devices. To ensure that protected health information (PHI) remains confidential and secure through mHealth technologies, the authors pose a series of research challenges in the areas of:
- Data sharing and consent management;
- Access control and authentication;
- Confidentiality and anonymity;
- mHealth smartphone apps;
- Policies and compliance;
- Accuracy and data provenance; and
- Security technology.
Many mHealth systems have the ability to continuously collect and transmit individual health data – but to what end? Among the challenges, researchers highlight the need for mHealth systems to provide users with the opportunity to specify how their PHI will be used, to prevent mHealth systems from collecting information that extends beyond the clinical setting. To verify that a personal device reporting health-related information is in fact being used by the rightful owner, access control and continuous authentication measures, such as building biometric sensors into a device, are also needed.
In mHealth, GPS can be used to collect information about geo-exposures, movement patterns and other data about users; however, even when GPS is turned off, there’s a risk that remote sensor data could disclose an individual’s location and other private information. Anonymizing data would help mitigate this risk.
“We encourage colleagues with research expertise in mobile health, medical devices and secure computing to engage with these issues and help bring pervasive mobile-health technology to the world,” said lead author David Kotz, the Champion International Professor in the Department of Computer Science at Dartmouth College.