More needs to be done to protect privacy on mHealth, researchers say


A new paper published in the journal Computer argues that personal health information must be better secured with increased privacy settings--or risk PHI falling into the wrong hands.

The authors of the paper, including David Kotz of Dartmouth College and Jonathan Weiner of Johns Hopkins University, argue that while mobile health (mHealth) is set to help lower costs and manage chronic conditions better, the need to tighten up just who can access these data remains.

In a clinical setting, any personal information used from trials or from a doctor/hospital visit are secured and the data, if used outside of these settings, anonymized.

But when patients/consumers are using home-based devices to track their PHI, such as smartphones with healthcare-based apps or other devices that can be accessed online, these kinds of checks and balances are not always in place.

The authors say that researchers need to allow those using these systems better knowledge of just how their PHI will be used in order to prevent mHealth systems from collecting information that goes beyond the clinical setting.

They say: “To verify that a personal device reporting health-related information is in fact being used by the rightful owner, access control and continuous authentication measures, such as building biometric sensors into a device, are also needed.

“In mHealth, GPS can be used to collect information about geo-exposures, movement patterns and other data about users; however, even when GPS is turned off, there's a risk that remote sensor data could disclose an individual's location and other private information. Anonymizing data would help mitigate this risk.”

- check out the paper