Top

Published in:

01-01-2015 | Mobile Systems

Privacy and Security in Mobile Health Apps: A Review and Recommendations

Authors: Borja Martínez-Pérez, Isabel de la Torre-Díez, Miguel López-Coronado

Published in: Journal of Medical Systems | Issue 1/2015

Abstract

In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users’ personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.

El Khaddar, M. A., Harroud, H., Boulmalf, M., and Elkoutbi, M., Habbani A (2012) Emerging wireless technologies in e-health Trends, challenges, and framework design issues. International Conference on Multimedia Computing and Systems (ICMCS) 10–12:440–445, 2012. doi:10.1109/ICMCS.2012.6320276.

Lin, C. F., Mobile telemedicine: a survey study. J Med Syst 36(2):511–20, 2012. doi:10.1007/s10916-010-9496-x.CrossRef

Martínez-Pérez, B., de la Torre-Díez, I., and López-Coronado, M., Mobile Health Applications for the Most Prevalent Conditions by the World Health Organization: Review and Analysis. J Med Internet Res 15(6):e120, 2013. doi:10.2196/jmir.2600.CrossRef

Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., et al., A comprehensive survey of Wireless Body Area Networks. J Med Syst 36(3):1065–94, 2012. doi:10.1007/s10916-010-9571-3.CrossRef

Kumar, B., Singh, S. P., and Mohan, A., Emerging mobile communication technologies for health. International Conference on Computer and Communication Technology, ICCCT 17–19:828–832, 2010. doi:10.1109/ICCCT.2010.5640393. Allahabad.

Gupta, R., and Mitra, M., Wireless electrocardiogram transmission in ISM band: an approach towards telecardiology. J Med Syst 38(10):90, 2014. doi:10.1007/s10916-014-0090-5.CrossRef

Yan, H., Huo, H., Xu, Y., and Gidlund, M., Wireless sensor network based E-health system - implementation and experimental results. IEEE Transactions on Consumer Electronics 56(4):2288–2295, 2010. doi:10.1109/TCE.2010.5681102.CrossRef

Sinha, A., and Couderc, P., A framework for interacting smart objects. Lecture Notes in Computer Science 8121:72–83, 2013. doi:10.1007/978-3-642-40316-3_7.CrossRef

Touati, F., and Tabish, R., u-Healthcare system: state-of-the-art review and challenges. J Med Syst 37(3):9949, 2013. doi:10.1007/s10916-013-9949-0.CrossRef

10.

Coleman, N., Mapping subscribers for better mobile networks. GEO: connexion 12(8):43–44, 2013.

11.

Bert, F., Giacometti, M., Gualano, M. R., and Siliquini, R., Smartphones and health promotion: a review of the evidence. J Med Syst 38(1):9995, 2014. doi:10.1007/s10916-013-9995-7.CrossRef

12.

Xiao, Z., and Camino, F. E., The fabrication of carbon nanotube field-effect transistors with semiconductors as the source and drain contact materials. Nanotechnology 20(13):135205, 2009. doi:10.1088/0957-4484/20/13/135205.CrossRef

13.

Nakatani, K., New technology trends in touch panel sensing. Proceedings of the International Display Workshops 3:1842–1845, 2012.

14.

Benfdila, A., Abbas, S., Izquierdo, R., Talmat, R., and Vaseashta, A., On the drain current saturation in carbon nanotube field effect transistors. Nano 5(3):161–165, 2010. doi:10.1142/S1793292010002062.CrossRef

15.

Bremer, M., Kirsch, P., Klasen-Memmer, M., and Tarumi, K., The TV in your pocket: Development of liquid-crystal materials for the new millennium. Angew Chem Int Ed Engl 52(34):8880–8896, 2013. doi:10.1002/anie.201300903.CrossRef

16.

ITU (2014) ICT Facts and Figures. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf (accessed 21 September 2014).

17.

Gartner (2013) Gartner Says Annual Smartphone Sales Surpassed Sales of Feature Phones for the First Time in 2013. http://www.gartner.com/newsroom/id/2665715 (accessed 21 September 2014).

18.

Jones C (2013) Apple and Google Continue to Gain US Smartphone Market Share. Forbes. http://www.forbes.com/sites/chuckjones/2013/01/04/apple-and-google-continue-to-gain-us-smartphone-market-share/ (accessed 21 September 2014).

19.

Canalys (2013) Top iOS and Android apps largely absent on Windows Phone and BlackBerry 10. http://www.canalys.com/newsroom/top-ios-and-android-apps-largely-absent-windows-phone-and-blackberry-10 (accessed 21 September 2014).

20.

Apple (2014) iTunes. http://www.apple.com/itunes/ (accessed 21 September 2014).

21.

Google (2014) Google play. https://play.google.com/store (accessed 21 September 2014).

22.

Rowinski D (2013) The Data Doesn’t Lie: iOS Apps Are Better Than Android. Readwrite Mobile. http://readwrite.com/2013/01/30/the-data-doesnt-lie-ios-apps-are-better-quality-than-android (accessed 21 September 2014).

23.

World Health Organization (2011) mHealth: New Horizons for Health through Mobile Technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). http://www.who.int/goe/publications/goe_mhealth_web.pdf (accessed 22 September 2014).

24.

Cohn SP, National Committee on Vital and Health Statistics (2006) Privacy and confidentiality in the nationwide health information network. http://www.ncvhs.hhs.gov/060622lt.htm (accessed 22 September 2014).

25.

HIMMS Analytics (2012) 2nd Annual HIMSS Mobile Technology Survey. http://www.himssanalytics.org/research/AssetDetail.aspx?pubid=81559&tid=131 (accessed 22 September 2014).

26.

Whipple, E. C., Allgood, K. L., and Larue, E. M., Third-year medical students’ knowledge of privacy and security issues concerning mobile devices. Med Teach 34(8):532–548, 2012. doi:10.3109/0142159X.2012.670319.CrossRef

27.

The Wall Street Journal – Deloitte (2013) Security and Privacy in Mobile Health. http://deloitte.wsj.com/cio/2013/08/06/security-and-privacy-in-mobile-health/ (accessed 22 September 2014).

28.

Lindy Benton (2013) Marrying the BYOD phenomenon to HIPAA compliance. HIMMS. http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (accessed 22 September 2014).

29.

Vodafone Global Enterprise (2013) Evaluating mHealth Adoption Barriers: Privacy and Regulation – Protecting your patients privacy in a mobile world. http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation.pdf (accessed 22 September 2014).

30.

Hsu, C. L., Lee, M. R., and Su, C. H., The role of privacy protection in healthcare information systems adoption. J Med Sys 37(5):9966, 2013. doi:10.1007/s10916-013-9966-z.CrossRef

31.

Rosenbaum, B. P., Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption. J Med Syst 38(3):19, 2014. doi:10.1007/s10916-014-0019-z.CrossRef

32.

Green, H., Strategies for safeguarding security of mobile computing. Healthc Financ Manage 67(2):88–90, 2013. PMID: 23413675.

33.

Gardazi SU, Shahid AA, Salimbene C (2012) HIPAA and QMS based architectural requirements to cope with the OCR audit program. Proceedings of 3rd FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing (MUSIC) 2012; pp. 246–253. DOI: 10.1109/MUSIC.2012.50.

34.

Luxton, D. D., Kayl, R. A., and Mishkind, M. C., mHealth data security: the need for HIPAA-compliant standardization. Telemedicine journal and e-health: the official journal of the American Telemedicine Association 18(4):284–288, 2012. PMID: 22400974.CrossRef

35.

Yeh, C. K., Chen, H. M. B., and Lo, J. W., An authentication protocol for ubiquitous health monitoring systems. Journal of Medical and Biological Engineering 33(4):415–419, 2013. doi:10.5405/jmbe.1478.CrossRef

36.

Ren, J., Wu, G., and Yao, L., A sensitive data aggregation scheme for body sensor networks based on data hiding. Personal and Ubiquitous Computing 17(7):1317–1329, 2013. doi:10.1007/s00779-012-0566-6.CrossRef

37.

Li, X., Wen, Q., Li, W., Zhang, H., and Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J Med Syst 38(11):139, 2014. doi:10.1007/s10916-014-0139-5.CrossRef

38.

Chen CL, Yang TT, Chiang ML, Shih TF (2014) A privacy authentication scheme based on cloud for medical environment. J Med Syst;38(11):143. DOI: 10.1007/s10916-014-0143-9.

39.

Kim, J. T., Enhanced secure authentication for mobile RFID healthcare system in wireless sensor networks. Communications in Computer and Information Science 352:190–197, 2012. doi:10.1007/978-3-642-35603-2_28.CrossRef

40.

ISO (2013) ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. http://www.iso27001security.com/html/27001.html (accessed 23 September 2014).

41.

Martínez-Pérez B, de la Torre-Díez I, López-Coronado M (2014) Comparison of Mobile Apps for the Leading Causes of Death Among Different Income Zones: A Review on Literature and Apps Stores. JMIR Mhealth Uhealth;2(1):e1. DOI: 10.2196/mhealth.2779.

42.

Martínez-Pérez B, de la Torre-Díez I, López-Coronado M, Sainz-de-Abajo B, Robles M, García-Gómez JM (2014) Mobile Clinical Decision Support Systems and Applications: A Literature and Commercial Review. J Med Syst;38(4). DOI: 10.1007/s10916-013-0004-y.

43.

Official Journal L (1995) DIRECTIVE 95/46/EC of the European Parliament and of the Council of 24 October 1995; P. 0031 – 0050.

44.

European Commission (2012) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM(2012) 11 final.

45.

Pub. L (1996) Health Insurance Portability and Accountability Act of 1996. No. 104–191, 110 Stat. 1936 (1996). 42 U.S.C. § 1320d-9.

46.

Federal Trade Commission Act. 15 U.S.C §45.

47.

FTC Staff Report (2013) Mobile Privacy Disclosures: Building Trust Through Transparency. http://www.ftc.gov/sites/default/files/documents/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission-staff-report/130201mobileprivacyreport.pdf (accessed 26 September 2014).

48.

Pub.L (1998) Children’s Online Privacy Protection Act of 1998 (COPPA). No. 105–277, 112 Stat. 1998. 15 U.S.C. § 6501–6506.

49.

Thomson Reuters Foundation (2013) Patient Privacy in a Mobile World. A Framework to Adress Privacy Law Issues in Mobile Health. http://www.mhealthalliance.org/images/content/trustlaw_connect_report.pdf (accessed 26 September 2014).

50.

Sorber J, Shin M, Peterson R, Cornelius C, Mare S, et al. (2012) An Amulet for trustworthy wearable mHealth. HotMobile - 13th Workshop on Mobile Computing Systems and Applications 2012;7. DOI: 10.1145/2162081.2162092.

51.

Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.CrossRef

52.

Sahoo, P. K., Efficient security mechanisms for mHealth applications using wireless body sensor networks. Sensors (Switzerland) 12(9):12606–12633, 2012. doi:10.3390/s120912606.CrossRefMathSciNet

53.

Shin M (2012) Secure remote health monitoring with unreliable mobile devices. Journal of Biomedicine and Biotechnology;546021. DOI: 10.1155/2012/546021.

54.

Fife, E., and Orjuela, J., The privacy calculus: Mobile apps and user perceptions of privacy and security. International Journal of Engineering Business Management 4(1):1–10, 2012. doi:10.5772/51645.CrossRef

55.

Albrecht, U. V., Von Jan, U., and Pramann, O., Standard reporting for medical apps. Stud Health Technol Inform 190:201–203, 2013. PMID: 23823422.

56.

Silva BM, Rodrigues JJ, Canelo F, Lopes IC, Zhou L (2013) A Data Encryption Solution for Mobile Health Apps in Cooperation Environments. J Med Internet Res;15(4):e66. DOI: 10.2196/jmir.2498.

Title: Privacy and Security in Mobile Health Apps: A Review and Recommendations
Authors: Borja Martínez-Pérez
Isabel de la Torre-Díez
Miguel López-Coronado
Publication date: 01-01-2015
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 1/2015
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-014-0181-3

2024 ASCO Annual Meeting

Springer Medicine

Privacy and Security in Mobile Health Apps: A Review and Recommendations

Abstract

2024 ASCO Annual Meeting

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 1/2015

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Primary Care Efficiency Measurement Using Data Envelopment Analysis: A Systematic Review

Noninvasive Blood Glucose Sensing Using Near Infra-Red Spectroscopy and Artificial Neural Networks Based on Inverse Delayed Function Model of Neuron

Super Wavelet for sEMG Signal Extraction During Dynamic Fatiguing Contractions

The Nurse Scheduling Problem in Real-Life

Feasibility Study of a Sensor-Based Autonomous Load Control Exercise Training System for COPD Patients