Top

Published in:

01-06-2016 | Mobile Systems

Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide

Authors: Enrique Pérez Morera, Isabel de la Torre Díez, Begoña Garcia-Zapirain, Miguel López-Coronado, Jon Arambarri

Published in: Journal of Medical Systems | Issue 6/2016

Abstract

Being the third fastest-growing app category behind games and utilities, mHealth apps are changing the healthcare model, as medicine today involves the data they compile and analyse, information known as Big Data. However, the majority of apps are lacking in security when gathering and dealing with the information, which becomes a serious problem. This article presents a guide regarding security solution, intended to be of great use for developers of mHealth apps. In August 2015 current mobile health apps were sought out in virtual stores such as Android Google Play, Apple iTunes App Store etc., in order to classify them in terms of usefulness. After this search, the most widespread weaknesses in the field of security in the development of these mobile apps were examined, based on sources such as the “OWASP Mobile Security Project, the initiative recently launched by the Office of Civil Rights (OCR), and other articles of scientific interest. An informative, elemental guide has been created for the development of mHealth apps. It includes information about elements of security and its implementation on different levels for all types of mobile health apps based on the data that each app manipulates, the associated calculated risk as a result of the likelihood of occurrence and the threat level resulting from its vulnerabilities - high level (apps for monitoring, diagnosis, treatment and care) from 6 ≤ 9, medium level (calculator, localizer and alarm) from 3 ≤ 6 and low level (informative and educational apps) from 0 ≤ 3. The guide aims to guarantee and facilitate security measures in the development of mobile health applications by programmers unconnected to the ITC and professional health areas.

KPBC. Internet Trends 2015 – Code Conference. Available from: http://www.kpcb.com/internet-trends (last accessed 22 Feb 2016), 2015.

Google. Google Play. Available from: http://play.google.com/store (last accessed 22 Feb 2016), 2016.

Apple. iTunes. Available from: http://www.apple.com/itunes (last accessed 22 Feb 2016), 2016.

Gartner. Gartner Says Emerging Markets Drove Worldwide Smartphone Sales to 15.5 Percent Growth in Third Quarter of 2015. Available from: http://www.gartner.com/newsroom/id/3169417 (last accessed 23 Feb 2016), 2015.

GSMA, GSM Association. The Mobile Economy 2015. 2015. Available from: http://www.gsmamobileeconomy.com/GSMA_Global_Mobile_Economy_Report_2015.pdf (last accessed 24 Feb 2016).

Cisco. VNI Mobile Forecast Hightlights, 2015–2020. Available from: http://www.cisco.com/assets/sol/sp/vni/forecast_highlights_mobile/index.html (last accessed 24 Feb 2016), 2015.

MGI, McKinsey Global Institute. The Internet of Things: Mapping the Value Beyond the Hype. Available from: http://www.mckinsey.com/insights/business_technology/the_internet_of_things_the_value_of_digitizing_the_physical_world (last accessed 25 Feb 2016), 2015.

ITU, International Telecommunication Union. ICT Facts and Figures – The World in 2015. Available from: http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf (last accessed 25 Feb 2016), 2015.

World Health Organization. mHealth: New horizons for health through mobile technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). Available from: http://www.who.int/goe/publications/goe_mhealth_web.pdf?ua=1 (last accessed 25 Feb 2016), 2011.

10.

Research2guidance. mHealth App Developer Economics 2015: The Current Status and Trends of the mHealth App Market (5th Annual Study on mHealth App Publishing based on 5000 plus respondents). Available from: http://research2guidance.com/r2g/r2g-mHealth-App-Developer-Economics-2015.pdf (last accessed 25 Feb 2016), 2015.

11.

IOT Solutions World Congress. The Future of Healthcare Wearables - Innovation - IOTSWC15. Available from: https://www.youtube.com/watch?v=VR7LPXYYaC0 (last accessed 25 Feb 2016), 2015.

12.

Telefónica. Trend Report 2015: The Year of Information leaks. Available from: https://www.elevenpaths.com/wp-content/uploads/2015/12/2015_the_year_of_information_leaks_EN.pdf (last accessed 25 Feb 2016), 2015.

13.

Bitglass. Healthcare Breach Report 2016: What a Difference a Year makes. Available from: http://pages.bitglass.com/rs/418-ZAL-815/images/BR_Healthcare_Breach_Report_2016.pdf (last accessed 25 Mar 2016), 2016.

14.

Ponemon Institute. 2015 Cost of Data Breach Study: Global Analysis (Benchmark Research Sponsored by IBM). Available from: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03053WWEN&attachment=SEW03053WWEN.PDF (last accessed 27 Feb 2016), 2015.

15.

HIMMS Analytics. 2015 Mobile Technology Survey | Executive summary. Available from: http://www.himss.org/ResourceLibrary/genResourceDetailPDF.aspx?ItemNumber=41510 (last accessed 27 Feb 2016), 2015.

16.

HIMMS. Marrying the BYOD phenomenon to HIPAA compliance. Available from: http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (last accessed 27 Feb 2016), 2013.

17.

Gartner. Gartner Says Worldwide Smartphone Sales Recorded Slowest Growth Rates Since 2013. Available from: http://www.gartner.com/newsroom/id/3115517. (last accessed 29 Feb 2016), 2015.

18.

IDC. Smartphone OS Market Share, 2015 Q2. Available from: http://www.idc.com/prodserv/smartphone-os-market-share.jsp (last accessed 29 Feb 2016), 2015.

19.

Microsoft. Windows Phone Apps+Games. Available from: http://www.windowsphone.com/es-es/store (last accessed 1 Mar 2016), 2016.

20.

BlackBerry. BlackBerry World. Available from: http://www.appworld.blackberry.com/webstore/product/1/ (last accessed 1 Mar 2016), 2016.

21.

Nokia. Ovi Store. Available from: http://store.ovi.com/ (last accessed 1 Mar 2016), 2016.

22.

IMS Institute for Healthcare Informatics. Patient Adoption of mHealth. Available from: http://www.imshealth.com (last accessed 3 Mar 2016), 2015.

23.

World Health Organization. Disease and injury regional estimates, cause-specific mortality: regional estimates for 2012. Available from: http://www.who.int/mediacentre/factsheets/fs310/es/ (last accessed 3 Mar 2016), 2012.

24.

World Health Organization. Global Burden of Disease: 2004 Update 2008. Available from: http://www.who.int/healthinfo/global_burden_disease/2004_report_update/en/ (last accessed 3 Mar 2016), 2008.

25.

Calvo-González, D., De la Torre-Díez, I., and López-Coronado, M., Análisis y evolución de aplicaciones móviles en el campo de la salud. I+S Informatica Salud: Sociedad Española Informática Salud 108:63–70, 2014.

26.

IDC. Worldwide Tablet Shipments Expected to Decline −8.0% in 2015 While 2 – in – 1f Devices Pick Up Momentum, Growing 86.5%, According to IDC. Available from: http://www.idc.com/getdoc.jsp?containerId=prUS25867215 (last accessed 3 Mar 2016), 2015.

27.

IDC. Smartphone OS Market Share, 2015 Q2. Available from: http://www.idc.com/prodserv/smartphone-os-market-share.jsp (last accessed 8 Mar 2016), 2015.

28.

ISO. ISO/IEC 27001:2013 Information technology - Security techniques - Information security management Systems – Requirements. Available from: http://www.iso27001security.com/html/27001.html (last accessed 8 Mar 2016), 2013.

29.

OWASP. OWASP Mobile Security Project. Available from: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Home (last accessed 8 Mar 2016), 2015.

30.

Martinez-Pérez, B., de la Torre-Díez, I., and Lopez-Coronado, M., Privacy and security in mobile health apps: a review and recommendations. J. Med. Syst. 39:181, 2015.CrossRefPubMed

31.

HealthIt. Your Mobile Device and Health Information Privacy and Security. Available from: http://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security (last accessed 8 Mar 2016), 2014.

32.

Senft, D. J., Mobile devices: technology aid - security risk. Geriatr. Nurs. 34:149–150, 2013.CrossRefPubMed

33.

Chiou, S. Y., Ying, Z., and Liu, J., Improvement of a privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 40(4):101, 2016.CrossRefPubMed

34.

Chen, Y. L., Liau, R. H., and Chang, L. Y., Applications of multi-channel safety authentication protocols in wireless networks. J. Med. Syst. 40(1):26, 2016.CrossRefPubMed

35.

Guo, P., Wang, J., Ji, S., Geng, S. H., and Xiong, N. N., A lightweight encryption scheme combined with trust management for privacy-preserving in body sensor networks. J. Med. Syst. 39(12):190, 2015.CrossRefPubMed

36.

Cho, H., Lim, J., Kim, H., and Yi, J. H., Anti-debugging scheme for protecting mobile apps on android platform. J. Med. Syst. 72(1):232–246, 2016.

37.

MITRE Corporation. The MITRE Corporation. Available from: http://www.mitre.org (last accessed 10 Mar 2016), 2016.

38.

PCI Security Standards Council. Official PCI Security Standards Council Site. Available from: https://es.pcisecuritystandards.org/pci_security (last accessed 10 Mar 2016), 2016.

39.

DISA. Defense Information Systems Agency. Available from: http://www.disa.mil (last accessed 14 Mar 2016), 2016.

40.

FTC. Federal Trade Commision | Protecting America’s Consumers. Available from: https://www.ftc.gov (last accessed 14 Mar 2016), 2016.

41.

OWASP. OWASP Risk Rating Methodology. Available from: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology (last accessed 14 Mar 2016), 2016.

42.

Office of the Privacy Commissioner of Canada. Results of the 2014 Global Privacy Enforcement Network Sweep. Available from: https://www.priv.gc.ca/media/nr-c/2014/bg_140910_e.asp (last accessed 14 Mar 2016), 2014.

43.

Mobile Connect. Mobile Connect. Available from: https://mobileconnect.io (last accessed 18 Mar 2016), 2016.

44.

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG (last accessed 18 Mar 2016).

45.

Amazon. Amazon.com. Available from: http://www.amazon.com (last accessed 18 Mar 2016), 2016.

Title: Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide
Authors: Enrique Pérez Morera
Isabel de la Torre Díez
Begoña Garcia-Zapirain
Miguel López-Coronado
Jon Arambarri
Publication date: 01-06-2016
Publisher: Springer US
Published in: Journal of Medical Systems / Issue 6/2016
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI: https://doi.org/10.1007/s10916-016-0513-6

Keynote webinar | Spotlight on sleep in brain health

Springer Medicine

Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide

Abstract

Keynote webinar | Spotlight on sleep in brain health

Springer Medicine

Abstract

Please log in to get access to this content

Other articles of this Issue 6/2016

Hybrid EANN-EA System for the Primary Estimation of Cardiometabolic Risk

Multiple Imputation based Clustering Validation (MIV) for Big Longitudinal Trial Data with Missing Values in eHealth

Building Computer-Based Experiments in Psychology without Programming Skills

Detection of Cardiac Abnormalities from Multilead ECG using Multiscale Phase Alternation Features

A mobile decision support system for red eye diseases diagnosis: experience with medical students

Acquisition of Competencies by Medical Students in Neurological Emergency Simulation Environments Using High Fidelity Patient Simulators