Privacy and Security in Mobile Health – a Research Agenda

Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges

Analysis of Platforms and Functions of Mobile-Based Personal Health Record Systems

ObjectivesLittle is known about the platforms and functionalities of mobile-based personal health record (PHR) applications. The objective of this study was to investigate these two features of PHR systems.MethodsThe unit of analysis was general hospitals with more than 100 beds. This study was based on a PHR survey conducted from May 1 to June 30, 2020 and the National Health Insurance administrative data as of March 31, 2020. The study considered the platform, Android and iPhone operation system (iOS), and types of functionalities of PHR systems. Among the 316 target hospitals, 103 hospitals had adopted PHR systems. A logistic regression analysis was used.ResultsThis study found that 103 hospitals had adopted mobile-based PHR systems for their patients. Sixty-four hospitals (62.1%) were adopting both Android and iOS, but 36 (35.0%) and 3 (2.9%) hospitals were adopting Android only or iOS only, respectively. The PHR systems of hospitals adopting both platforms were more likely to have functions for viewing prescriptions, clinical diagnostic test results, and upcoming appointment status compared to those adopting a single platform (p \u3c 0.001). The number of beds (odds ratio [OR] = 1.004; confidence interval [CI], 1.001–1.007; p = 0.0029) and the number of computed tomography systems (CTs) per 100 beds (OR = 6.350; CI, 1.006–40.084; p = 0.0493) were significantly associated with the adoption of both platforms.ConclusionsMore than 60% of hospitals had adopted both Android and iOS platforms for their patients in Korea. Hospitals adopting both platforms had additional functionalities and significant association with the number of beds and CTs

Forensic Taxonomy of Popular Android mHealth Apps

Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user

A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation

Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data

Factor Affecting Mobile Health Application for Chronic Diseases

M-health has changed the conventional delivery system of health-care, permitting continuous, pervasive Healthcare anywhere, anytime. Chronic disease apps are increasing, as many health workers, patients and clinicians already embracing smartphones in their comprehensive and diverse practices. This paper also mentions the current high end and open challenges in emerging field of smartphone-based healthcare applications. One of the M-health’s biggest fears and technical barriers is the security and privacy of the personal information. While the usability testing and evaluations of chronic disease apps have not yet touched the accuracy level of other web-based applications. This study is being conducted to learn about challenges of m- health apps and to identify the factors that affect the usability of such applications

Privacy Risks and Security Threats in mHealth apps

mHealth (Mobile Health) applications (apps) have transformed the doctor-patient relationship. They help users with varied functionalities such as monitoring their health, understanding specific health conditions, consulting doctors online and achieving fitness goals. Whilst these apps provide an option of equitable and convenient access to healthcare, a lot of personal and sensitive data about users is collected, stored and shared to achieve these functionalities. Little is known about the privacy and security concerns these apps address. Based on literature review, this paper identifies the privacy risks and security features for evaluating thirty apps in the Medical category across two app distribution platforms in India namely Google Play and App Store. Factors identified through the review formed a basis of the scoring model which helped to arrive at the ‘Privacy Risk Score’ and ‘Safety Score’ for each app. A comparative analysis of the selected apps was performed by studying their privacy policies. The results indicate that adopting these apps pose a risk. Finally, recommendations are provided to consumers such as examining the app before downloading it, customizing the app settings, and to developers to develop robust and transparent privacy policies

Realising the technological promise of smartphones in addiction research and treatment: An ethical review

Background Smartphone technologies and mHealth applications (or apps) promise unprecedented scope for data collection, treatment intervention, and relapse prevention when used in the field of substance abuse and addiction. This potential also raises new ethical challenges that researchers, clinicians, and software developers must address. Aims This paper aims to identify ethical issues in the current uses of smartphones in addiction research and treatment. Methods A search of three databases (PubMed, Web of Science and PsycInfo) identified 33 studies involving smartphones or mHealth applications for use in the research and treatment of substance abuse and addiction. A content analysis was conducted to identify how smartphones are being used in these fields and to highlight the ethical issues raised by these studies. Results Smartphones are being used to collect large amounts of sensitive information, including personal information, geo-location, physiological activity, self-reports of mood and cravings, and the consumption of illicit drugs, alcohol and nicotine. Given that detailed information is being collected about potentially illegal behaviour, we identified the following ethical considerations: protecting user privacy, maximising equity in access, ensuring informed consent, providing participants with adequate clinical resources, communicating clinically relevant results to individuals, and the urgent need to demonstrate evidence of safety and efficacy of the technologies. Conclusions mHealth technology offers the possibility to collect large amounts of valuable personal information that may enhance research and treatment of substance abuse and addiction. To realise this potential researchers, clinicians and app-developers must address these ethical concerns to maximise the benefits and minimise risks of harm to users