Dartmouth: Hospitals must ramp up security for sensors, body area networks, mHealth apps
Mobile health technologies offer tremendous potential to boost healthcare quality, expand access to healthcare services, trim healthcare costs, improve the wellness of consumers and strengthen public health. But at the same time, mHealth raises noteworthy privacy and security challenges.
Today, 64 percent of U.S. adults own a smartphone, up from 35 percent in 2011, according to the Pew Research Center. And an increasing number of healthcare organizations and U.S. adults are beginning to use miniaturized sensors and low-power body area networks for remote health monitoring. Various sensors, including those found on smartwatches and fitness trackers, work in tandem with the very popular smartphones. As a result, mobile health appears to be at the beginning of a boom.
The benefits that mHealth technologies offer, however, may not be fully realized unless greater privacy and security measures are implemented, according to “Privacy and Security in Mobile Health: A Research Agenda,” a new paper from Dartmouth College and other university researchers published in Computer magazine.
To maintain the confidentiality of patient records, healthcare providers implement their own security measures; yet, consumers may not have access to such systems for their home-based devices. To ensure that protected health information (PHI) remains confidential and secure through mHealth technologies, the academic researchers, under the lead of David Kotz, the Champion International Professor in the Department of Computer Science at Dartmouth College, have posed a series of research challenges in the areas of: data sharing and consent management; access control and authentication; confidentiality and anonymity; mHealth smartphone apps; policies and compliance; accuracy and data provenance; and security technology.
“We encourage colleagues with research expertise in mobile health, medical devices and secure computing to engage with these issues and help bring pervasive mobile health technology to the world,” Kotz said.
Among the challenges, the academic researchers highlight the need for mHealth systems to provide users with the opportunity to specify how their PHI will be used and prevent mobile technology from collecting information that extends beyond the clinical setting. Further, to verify that a personal device reporting health-related information is in fact being used by the rightful owner, the researchers said access control and continuous authentication measures, such as building biometric sensors into a device, also are needed.
Additionally, while GPS technology can be used in mHealth to collect information about geo-exposures, movement patterns and other user data, even when GPS is turned off, there is a risk that remote sensor data could disclose an individual’s location and other private information – anonymizing data would help mitigate this risk, the researchers said.
Sign up for the Healthcare IT News Privacy & Security Update newsletter.
With 45 percent of Americans facing chronic disease, accounting for 75 percent of the annual $2.6 trillion spent in the U.S. on healthcare, and with many developed countries facing aging populations, mobile technology can serve as a powerful resource to help address these problems – presuming mHealth technology vendors, healthcare organizations and others in the field can meet privacy and security challenges unique to mHealth technologies, the academic researchers said.
To download a copy of the 30-page paper, click here. Professors Carl A. Gunter from the University of Illinois at Urbana-Champaign, Santosh Kumar from the University of Memphis, and Jonathan P. Weiner from Johns Hopkins University, served as co-authors of the paper with Kotz.