Security uncertainties surrounding mobile devices and applications are a primary reason preventing mobile health (mHealth) from becoming a larger part of patient monitoring. A project funded by the National Science Foundation plans to improve overall mHealth security by assessing the data protections given to health apps and those enforced by hospitals’ health IT departments.
The ongoing five-year, $10 million project is called “Trustworthy Health and Wellness” (THaW). The THaW team includes experts in the behavioral health, health policy and health IT fields. It has done three mHealth security studies on health apps and concluded that some apps leave sensitive data prone to hacks and also transfer information over the Internet in unsafe manners. “These new technologies, whether in the form of software for smartphones or specialized devices to be worn, may also pose risks if they are not designed or configured with security and privacy in mind,” David Kotz, a principal investigator for THaW and a computer science professor at Dartmouth College, said in a National Science Foundation release.
Research from THaW also singled out clinician workstations as potential weak points in hospitals’ IT security. Clinicians that log in to workstations must remember to sign out of their accounts when they’ve finished inputting patient information, or else they’ll leave that information accessible to unauthorized parties.
At this year’s mHealth + Telehealth World Congress, a lawyer and health system CIO shared their opinions that mobile security in healthcare isn’t as advanced as it is in other industries. Patients and healthcare professionals excited by the communication and health tracking possibilities available through mHealth devices should be cautious of the fact that connecting a device and sharing health information over the Internet could expose their data.
Hacking and selling a patient’s health record is profitable and desirable from a criminal perspective because health records contain more information than is yielded during a standard identity theft. Healthcare cybercrime and breaches of providers’ networks are now happening daily. That’s often enough that the phenomenon has the FBI’s attention and was a topic of discussion at major health IT conferences, such as HIMSS 2015.