Call to improve mHealth data protection
- 15 June 2015
Greater efforts must be made to protect patient data collected by mobile devices, according to Europe’s data guardian.
European data protection supervisor Giovanni Buttarelli says mobile health has “great potential for improving healthcare and the lives of individuals”, but that both app designers and legislators should do more to enhance data security in the “complicated” market.
In an opinion piece published at the end of last month, Buttarelli splits mobile health into two categories; medical tools for physicians to support healthcare; and wellness tools for the general public.
It is the latter category that is most important for the data protection supervisor, who says that although there is a high level of protection for information about health, there is a lack of clarity on what actually constitutes health information in practice when it comes to the wellness market.
“Today, the division between information about our health and information about the rest of our digital lives is disappearing,” says Buttarelli.
“We can put a lot of trust in technology companies to do the right thing with our personal information and to make our lives easier. But we need to have a critical debate about the uses of our personal information that are and are not acceptable to us and encourage developers to prioritise consumer trust over short term gains.”
The opinion piece says that the rise of ‘big data’ and the ‘internet of things’ has contributed to a reduction in user control over personal information, partly due to the “huge unbalance” between the limited information available to the public and the extensive information available to companies in the area.
To combat this, Buttarelli provides several recommendations, including a responsibility for the EU legislator to ensure accountability and allocation of responsibility for organisations involved in the design, supply and functioning of mobile health apps.
Buttarelli also recommends that organisations should design devices and apps that provide transparency when informing users of the data that will be processed. Apps and devices should also avoid collecting more data than is needed to perform the expected function.
Further recommendations include for the mobile health industry to only use big data in circumstances that are beneficial to the individual, while legislators should develop building blocks and tools to support developers to improve the role of privacy in the design of tools.
Law firm CMS commented on the opinion, saying it stresses that, “legitimate concerns exist in relation to the security of individuals’ personal health data”.
“It highlights the need for a multi-faceted approach to safeguarding individuals’ personal data, by means of enhanced regulation as well as encouraging the responsible participation of mHealth stakeholders, ensuring at the same time that progress in this important area is not unduly stifled.”
The market for connected devices is rapidly growing, with Cisco predicting 50 billion to be in use by 2020.
Healthcare is expected to be one of the main areas of growth for these devices, with a Cisco report suggesting the UK market for the IOT will be worth £48.5 billion over the next decade, led by tools to support chronic disease management and to prevent lifestyle-related diseases.