Skip to main content
Log in

Privacy and Security in Mobile Health Apps: A Review and Recommendations

  • Mobile Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

In a world where the industry of mobile applications is continuously expanding and new health care apps and devices are created every day, it is important to take special care of the collection and treatment of users’ personal health information. However, the appropriate methods to do this are not usually taken into account by apps designers and insecure applications are released. This paper presents a study of security and privacy in mHealth, focusing on three parts: a study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation. This paper will complement other standards and certifications about security and privacy and will suppose a quick guide for apps designers, developers and researchers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Abbreviations

AES :

Advanced Encryption Standard

BSN :

Security and privacy in Body Sensor Network

BYOD :

Bring-Your-Own-Device

COPPA :

Children’s Online Privacy Protection Act

EHR :

Electronic Health Records

EU :

European Union

FTC :

Federal Trade Commission

HIMMS :

Healthcare Information and Management Systems Society

HIPAA :

Health Insurance Portability and Accountability Act

IMEI :

International Mobile Equipment Identity

IT :

Information Technology

NCVHS :

National Committee for Vital and Health Statistics

PHI :

Personal Health Information

PKI :

Public Key Infrastructure

RFID :

Radio Frequency Identification

RSA :

Rivest, Shamir and Adleman

SIM :

Subscriber Identity Module

TLS :

Transport Layer Security

USA :

United States of America

VPN :

Virtual Private Network

References

  1. El Khaddar, M. A., Harroud, H., Boulmalf, M., and Elkoutbi, M., Habbani A (2012) Emerging wireless technologies in e-health Trends, challenges, and framework design issues. International Conference on Multimedia Computing and Systems (ICMCS) 10–12:440–445, 2012. doi:10.1109/ICMCS.2012.6320276.

    Google Scholar 

  2. Lin, C. F., Mobile telemedicine: a survey study. J Med Syst 36(2):511–20, 2012. doi:10.1007/s10916-010-9496-x.

    Article  Google Scholar 

  3. Martínez-Pérez, B., de la Torre-Díez, I., and López-Coronado, M., Mobile Health Applications for the Most Prevalent Conditions by the World Health Organization: Review and Analysis. J Med Internet Res 15(6):e120, 2013. doi:10.2196/jmir.2600.

    Article  Google Scholar 

  4. Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., et al., A comprehensive survey of Wireless Body Area Networks. J Med Syst 36(3):1065–94, 2012. doi:10.1007/s10916-010-9571-3.

    Article  Google Scholar 

  5. Kumar, B., Singh, S. P., and Mohan, A., Emerging mobile communication technologies for health. International Conference on Computer and Communication Technology, ICCCT 17–19:828–832, 2010. doi:10.1109/ICCCT.2010.5640393. Allahabad.

    Google Scholar 

  6. Gupta, R., and Mitra, M., Wireless electrocardiogram transmission in ISM band: an approach towards telecardiology. J Med Syst 38(10):90, 2014. doi:10.1007/s10916-014-0090-5.

    Article  Google Scholar 

  7. Yan, H., Huo, H., Xu, Y., and Gidlund, M., Wireless sensor network based E-health system - implementation and experimental results. IEEE Transactions on Consumer Electronics 56(4):2288–2295, 2010. doi:10.1109/TCE.2010.5681102.

    Article  Google Scholar 

  8. Sinha, A., and Couderc, P., A framework for interacting smart objects. Lecture Notes in Computer Science 8121:72–83, 2013. doi:10.1007/978-3-642-40316-3_7.

    Article  Google Scholar 

  9. Touati, F., and Tabish, R., u-Healthcare system: state-of-the-art review and challenges. J Med Syst 37(3):9949, 2013. doi:10.1007/s10916-013-9949-0.

    Article  Google Scholar 

  10. Coleman, N., Mapping subscribers for better mobile networks. GEO: connexion 12(8):43–44, 2013.

    Google Scholar 

  11. Bert, F., Giacometti, M., Gualano, M. R., and Siliquini, R., Smartphones and health promotion: a review of the evidence. J Med Syst 38(1):9995, 2014. doi:10.1007/s10916-013-9995-7.

    Article  Google Scholar 

  12. Xiao, Z., and Camino, F. E., The fabrication of carbon nanotube field-effect transistors with semiconductors as the source and drain contact materials. Nanotechnology 20(13):135205, 2009. doi:10.1088/0957-4484/20/13/135205.

    Article  Google Scholar 

  13. Nakatani, K., New technology trends in touch panel sensing. Proceedings of the International Display Workshops 3:1842–1845, 2012.

    Google Scholar 

  14. Benfdila, A., Abbas, S., Izquierdo, R., Talmat, R., and Vaseashta, A., On the drain current saturation in carbon nanotube field effect transistors. Nano 5(3):161–165, 2010. doi:10.1142/S1793292010002062.

    Article  Google Scholar 

  15. Bremer, M., Kirsch, P., Klasen-Memmer, M., and Tarumi, K., The TV in your pocket: Development of liquid-crystal materials for the new millennium. Angew Chem Int Ed Engl 52(34):8880–8896, 2013. doi:10.1002/anie.201300903.

    Article  Google Scholar 

  16. ITU (2014) ICT Facts and Figures. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf (accessed 21 September 2014).

  17. Gartner (2013) Gartner Says Annual Smartphone Sales Surpassed Sales of Feature Phones for the First Time in 2013. http://www.gartner.com/newsroom/id/2665715 (accessed 21 September 2014).

  18. Jones C (2013) Apple and Google Continue to Gain US Smartphone Market Share. Forbes. http://www.forbes.com/sites/chuckjones/2013/01/04/apple-and-google-continue-to-gain-us-smartphone-market-share/ (accessed 21 September 2014).

  19. Canalys (2013) Top iOS and Android apps largely absent on Windows Phone and BlackBerry 10. http://www.canalys.com/newsroom/top-ios-and-android-apps-largely-absent-windows-phone-and-blackberry-10 (accessed 21 September 2014).

  20. Apple (2014) iTunes. http://www.apple.com/itunes/ (accessed 21 September 2014).

  21. Google (2014) Google play. https://play.google.com/store (accessed 21 September 2014).

  22. Rowinski D (2013) The Data Doesn’t Lie: iOS Apps Are Better Than Android. Readwrite Mobile. http://readwrite.com/2013/01/30/the-data-doesnt-lie-ios-apps-are-better-quality-than-android (accessed 21 September 2014).

  23. World Health Organization (2011) mHealth: New Horizons for Health through Mobile Technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). http://www.who.int/goe/publications/goe_mhealth_web.pdf (accessed 22 September 2014).

  24. Cohn SP, National Committee on Vital and Health Statistics (2006) Privacy and confidentiality in the nationwide health information network. http://www.ncvhs.hhs.gov/060622lt.htm (accessed 22 September 2014).

  25. HIMMS Analytics (2012) 2nd Annual HIMSS Mobile Technology Survey. http://www.himssanalytics.org/research/AssetDetail.aspx?pubid=81559&tid=131 (accessed 22 September 2014).

  26. Whipple, E. C., Allgood, K. L., and Larue, E. M., Third-year medical students’ knowledge of privacy and security issues concerning mobile devices. Med Teach 34(8):532–548, 2012. doi:10.3109/0142159X.2012.670319.

    Article  Google Scholar 

  27. The Wall Street Journal – Deloitte (2013) Security and Privacy in Mobile Health. http://deloitte.wsj.com/cio/2013/08/06/security-and-privacy-in-mobile-health/ (accessed 22 September 2014).

  28. Lindy Benton (2013) Marrying the BYOD phenomenon to HIPAA compliance. HIMMS. http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (accessed 22 September 2014).

  29. Vodafone Global Enterprise (2013) Evaluating mHealth Adoption Barriers: Privacy and Regulation – Protecting your patients privacy in a mobile world. http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation.pdf (accessed 22 September 2014).

  30. Hsu, C. L., Lee, M. R., and Su, C. H., The role of privacy protection in healthcare information systems adoption. J Med Sys 37(5):9966, 2013. doi:10.1007/s10916-013-9966-z.

    Article  Google Scholar 

  31. Rosenbaum, B. P., Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption. J Med Syst 38(3):19, 2014. doi:10.1007/s10916-014-0019-z.

    Article  Google Scholar 

  32. Green, H., Strategies for safeguarding security of mobile computing. Healthc Financ Manage 67(2):88–90, 2013. PMID: 23413675.

    Google Scholar 

  33. Gardazi SU, Shahid AA, Salimbene C (2012) HIPAA and QMS based architectural requirements to cope with the OCR audit program. Proceedings of 3rd FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing (MUSIC) 2012; pp. 246–253. DOI: 10.1109/MUSIC.2012.50.

  34. Luxton, D. D., Kayl, R. A., and Mishkind, M. C., mHealth data security: the need for HIPAA-compliant standardization. Telemedicine journal and e-health: the official journal of the American Telemedicine Association 18(4):284–288, 2012. PMID: 22400974.

    Article  Google Scholar 

  35. Yeh, C. K., Chen, H. M. B., and Lo, J. W., An authentication protocol for ubiquitous health monitoring systems. Journal of Medical and Biological Engineering 33(4):415–419, 2013. doi:10.5405/jmbe.1478.

    Article  Google Scholar 

  36. Ren, J., Wu, G., and Yao, L., A sensitive data aggregation scheme for body sensor networks based on data hiding. Personal and Ubiquitous Computing 17(7):1317–1329, 2013. doi:10.1007/s00779-012-0566-6.

    Article  Google Scholar 

  37. Li, X., Wen, Q., Li, W., Zhang, H., and Jin, Z., Secure privacy-preserving biometric authentication scheme for telecare medicine information systems. J Med Syst 38(11):139, 2014. doi:10.1007/s10916-014-0139-5.

    Article  Google Scholar 

  38. Chen CL, Yang TT, Chiang ML, Shih TF (2014) A privacy authentication scheme based on cloud for medical environment. J Med Syst;38(11):143. DOI: 10.1007/s10916-014-0143-9.

  39. Kim, J. T., Enhanced secure authentication for mobile RFID healthcare system in wireless sensor networks. Communications in Computer and Information Science 352:190–197, 2012. doi:10.1007/978-3-642-35603-2_28.

    Article  Google Scholar 

  40. ISO (2013) ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. http://www.iso27001security.com/html/27001.html (accessed 23 September 2014).

  41. Martínez-Pérez B, de la Torre-Díez I, López-Coronado M (2014) Comparison of Mobile Apps for the Leading Causes of Death Among Different Income Zones: A Review on Literature and Apps Stores. JMIR Mhealth Uhealth;2(1):e1. DOI: 10.2196/mhealth.2779.

  42. Martínez-Pérez B, de la Torre-Díez I, López-Coronado M, Sainz-de-Abajo B, Robles M, García-Gómez JM (2014) Mobile Clinical Decision Support Systems and Applications: A Literature and Commercial Review. J Med Syst;38(4). DOI: 10.1007/s10916-013-0004-y.

  43. Official Journal L (1995) DIRECTIVE 95/46/EC of the European Parliament and of the Council of 24 October 1995; P. 0031 – 0050.

  44. European Commission (2012) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM(2012) 11 final.

  45. Pub. L (1996) Health Insurance Portability and Accountability Act of 1996. No. 104–191, 110 Stat. 1936 (1996). 42 U.S.C. § 1320d-9.

  46. Federal Trade Commission Act. 15 U.S.C §45.

  47. FTC Staff Report (2013) Mobile Privacy Disclosures: Building Trust Through Transparency. http://www.ftc.gov/sites/default/files/documents/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission-staff-report/130201mobileprivacyreport.pdf (accessed 26 September 2014).

  48. Pub.L (1998) Children’s Online Privacy Protection Act of 1998 (COPPA). No. 105–277, 112 Stat. 1998. 15 U.S.C. § 6501–6506.

  49. Thomson Reuters Foundation (2013) Patient Privacy in a Mobile World. A Framework to Adress Privacy Law Issues in Mobile Health. http://www.mhealthalliance.org/images/content/trustlaw_connect_report.pdf (accessed 26 September 2014).

  50. Sorber J, Shin M, Peterson R, Cornelius C, Mare S, et al. (2012) An Amulet for trustworthy wearable mHealth. HotMobile - 13th Workshop on Mobile Computing Systems and Applications 2012;7. DOI: 10.1145/2162081.2162092.

  51. Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J Med Syst 36(6):3597–3604, 2012. doi:10.1007/s10916-012-9835-1.

    Article  Google Scholar 

  52. Sahoo, P. K., Efficient security mechanisms for mHealth applications using wireless body sensor networks. Sensors (Switzerland) 12(9):12606–12633, 2012. doi:10.3390/s120912606.

    Article  MathSciNet  Google Scholar 

  53. Shin M (2012) Secure remote health monitoring with unreliable mobile devices. Journal of Biomedicine and Biotechnology;546021. DOI: 10.1155/2012/546021.

  54. Fife, E., and Orjuela, J., The privacy calculus: Mobile apps and user perceptions of privacy and security. International Journal of Engineering Business Management 4(1):1–10, 2012. doi:10.5772/51645.

    Article  Google Scholar 

  55. Albrecht, U. V., Von Jan, U., and Pramann, O., Standard reporting for medical apps. Stud Health Technol Inform 190:201–203, 2013. PMID: 23823422.

    Google Scholar 

  56. Silva BM, Rodrigues JJ, Canelo F, Lopes IC, Zhou L (2013) A Data Encryption Solution for Mobile Health Apps in Cooperation Environments. J Med Internet Res;15(4):e66. DOI: 10.2196/jmir.2498.

Download references

Acknowledgments

This research has been partially supported by Ministerio de Economía y Competitividad, Spain.

Conflicts of interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Borja Martínez-Pérez.

Additional information

This article is part of the Topical Collection on Mobile Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Martínez-Pérez, B., de la Torre-Díez, I. & López-Coronado, M. Privacy and Security in Mobile Health Apps: A Review and Recommendations. J Med Syst 39, 181 (2015). https://doi.org/10.1007/s10916-014-0181-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-014-0181-3

Keywords

Navigation