Healthcare Information Security

Mobile News

mHealth privacy, security: More questions than answers

By Patrick Ouellette

- Accessibility to data through various mHealth applications creates some clear benefits for patients and providers – better accessibility and transparency, for example. But wading through the myriad mHealth privacy, confidentiality and security issues can prove to be difficult for healthcare organizations.

With that dilemma in mind, Lisa A. Gallagher, VP of Technology Solutions for HIMSS, and Hilary Wandall, VP and Compliance and Chief Privacy Officer of Merck & Co., Inc., mentioned a few of the different questions surrounding global mHealth privacy and security in a recent blog post on the Huffington Post.

- How do we enable patient control over the data they provide while using a mobile app?

- How do the smartphone device manufacturers, operating system and app developers meet their obligation to respect a person’s privacy interests and keep the data confidential?

- How are those patient privacy interests expressed as policy and implemented in technology?

- How do we understand the security posture of the popular smart phone and computing devices, communications mechanisms and user apps?

The authors offered a reminder that privacy shouldn’t be compromised in the interest of urgency, convenience or negligence and that policy makers and regulators have a lot on their plate when it comes to balancing those ever-changing areas of patient care. Add in vendors and global health organization, and one of the big issues remains the same when talking just about the United States: mHealth application technologies and their privacy and security protections generally aren’t uniform. For example, some organizations believe in only using corporate-owned devices that they can remote-wipe protected health information (PHI) the device at any time while others prefer a data “containerization” approach.

There are a number of different types of organizations with different strengths working on privacy and security policy frameworks that include mHealth guidance, such as the National Institute for Standards and Technology (NIST) or the Health Information Trust Alliance (HITRUST). Tying some of the fundamental mHealth principles together and agreeing at least on some strategies is a goal all parties involved should aim for.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks