Healthcare Data Protection | A Vulnerable Fitbit Generation

With smartphones and other data collecting devices, users may be able to decline to share much of their information, but it is inevitable that certain apps and database will hold information about you if you are an avid smartphone user – whether you know it or not! Whether you use autofill to save and reuse your information to quickly fill in forms (i.e., your name and date of birth), or even your credit card details, or if you fill out a profile on a social networking site, you have given up a significant degree of anonymity.

The most extensive source of data regarding a person’s health is their smartphone. While this can be useful if you fall ill as a healthcare professional or a person who has come to your aid can quickly access your smartphone if it is not password protected and find health details through systems like Apple’s Health app and CapzulePHP (an app that holds details regarding fitness, medication and more). In CapzulePHP access to emergency information can be obtained when a device is password-protected via QR code and text forms.

Despite the usefulness and benefits of health apps, Privacy Rights Clearinghouse carried out a thorough study of more than forty mobile health, which revealed considerable privacy risks for users of the apps. Unbeknownst to the individuals using the apps to store and analyse their personal health details, the information appeared to be unencrypted, precarious and used by the developers of the apps as well as third parties.

Privacy violations of health and fitness apps are by no means unheard of. In fact, in 2011 Fitbit mistakenly publicly revealed statistics of users’ sexual habits. Although this controversy was undoubtedly the result of mishandling information or a complete accident, it is a reminder to users of such technology and apps to be more vigilant in their consideration of what they share. Of course, it is a well-known fact that the majority of people do not make the time to read the terms and conditions of apps, and although it should perhaps be the responsibility of the user to do so, more accessible and concise tick box style questions to confirm consent could be a better alternative. Even then, in their study of health apps, Privacy Rights Clearinghouse found that only 43% of apps included a privacy policy.

In an effort to protect more people from theft of their health data, programs have been instigated to approve health apps for safe use and disapprove others. An example of this is the UK’s NHS Health Apps Library, which consists of a  carefully curated list of apps. Registered apps go through a process of evaluation to determine their clinical safety and how well they comply with data protection regulations. To feature in the list, app developers must disclose all data transmissions and register with the UK’s Information Commissioner’s Office (the enforcing body of the Data Protection Act).

When apps that hold your medical details are hacked, the risk could be enormous. With the hacking of the NHS in May 2017, it is clear that healthcare information is seen as very valuable to the medical world as well as the hackers themselves. The motive behind the NHS ramsonware attack appeared to be financial, and with access to personal health details, it is possible hacker could find information that some people would not like the public to know about and hackers could use this more blackmail.

Healthcare technology, devices and apps help people to understand themselves from within- allowing them to adjust medication and exercise accordingly. Although the use of advanced wireless IoT devices that collect health information are yet to have widespread use, there are several on the market that could also raise cybersecurity concerns. There are IoT blood pressure devices that test the user’s blood pressure through an armband and then wirelessly connect to an app in order to store the health data. For example, a blood pressure device called the QardioArm uses Bluetooth to connect its monitor (to be attached to the upper arm) to a smartphone or tablet, which then records the results, such as pulse rate, to be automatically synced with the app. The results can then be sent the to a GP. The technology is incredible and gives users real insight into their well-being and health, but if a device such as this was not carefully protected from malware and hacking, in-depth and revealing information regarding your medical conditions and health should be accessed by the wrong people.

For users of healthcare apps and devices, it is important to know whether the particular devices or apps you are using are compliant with data protection laws. For developers of healthcare apps and devices, cybersecurity must be taken seriously and upheld in order to protect the consumer as well as protecting the reputation of their app and/or device. Healthcare providers must also look into the apps and devices they are adopting for use with patients in order to ensure the security of data collected. Essentially, from developer to user, everyone must be vigilant about data protection.

+ posts

CIF Presents TWF – Professor Sue Black


Related articles

How Businesses Should Tackle Big Data Challenges

In today's data-driven landscape, Big Data plays a pivotal...

UK IP Benefits and How to Get One

There are many reasons why you may get a...

Navigating the Landscape of AI Adoption in Business

In today's rapidly evolving technological landscape, the integration of...

Three Ways to Strengthen API Security

APIs (Application Programming Interfaces) are a critical driver of...

A Comprehensive Guide To The Cloud Native Database [2024]

Databases are crucial for storing and managing important information....

Subscribe to our Newsletter