I recently attended the MobCon Digital Health conference in downtown Minneapolis, which highlighted the healthcare hot topic: mobile digital health. The sessions I attended ranged from FDA representative Bakul Patel’s on FDA’s classification of mobile apps to PhysIQ and the Mayo Clinic’s combined talk about remote care platform opportunities and challenges.
While these sessions focused primarily on how personalized medicine is evolving to help treat individuals more quickly and cost effectively, mobile app security and privacy was consistently addressed as well—either as a planned topic or as a question from the audience. The common questions asked where, “Who owns the data?” “Who has access to the data?” and “How can patients protect themselves?”
These concerns are validated by the following eye-opening statistics:
One example of how digital health information may be abused is the story of Henrietta Lacks and her immortal cells. Henrietta’s cells were taken by a doctor without her consent and handed off to a lab where they were cultured. 50 years later, her cells are still being used, profiting individuals and companies, all without her consent. While digital health is not quite the same, this exemplifies how data can be used indefinitely.
Another way the personal data you submit through a mobile application can be used (without your consent) is to link your biologic information to a potential medical disease. This creates ethical issues similar to those of genetic testing and 23andme. For example, should genetic testing results be communicated to you? If so, how should it be presented? What if you didn’t want to know if you were trending towards something that may not happen?
One start-up firm at the conference stated thirty percent of their technology budget was targeted at security and privacy. This is far more cost effective than addressing it later. This particular startup views security as the next barrier to entry in the market. They are planning for security to be a competitive advantage that will keep competitors away from their market share.
Security as an enabler of digital health is the approach we should all be taking. This will benefit patients as well as those companies providing products and services for patient care.
Dan Lyon is a principal consultant at Synopsys. As the Embedded Security practice lead, he provides unique security solutions on many different critical systems in a variety of industries, including automotive, government identity, financial, industrial control, medical device, pharmaceutical, and healthcare. Dan has contributed to AAMI’s Medical Device Security working group, IEEE’s Building Code for Medical Device Software Security, and the Archimedes Center for Medical Device Security. Dan holds BA degrees in Mathematics and Computer Science from Luther College, five active certifications through GIAC, and frequently contributes to articles on Internet of Things security.