Robert Wood Johnson’s Project HealthDesign is exploring a vision of personal health records as tools for improved health decision-making by both patients and providers. In the latest phase, researchers are providing patients with smartphones to aggregate and send observations of daily living to healthcare providers, providing a richer picture of a patient’s day-to-day health status. Patients’ use of mobile devices to generate and communicate health information subjects this information to unique security risks for which solutions have not yet been discussed.
When healthcare providers handle electronic, identifiable health information, they are subject to the HIPAA Security Rule. But HIPAA regulates providers, not patients.
This paper discusses the factors that should be considered when protecting patient-generated health information created on or shared through mobile devices. It also recommends strategies for securing patient health information on mobile devices and implementing technical safeguards to ensure general device security.