Skip to Content

‘Safe Data’ Strategies for Health Info on Mobile Devices

Consumer use of mobile technologies to stay healthy or manage a chronic health condition is increasing; likewise, an increasing number are using these technologies as a digital link to their doctors.  Yet, unlike health care providers who must follow federal privacy and security rules when using mobile technologies to share a patient’s health information, no such rules apply to consumers or their devices.

Building and maintaining consumer and patient trust in the use of mobile devices is key to delivering on the promise that these mobile tools can bring to improving patient care.  And a key to cultivating that trust is building basic security safeguards into those devices.
CDT teamed up with the law firm of Manatt, Phelps & Phillips LLP to develop “Strategies for Safeguarding Patient-Generated Health Information Created or Shared Through Mobile Devices.”The article was originally published in the Journal of Health Information Management (JHIM), vol. 26, no. 3, by the Health Information Management Systems Society. The paper comes from CDT and Manatt’s work with the Robert Wood Johnson Foundation’s Project HealthDesign, which is exploring patients’ use of personal health applications to promote better health decision-making by both patients and providers.

The paper discusses what factors should be considered when protecting patient-generated health information created on or shared through mobile devices, including:

•    The complexity and cost of the security measure;
•    The ability (or willingness) of the patient or consumer to deploy the security measure;
•    The effect the security measure will have on the health or health care management; and
•    The probability of potential risks to the information, and the potential consequences of a breach of information.

The paper also recommends specific strategies for securing information on patient mobile devices; such strategies include providing patients with clear information on privacy and security risks and providing them with technical tools to help them manage those risks.