Mobile healthcare require data security, privacy balance

Security and privacy concerns over patient data legitimate, but industry needs to adopt balanced view by defining importance of information and avoid being overly "paranoid", execs state.

COMMUNICASIA, SINGAPORE--The mobile healthcare industry has to address the inevitable issues of security and privacy of patients' medical data, but it needs to do it in a balanced manner and not become unnecessarily "paranoid", according to industry players.

Dr. Mahendran Maliapen, director of National University Health System's academic informatics office, stressed the importance of security over data delivered or access via mobile devices. He noted that while cloud computing has made it more convenient for healthcare and patients to leverage mobile health technologies, there must also be governance and compliance regulations in place to safeguard their anonymity.

Maliapen was speaking at the Mobile Health Strategies forum during the CommunicAsia tradeshow here Thursday.

Since the smartphone is a consumer device, other users with access to the healthcare worker's device may unwittingly access certain medical data that patients may not be comfortable with, the director explained.

Dr. K Ganapathy, president of Apollo Telemedicine Networking Foundation in India, had a different view though, saying the m-health space might be getting "paranoid about security".

Information such as a patient's blood pressure and sugar levels are not like credit card transactions, he said during a separate session on Thursday, questioning the need for healthcare practitioners to go through 2 to 6 levels of verification and authentication to access data or health records. "Who is interested in [knowing] my blood pressure?"

Ong Leong Seng, chief architect & director at Integrated Health Information Systems (IHIS), took the middle ground. He said that there ought to be "a balance in defining" the confidentiality and and privacy of medical data--something the overall mobile health industry has yet to grasp.

For instance, results gotten from patient monitoring during chronic disease management such as blood sugar levels for diabetes are not as sensitive as other test results such as the human immunodeficiency virus (HIV) for AIDS (acquired immune deficiency syndrome), he noted in another forum on Thursday.

Still, patients may have differing levels of tolerance on what kind of data can be accessed and by whom, so getting their consent is key, Ong said. "If some patients say no, there should be proper controls and standards in place [to ensure compliance] for that group," he added.

The IHIS director also noted the challenges in deploying mobile health-related apps to both company-owned devices and personal smartphones or tablets. One risk would be the app could become a "backdoor" into the organization's corporate network, while another could be the loss of sensitive data stored on employees' personal devices should these be stolen or misplaced, he elaborated.

To mitigate this, companies should put in place various steps and measures ranging from device encryption and firewalls to imposing a maximum number of failed user logins, Ong suggested.