mHealth Data Security, Privacy, and Confidentiality: Guidelines for Program Implementers and Policymakers
ms-17-125a.pdf — PDF document, 1,573 kB (1,611,282 bytes)
Author(s): Lauren Spigel, Samuel Wambugu, Christina Villella
Year: 2018
Abstract:These guidelines are intended to strengthen national health information systems (HIS), by providing a tool to guide decisions on security, privacy, and confidentiality of personal health information collected and managed using mobile devices.
mHealth technology comprises many layers that can affect data security, privacy, and confidentiality throughout the data life cycle. These layers include national and organizational policy; technology used in data collection, management, storage, and use; as well as user behavior. Each layer requires careful analysis to identify and protect potential vulnerabilities. The sensitivity of health data requires that the developers of mobile apps for health should build systems that have a secure back-end database; keep minimal or no personal health information data on the device; and ensure that the hardware, software, and communication channels between the device and other systems are secure.
These guidelines are meant to help mHealth program managers and ministry of health officials systematically address mHealth data privacy and security issues. For each of the layers of technology, these guidelines explore common vulnerabilities and propose ways to proactively address them to reduce possibilities of data breaches.
The guidelines also address overarching topics, such as national data leadership and governance, user behavior, and training. Other topics are technology-specific, such as mobile devices (hardware), operating systems, applications, networks, and data storage.
Access an accompanying checklist.