DOCSLIB.ORG

Assessment of the EU Member States' Rules on Health Data in the Light

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Assessment of the EU Member States' Rules on Health Data in the Light DG Health and Food Safety Assessment of the EU Member States’ rules on health data in the light of GDPR Specific Contract No SC 2019 70 02 in the context of the Single Framework Contract Chafea/2018/Health/03 Health and Food Safety Further information on the Health and Food Safety Directorate-General is available on the internet at: http://ec.europa.eu/dgs/health_food-safety/index_en.htm The European Commission is not liable for any consequence stemming from the reuse of this publication. Luxembourg: Publications Office of the European Union, 2021 © European Union, 2021 Reuse is authorised provided the source is acknowledged. The reuse policy of European Commission documents is regulated by Decision 2011/833/EU (OJ L 330, 14.12.2011, p. 39). PDF ISBN 978-92-9478-785-9 doi:10.2818/546193 EB-01-21-045-EN-N EUROPEAN COMMISSION Assessment of the EU Member States’ rules on health data in the light of GDPR Specific Contract No SC 2019 70 02 in the context of the Single Framework Contract Chafea/2018/Health/03 Written by Johan Hansen1, Petra Wilson2, Eline Verhoeven1, Madelon Kroneman1, Mary Kirwan3, Robert Verheij1,4, Evert-Ben van Veen5 (on behalf of the EUHealthSupport consortium) 1 Nivel, Netherlands institute for health services research, 2 Health Connect Partners, 3 Royal College of Surgeons in Ireland, 4 Tilburg University, 5 MLC Foundation Contributors: Peter Achterberg, Jeroen Kusters, Laura Schackmann (main report), Isabelle Andoulsi, Petronille Bogaert, Herman van Oyen, Melissa Van Bossuyt, Beert Vanden Eynde, Marie- Eve Lerat (BE), Martin Mirchev (BG), Radek Halouzka (CZ), Mette Hartlev, Klaus Hoeyer (DK), Fruzsina Molnár-Gábor (DE), Priit Koovit (EE), Olga Tzortzatou, Spyridoula Spatha (EL), Pilar Nicolás, Iñigo de Miguel Beriain, Enrique Bernal Delgado, Ramón Launa (ES), Gauthier Chassang, Emmanuelle Rial-Sebagg (FR), Damir Ivanković, Ivana Pinter (HR), Luca Marelli, Edoardo Priori (IT), George Samoutis, Neophytos Stylianou (CY), Santa Slokenberga, Agnese Gusarova (LV), Laura Miščikienė, Lukas Galkus (LT), László Bencze (HU), Philip Mifsud, Philip Formosa (MT), Dorota Krekora (PL), Alexander Degelsegger- Márquez, Anna Gruböck, Claudia Habl, Kathrin Trunner (AT), Cátia Sousa Pinto, Joana Luís and Diogo Martins (PT), Daniel-Mihail Sandru (RO), Metka Zaletel, Tit Albreht (SI), Peter Kováč (SK), Jarkko Reittu (FI), Lotta Wendel (SE), Edward Dove (UK) 3 Consumers, Health, Agriculture and Food Executive Agency Third EU Health Programme 2021 EN EUROPEAN COMMISSION This report was produced in the framework of the EU Health Programme 2014- 2020 under a service contract with the Consumers, Health, Agriculture and Food Executive Agency (Chafea), acting under a mandate from the European Commission. The information and views set out in this report are those of the author(s) and do not necessarily reflect the official opinion of Chafea or of the Commission. Neither Chafea nor the Commission guarantee the accuracy of the data included in this report. Neither Chafea, the Commission, nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein. Les informations et points de vue exposés dans le présent rapport n’engagent que leur(s) auteur(s) et ne sauraient pas être assimilés à une position officielle de la Chafea/Commission. Chafea / la Commission ne garantissent pas l'exactitude des données figurant dans le présent rapport. Ni Chafea, ni la Commission, ni aucune personne agissant en leur nom n'est responsable de l’usage qui pourrait être fait des informations contenues dans le présent texte. EUROPEAN COMMISSION Consumers, Health, Agriculture and Food Executive Agency Unit: Health Unit Contact: Marilena Di Stasi E-mail: [email protected] European Commission B-1049 Brussels 4 Consumers, Health, Agriculture and Food Executive Agency Third EU Health Programme 2021 EN Assessment of the EU Member States’ rules on health data in the light of GDPR CONTENT EXECUTIVE SUMMARY ..................................................................................... 9 1. INTRODUCTION ..................................................................................... 11 1.1. Data for sustainable health care ...................................................... 11 1.2. Context ........................................................................................ 12 1.3. Scope of the study ......................................................................... 13 1.3.1. GDPR as starting point ........................................................ 13 1.3.2. Types of health data use ..................................................... 14 1.3.3. Legal aspects of different types of data ................................. 15 1.3.4. Reading guidance ............................................................... 16 2. METHODOLOGY ..................................................................................... 17 2.1. Introduction .................................................................................. 17 2.2. Literature review ........................................................................... 17 2.3. Mapping and legal analysis at national level ....................................... 17 2.4. In-depth case studies of governance models ..................................... 18 2.5. Workshops ................................................................................... 19 2.6. Stakeholder survey ........................................................................ 20 2.6.1. Types of stakeholders approached ........................................ 21 2.7. Guidance on how to read and interpret this report .............................. 22 3. LEGAL FRAMEWORK FOR PATIENT CARE ................................................... 23 3.1. Introduction .................................................................................. 23 3.1.2 The legal base for data processing for Function 1 ....................... 24 3.1.3 Choosing legal bases ............................................................. 26 3.2. Legal bases used to legitimate processing of health data for Function 1 - care provision ............................................................................. 27 3.2.1. Health data processing by the data controller who is intending to provide care .................................................................. 28 3.2.2. Sharing health data for the purposes of providing care to the data subject ...................................................................... 30 3.3. Data processing in the context of the use of digital health solutions ...... 34 3.4. Practical and organisational aspects of data use for care provision ........ 37 3.5. Interoperability, security and data quality in the context of care provision ...................................................................................... 38 3.6. Concluding remarks ....................................................................... 40 4. FRAMEWORK FOR SECONDARY USE OF HEALTH DATA FOR PUBLIC HEALTH PURPOSES ............................................................................................ 42 4.1. Introduction .................................................................................. 42 4.2. Management of the health care system ............................................ 42 4.2.1. Health data sharing with public bodies .................................. 44 4.2.2. Health data sharing with insurers ......................................... 45 4.3. Market approval of medicines and devices ......................................... 46 4.4. Pharmacovigilance and medical device safety monitoring .................... 48 4.5. Public health threats ...................................................................... 50 4.6. Disease registries .......................................................................... 52 4.7. Stakeholder views concerning processing of health data for public health purposes ............................................................................ 53 2021 EN Assessment of the EU Member States’ rules on health data in the light of GDPR 4.8. Concluding remarks ....................................................................... 55 5. SECONDARY USE OF HEALTH DATA FOR SCIENTIFIC OR HISTORICAL RESEARCH ............................................................................................ 57 5.1. Introduction: defining function 3 and the legal basis for secondary use of health data for scientific research ................................................. 57 5.1.1. Legal basis for processing -function 3- research ...................... 57 5.1.2. Lawful bases and safeguards ............................................... 58 5.2. Survey findings: legal bases used to legitimate processing of health data for Function 3 - Research ......................................................... 59 5.2.1. Introduction to findings ....................................................... 59 5.2.2. Findings - sectoral legislation or authoritative guidance further specifying the application of article 9(2)(j) in the context of health research .................................................................. 60 5.2.3. Findings - specific legislation and legal bases used for research by third-party researchers in public and non-public organisations ..................................................................... 69 5.2.4. Specific legislation and legal bases used for research on genetic data .........................................................................
Load more

Recommended publications
  • Public Health Informatics Profile Toolkit
    Public Health Informatics Profile Toolkit Developing a Public Health Informatics Profile: A Toolkit for State and Local Health Departments to Assess their Informatics Capacity Developed By: The Minnesota Department of Health Supported by: The Public Health Informatics Institute & The Robert Wood Johnson Foundation Public Health Informatics Profile Toolkit Acknowledgements Developing a Public Health Informatics Profile: a Toolkit for State and Local Health Departments to Assess their Informatics Capacity The project was supported by the Robert Wood Johnson Foundation through an InformationLinks Grant to the Public Health Informatics Institute. The initial project (the Public Health Informatics Profile Assessment) was also funded by Robert Wood Johnson Foundation through their Common Ground grant program. The authors of the Public Health Informatics Toolkit wish to thank the many members of the Minnesota Department of Health for their time, their expertise, and for their contributions to the original Public Health Informatics Profile Assessment. Jennifer Ellsworth Fritz, Priya Rajamani, Martin LaVenture Minnesota Department of Health Principal Developers Bill Brand, Debra Robic Public Health Informatics Institute Editorial Reviewers For More Information Public Health Informatics Institute Visit www.phii.org Call toll-free (866)815-9704 E-mail [email protected] Minnesota Department of Health Visit www.health.state.mn.us/ehealth Call Priya Rajamani @ 651-201-4119 E-mail [email protected] Call Jennifer Ellsworth Fritz @ 651-201-3662 E-mail
    [Show full text]
  • Benefits and Barriers for Adoption of Personal Health Records Brittany Vance Marshall University, [email protected]
    Marshall University Marshall Digital Scholar Management Faculty Research Management, Marketing and MIS Spring 3-2015 Benefits and Barriers for Adoption of Personal Health Records Brittany Vance Marshall University, [email protected] Brent Tomblin Marshall University, [email protected] Jena Studney Marshall University Alberto Coustasse Marshall University, [email protected] Follow this and additional works at: http://mds.marshall.edu/mgmt_faculty Part of the Health and Medical Administration Commons, Health Information Technology Commons, and the Management Information Systems Commons Recommended Citation Vance, B., Tomblin, B., Studeny, J., & Coustasse A., (2015, March). Benefits nda barriers for adoption of personal health records. Paper presented at the 2015 Business and Health Administration Association Annual Conference, at the 51st Annual Midwest Business Administration Association International Conference, Chicago, IL. This Article is brought to you for free and open access by the Management, Marketing and MIS at Marshall Digital Scholar. It has been accepted for inclusion in Management Faculty Research by an authorized administrator of Marshall Digital Scholar. For more information, please contact [email protected]. BENEFITS AND BARRIERS FOR ADOPTION OF PERSONAL HEALTH RECORDS Brittany Vance, MS Alumni College of Business Marshall University Graduate College 100 Angus E. Peyton Drive South Charleston, WV 25303 Brent Tomblin, MS Alumni College of Business Marshall University Graduate College 100 Angus E. Peyton Drive South Charleston, WV 25303 Jana Studeny, RN-BC, MSHI, Alumni Healthcare Informatics Program College of Health Professions Marshall University One John Marshall Drive Huntington, WV 25755 [email protected] Alberto Coustasse, DrPH, MD, MBA, MPH – CONTACT AUTHOR Associate Professor College of Business Marshall University Graduate College 100 Angus E.
    [Show full text]
  • Health Data As a Global Public Good
    Health Data Governance Summit Pre-read: Health Data as a Global Public Good 30 June 2021 Global public goods Health Data Governance Summit Pre-read: Health Data as a Global Public Good Health data as a global public good The ODI has been working with WHO for the past month, holding discussions with 23 stakeholders and analysing 56 documents "Starkly and powerfully, the COVID-19 pandemic illustrates how critical "Despite progress in recent years, high-quality data are not routinely data use, with a human face, is to protecting lives & livelihoods. The collected in all settings, major health challenges are not adequately crisis is a wake-up call. We must accelerate a shift in our data and monitored, and effective interventions are not directed to the right analytics abilities: To respond to COVID-19 and build back better, to people, at the right time and at the right place. This impacts policies drive the Decade of Action for the SDGs, to amplify climate action, to and programmes and consequently, the health of entire populations. promote gender equality, to protect human rights, to advance peace Similarly, in order to meet the shared SDG commitment to “leave no-one and security, and to accelerate UN Reform – for greater impact on the behind”, we need disaggregated data to ensure equitable health ground." outcomes. This means we must strengthen comprehensive data systems, UN Secretary-General collaborate with other sectors, and apply innovative digital technologies to collect, analyse and use data to make informed decisions and deliver impact." WHO Director-General 2 Global public goods Health Data Governance Summit Pre-read: Health Data as a Global Public Good What are global public goods? "Global public goods are goods… whose benefits cross borders and are global in scope." - WHO Bulletin 2003 In traditional economic terms, public goods are have two key attributes: "Global public goods (GPGs) provide benefits to people in both rich and ● They are non-exclusionary: No one can be excluded from using poor countries.
    [Show full text]
  • Big Data in Health Care
    A Series by 2016 From predicting disease and identifying targeted therapies and cures, to improving our overall quality of life, big data is transforming the way health care decisions are made and care is delivered. Big Data in Health Care is a recently published series of articles that brings you the stories behind the research and celebrates researchers and organizations for their commitment to improving health care. Please accept this complimentary copy as our way of thanking you for your commitment to advancing medicine and improving patients’ lives. founding sponsor co-sponsor www.RealWorldHealthCare.org CONTENTS Big Data in Health Care Is Big Data Good for our Health? You Bet. Here’s Why. 3 Speaking with Dr. Phillip Bourne, National Institutes of Health. 8 Speaking with Dr. Hallie Prescott . 11 Closing the Healthcare Gap: The Critical Role of Non-Identified Information . 14 Real World Health Care Interview with Dr. Bonnie Westra. 17 Big Data Declares a War on Cancer . 21 Speaking with Dr. Clifford Hudis. 25 Is Big Data Good for our Health? You Bet. Here’s Why. By Cameron Warren and Merav Yuravlivker The term “Big Data” is increasingly used in our everyday lives. But each mention of it means something different, unique to what we use it for and how we interact with it. Big Data is not information. It’s the raw resource that people can use to discover new insights. Just as raw crude needs to be refined to run a car, Big Data needs to be refined to provide useful insights. In 2001, Doug Laney, who currently works for the analyst firm Gartner, defined this raw resource in terms of its three ubiquitous attributes, “the 3 V’s” – Volume, Velocity, and Variety.
    [Show full text]
  • Get the Facts About Telehealth
    Get the Facts About Telehealth The COVID-19 pandemic has demonstrated that telehealth is a viable option for providing convenient, accessible and seamless care for patients. Myth #1: FACT: Data shows older patients are very comfortable with telehealth. Telehealth is In a survey conducted by Sutter Health, disease. More than 20% of Tera patients less feasible 52% of people aged 65 and older are aged 65 and above, allowing us reported having used telehealth during to quickly learn that telemedicine is for senior the pandemic and 93% of these patients welcome across any age range, disease citizens. reported having a positive experience. state and socioeconomic group. The key In addition, Sutter’s Tera Practice, factor for acceptance came down to a virtual-first medical practice that individuals experiencing firsthand Tera’s offers a whole ecosystem of healthcare convenience and responsiveness, and the support, has purposefully enrolled rapport they were able to build with their seniors who have at least one chronic personal care team virtually. OF SENIORS WHO USED TELEHEALTH 93% REPORTED A POSITIVE EXPERIENCE FACT: While more work needs to be done, Myth #2: telehealth is already improving critical access to care in rural and underserved communities. Telehealth Additional investments in technology, broadband and access are will amplify necessary to prevent the deepening of inequities and ensuring health widespread availability. Providers and policymakers must continue to work together to ensure the benefits of virtual care extend to our inequities. most vulnerable patients and that no community is left behind. Sutter serves millions of Medi-Cal patients in Northern California so this is a priority for our system.
    [Show full text]
  • Perspectives on the Future of Personal Health Records
    Perspectives on the Future of Personal Health Records June 2007 Perspectives on the Future of Personal Health Records Prepared for California HealthCare Foundation by Christopher J. Gearon Contributing Writers Michael Barrett, J.D. Patricia Flatley Brennan, R.N., Ph.D. David Kibbe, M.D., M.B.A. David Lansky, Ph.D. Jeremy Nobel, M.D., M.P.H. Daniel Sands, M.D., M.P.H. June 2007 About the Author Christopher J. Gearon is a freelance health and business writer in Silver Spring, Maryland. About the Foundation The California HealthCare Foundation, based in Oakland, is an independent philanthropy committed to improving California’s health care delivery and financing systems. Formed in 1996, our goal is to ensure that all Californians have access to affordable, quality health care. For more information about CHCF, visit us online at www.chcf.org. ISBN 1-933795-28-X ©2007 California HealthCare Foundation Contents 2 I Introduction 3 II. Background The PHR Market Business Models 6 III. Six Perspectives The Big-Picture Perspective The Consumer Perspective The Physician Perspective The Clinical Technology Perspective The Employer Perspective The Public Health Perspective 25 Endnotes I. Introduction The Internet and other information technologies have transformed American life in the last decade, empowering consumers and the way they work, bank, shop, and travel. However, a similar, long-anticipated transformation in health care has been elusive. Recent interest in a new kind of computerized medical record designed for consumers rather than health care providers could help speed this transformation. As a patient-centric hub of information and tools, personal health records (PHRs) have the potential to make the delivery of health care services more efficient and accessible, less costly, and safer.
    [Show full text]
  • Security and Privacy for Mhealth and Uhealth Systems: a Systematic Mapping Study
    Preprint submitted to IEEE Access. Date of current version June 22, 2020. Digital Object Identifier 10.1109/ACCESS.2017.DOI Security and Privacy for mHealth and uHealth Systems: a Systematic Mapping Study LEONARDO HORN IWAYA1,2, AAKASH AHMAD3, AND M. ALI BABAR.1,2 1Centre for Research on Engineering Software Technologies, The University of Adelaide, Adelaide, SA, Australia 2Cyber Security Cooperative Research Centre (CSCRC), Australia 3College of Computer Science and Engineering, University of Ha’il, Saudi Arabia Corresponding author: Leonardo Horn Iwaya (e-mail: [email protected]). The work has been supported by the Cyber Security Cooperative Research Centre (CSCRC) whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme. ABSTRACT An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research and (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation.
    [Show full text]
  • Ehealth Exchange Is One of the Largest Public-Private Health Information Networks in America
    The Unique Value Proposition of a Health Data Exchange that Works with the Healthcare Industry and the Government The Sequoia Project’s Role As a non-profit with a public mission, Sequoia is a trusted, independent convener of industry and government. Works to address the challenges of secure, interoperable nationwide health information exchange (HIE). SECURE INTEROPERABLE NATIONWIDE 2 ©2018 Copyright The Sequoia Project. All rights reserved. The Sequoia Project Initiatives The Sequoia Project’s • Mission independent initiatives • Governance • Membership each have their own: • Structure The Sequoia Project is an ideal home for projects that require a collaborative environment where multiple parties with differing perspectives can work together. 3 ©2016©2018 Copyright The Sequoia Project. All rights reserved. Current Sequoia Project Initiatives The eHealth Exchange is one of the largest public-private health information networks in America. Carequality is a national-level interoperability framework and common agreement to link all health information networks RSNA Image Share Validation Program is an interoperability testing program to enable seamless sharing of medical images. PULSE is a system which enables disaster healthcare volunteers to treat individuals displaced by disasters 4 © 2018 The Sequoia Project. All Rights Reserved. What is the The eHealth Exchange is a health data sharing network. It is one of many that exist throughout the United States It provides a common set of standards, legal agreements and a governance framework that sets the But don’t be fooled. groundwork for participants The eHealth Exchange to securely share health data is no ordinary network…. 5 ©2018 Copyright The Sequoia Project. All rights reserved.
    [Show full text]
  • Using Data to Reduce Health Disparities and Improve Health Equity
    Hospitals and health systems are looking at Using Data to Reduce ways to use data to leverage new capabilities to improve health outcomes for patients Health Disparities and and their communities Improve Health Equity MARKETINSIGHTS 2 Executive Summary Using Data to Reduce Health Disparities & Improve Health Equity The COVID-19 outbreak in the U.S. has shown the country what all hospital and health systems leaders have known for years: Serious gaps exist in access, cost and quality for patients based on their race, ethnic- ity, gender and gender identity, age, sexual orientation or other demographic and socio-economic factors. Hospitals and health systems have the opportunity to use data to identify disparities in outcomes which are the result of inequities and societal factors that influence health. ExploreAHA’s Societal Factors that Influ- ence Health: A Framework for Hospitals for insights into how hospitals can address social needs, social determinants and COVID-19 hospitalization by race/ethnicity the systemic causes of health inequities. Data-related resources This graphic shows the rate of laboratory-confirmed Hospitals and health systems can apply the data they have available from the COVID-19-associated hospitalizations in the US from March 1 to drive their strategy to advance health equity. They can also AHA Center for Health to December 28, 2020. A systemic review examining the role use insights culled from data to identify health care dispari- Innovation and IFDHE of race in hospitalization and death due to COVID-19 in the ties, find the root causes and craft targeted interventions to Annals of Internal Medicine (Dec.
    [Show full text]
  • Capturing High Quality Electronic Health Records Data to Support Performance Improvement a Learning Guide
    Capturing High Quality Electronic Health Records Data to Support Performance Improvement A Learning Guide Presenting lessons learned by the 17 Beacon Community Awardees of the Office of the National Coordinator for Health Information Technology in the U.S. Department of Health and Human Services July 2013 The Beacon Community Cooperative Agreement Program demonstrates how health information technology (health IT) investments and Meaningful Use of electronic health records (EHR) advance the vision of patient- centered care, while supporting better health, better care at lower cost. The Department of Health and Human Services, Office of the National Coordinator for Health IT (ONC) is providing $250 million over three years to 17 selected communities throughout the United States that have already made inroads in the development of secure, private, and accurate systems of EHR adoption and health information exchange. Each of the 17 communities— with its unique population and regional context—is actively pursuing the following areas of focus: • Building and strengthening the health IT infrastructure and exchange capabilities within communities, positioning each community to pursue a new level of sustainable health care quality and efficiency over the coming years; • Translating investments in health IT to measureable improvements in cost, quality, and population health; and • Developing innovative approaches to performance measurement, technology, and care delivery to accelerate evidence generation for new approaches. For more information about the Beacon Community Program visit http://www.healthit.gov. This Learning Guide was developed by the Beacon Nation Project, funded by the Hawaii Island Beacon Community, an awardee of the ONC Beacon Community Program. The Beacon Nation project seeks to promote innovation in health IT by gathering and disseminating lessons learned from the 17 Beacon Communities about building and strengthening health IT infrastructure, testing innovative approaches, and making strides toward better care, better health, and lower costs.
    [Show full text]
  • Realising the Value of Health Care Data: a Framework for the Future Realising the Value of Heath Care Data: a Framework for the Future
    Realising the value of health care data: a framework for the future Realising the value of heath care data: a framework for the future How can we place a value on health care data? A framework proposal focused on the UK’s health care ecosystem and patient records held across the National Health Service (NHS) Medicine is no longer a clinical science just supported by data, it’s moving to a field defined as clinical science in collaboration with data science. Patient data is one of the most important drivers of this change. Unlocking the insights contained in patient genomic and phenotypic data is of high value to all the key stakeholders in the health care ecosystem: patients, providers, payers and the life sciences sector. In this paper, we show the methodological tools that can be used to estimate the value of patient data, specifically the data held by the UK’s NHS. We show how realising the value of this data can help the UK Government achieve its health priorities, and place the UK at the forefront of global health care innovation. 1. Patient data as a desirable intangible asset 2 2. Drivers of health care data value 4 3. Valuation approaches to consider 6 4. Application of the market-based approach 8 5. Application of the income approach 16 6. Concluding comments 20 7. Appendix 22 Contents Realising the value of heath care data: a framework for the future Executive summary Unlocking the power of health care data to fuel innovation in medical research and improve patient care is at the heart of today’s health care revolution.
    [Show full text]
  • Securing Mobile Health Data — NIST Weighs in by Gretchen Ramos and Zerina Curevac (August 28, 2018)
    Securing Mobile Health Data — NIST Weighs In By Gretchen Ramos and Zerina Curevac (August 28, 2018) Over the last couple of years, the number of mobile health applications have doubled, with hundreds of thousands of such apps available today. The digital health market is anticipated to exceed $379 billion by 2024, and a large chunk of that market size is attributable to increased use of mobile communications technology and devices by consumers and health care professionals.[1] Until recently, there has been little guidance in terms of mobile health security frameworks. However, last month, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology published a cybersecurity guide for electronic health record applications on mobile devices.[2] The 260-page guide is an important step to making mHealth apps more secure, especially Gretchen Ramos considering hackers tend to target mHealth apps. Regulators and companies will need to prioritize mHealth security to ensure health care professionals and consumers can benefit from the new technology without fear of jeopardizing consumer privacy. Security Concerns Are Limiting the Growth of the Digital Health Market While hundreds of new mHealth apps and devices are introduced to the market every month, many are lagging behind on the security front and consumers, health care professionals and other stakeholders are aware of it. In a survey conducted by Change Healthcare Inc. on consumer attitudes toward digital and mobile health tools, nearly half of consumers Zerina Curevac cited security and privacy concerns as their top concerns limiting the widespread adoption of mobile and digital health tools.[3] Concerns in relation to security and privacy were the impetus for the new NIST guide, which was developed by industry and academic cybersecurity experts, with the input of health care providers who first identified the security challenges of mHealth apps and devices in a 2012 U.S.
    [Show full text]