Mobile devices present prolific opportunities for healthcare professionals to improve how they do their job and ultimately improve the level of care they give to patients. But the organizations need to be aware of a variety of factors when developing mobile solutions for healthcare. Privacy and protecting patient data must all be high on the agenda when considering the deployment of mHealth.
To ensure that they are not putting end users in a vulnerable position, companies need to consider all aspects of security and data protection.
To ensure the data is being sent in the most secure manner for the context of the app, it is important to review the data in transit during the solution architecture phase of creating apps. Data coming in to and from a device, as well as the device, can be stolen, hacked or lost. The back-end systems where the data is stored need to be secured more than the app in case of a health app. To ensure direct and secure transmission of data, it needs to be sent over an HTTPS or VPN connection.
Encryption of data at rest is also an important consideration. The data being proposed for the app is analyzed to see what data is needed in the app, whether it needs to be persisted and the potential impact of data leakage, during the solution architecture phase. In case of high-risk data, this information needs to be sent in an encrypted form and never cached or stored.
For third-party devices like wearables which are being securely paired via Bluetooth, intercepting data proves to be difficult without direct access to the device it is paired with.