This site requires Javascript to function correctly
UKAuthority.com requires the use of cookies. Continued use of this site indicates that you accept this policy. More information.

Cookies and your privacy

In accordance with the ICO's EU e-Privacy Directive and to help protect your privacy we are making you aware of the use of cookies on this site.

We use these to aid in improving and maintaining our website. Cookies are used for functionality and to track visitor behaviour on this site, primarily for Google Analytics.

Google Inc are members of the US Safe Harbor Scheme. This scheme allows the transfer of data from within the EEA to countries that are outside of the EEA without having to enter into a specific data transfer agreement. Companies that sign up to the scheme are deemed to provide adequate protection for personal data transmitted from Europe. Google Inc's registration is at http://safeharbor.export.gov/companyinfo.aspx?id=10543.

For more information on the cookies set by Google Analytics please go to: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html.

This site also makes use of other essential Anonymous cookies, and the site won't work as expected without them. If you don't accept these anonymous cookies some features of the site may be unavailable.

UKAuthority.com's full privacy statement.

UKAuthority.com

Digital public sector news, research & engagement

Friday 25 January 2013Author: Dan Jellinek

Big grey area: how will we regulate m-health?

The complex, rapidly-expanding world of mHealth - the use of smartphones and other mobile devices for health care purposes - is creating big challenges for governments, patients and technology manufacturers when it comes to privacy, security and device regulation, a new report finds.

In mHealth applications an internet-enabled device such as a smartphone will often connect wirelessly to wearable, portable, or embeddable sensors to track or measure a patient's health or movements. Data may be shared with clinicians, carers or researchers.

The privacy implications of data leaking out and the sheer potential quantity of sensitive data collected about an individual sets mHealth apart from previous care models, according to the report, "Evaluating mHealth adoption barriers: privacy and regulation", published by mobile provider Vodafone Global Enterprise.

"If contact with patients is more flexible and frequent, can it always be kept confidential?" it says.

Apart from strong security and audit trails, in the new mobile world "there is a growing body of evidence suggesting that many systems of individual consent to use of personal data are not particularly well-constructed", the report finds. "Until now it has been a one-off commitment made at the start of the relationship, but we may now need a rethink, moving towards an ongoing dialogue."

One example quoted in the guide illustrates the pointlessness of one-off initial granting of data consent. On 1 April 2010 the retailer Gamestation temporarily altered its terms and conditions for customers as an April Fool's Day prank. It included the statement: "By placing an order via this web site... you agree to grant us a non transferable option to claim, for now and for evermore, your immortal soul". Of the 7,500 customers who made purchases that day, none clicked on a link to nullify this Faustian pact. No-one, in other words, reads the small print.

In any case, the report says, at installation the user may have little idea of what a mobile application does, and may have difficulty making an informed decision when confronted with a list of data access choices. Possible new approaches include a shift of emphasis towards an ongoing dialogue about privacy between user and application.

There are also major regulatory challenge thrown up by mHealth applications, which straddle the boundary between medical and telecommunications regulation. Regulators are faced with a basic question, the report says: between sensors and apps handling lifestyle, fitness and clinical data - what constitutes a medical device?

For many purposes, the distinction is made between systems and devices created for medical purposes and more general systems and devices put to medical uses. But there are many grey areas, such as fitness apps or devices that track information such as the number of steps people take, the number of stairs they climb and the number of hours they sleep. Features which need to be assessed include whether such applications might be used as the basis for decisions that will directly impact the user's health; or whether a user could unwittingly harm themselves.

One piece of research which looked at 100 downloadable health and fitness apps from iTunes fond that while most were clearly non-regulatable, eight fell into regulatable categories; and a full third of the apps surveyed fell into the grey area.

"Given the number of downloadable mobile apps being published to smart phone app stores, this scale of uncertainty could present a real problem for this particular kind of mobile application," the report finds.
"Yet, while the policymakers labour over rule sets, the market continues to innovate at a breakneck pace."

Evaluating mHealth adoption barriers: privacy and regulation:
http://enterprise.vodafone.com/insight_news/2013-01-16-evaluating-mhealth-adoption-barriers-privacy-and-regulation.jsp?

The Vodafone report was edited by UKAuthority.com writer Dan Jellinek

 

       
UKA Live Pre Registration
UKA Live: view recorded interviews