There is no shortage of interest in mobile health applications, which span everything from pedometers to Wi-Fi-enabled pacemakers, but what happens with all that data?
The New American Foundation, a Washington think tank, waded into that debate with a pair of recent panel discussions where experts acknowledged that the security risks around health IT systems are high, and the medical profession, as a whole, has a ways to go to get its cyber house in order.
Kevin Fu, who directs the Archimedes Research Center for Medical Device Security at the University of Michigan, argues that within the medical community -- as in many other industries -- there is a broad lack of awareness about basic cybersecurity practices, often enabling garden-variety malware to infiltrate systems that house sensitive data.
All industries need better cybersecurity hygiene
"Medical professionals are not too different from every other person in the country when it comes to cybersecurity hygiene. So they're taught to wash their hands in between patient encounters, but they're not taught as well as to the cybersecurity hygiene. I'd say we have a very long way to go," Fu says. "The bar is very low right now."
The glut of health data being generated and collected by mobile devices and applications also raises some significant privacy concerns, particularly when that information is outside of the scope of HIPAA and other federal statutes governing personal information.
"I think the key risk that we have is that we will create a pool of extremely sensitive health data that is totally unregulated and that is shared broadly without our knowledge and used in ways that we do not know," says Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown University.
Some mobile health apps are protected by privacy law, some are not
"We tend to talk about m-health apps and devices as if they're one thing. When it comes to privacy, there's two kinds of mHealth apps and devices. There's the kind that's protected by privacy law, and there's a kind that's not," Bedoya says.
Many consumers, Bedoya argues, consider the information collected by popular fitness applications like Fitbit as benign, taking innocuous measurements of things like steps and distance walked. However, he maintains that mobile health applications as a class are becoming more sophisticated, and vacuuming up information like glucose levels, heart rate and fertility, all while operating unchecked by the statutory restrictions that apply to information collected in a medical setting.
Pooled together, those data points could provide potential indicators for conditions such as obesity or Alzheimer's. But the market for that data is fairly opaque, and Bedoya fears that health information in the hands of data brokers could be sold to businesses for dubious purposes, such as insurance companies that might deny applicants coverage or charge steeper premiums based on information collected through health apps.
Sign up for CIO Asia eNewsletters.