Mike Sanders

Medical devices, privacy and cloud-based mobile apps

Mobile Cloud Architecture

Mobile Cloud Architecture Image Credit: Hosting Canada

If you are building a cloud-based mobile medical app, don’t delay on your privacy and security strategy.
With the mHealth Summit kicking off this week, have no doubt that medical devices, privacy and cloud-based mobile apps will be hyped.  The summit will showcase how personal devices and wearables are now integrated into mobile medical apps. But is there room in all this hype for patient privacy?

Mobile medical app hype is understandable as the healthcare market is ready and willing. With 2.7 billion smartphone subscribers worldwide, growing to 6.1 billion in 2020, there is certainly room for growth. Latest reports also confirm physician interest: 86% of clinicians believe mobile apps will become important to physicians for patient health management over the next 5 years.

Consequently most companies are moving their mobile cloud strategies into high gear. Almost every company I speak with wants to apply their medical technology in the mobile space. But many companies are oblivious to the business and regulatory risks related to patient privacy and security. For example, the most popular health apps ignore privacy all together: only about 30 percent have a privacy policy.

It is time to get our head out the sand, and proactively address mobile medical app privacy and security. Our apps have great potential to increase health and safety, but imagine the impact a privacy breach could have on our patient and provider trust?

The US government certainly wants us to pay attention. The FDA and the ONC have both worked hard to ensure patient safety in regards to privacy and security. This hard work has created a complex and sometime onerous regulatory landscape. HIPAA, HITECH, the Safe Harbor Frameworks, the FDA’s guidance documents on cybersecurity and mobile medical apps are just the start. Further standards and guidelines will be found at the state, regional and organizational levels.  But don’t let this complexity fool you into avoiding privacy regulations. Clarity is coming. We expect more regulations with further clarity to emerge early next year in the so-called SOFTWARE Act.

So what should an innovative mobile app developer do? To start, take a look at the eight OECD Privacy Principles, which set the stage for patient privacy and data security protection. When it comes to implementing protection measures, a lot of it comes down to policies. But from a software developer’s point of view, protection involves three things: Data security, Data integrity and Data access control.

So let’s jump into the cloud and mobile app development with eyes wide open. Privacy and security is a concern, but your software architects will love it.  At the end of the day it is about good software design from the beginning. And that is what has made the difference to safe and effective use of medical data all along.

Image originally via Gary Stevens of Hosting Canada. General architecture of Mobile Cloud Computing. 27 February 2012

Mike Sanders is a StarFish Medical Software Engineering Project Manager.  This is his debut blog for StarFish Medical.  He envisions a whole series for the year ahead including mobile and cloud privacy, security and cyber threats.



Leave a Reply

Your email address will not be published. Required fields are marked *

Join over 6000 medical device professionals who receive our engineering, regulatory and commercialization insights and tips every month.

Website Survey

Please answer a few questions about our website.

Take Survey No Thanks