A new report on mHealth privacy and security around the world finds that proper safeguards in the United States won't necessarily work in, say, Kenya, or vice versa.
"Patient Privacy in a Mobile World," compiled by the mHealth Alliance, the Thomson Reuters Foundation, Merck and Baker & McKenzie, was released June 25 during a special ceremony in Washington, D.C. Billed as the first-of-its-kind study of global mHealth privacy issues, the 100-page document "aims to provide policymakers, mHealth practitioners and governments with a privacy law framework that can be tailored to different cultures, environments and scenarios to maximize patient control and autonomy over mHealth data."
“In order for mHealth to reach scale, we have to build greater trust among the recipients of mHealth solutions in the privacy and security of their health data,” said Patricia Mechael, executive director of the mHealth Alliance, in a press release accompanying the report. “The findings and recommendations from this research will help move the needle on mHealth privacy and offer a valuable framework for how to proceed on complex issues related to securing health data.”
Chief among the conclusions is that there is no universal solution to privacy and security concerns.
"The authors believe that a one-size-fits-all approach is simply not appropriate in the privacy context and much less in an environment such as mHealth, where the technology and the issues are still evolving every day," a summary of the report states. "Moreover, although the need for greater transparency and predictability as to mHealth privacy and a role for policymakers and the law in addressing that need, both appear to be broadly recognized, defining the meaning of privacy, security and confidentiality in different parts of the world is a challenge. These concepts are influenced by a multitude of factors, including law, technology and custom, among others, that vary widely around the globe."
In other words, while America's healthcare network comes down hard on any breach of security, such as a lost laptop or USB drive, that type of scrutiny isn't found in other parts of the world. In fact, the report notes that, with the United States being the prime exception, very few privacy laws around the globe specifically refer to health information.
Among the international organizations noting this lack of specificity is the World Health Organization, which said in a 2011 report that “data security is a particularly important issue to address within the area of policy... Policy-makers and program managers need to be made aware of security issues in the mHealth domain so appropriate policies and strategies can be developed and implemented.”
The project was launched last November, with organizers targeting seven different nations where mHealth projects have been implemented – Bangladesh, Chile, India, Nigeria, Peru, Tanzania and Uganda. The resulting report identifies guidelines for future regulation, including scope of coverage, notice and consent requirements, data minimization (or the reduction of irrelevant data collections, uses and transmissions), data security, integrity and accessibility, data transfers, and enforcement and sanctions.
“Mobile health has the potential to improve health and well-being on a global scale, and this research now provides important guidance as to how this can be achieved while still protecting patient privacy,” said Roy Birnbaum, counsel in Merck’s international law department and coordinator of Merck’s international pro bono program, in the press release.
