Lessons from Project HealthDesign: Strategies for Safeguarding Patient-Generated Health Information Created or Shared through Mobile Devices

Robert Wood Johnson’s Project Health Design is exploring a vision of personal health records as tools for improved health decision-making by both patients and providers. In the latest phase, researchers are providing patients with smartphones to aggregate and send observations of daily living (ODLs) to healthcare providers, providing a richer picture of a patient’s day-to-day health status. Patients’ use of mobile devices to generate and communicate health information subjects this information to unique security risks for which solutions have not yet been discussed. When healthcare providers handle electronic, identifiable health information, they are subject to the HIPAA Security Rule. But HIPAA regulates providers, not patients. This paper discusses the factors that should be considered when protecting patient-generated health information created on or shared through mobile devices. It also recommends strategies for securing patient health information on mobile devices and implementing technical safeguards to ensure general device security.

Read an Excerpt: 

Leveraging the power of new technologies, researchers fundedby the Robert Wood JohnsonFoundation’s Project Health-Design are encouraging patients to trackand share with clinicians observations ofdaily living (ODLs) and other informationthat can serve as important indicators ofa patient’s health. Previous phases ofProject HealthDesign focused on making personal health records more effectivetools for patient self-care. The current phase takes the next step and tests the impact of patients’ use of smartphones and mobile devices to collect and share self-care information like ODLs with their healthcare providers. While ripe with potential to improve patients’ health, the use of mobile devices to generate and communicate health information subjects this potentially sensitive information to security risks. These risks, if unaddressed, pose a  potential obstacle to more widespread use of such tools by patients to generate and share health information.

Keywords: 
mHealth, HIPAA, Security, patient-generated health information, mobile device.