At its core, trust is fundamental to healthcare. We share private experiences and fears openly with clinicians knowing that such conversations are confidential and protected. In the U.S., federal laws like HIPAA and HITECH offer safeguards to ensure patients' privacy and confidentiality are respected and maintained. But what do we know about trust for newer digital health tools like smartphone apps aimed at health? A survey from Rock Health, conducted last year offers some interesting data about willingness to share health data:
The result that only 8% of respondents were willing to share their health data with technology companies suggests a strong lack of trust. This lack of trust may be well founded with a recent report from the U.S. Department of Health and Human Service's noting that many current mhealth platforms and apps do not offer adequate patient protection and confidentiality. The report outlines five areas of special concern:
Healthcare data is an increasingly valuable target for theft and hacking. A recent industry report from Arxan looked at 71 health apps and found that the majority of those sampled were vulnerable to hacking. While it may be easy to gloss over the security of apps given that most clinicians and patients lack the background and experiences to fully evaluate such - security flaws have been the downfall of some of the largest mhealth related efforts to date. After reports surfaced regarding the lack of security measures in apps on the U.K.'s National Health Service's app library in October 2015 - the entire app library was taken offline by the government. The rise and fall of the health app rating company Happtique is another example of unrecognized security vulnerabilities leading to the downfall of a digital health company. Ensuring that apps can protect healthcare data requires collaborations with engineers and security experts.
So how do we build trust for digital health platforms? A good start is a dual approach with a focus on 1) transparency and 2) data security. While each alone is important, neither alone is sufficient. An app can have the world's best security features but not handle patient data in an ethical manner. Or an app can have a patient-centered approach to data and give the user full control over their data - but suffer from security flaws that effectively make the data public. While there are many app developers and companies already following best practices and creating technologies that respect and protect confidentiality - there are still many that are not there yet. For mobile health to reach its full potential and become frontline tools in clinical care, trust will be critical. Building that through both transparency and security will be key. Here at BIDMC we are studying both the transparency and ethics associated with mobile health, partnering with local engineering teams to better understand security vulnerabilities, and educating both clinicians and patients about what to look for when picking an app.