I've discussed how healthcare is running away from a desktop centric model toward mobility. The days of complete reliance on desktop data entry is coming to an end as healthcare IT relies more and more on mobile health. Privacy on the desktop for the most part was protected by Clinton era HIPAA privacy policies well before health apps became a downloadable consumer preoccupation.
Mobile health brings privacy to a new playing field. Unlike desktop medical applications where enterprises created barriers to information, mobile health apps are distributed directly to patient consumers. This is refreshing, in that gathering health data has become extensible, distributable, while at the same time affordable. Will mobile health be allowed to sustain its impressive growth?
The downside, is that no one has stepped back and developed some ground rules1 on patient privacy using mobile. Simply bringing as-is HIPAA policies into mobile deployment doesn't get us anywhere. HIPAA was developed for the protection of health data between institutions. The patient didn't have to worry about managing their health privacy because the responsibility was thrust upon the facility that carried that data. With mobile apps, there is only a vendor to patient relationship. Even if HIPAA were applied to mobile, patient consent is given upon immediate use of the app or else the patient can't use the app. A take it or leave it stance that leads to undue influence. Take for example (disclaimer shown above) a mobile personal motivation app from Pfizer Pharmaceuticals called Smidge, available on iPhone and Blackberry. An impressive direct to patient distribution model that states the sharing of personal data to third parties deep inside its Terms and Conditions. Let's be aware that:
All other mobile platforms have since followed suit. HIPAA didn't account for this scenario. But that doesn't excuse developers from not thinking through patient privacy. For patient privacy, all that's left are app disclaimers at the time of sign-up or the start of the application once it's already been installed on the device. Unlike desktop apps, it's not possible to email or print mobile app disclaimers, unless the developer adds this feature. Are patients expected to read through all of the fine 'digital' print inside a 3 inch screen?The false sense of security and perceived privacy within walled app store gardens are a side effect of the new one-click app distribution model popularized by Apple's iOS App Store.2
There are however, developers that do a good job of taking an upfront approach to privacy disclaimers. One such mobile health app maker is Ubiqi, which embeds, within its app, a link to it's privacy policy online. Clear and simple.
Using @healthythinker's adaptation of a Gartner Hype Cycle, Mobile health is at its infancy. And for it to move to the right side of the spectrum, means patients will need to trust it. If mobile application developers abuse this trust factor, by selling patient health information to third parties, the needle will never move to the right. Why should it? Healthcare will regress back to a facility centric model where health data will only be gathered at the time of encounter with a health professional. And at home, patients will enter feedback data tied to a desktop, lowering motivation to enter that very data. Mobile is seen as a way to liberate health data. But only if the public can trust it to safeguard their data. Let's make sure it's given a chance to grow up and leave the house.
