With the NHS increasingly prescribing health apps that assist with the management of particular health conditions, and Health Secretary, Jeremy Hunt, revealing ambitious plans to provide patients with access to their medical records through apps by 2018, all involved in app development and use must carefully consider and account for the data protection risks associated with an ever-expanding healthcare app market.
There are many benefits associated with greater patient engagement with their health and the timely collection of live patient data for health monitoring purposes. However, at what cost do these benefits arise? Are patients sufficiently aware of the risks associated with the ever-growing use, collection and sharing of their sensitive personal data, and with whom their data is being shared?
Many of the healthcare and wellbeing apps currently in use process, collect and handle large quantities of sensitive personal patient data, none of which is fed back to the patient's doctor. Patients should be concerned to know what their data is being used for, who has access to it and why. Meanwhile, healthcare and wellbeing app developers must ensure that users fully understand what happens to the information being collected about them and that they have granted express consent for such processing activities to take place.
Doctors and medical professionals are bound by higher professional ethical standards than most other professionals. However, these standards do not fall on software or app developers. It is therefore important that the standards expected from doctors with regards to patient data security, confidentiality and data sharing are appropriately offered to patients with clear consent policies and processes afforded to all patients utilising healthcare and wellbeing apps.
The General Data Protection Regulation (GDPR), in effect from 25 May 2018, is centred on principles of accountability, governance and transparency. All entities processing data (be it sensitive and health related information or more general personal data), including app developers, must put proportionate governance measures in place. It is fundamental that all app developers implement suitable data protection and processing policies, clear data security standards and regular testing mechanisms, so as to provide patients with appropriate comfort that their personal information is sufficiently protected and guarded against unwanted use or access.
To ensure that the potential benefits associated with the use of apps in the healthcare sector can fully materialise, it is fundamental that app developers adopt clear and efficient processes for dealing with technological developments. This includes: data storage being restricted to what is strictly necessary, security incidents and breach notification, and compliance with information security standards by way of establishing, implementing, operating, monitoring and improving the efficiency of information security management.
Given the increasing use of, and benefits associated with, healthcare and wellbeing apps, it is important that patients do not rely solely on app developers having their best interests in mind, but that they become increasingly savvy as to the data protection laws governing their personal data and the use of their health records - before it is too late. Unless app developers address potential patient concerns upfront, however, patients will likely lose faith and trust in the apps. This in turn will result in healthcare and wellbeing app use declining, before the benefits can truly be felt.