Breaking Down the mHealth Security Landscape

mhealth security

New technology often comes with new security concerns. Privacy and confidentiality have always been important cornerstones in healthcare and mHealth is no different. Smart Clinic is very interested in mHealth security – here are some of the stories we’ve been keeping an eye on:


  • Recent reports suggest the growth rate of malicious security attacks on mobile devices has doubled in the past year with 60% of the 15 million phones infected running Android OS.


  • With the launch of iOS 8, the Apple Watch and the new iPhone, Apple has made it clear that developers of its new HealthKit cannot store users’ health data in iCloud. The biggest reason is that patient information stored by an application is typically not protected by federal privacy laws like HIPAA.


  • The 5,000 members of ACT | The App Association sent a letter to Congress to ask for more transparency about mHealth privacy and security. In addition to asking for clearer understanding of mHealth regulations, the developer association asked for updates to HIPAA so that it better reflects current technology.


  • Only 59% of hospital employees use full-disk or file encryption on their mHealth devices. The going rate for a complete patient EHR? According to the Wall Street Journal, people will pay $500 on the black market. Lost or stolen devices account for 80% of all data breaches in the past 9 years. It will be interesting to see how that changes in coming years, as more data is stored in the cloud.


  • A recent Healthcare IT News CIO spotlight interview highlighted the numerous security challenges that arise when hospital employees use their own devices at work. The bottom line is that all devices must be encrypted for use in a clinical setting, and there are current pilot programs testing what mHealth apps can be used.


To ensure an appropriately high level of security, Smart Clinic underwent a formal Application Security Analysis to review not only the web application but the mobile application as well. Although we are utilizing FireHost as the HIPAA compliant cloud hosting service, we spent several months preparing for, conducting, and reviewing the results of our analysis with ClearData, a security analysis firm. We also utilized Veracode to examine our source code for security vulnerabilities. Our business processes, server set up and code were found to be highly secure by all measures.


Want to learn more about Smart Clinic? Schedule a live demo today!

Leave a Reply

Your email address will not be published. Required fields are marked *