26.11.2014

We entrust more and more of our health data to the cloud. Who is in charge of protecting it?

We entrust more and more of our health data to the cloud. Who is in charge of protecting it?

Image | Tokenexweb_

The future of hospitals is in the cloud, our data accessible from any device both for us and for the professionals who treat us. This, of course, has many advantages, starting with making medicine more efficient, but it also poses a problem: How do we protect that data? How do we ensure that only we can access information on our health?

It is not an easy issue to solve: the more ubiquitous this data is, the easier it is for someone to lose a device at some point, to connect to a risky network or that someone accesses the servers where it is stored.

There are many actors involved in resolving this. On the one hand, it is necessary ** to protect data in the cloud ** where data is stored. For example, Amazon Web Service now allows hardware security modules to be used (HSM), along with solutions to encrypt entire disks in servers and prevent unauthorized access.

You also need to protect data in movement. This implies, of course, using secure connections for all mHealth applications and even using virtual private networks (VPN) for greater security.

Last but not least we come to the thorniest issue: the end-user and their device. To avoid potential problems, any mHealth application should ensure that no unencrypted data is saved on the device. It is also vital, however, to train both professionals and patients about the importance of using these applications properly and looking after their privacy, by protecting their mobiles and avoiding using weak codes or passwords.

We entrust more and more of our health data to the cloud. Who is in charge of protecting it?

Image | Biid demo at Smart City Expo World Congress

Here the problem of mobile identification comes into play: How do we know that it is the real user who is accessing the data? There are several possibilities, from using authentication methods available on mobiles (eg Touch ID on the iPhone) to promoting the use of smart cards, like Morpho is doing in France with several healthcare providers. Another possibility is to use applications specifically designed by secure identity suppliers, such as the one developed by Barcelonans Biid.

As always, the technology is there but you have to take the problem seriously and start using it. Our health is important and our data related to it too. To gain the trust of users and ensure some degree of security, both mHealth solutions suppliers and hospitals and health centres have to ensure that the data is protected and private. Only then will we finally see the success of such solutions.

The mHealth competence centre forms part of Mobile World Capital Barcelona’s Programme of International Competence Centers (PCCI). mHealth works with a three-fold objective: to identify mobile technology opportunities in the provision of health services, to transform current healthcare models and processes, and promote the interoperability of health services in the field of mobile technologies and connectivity, building foundations that make it possible to integrate mobile health solutions.

Mobile World Capital presents a global vision that effectively integrates mobile technologies into the fabric of the industries transforming our lives. Committed to expanding the mobile experience throughout Barcelona, Catalonia and Spain with strong support of the public and private sector.

Mobile World Capital is leading mobile transformation through commitments in Competence Centres, local Industry Development, and Entrepreneurship and Innovation programmes.

MWCapital offers an open platform and exhibition showroom where citizens can understand and experience how mobile is enhancing our lives: The Mobile World Centre, located in the heart of Barcelona on Plaza Catalunya.

More information: