An introduction to health app security
Do you already use eHealth apps? Maybe you’ve already tracked your fitness on your smartphone or documented your nutrition. In the meantime, there are even certain tested medical apps that are prescribed by doctors and covered by health insurance companies. In the case of diseases such as diabetes, tinnitus or obesity, they provide information, offer preventive measures and support with training and nutrition. Some apps also measure, store and evaluate medical data. This makes them a great help for many people: they motivate them to make personal changes, to keep an eye on their health, or even to improve it. But with all these positive effects, what about app security, and inherently also protecting the patient date? In this blog post, we provide an initial insight into the topic of digital health, what types of apps there are and what their security status is.
Have you ever heard of diabetes apps? They can help those affected by diabetes to manage everyday life more easily, and bundle all important therapy information in one place. In this way, app users can conveniently automatically transfer their values to the app via Bluetooth and then have them analyzed with one click. Such an app is also able to display the blood sugar history or to offer motivating challenges. The data obtained in this way can be used to create clear PDF, Excel or CSV reports that can be used, for example, for the next doctor’s visit.
Diabetes apps are just one example in the area of eHealth. There are many other apps that focus on our health.
What is eHealth?
eHealth is a subcategory of Digital Health. It has been defined by the World Health Organization (WHO) as an umbrella term for the use of information and communication technologies for health. It is the integration of IT technologies or applications for the purpose of health. With regard to digital applications, one quickly stumbles upon the term mHealth (mobile health). mHealth refers to a subset of eHealth activities and systems on mobile devices. eHealth apps are now available en masse. At the latest the Corona pandemic is likely to have continued the upward trend.
Many people have certainly tried health apps in their everyday lives – from the simple body mass index (BMI) calculation app to personal health assistants. A large part of these apps is made up of the wellness area, ie apps for “health-oriented people”; for people who are concerned about their health and “just” want to live healthy. These include fitness apps, lifestyle apps and apps with nutritional information.
Then there are apps that are used in specific cases of illness, and those that are supposed to make life with an illness easier. In these two areas, the focus is on accompanying or supporting their life despite an illness.
In addition, further categories have been defined: apps that require CE marking and the digital health applications introduced in Germany in 2020, the DiGA apps (Digital Health Application). Both take an important step in the direction of quality assurance, because they are subject to regulatory control.
Not to be forgotten are apps, which are playing an increasingly important role in the communication process of the health system. These include, on the one hand, apps for management and communication between health insurance and customers and, on the other hand, apps that increase efficiency in the health system. The latter include, for example, the e-prescription and the electronic patient record (ePA). As for the DiGA apps already mentioned, the legal basis for all this has now also been created.
Security, where are you?
Uniform quality criteria for eHealth apps do not yet exist. Data protection and security in particular should be given greater focus in app development. After all, patients want their data to be secure, and legislators also want sensitive data to be protected. However, this does not only apply to eHealth apps. Every app processes personal data and can only be marketed successfully in the long term if consumer trust in IT security and protection of data can be guaranteed.
General security is therefore one of the most important requirements users have of an app. In opinion polls, users say that security and data protection are most important to them in eHealth apps. This is followed by the credibility of the app and the manufacturer, regular maintenance of the app, integration and data collection, and last but not least, who owns the data. You can find out what this means in concrete terms for the security of health apps in our next blog post on this topic.