mHealth applications are becoming increasingly widespread since they have the potential to reduce the cost of health care by favoring self-management of chronic diseases or to improve fitness activities. By their very nature, health applications collect and manage health sensitive data, therefore several concerns exist about how privacy, security, and confidentiality are handled. In this paper, we analyze the security issues of mHealth apps from two different perspectives: first, we highlight the security and privacy requirements on health data defined by data protection laws such as the General Data Protection Regulation (GDPR) in the EU, or the Health Insurance Portability and Accountability Act (HIPAA) in US. Then, we consider the security issues from a technological point of view, discussing how the app may protect user data. However, by analyzing a fitness app, we show that, at the moment, none of the well-known practices to protect data is followed, thus often mHealth apps are insecure.

Are mHealth Apps Secure? : A Case Study / C. Braghin, S. Cimato, A. Della Libera - In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)Prima edizione. - [s.l] : IEEE, 2018. - ISBN 9781538626665. - pp. 335-340 (( Intervento presentato al 42. convegno Annual Computer Software and Applications Conference (COMPSAC) tenutosi a Tokyo nel 2018 [10.1109/COMPSAC.2018.10253].

Are mHealth Apps Secure? : A Case Study

C. Braghin
;
S. Cimato;
2018

Abstract

mHealth applications are becoming increasingly widespread since they have the potential to reduce the cost of health care by favoring self-management of chronic diseases or to improve fitness activities. By their very nature, health applications collect and manage health sensitive data, therefore several concerns exist about how privacy, security, and confidentiality are handled. In this paper, we analyze the security issues of mHealth apps from two different perspectives: first, we highlight the security and privacy requirements on health data defined by data protection laws such as the General Data Protection Regulation (GDPR) in the EU, or the Health Insurance Portability and Accountability Act (HIPAA) in US. Then, we consider the security issues from a technological point of view, discussing how the app may protect user data. However, by analyzing a fitness app, we show that, at the moment, none of the well-known practices to protect data is followed, thus often mHealth apps are insecure.
Settore INF/01 - Informatica
2018
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
esasBraghin.pdf

accesso riservato

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 740.88 kB
Formato Adobe PDF
740.88 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
08377881.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 247.1 kB
Formato Adobe PDF
247.1 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/595538
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 7
social impact