mHealth applications are becoming increasingly widespread since they have the potential to reduce the cost of health care by favoring self-management of chronic diseases or to improve fitness activities. By their very nature, health applications collect and manage health sensitive data, therefore several concerns exist about how privacy, security, and confidentiality are handled. In this paper, we analyze the security issues of mHealth apps from two different perspectives: first, we highlight the security and privacy requirements on health data defined by data protection laws such as the General Data Protection Regulation (GDPR) in the EU, or the Health Insurance Portability and Accountability Act (HIPAA) in US. Then, we consider the security issues from a technological point of view, discussing how the app may protect user data. However, by analyzing a fitness app, we show that, at the moment, none of the well-known practices to protect data is followed, thus often mHealth apps are insecure.
Are mHealth Apps Secure? : A Case Study / C. Braghin, S. Cimato, A. Della Libera - In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)Prima edizione. - [s.l] : IEEE, 2018. - ISBN 9781538626665. - pp. 335-340 (( Intervento presentato al 42. convegno Annual Computer Software and Applications Conference (COMPSAC) tenutosi a Tokyo nel 2018 [10.1109/COMPSAC.2018.10253].
Are mHealth Apps Secure? : A Case Study
C. Braghin
;S. Cimato;
2018
Abstract
mHealth applications are becoming increasingly widespread since they have the potential to reduce the cost of health care by favoring self-management of chronic diseases or to improve fitness activities. By their very nature, health applications collect and manage health sensitive data, therefore several concerns exist about how privacy, security, and confidentiality are handled. In this paper, we analyze the security issues of mHealth apps from two different perspectives: first, we highlight the security and privacy requirements on health data defined by data protection laws such as the General Data Protection Regulation (GDPR) in the EU, or the Health Insurance Portability and Accountability Act (HIPAA) in US. Then, we consider the security issues from a technological point of view, discussing how the app may protect user data. However, by analyzing a fitness app, we show that, at the moment, none of the well-known practices to protect data is followed, thus often mHealth apps are insecure.File | Dimensione | Formato | |
---|---|---|---|
esasBraghin.pdf
accesso riservato
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
740.88 kB
Formato
Adobe PDF
|
740.88 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
08377881.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
247.1 kB
Formato
Adobe PDF
|
247.1 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.