Noticing a suspicious looking mole, you take a picture of it with your smartphone camera and send it to an automated analysis which then tells you whether it is malignant or not. Luckily, the result, given in the form of a green light, indicates that everything should be ok. Had it been yellow or red, a visit to the doctor would have been the next step. This scenario is not science fiction; it is something you can already experience today. Increasingly, more and more of your doctor’s office can now be found on your smartphone.
Health apps and measuring devices today
In a user and consumer friendly way, it is possible to purchase clinically approved measuring devices for your smartphone. For those with chronic diseases, this may anticipate a more practical life: diabetics can purchase devices which measure blood glucose levels and control their insulin levels, and those with high blood pressure can purchase blood pressure monitors.
Recently, US health agencies have authorized the commercialization of a smartphone cover which monitors the heart rate each time it registers a pulsating blood flow. When anomalous values are picked up, they get sent immediately to a doctor. Another possibility would be a doctor regularly monitoring such values and requesting an appointment when needed. Measurements can also be shared on patient networks, social networks and with medical experts at private clinics. Many US companies have already gained a significant foothold in this market.
The new trend is that machines are now replacing medical experts, similar to IBM’s supercomputer Watson, which are capable of determining a diagnosis, comparing it to other relevant data as well as the latest scientific research. Digitalization combined with smartphone technology and portable monitoring devices is disrupting the way health services are provided. In Europe and in the USA, efforts are on ongoing to establish a legal regulatory framework for both apps and sensors. The Food and Drug Administration (FDA) has already approved a handful of apps that comply with the standards applied to “regular” medical equipment. The EU Commission is also taking a closer look at health apps as an instrument to improve the health of EU citizens, and has recently published a list of recommended health apps.
As an aging society, the proportion of Norwegians with chronic diseases will increase in the years to come. Being among the world’s leading populations as smartphone users, mobile health technology has the potential of improving the preventive work, the measurement, diagnosing, and the treatment and communication within the health sector. It will allow saving time, resources and lives.
A challenge to privacy
Personal health information is among the most sensitive personal data there is. That kind of data is of interest to a multitude of different private businesses, insurance companies and eavesdroppers. In Norway, personal data has been collected and stored by public agencies for a long time. Traditionally, it is the public health service which has gathered such information and had the authority and technological capacity to control how, how much and by whom personal health information could be used and to what end. All of this is now being challenged by mobile health technology.
Our survey shows that today, few actually share their personal health and exercising data. Only 11 percent of those using health apps share the collected data with health personnel. 40 percent of the total number of the users state, however, that they would be willing to share such information in a similar way. This can be an indicator of the future tendencies we might encounter.
The scenario which is now unfolding is one of integrated services where personal health information is created and shared by the users themselves.
If the data is simply stored on the smart phone itself, for instance through a step- or calorie counting app, the personal privacy issue remain relatively small. They get significantly more challenging however if more advanced diagnostics are required, as this will have to lead to increased sharing of personal information with possibly multiple private organizations and businesses, likely located in a multitude of different countries.
The public health services in Norway currently do not have the technological capability to receive data from health apps. Yet, the number of people using such apps is steadily and rapidly increasing. Consequently, the government has recently declared that the website www.helsenorge.no must be ready to receive health app generated data in the near future. The aim is to make it possible to share personal health data with health personnel, relatives, first line volunteers and patient networks.
A basic condition for the storage of personal health information which is sent through health apps, is that it has to be considered “relevant and necessary” enough to be registered in patients’ medical journals by health personnel. Large quantities of superfluous information, if transferred automatically from smart phone to journal without being assessed by medical professionals, would be a considerable threat to the users’ personal privacy. Will fundamental basics of privacy such as explicit consent and agreement, stated purpose, relevance and accuracy guide the collecting, storage and use of personal health data?
If this kind of medically irrelevant information is received and stored by the public health services, they would have created a database without any legal authorization to do so.
Mobile health technology is distruptive, changing the way we organize the flow of information and creating new markets at an accelerated pace, making it difficult for public agencies to keep up with the technological development. For these reasons, it is reasonable to expect that many will turn to commercial solutions for cutting edge and user friendly storage and analysis of personal health information. Many questions will have to be answered:
- In a comparatively unregulated app market, which pieces of information will be handled, by whom and to what end?
- Can personal health information be commercialized and sold to undisclosed third party-users, or be shared to facilitate scientific research? There seems to be an inherent danger that it this information will get diverted and integrated into targeted marketing strategies.
- What will the end user agreements actually entail, and which country’s jurisdiction will have prevalence?
This text is an extract from the report «Privacy 2013 – status and trends”, written in cooperation with the Norwegian Data Protection Agency for the data privacy day of 2013.