Data privacy rules hinder mobile phone healthcare

by Stella Dawson
Tuesday, 25 June 2013 07:40 GMT

In a file photo, a Withings Smart Blood Pressure Monitor with an iPhone connection is displayed during a media preview event for the 2011 International Consumer Electronics Show in Las Vegas, Nevada. REUTERS/Steve Marcus

Image Caption and Rights Information
New study organised by Thomson Reuters Foundation offers framework for analyzing what privacy regulations are needed to unlock the potential of healthcare delivered via mobile phone

WASHINGTON (Thomson Reuters Foundation) - The spread of mobile telephones opens new possibilities for delivering healthcare services cheaply and effectively to more people, but data privacy rules have failed to keep pace.

Protecting personal health information and concerns over data privacy and security are the two top barriers that governments cite for holding back the adoption of mobile health technologies, which have the potential to revolutionise health care delivery, according to the World Health Organization.

A new study for the mobile health advocacy group mHealth Alliance released on Tuesday provides a framework for addressing privacy issues around the world. While the study, organised by Thomson Reuters Foundation, noted that there is no one-size-fits-all for privacy legislation in a fast-changing technology field, it provides a toolbox for analysing and addressing data privacy issues surrounding the usage of mobile health technologies.

Mobile health, known as mHealth, is available in 83 percent of countries worldwide, according to a 2009 United Nations study, and the types of services offered range from medical services delivered over the phone to emergency toll-free health centres.

Investment in these technologies is rapidly increasing, according to the World Bank. The health products company Johnson and Johnson, for example, has launched a five-year $200 million programme targeting expectant and new mothers in developing countries, while venture capitalists are backing projects in developed countries.

As mobile technologies change rapidly, a flexible approach to regulating data is required, the study said. “Its ever-evolving nature makes it difficult, and some may say ill advised, to create rigid legal rules that my not fit future mHealth applications, or worse that may hamper their development in the first place.”

But the mobile health field looks bound to grow.  The number of mobile telephone subscriptions has exploded to six billion in 2012 from one billion a decade earlier, and market penetration is expected to exceed 80 percent in Africa, Asia-Pacific and Latin America by 2014, while the total number of cell phones by next year probably will exceed the total size of the world population. This would mean that more people have access to cell phones than indoor plumbing or electricity.


As mobile health care expands, its usage raises challenging cultural issues.  At a panel discussion to release the report "Patient Privacy in a Mobile World", Karen Sewell, an attorney at Baker and McKenzie who worked on the report, said that one issue that became clear in studying various regulatory regimes around the world was the importance of thinking through the harm that could be caused in using these new technologies. 

For example, in some countries women cannot go to the doctor alone.  Either their husbands go or the family.  And what happens to a woman who seeks genetic testing on a child and when the results are transmitted to a family-owned phone, the husband reads them and discovers he is not the child's father? The woman may face physical violence, putting her life at risk. In shaping data privacy regulations for mHealth, these types of questions need to be addressed.   

"Does everyone have the right to be protected from harms that can come from using this technology? I think everyone does have that right," said Hillary Wandall, chief privacy officer at the drug company Merck and Co., which was one of the participants in the report.  

The world of privacy laws currently is divided into three broad groups, the report found. 

The most popular is the European style of omnibus data protection, which regulates all personal information equally and allows free transfer of information across borders to those countries that have similar data laws in place.

In the United States, the approach is sectoral. Privacy concerns are addressed for specific businesses and industries, so that only certain types of personal information are regulated.

The third approach is constitutional, whereby certain personal information is considered private and inviolate, and its release would be a human rights issue, but there are no specific privacy rules in place.

These approaches affect what types of data that can be transferred via mobile health applications. In shaping new laws or regulations to cover data privacy and security, three interlocking factors need considering -- the cultural environments they serve; the flexibility needed to allow for innovation and adaption to a fast-changing arena; and the likelihood that information might be transferred across national borders, be it for storage, diagnostics or other reasons.  

The study was conducted by the international law firm Baker and McKenzie in collaboration with mHealth Alliance and with the assistance of law firms and researchers in Bangladesh, Uganda, Nigeria and Tanzania. It includes country-specific analyses of Bangladesh, Chile, India, Nigeria, Peru, Tanzania and Uganda. 

Our Standards: The Thomson Reuters Trust Principles.