Privacy and security issues for mobile health platforms : Privacy and Security Issues for Mobile Health Platforms

The lives of many thousands of children born premature or ill at term around the world have been saved by those who work within neonatal intensive care units (NICUs). Modern-day neonatologists, together with nursing staff and other specialists within this domain, enjoy modern technologies for activities such as financial transactions, online purchasing, music, and video on demand. Yet, when they move into their workspace, in many cases, they are supported by nearly the same technology they used 20 years ago. Medical devices provide visual displays of vital signs through physiological streams such as electrocardiogram (ECG), heart rate, blood oxygen saturation (SpO(2)), and respiratory rate. Electronic health record initiatives around the world provide an environment for the electronic management of medical records, but they fail to support the high-frequency interpretation of streaming physiological data. We have taken a collaborative research approach to address this need to provide a flexible platform for the real-time online analysis of patients' data streams to detect medically significant conditions that precede the onset of medical complications. The platform supports automated or clinician-driven knowledge discovery to discover new relationships between physiological data stream events and latent medical conditions as well as to refine existing analytics. Patients benefit from the system because earlier detection of signs of the medical conditions may lead to earlier intervention that may potentially lead to improved patient outcomes and reduced length of stays. The clinician benefits from a decision support tool that provides insight into multiple streams of data that are too voluminous to assess with traditional methods. The remainder of this article summarizes the strengths of our research collaboration and the resulting environment known as Artemis, which is currently being piloted within the NICU of The Hospital for Sick Children (SickKids) in Toronto, Ontario, Canada. Although the discussion in this article focuses on a NICU, the technologies can be applied to any intensive care environment.

Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions). Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent. Conclusion The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1) the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2) consensus on the treatment of foreign and commercial partnerships; (3) the development of risk models and risk management processes; (4) development of technical infrastructure to support the credentialing process associated with research including human subjects; (5) exploring the feasibility of developing large-scale, federated honest broker approaches; (6) the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7) community development of requisite HIPAA and research ethics training modules by federation members; (8) the recognition of the need for central auditing requirements and authority, and; (9) use of two-protocol data exchange models where possible in the federation.