Lessons from Project HealthDesign

Strategies for Safeguarding Patient-Generated Health Information Created or Shared Through Mobile Devices

In their discussion of Project HealthDesign, the authors describe factors to consider in protecting patient-generated health information shared through mobile devices, and make recommendations for securing that information.

In the latest phase of the Robert Wood Johnson Foundation-funded Project HealthDesign, patients receive smartphones so that they can send observations of daily living to health care providers. However, there are no clear legal standards regarding the security of patient-generated electronic identifiable health information (ePHI) that is shared with health care providers.

The authors recommend that providers involve themselves in patient information security in both provider-led and non-provider-led initiatives. They also recommend information encryption for ePHI sent via text message, educating patients about the risks of unencrypted text messages, and instructing patients to limit the extent of ePHI sent over unencrypted channels. To restrict ePHI access to only those authorized, the authors recommend employing unique user identification, automatic logoff on smartphones, and encryption. In cases where password-protected smartphones and automatic logoff are obstacles to patient compliance, the authors suggest that providers educate their patients about access risks.

It is possible to implement functional security protections for sharing health information via smartphone. This sort of information transmission may become an increasingly prevalent method of chronic disease management, and the strategies the authors suggest will likely have wider application with time.

Most Requested