14 Apr Translating GDPR into the mHealth Practice

The interaction between patients and health providers through mobile apps can potentially improve the efficiency and quality of healthcare. But despite the advantages, the majority of mobile apps provide low or no security protection and there is a lack of security standards and guidelines to support its development with an adequate balance between availability and confidentiality. Since May 2018, this lack of security awareness and measures has to change. With the application of the new General Data Protection Regulation (GDPR), the European residents’ personal data processing by third parties will be stricter and more controlled. On the way to understanding how GDPR affects the content and interactions of mHealth apps, this article aims to compare how previous legislation is reflected in the interactions between users and those apps and what key changes must take place now that GDPR is in force. GDPR empowers patients to ask and receive in a simple understandable manner, information about the security measures that are applied to protect their personal data and transparently see how their personal data is processed, by whom and to what purposes. Use-case scenarios are presented to discuss the impact of GDPR key changes in the visual interactions between the user/patient and mHealth apps and how the app content can be adapted to a more objective and uncluttered view. This study provides means to easily and quickly integrate the key privacy and legislation requirements from GDPR into app visualization, improving this way availability, transparency and patients’ empowerment.

Muchagata J, Ferreira A. Translating GDPR into the mHealth Practice. In2018 International Carnahan Conference on Security Technology (ICCST) 2018 Oct 22 (pp. 1-5). IEEE.