Risk Analysis of Residual Protected Health Information of Android Telehealth Apps

Telehealth apps are growing at a rate faster than regulatory legislation and guidelines can keep pace. As a result, app developers, healthcare providers, and individual app users are left without a clear understanding of the rights and responsibilities of each party involved. Use of Telehealth apps may leave the end users’ personal health information vulnerable. Improper security within the app may leave the app provider and healthcare providers at risk legally. The goal of this paper is to examine the regulatory framework and regulatory guidance which applies to telehealth apps. In addition, a series of three case studies were conducted to examine the prevalence and nature of residual personal health data from these telehealth apps. In two of the three case studies patient health data was recovered through the app in the form of various artifacts.

[1]  Tim Storer,et al.  Recovering residual forensic data from smartphone interactions with cloud storage providers , 2015, The Cloud Security Ecosystem.

[2]  N. Ahuja,et al.  The Smartphone in Medicine: A Review of Current and Potential Use Among Physicians and Students , 2012, Journal of medical Internet research.

[3]  R. Marcoux,et al.  Telehealth: Applications From a Legal and Regulatory Perspective. , 2016, P & T : a peer-reviewed journal for formulary management.

[4]  E. Topol,et al.  State of Telehealth. , 2016, The New England journal of medicine.

[5]  Karen Colorafi,et al.  It’s Time for Innovation in the Health Insurance Portability and Accountability Act (HIPAA) , 2016, JMIR medical informatics.

[6]  S. Nepal,et al.  Facilitating Secure Sharing of Personal Health Data in the Cloud , 2016, JMIR medical informatics.

[7]  F. Lateef The Practice of Telemedicine: Medicolegal and Ethical Issues , 2011 .

[8]  Ibrahim Baggili,et al.  Forensic analysis of social networking applications on mobile devices , 2012, Digit. Investig..

[9]  Tim Storer,et al.  Electronic retention: what does your mobile phone reveal about you? , 2011, International Journal of Information Security.

[10]  Abigail A. Schachter,et al.  Data Governance and Data Sharing Agreements for Community-Wide Health Information Exchange: Lessons from the Beacon Communities , 2014, EGEMS.

[11]  Samir Chatterjee,et al.  A Taxonomy of mHealth Apps -- Security and Privacy Concerns , 2015, 2015 48th Hawaii International Conference on System Sciences.

[12]  Kim-Kwang Raymond Choo,et al.  Forensic Taxonomy of Popular Android mHealth Apps , 2015, AMCIS.

[13]  Vivian Lee,et al.  Creating the Exceptional Patient Experience in One Academic Health System , 2016, Academic medicine : journal of the Association of American Medical Colleges.

[15]  Eskinder Eshetu Ali,et al.  Evolution and current status of mhealth research: a systematic review , 2016, BMJ Innovations.

[16]  Tim Storer,et al.  Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services , 2013, 2013 46th Hawaii International Conference on System Sciences.

[17]  Farzad Mostashari,et al.  The HITECH Era and the Path Forward. , 2017, The New England journal of medicine.

[18]  Brandie Nonnecke,et al.  Personalized Telehealth in the Future: A Global Research Agenda , 2016, Journal of medical Internet research.

[19]  T. L. Lewis,et al.  mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use , 2014, Journal of medical Internet research.

[20]  N. Khalifa,et al.  Forensic telepsychiatry in the United Kingdom. , 2008, Behavioral sciences & the law.

[21]  William Bradley Glisson,et al.  Identifying User Behavior from Residual Data in Cloud-based Synchronized Apps , 2014, ArXiv.

[22]  J. Carroll,et al.  Who Uses Mobile Phone Health Apps and Does Use Matter? A Secondary Data Analytics Approach , 2017, Journal of medical Internet research.

[23]  Georgios Kambourakis,et al.  A critical review of 7 years of Mobile Device Forensics , 2013, Digit. Investig..

[24]  Richard S Larson A Path to Better-Quality mHealth Apps , 2018, JMIR mHealth and uHealth.

[25]  V. Mbarika,et al.  What is telemedicine? A collection of 104 peer-reviewed perspectives and theoretical underpinnings. , 2007, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.