Privacy In Mobile – mHealth Apps (Part I)

Author:Mr Mark Adair, Jevan Neilan and Brigid Moore
Profession:Mason Hayes & Curran

Technology is changing every industry and healthcare is no exception. In the past, you might have had to join a long waiting list to see your local GP. Today, mobile healthcare ("mHealth") allows you to download an app, consult a practitioner by video call, access your records, get diagnosed, monitor your symptoms remotely, manage your prescriptions, set reminders for treatment and that's just on your morning coffee break. mHealth may have your healthcare covered, but who is looking after your personal data stored in cyberspace?

What is mHealth?

mHealth refers to the practice of using mobile devices or other wireless technology in delivering and supporting medical care services. According to a report by Tech Ireland, health and medical technology companies have the highest rate of funding in the Irish technology sphere. By 2020 the mHealth market is estimated to be worth over €60 billion, growing at a rate of 34% annually. mHealth is effectively transforming mobile devices into a virtual healthcare support network that you can place in your pocket.

If mHealth is to have continued success, users must trust the mHealth industry and how it is regulated. There are important data privacy implications where sensitive personal data relating to individual's health is collected and processed on such a large scale.  Data harvested from a typical mHealth app could include health, fitness, lifestyle habits, stress levels and sleep. To date, there has been little collaboration between EU Member States on how to manage, organise or regulate the data protection implications for this sector.

Origins of the Code of Conduct 

The European Commission's 'eHealth Action Plan 2012-2020' sought to distinguish between self-administration of healthcare and the traditional provision of clinical care. It's not surprising that the European Commission is now addressing the lack of regulation in mHealth apps with a working set of guidelines aiming to ensure such apps are properly regulated.

In June 2016, the European Commission proposed and submitted a 'Code of Conduct on privacy for mHealth apps' (the "Code") to the Article 29 Working Party, the collective body of EU data protection authorities. Once approved, the Code will be applied in practice. App developers can, but will not be obliged to, follow the Code.  

The Code at a glance

The European Commission aims to bridge gaps in the mHealth industry, specifically the gaps in processing sensitive data and securing the...

To continue reading