Security is a big topic for healthcare right now and has been for some years. Johan Sörmling, Managing Director at Encap Security and Head of Mobile Identity at Signicat, believes that healthcare has a great deal to learn from other markets—in particular fintech. He believes it’s important to think of app users, no matter the app, as consumers when considering how to attract and keep people using healthcare apps.
We knew that access to healthcare data was valuable, but the last eighteen months has made it clear just how vital access to data is. Governments have used data to make decisions on border control and lockdowns. Healthcare authorities have used data to prioritise vaccination programs and resources. People have been able to use published data to better understand the scale of the pandemic and make decisions on the level of risk that they feel comfortable with.
One big lesson of the pandemic has been that sharing health data is good for decision making.
Unfortunately, it’s also been a bad time for data security. One report suggests that the industry has experienced a 51% increase in the total number of records exposed, from 2019 to 2020. Healthcare has also become a big target for ransomware, with Ireland falling victim to a “catastrophic” attack in May 2021, and Germany being attacked in late 2020. The Vastaamo hack was possibly the most damaging of all, with a security flaw in exposing its entire patient database, including email addresses and social security numbers, but the actual written notes that therapists had taken.
Healthcare data can be some of the most sensitive information that’s held about us, ranging from the mundane to the intensely private. The lesson that some of the public may take away from the last few years is that sharing data is risky, and could mean a loss of control.
If healthcare providers want their patients to install and use the apps they have created, they may need to look to the success of other sectors to better understand how they can get people on board.
Healthcare apps as consumer apps
European regulators are keen to make mobile health a reality across the continent and have been for the best part of a decade, creating regulations and legal frameworks, and funding projects through its Horizon 2020 program.
Digital health and mhealth adoption has been patchy. As an example, France has been breaking records for telemedicine and has started trials for a vaccine passport. A new healthcare act adopted in 2019 is looking to expand the country’s focus on digital health—improving interoperability, establishing a data hub and make use of artificial intelligence. Germany has also been doing similarly good work since a change in health minister in 2019 meant a new way of doing things.
Elsewhere, progress has been slower. The app designed to help monitor the spread of COVID-19 has been described as a “fiasco”, while a study from the British Medical Journal found that many mhealth apps lacked privacy controls. One report claims that 71% of healthcare apps have a serious vulnerability.
Even as people choose to engage with healthcare apps, there are going to be problems—not every app will be of the same quality, and the public’s perception may be affected by poor-quality apps. This is a problem in every sector. Maybe it’s time to learn from them?
Financial services, for example, is another sector where people have data they want to keep to themselves, and only they should have access. In recent years, there’s been a huge shift to mobile apps. One in five UK customers, for example, now use challenger banks—huge if you consider how young the fintech sector is compared to the incumbent financial sector.
For healthcare apps to do the same, maybe it’s time to think more like a fintech?
Learning lessons from elsewhere
What is the secret to fintech success? It’s a focus on customer experience. No one should find an app difficult to use or find it confusing. If they do, they will quickly abandon the app for one that’s more welcoming, and there are many alternatives on the market.
This attention to the customer experience includes one of the most important parts of any app, authentication. It’s also the part where many businesses go wrong. Authentication tells a business that the customer returning to their app is who they say they are. Often this is done with a username and password, but this is notoriously insecure—many people reuse passwords or use passwords that are simple and easily guessed. But additional security can mean making things more difficult for the customer—and turning them away from the app due to a poor experience.
Consumers need to both be protected, and feel protected. Security needs to be just a little bit visible so that they know it is there and they feel safe. If it’s completely invisible, or in the way consumers will walk away. So how can mhealth apps solve this problem?
If mhealth apps want customers to both be secure and feel secure in their apps, they need to start using some of the techniques that have been proven elsewhere. They need to use two-factor authentication. Consumers increasingly expect this level of protection, and many are now demanding it. If you have entered a code sent to you by text, then you have used two-factor authentication, but this is not the best way to do it. SMS text messages are not secure—anyone can send them, and they can be used in what’s called a “man in the middle” attack to take over an account.
Luckily, there’s a solution thanks to where the app exists in the first place. Smartphones are smarter than ever, with face and fingerprint recognition common. Integrating these makes two factor authentication easy for the consumer. Plus the data that the smartphone has access to, such as location, means that there can be far more confidence that the person using the app is who they say they are.
- Healthcare AI startup Agamon raises $3m to automate hospitals’ processes by transforming clinical text into data
- Healthcare digitisation is seriously lagging
- How healthcare CIOs can more easily innovate through interoperability
- AI in Healthcare: Applying the Automation Spectrum to Business
Any app that wants to be successful needs to look beyond its own sector for best practice. For consumers, their banking app, games and mhealth all exist on the same device, one tap away. We believe that mhealth apps cannot rely on their usefulness alone if they want customers to return to them—they will expect any app to achieve the same level of accessibility no matter if it’s offering pure entertainment or advice for good health. mhealth apps are not competing with other mhealth apps, but with every other app on a customer’s device.