Balancing easier access and greater security of healthcare data

Security is a big topic for healthcare right now and has been for some years. Johan Sörmling, Managing Director at Encap Security and Head of Mobile Identity at Signicat, believes that healthcare has a great deal to learn from other markets—in particular fintech. He believes it’s important to think of app users, no matter the app, as consumers when considering how to attract and keep people using healthcare apps.
Security is a big topic for healthcare right now and has been for some years. Johan Sörmling, Managing Director at Encap Security and Head of Mobile Identity at Signicat, believes that healthcare has a great deal to learn from other markets—in particular fintech. He believes it’s important to think of app users, no matter the app, as consumers when considering how to attract and keep people using healthcare apps.

We knew that access to healthcare data was valuable, but the last eighteen months has made it clear just how vital access to data is. Governments have used data to make decisions on border control and lockdowns. Healthcare authorities have used data to prioritise vaccination programs and resources. People have been able to use published data to better understand the scale of the pandemic and make decisions on the level of risk that they feel comfortable with.

One big lesson of the pandemic has been that sharing health data is good for decision making.

Unfortunately, it’s also been a bad time for data securityOne report suggests that the industry has experienced a 51% increase in the total number of records exposed, from 2019 to 2020. Healthcare has also become a big target for ransomware, with Ireland falling victim to a “catastrophic” attack in May 2021, and Germany being attacked in late 2020. The Vastaamo hack was possibly the most damaging of all, with a security flaw in exposing its entire patient database, including email addresses and social security numbers, but the actual written notes that therapists had taken.

Healthcare data can be some of the most sensitive information that’s held about us, ranging from the mundane to the intensely private. The lesson that some of the public may take away from the last few years is that sharing data is risky, and could mean a loss of control.

If healthcare providers want their patients to install and use the apps they have created, they may need to look to the success of other sectors to better understand how they can get people on board.

Healthcare apps as consumer apps

European regulators are keen to make mobile health a reality across the continent and have been for the best part of a decade, creating regulations and legal frameworks, and funding projects through its Horizon 2020 program.

Digital health and mhealth adoption has been patchy. As an example, France has been breaking records for telemedicine and has started trials for a vaccine passport. A new healthcare act adopted in 2019 is looking to expand the country’s focus on digital health—improving interoperability, establishing a data hub and make use of artificial intelligence. Germany has also been doing similarly good work since a change in health minister in 2019 meant a new way of doing things.

Elsewhere, progress has been slower. The app designed to help monitor the spread of COVID-19 has been described as a “fiasco”, while a study from the British Medical Journal found that many mhealth apps lacked privacy controls. One report claims that 71% of healthcare apps have a serious vulnerability.

Even as people choose to engage with healthcare apps, there are going to be problems—not every app will be of the same quality, and the public’s perception may be affected by poor-quality apps. This is a problem in every sector. Maybe it’s time to learn from them?

Financial services, for example, is another sector where people have data they want to keep to themselves, and only they should have access. In recent years, there’s been a huge shift to mobile apps. One in five UK customers, for example, now use challenger banks—huge if you consider how young the fintech sector is compared to the incumbent financial sector.

For healthcare apps to do the same, maybe it’s time to think more like a fintech? 

Learning lessons from elsewhere

What is the secret to fintech success? It’s a focus on customer experience. No one should find an app difficult to use or find it confusing. If they do, they will quickly abandon the app for one that’s more welcoming, and there are many alternatives on the market.

This attention to the customer experience includes one of the most important parts of any app, authentication. It’s also the part where many businesses go wrong. Authentication tells a business that the customer returning to their app is who they say they are. Often this is done with a username and password, but this is notoriously insecure—many people reuse passwords or use passwords that are simple and easily guessed. But additional security can mean making things more difficult for the customer—and turning them away from the app due to a poor experience.

Consumers need to both be protected, and feel protected. Security needs to be just a little bit visible so that they know it is there and they feel safe. If it’s completely invisible, or in the way consumers will walk away. So how can mhealth apps solve this problem?

If mhealth apps want customers to both be secure and feel secure in their apps, they need to start using some of the techniques that have been proven elsewhere. They need to use two-factor authentication. Consumers increasingly expect this level of protection, and many are now demanding it. If you have entered a code sent to you by text, then you have used two-factor authentication, but this is not the best way to do it. SMS text messages are not secure—anyone can send them, and they can be used in what’s called a “man in the middle” attack to take over an account.

Luckily, there’s a solution thanks to where the app exists in the first place. Smartphones are smarter than ever, with face and fingerprint recognition common. Integrating these makes two factor authentication easy for the consumer. Plus the data that the smartphone has access to, such as location, means that there can be far more confidence that the person using the app is who they say they are.

READ MORE:

Any app that wants to be successful needs to look beyond its own sector for best practice. For consumers, their banking app, games and mhealth all exist on the same device, one tap away. We believe that mhealth apps cannot rely on their usefulness alone if they want customers to return to them—they will expect any app to achieve the same level of accessibility no matter if it’s offering pure entertainment or advice for good health. mhealth apps are not competing with other mhealth apps, but with every other app on a customer’s device.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

healthcare, News, Balancing easier access and greater security of healthcare data

Johan Sörmling

Johan Sörmling is the Managing Director at Encap Security and Head of Mobile Identity at Signicat, where he works alongside the technology, engineering, and sales teams to deliver secure and relevant products to its customers.

Encap Security – a software-based mobile ID solution – was recently acquired by Nordic digital identity specialists Signicat. After working together as trusted partners for over ten years, the acquisition creates a company with unparalleled breadth in identity and authentication, establishing Signicat as a mobile identity and authentication powerhouse.

Personalization is the beating heart of successful hybrid cloud

Amber Donovan-Stevens • 27th November 2021

In the post-millennial era of real world cloud deployment, the modern digitally distributed nature of businesses requires a range of infrastructure options to allow each customer to leverage a mix of cloud technologies to best suit their unique needs while optimizing the associated costs. How can we enable this kind of flexibility in the face...

The Best Ten Rated Cloud Security Management Options For Business

Erin Laurenson • 24th November 2021

Cloud Security programs that can carry out safety procedures and address or flag potential high-risk elements are now critical, allowing businesses to function normally without fearing a potential breach. To help you find the best Cloud management and security system for your business, we’ve done the research and found the top systems presently available on...

How the cloud can drive organizational sustainability goals

Amber Donovan-Stevens • 24th October 2021

Mark Hughes, RVP of UK & Ireland, Epicor, explores cloud computing’s implications for organisational sustainability practices and introduces the key findings of Epicor’s survey of technology decision-makers in the US and the UK.xplains how cloud technology can spearhead an organizations sustainability initiatives.