Best practices and standards for privacy and security of PGHD captured via mHealth for SSI surveillance should be established and rigorously followed. Protection of patient-generated health data presents unique challenges due to its nature as data originating outside of the healthcare environment, and as data that “belongs” to patients.
SSI surveillance is enhanced with PGHD captured via mHealth due to the collection of data not being dependent on visitation to the clinic/hospital setting but rather captured within the patient home or other environments. Data collection often occurs using patient-owned devices, using a range of mobile applications, and must then be transmitted from the point of collection to the point of utilization. Using mobile devices to collect and transmit patient health data is complicated by the data security issues inherent to diverse mobile device platforms, mobile applications, and data storage solution.35 Each step in this chain raises concerns for storage and security of patients’ health information.35-40 Patients and physicians express concerns over data storage and security as a barrier to wide-spread implementation of PGHD captured via mHealth.34,40-43 Further, jurisdictional questions have been raised about data ownership in this model – while in some cases, health systems own data collected in clinic/hospital, there is not yet a precedent to determine ownership of data collected by patients at home and stored to their personal devices.37,44,45 Steps should be taken to fully address these and other questions regarding data storage, security, and ownership. Best practices and standards should be established, including meeting current regulatory standards that protect the privacy of patient health data (e.g., HIPAA). Additionally, mHealth tools and programs should seek to integrate with electronic health records systems to meet the legal, ethical, and practical demands of using PGHD captured via mHealth for SSI surveillance.
Tools and program design for PGHD captured via mHealth for SSI surveillance should address the following data storage, security, and ownership questions:
How do hardware, software, and data integration considerations impact the storage and security of PGHD? How can design of mHealth tools and programs best support data storage and security?
Physicians and patients express concern for data security. In addition, physicians express concern for data reliability and authenticity. Storage and security standards should address these twin issues by establishing methods for assuring patient privacy and authenticating the authenticity/reliability of data submitted by patients.
In addition to questions of data ownership, questions remain about which persons/entities are responsible for ongoing data storage and the ethics of potential future use of that data (e.g., data “resale”). Where and how data is housed, and how it is used, may be impacted by a variety of medico-legal and jurisdictional frameworks, and may differ by geographical location.