Data Protection, Health app compliance

Trust in eHealth: the good, the bad and the ugly

The eHealth market is one of the fastest growing in the world. Users want to access the benefits of personalised healthcare, but in doing so, they are entrusting you with their most valuable and personal data. Mess up and you risk losing that trust and killing your market.

People increasingly put their trust in eHealth apps instead of doctors. Health professionals are also ever more reliant on technology to help them do their job more effectively. The result is, eHealth is one of the fastest growing markets in the world. As an eHealth developer, you are handling some of your users' most valuable data. As a result, you are under pressure to do your best to protect their data. Get it wrong and you lose that trust. Get it right and you will reap the rewards in a multi-billion dollar market. Here, we look at the good, the bad and the ugly of trust in eHealth.

The good

There are many definitions of eHealth. But common to all of them is the idea that it involves the use of technology to improve the health of users. This can mean using data from wearables to diagnose or treat diseases. Or it could be using machine learning to offer personalised treatment. It even covers things like streamlining the delivery of care in hospitals. Whatever the definition you choose, eHealth is about doing good for your end users.

As a developer in the eHealth sector, you are in an interesting position. Users inherently want to put their trust in eHealth apps. After all, "Dr. Google" is now used by more than half of people before they go to visit a real doctor. And people like to feel more involved in their health and wellness. So, end users are prepared to trust you with some of their most sensitive data.

The bad

There is a downside of your users trust in eHealth. It is important that you do everything you can to justify that trust. You need to ensure that you have taken all reasonable steps to protect their data. This means implementing certain technical and security measures on your backend. As a minimum you should be encrypting data, implementing pseudonymization and providing proper user and permission management. But GDPR also requires you to implement additional measures such as consent tracking, right to be forgotten and immutable audit logs.

If you get it wrong, things will quickly go bad for you. Just one mistake can generate enough bad PR to kill your business stone dead. And both GDPR and HIPAA carry enormous fines. You might be completely compliant with the administrative requirements, but if your tech is not up to scratch you can still get burned.

The ugly

The really ugly thing about eHealth is it has now become a valuable target for hackers. This threatens to erode users trust in eHealth, just as the market is booming. According to reports, a health record is now many times more valuable than a stolen credit card number. Hackers sell health records to other criminals who use them to file false insurance claims and illegally purchase drugs.

At the same time, security researchers and white-hat hackers have turned their attentions to the eHealth sector. Just this year we have seen research papers on server-side security issues and assessments of the overall security of the most popular mHealth apps. One of the important points here is that such researchers will be assessing your app against the state of the art. This sort of thing turns a spotlight on you and your app. Especially since these reports are often picked up by the international press.

Maintaining trust

So, how can you maintain the trust of your users? How can you secure their data against loss. And how can you make sure you are compliant with all the necessary regulations? This is where Chino.io comes in. We specialise in secure and compliant storage for health data. Our Database as a Service makes it easy to implement pseudonymization. All data is encrypted and all keys are stored in a separate secure store. As a result, we minimise the risks for you and your users and help maintain their trust in eHealth.

If you would like to find out more about data security, please download our eBook by clicking the link below.

Author image

About Toby Moncaster

Toby is a seasoned technical author with a love of data security & networking. He spent a decade in R&D, project and product management. He received his computer science PhD from Cambridge in 2018.
  • Berlin