The UK will need to create standards similar to those for HIPAA app security after the NHS has announced that it will be funding the development of health apps and wearables that will access medical data.
The £4billion digital programme will also create a new NHS.uk website for patients to book appointments, view their medical records and order prescriptions. This is part of a plan to cut costs and make the NHS more efficient for patients.
The plans for NHS sponsored apps that will link to a database of patient’s medical records is a concern and begs the question about the need for a security framework similar to that of HIPAA app security. The use of wearables in this context also raises questions about security standards in the IoT space.
The regulations for HIPAA app security aim to protect the confidentiality and security of healthcare information between health care institutions and businesses related to the health insurance industry in the United States.
This includes advice on measure for proper encryption and authentication and research shows that health apps in the US that are outside the remit of HIPAA app security standards put sensitive data at risk.
The NHS’s proposal need to consider the high risks around privacy and security, especially since the data these apps will require is valuable on the black market and dark web. This risk is higher given that the NHS has failed to protect patient data on a number of occasions and is in fact in one of the worst performing sectors in the terms of the number of data breaches reported.
These apps will need a robust security testing framework to monitor any issues that might lead to hacking and the NHS ought to learn from American approach to health data protection.
Read more about the NHS’s plans for health apps on the BBC.