Opening the Discussion of Data Privacy in mHealth

Photo Credit: Technorati.com

During New America’s Mobile Disconnect talk on February 9th, Katrin Verclas, Co-Founder and Editor of MobileActive.org, brought up an interesting question about data privacy in mhealth – what is being done to protect patient data in mhealth projects in developing countries?

“If you are gathering sensitive health data over completely clear text and insecure SMS, somebody’s HIV status, sensitive information protected by HIPAA standards in this country, completely unregulated by development organizations, they don’t self-regulate. Countries certainly don’t have any privacy or data protection stipulations…If we are talking about mobile telephony and mobile phones in development, we need to talk about how we protect the data that we are gathering, the information that we are distributing…”

Data privacy is an important, yet undiscussed topic. As Katrin mentioned, an individual’s health information is extremely personal, especially because it can be used against the person to make them a social outcast. But there is little talked about how patient information is being protected, especially the structure and framework of data protection on a large scale. As mentioned in the white paper “Barrier and Gaps Affecting mHealth in Low and Middle Income Countries” by the Earth Institute at Columbia University, many mhealth studies expressed the need for data protection and some measures were taken. But further security steps need to be taken as projects scale into national programs.

First, security is a tough question to answer in any setting. In the U.S., there are strict laws that require health information to be protected (HIPAA). Corporations holding patient health information must internally regulate how this information is being stored and transmitted in order to avoid penalties (both monetary and brand loss) if data is lost or there is a security breach. Along with setting user policies to further protect this sensitive data, corporations also leverage security software to protect against internal and external data lost. This includes protection against network attacks or unprotected lost/stolen devices. In these cases, the companies not only spend money on security measures but also employ a team solely focused on security. Chief Information Security Officer is vastly becoming an important and necessary role with large enterprises.

But the reason for all these security measures is the value individuals and families put on the privacy of their health information. Similarly to people protecting information about their finances, people want to keep their personal and family health information private. With the stigma of specific diseases or the unknown of the future as testing, diagnosis, and treatment is occurring, individuals and families want to have the power to inform others when they are ready. Do individuals and families in other countries place the same value on their health information? My guess is very much so.

But, as Katrin mentioned, many of the countries using mobile phones for data transmission do not have strict data privacy laws to regulate how patient data is protected. This leads to a lack for incentive for development organizations to create their own data protection policies which includes user policies and technology solutions to protect the storage and transmission of patient information. The GSMA recently began a movement to support data privacy on mobile devices. This includes providing principles, guidelines and resources in order to tackle the new challenges of data protection on global mobile networks. The International Telecommunication Union (ITU) and infoDev have created the ICT Regulation Toolkit to provide insight and best practices for policy-makers, government regulators and the telecommunication sector to implement telecom policies. There is a section directly focused on Data Protection and Privacy Laws. While these are steps forward, they are more generally focused on the over telecom industry. There needs to be a greater focus on the mhealth sector as it continues to grow.

Some organizations have included data privacy in mhealth projects. eMOCHA, developed by Johns Hopkins Center for Clinical Global Health Education, is a program for Android smartphones that stores and transmits data. Included in the program is security on both the endpoint device (the smartphone) and the servers. The servers that store the data are encrypted to protect against internal leaks. The smartphones also utilized encryption to send messages. They also are password protected in order to prevent data access if the phone is lost or stolen. Dimagi has also used technology to protect both internal and external leaks. This includes individual logon passwords and full data encryption on handsets and full server database encryption and auditing of who has logged into the database. It would be great to hear from other mhealth developers to see what they are doing to protect data. As is the case with the open dialogue of discussing best practices implementing and scaling programs in the mhealth community, it would be beneficial to the sector to share advice on data privacy.

MobileActive has been focusing on data security lately with the release of their SaferMobile website. It has helped to open the discussion and provides knowledge and advice to activists, human rights defenders and journalists to better protect their mobile privacy in their jobs. Those in the mhealth community should piggyback on their work. The discussion of data protection has been brought up before, but it is time to have it on the forefront of developers and implementers minds working on mhealth projects in developing countries. The goal is to understand all issues of data privacy (from the regulatory, technological and social aspects) and how we can make sure to always be aware of the patient’s right to privacy. It will be interesting area to continue to follow, and I hope this at least opens the door to a more in depth discussion on the topic.

March 28, 2012/by actualize

Anti-corruption, Civil Society, Democracy & Governance, Elections, Originally posted on the GBI Portal

#ArabSpring Activists on How 140 Characters Help Unite

Syrian protests with a coffin being carried through the crowd

Photo Credit: Reuters

Current discourse on the Arab Spring excludes social media as the sole perpetuator of the movement—but scholars and activists alike, agree that technology has helped to unify and project, citizen’s feeling of dissent.

My previous post about last Wednesday’s Future Tense event explored some speaker’s discussion on the West’s connection with new technologies, as either aiding or embedding the revolution.

Other panelists, however, elicited a more homegrown, internal perception on how the uprisings evolved.

Merlyna Lim, Professor of at the Consortium of Science, Policy and Outcomes and the School of Social Transformation – Justice and Social Inquiry Program at Arizona State University, discussed origins of anti-Mubarak protests in Egypt.

She claimed it was rooted before the Tahir moment occurred, stemming from three stages of organization—networks, narratives and claim making—to mobilize collective action.

The first protest organized exclusively online, without physical headquarters, was arranged by Kefaya in 2004. Using a website called Misr Digital, Lim recalls, the organizers increased the reach of the oppositions movement through the websites by engaging weak ties.

After the death of Khaled Said on June 6, 2010, the participatory youth culture, added emotions onto their organizational network’s narrative—and Egyptians feared being killed.

Khaled Said’s passing changed Egyptian’s view on human rights violations, the panelist stated. While it was once an abstract narrative, they are now saw concrete infringements by the regime—such as corruption, torture, and eventual death.

Egyptians shared these contentions, spreading them by networks. “The Tahir moment was facilitated by cabs, signs, cell phones, word of mouth, SMS, and social media provided the organizing platform,” Lim alluded.

Ahmed Al Omran & Oula Alrifai Photo Credit: New America Foundation

Another panel convened by Oula Alrifai and Ahmed al-Omran discussed their firsthand perspectives on the violence in Syria, and the political and social issues of Saudi Arabia.

Alrifai, a Syrian youth activist discussed the origins of the Syrian protests. With no independent media and post-imprisonment of an Al Jazeera correspondent, she stated, social media and video were the only ways to get information about the revolutions to the outside work.

However, the connections to do so were not always available.

For activists, using cell phones with cameras was the easiest way to take pictures and record videos, but since they had no networks in the ground someimtes they had to cross the borders. Some activists, “were crossing the borders to go to Jordan to download the videos in Internet cafés and (would) come back and fight again or be on the street and protest, risking their lives,” Alrifai said.

Ahmed al-Omran, a blogger for his site saudijeans.org, discussed the excitement many have felt across the Gulf of the revolutions.

Though the demand for freedom and justice in his home country of Saudi Arabia is similar, the dynamic is different—elections do not exist, and Saudis are largely politically unaware because citizens are not allowed to, “practice politics”.

Ahmed only became aware of politics when he started blogging in 2004, as he was not raised discussing the government, but social media gave him an outlet to learn about them. “I think that the Internet and social media has given this generation a space where they can express themselves and engage with one another and talk about the issues that are typically hard to talk about in the public sphere,” he said.

Ahmed also stated that an uprising similar to Egypt will be difficult in Saudi Arabia because of the monarchy, but predicts it will occur because time is on the people’s side. “Money is a short term resolution, these issues need a fundamental solution,” Ahmed poignantly observed, “At some point the money will run out, the oil revenues will not be there forever”.

Though opinions vary on how imperative social media was to aiding the Arab Spring uprisings, almost all scholars and activists agree—it is an organizational tool that can bring like-minded individuals to collaborate for change.