By Helena Marttila-Bridge and Oliver Grazebrook

In recent years healthcare providers around the world have been looking into mobile health or “mHealth” solutions to increase productivity and reduce costs.  Examples of mHealth practices include the increased use of mobile devices by doctors and nurses to access and transmit patient health data and the use of mobile health apps by patients.

Earlier this year, the NHS published a report on mHealth, which shows the potential savings that could be achieved through the widespread adoption of mHealth applications.  According to the report, the trial use of mobile technology by a selection of UK hospitals showed an “improvement in general communication, improved access to clinical information and improved access to IT equipment.”  Importantly, users also showed a greater confidence in the security of the health data and an improvement in clinical safety due to the ready availability of up to date data.

At the same time, healthcare providers relying on mHealth solutions will need to bear in mind the restrictions imposed by the EU data protection framework, as the use of such solutions will almost always involve the processing of sensitive personal data.

For example, the use of health apps, such as apps helping users measure their food intake or measure users’ blood pressure and heart rate, requires the collection of sensitive health information.  Therefore, app developers as well as healthcare providers wishing to rely on such apps should be mindful of the data protection implications of mHealth solutions.

More specifically, the Article 29 Working Party, a group made of EU Member State data protection authorities, recently published an Opinion on apps on smart devices, which highlights a number of privacy concerns related to the deployment of apps, including the fact that apps rarely gain users’ prior consent for the processing of their personal data that is informed, specific and freely given.  This is particularly important in the context of health apps, as often the individuals’ “explicit” consent is required before their health information can be collected and used.  In light of this issue, the NHS has created a Health Apps Library of apps that it considers to be safe, one of the criteria for being admitted to the Library being whether the app complies with the UK Data Protection Act.