Skip to main content
Springer Nature Link
Log in

Privacy and Security Issues in Mobile Medical Information Systems MMIS

  • Review
  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Mobile Medical information systems MMIS or mHealth applications support personal health and potentially improve the health sector by offering a solution to significant problems faced by the healthcare system. While espousing these Mobile Medical Information Systems, sequestration and security issues arise. Due to advanced computing and different capabilities, data security and confidentiality come major enterprises with continuously expanding mHealth operations. European Union General Data Protection (GDPR) and California Consumer Sequestration Act (CCPA) raise mindfulness; still, they need to address developing a system that meets sequestration and security conditions. This paper deals with research literature to understand current privacy and security issues and possible solutions for patients and providers using mHealth applications. This is the reason for several threats, such as information harvesting, tracking patients, relaying attacks, and denial of service attacks, which affect the confidentiality and integrity of these devices. We discussed the challenges and risks associated with Mobile Medical information systems and emphasized the need to address these concerns for widespread adoption. Mitigation strategies include robust security measures, regulatory compliance, and user awareness. We discussed the impact of privacy and security issues on healthcare, including potential harm to patients and disruptions in system functioning, reviewing laws, conducting a literature review, and assessing mHealth system applications. We emphasize the need for comprehensive security measures and continuous evaluation of security practices in mHealth, which need to be addressed to achieve quality, continuity, and portability of health services. We offer a critical and methodical assessment of the state of the art in mHealth security and privacy and suggest a methodology for creating and executing MMIS that is safe and protects privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Data Availability

All data have been included in the article.

References

  1. Zubaydi F, Saleh A, Aloul F, Sagahyroon A (2015) Security of mobile health (mHealth) systems, in IEEE 15th international conference on bioinformatics and bioengineering (BIBE), 2015: IEEE, pp. 1–5

  2. Organization WH (2011) mHealth: new horizons for health through mobile technologies. mHealth: New Horizons Health through Mob Technol

  3. Pieper B (2004) An overview of the HIPAA Security Rule, Part II: standards and specifications. Optometry (St Louis Mo) 75(11):728–730

    Article  MATH  Google Scholar 

  4. Teufel S, Holbein R (1996) Security aspects of mobile medical systems, in Proc. of the IFIP TCII WG 11.2 Small System Security

  5. Mitchell S, Ridley S, Tharenos C, Varshney U, Vetter R, Yaylacicegi U (2013) Investigating Privacy and Security Challenges of mHealth Applications,

  6. Braghin C, Cimato S, Della Libera A (2018) Are mHealth apps secure? A case study, in IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), 2018, vol. 2: IEEE, pp. 335–340

  7. Raij A, Ghosh A, Kumar S, Srivastava M (2011) Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment, in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 11–20

  8. Kumar S et al (2013) Mobile health technology evaluation: the mHealth evidence workshop. Am J Prev Med 45(2):228–236

    Article  MATH  Google Scholar 

  9. Papageorgiou A, Strigkos M, Politou E, Alepis E, Solanas A, Patsakis C (2018) Security and privacy analysis of mobile health applications: the alarming state of practice. Ieee Access 6:9390–9403

    Article  Google Scholar 

  10. Eurobarometer S (2015) Special Eurobarometer 431: Data protection. Directorate-General for Communication, ed

  11. Goddard M, The EU General Data Protection Regulation (GDPR) (2017) European regulation that has a global impact. Int J Market Res 59(6):703–705

    Article  Google Scholar 

  12. Štarchoň P, Pikulík T (2019) GDPR principles in data protection encourage pseudonymization through most popular and full-personalized devices-mobile phones. Procedia Comput Sci 151:303–312

    Article  Google Scholar 

  13. Naveed M, Zhou X-y, Demetriou S, Wang X, Gunter CA (2014) Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android, in NDSS

  14. Wazid M, Zeadally S, Das AK, Odelu V (2016) Analysis of security protocols for mobile healthcare. J Med Syst 40:1–10

    Article  MATH  Google Scholar 

  15. Knorr K, Aspinall D (2015) Security testing for Android mHealth apps, in IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2015: IEEE, pp. 1–8

  16. Knorr K, Aspinall D, Wolters M (2015) On the privacy, security, and safety of blood pressure and diabetes apps, in ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC Hamburg, Germany, May 26–28, 2015, Proceedings 30, 2015: Springer, pp. 571–584

  17. Hakone A (2015) From spam to medical identity theft: Exploring the vulnerabilities of Electronic Medical Records

  18. He D, Naveed M, Gunter CA, Nahrstedt K (2014) Security concerns in Android mHealth apps, in AMIA annual symposium proceedings, vol. 2014: American Medical Informatics Association, p. 645

  19. Insights B (2017) A Cisco Partner Network Study.(nd). Retrieved September 15, ed, 2013

  20. Souppaya M, Scarfone K (2013) Guidelines for managing the security of mobile devices in the enterprise. NIST Spec Publ 800(124):800–124

    MATH  Google Scholar 

  21. Belapurkar A, Chakrabarti A, Ponnapalli H, Varadarajan N, Padmanabhuni S, Sundarrajan S (2009) Distributed systems security: issues, processes and solutions. Wiley

  22. Elkhodr M, Shahrestani S, Cheung H (2011) Enhancing the security of mobile health monitoring systems through trust negotiations, in IEEE 36th Conference on Local Computer Networks, 2011: IEEE, pp. 754–757

  23. Pfeifer T, Covaci S (2013) Active protection of patient data by reverse cloud approach, in IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013), 2013: IEEE, pp. 716–718

  24. Choh Y, Song K, Bai Y, Levy K (2013) Design and implementation of a cloud-based cross-platform mobile health system with HTTP 2.0, in 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, : IEEE, pp. 392–397

  25. Merger O, Nitsche U, Teufel S (1997) Security concerns for mobile information systems in health care, in Database and Expert Systems Applications. 8th International Conference, DEXA’97. Proceedings, : IEEE, pp. 312–317

  26. Zanella A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32

    Article  MATH  Google Scholar 

  27. Hsu C-L, Lin JC-C (2016) An empirical examination of consumer adoption of internet of things services: Network externalities and concern for information privacy perspectives. Comput Hum Behav 62:516–527

    Article  MATH  Google Scholar 

  28. Free C et al (2013) The effectiveness of mobile-health technology-based health behavior change or disease management interventions for health care consumers: a systematic review. PLoS Med 10(1):e1001362

    Article  Google Scholar 

  29. Goel S, Bhatnagar N, Sharma D, Singh A (2013) Bridging the human resource gap in primary health care delivery systems of developing countries with mhealth: narrative literature review. JMIR mHealth uHealth 1(2):e2688

    Article  Google Scholar 

  30. Roney K Largest public hospitals in America. Becker’s Hospital Review, ed

  31. Metzger MJ, Suh JJ, Reid S, Abbadi AE (2021) What can Fitness apps teach us about Group privacy? In. Research Anthology on privatizing and securing data. IGI Global, pp 2135–2157

  32. Kuhn ML (2018) 147 million social security numbers for sale: developing data protection legislation after mass cybersecurity breaches. Iowa L Rev 104:417

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IT Center, Second Affiliated Hospital, School of Medicine, Zhejiang University, Hangzhou, China

    Yawen Xing, Huizhe Lu & Lifei Zhao

  2. School of Nursing, Hangzhou Normal University, Hangzhou, China

    Shihua Cao

Authors
  1. Yawen Xing
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Huizhe Lu
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Lifei Zhao
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Shihua Cao
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Yawen Xing wrote the main manuscript text, and Huizhe Lu and Lifei Zhao prepared Fig. 1; Table 1, and 2. Dr. Shihua Cao revised the manuscript. All authors reviewed the manuscript.

Corresponding author

Correspondence to Shihua Cao.

Ethics declarations

Competing Interests

The authors declare no competing interests.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xing, Y., Lu, H., Zhao, L. et al. Privacy and Security Issues in Mobile Medical Information Systems MMIS. Mobile Netw Appl 29, 762–773 (2024). https://doi.org/10.1007/s11036-024-02299-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-024-02299-8

Keywords