Digital public health: data protection and data security

Digital public health applications are becoming increasingly popular; for example, about 45% of smartphone users have health or fitness apps on their devices. Most of these applications transfer the user's personal data to the provider of the health app. Application providers must comply with t...

Full description

Saved in:
Bibliographic Details
Published inBundesgesundheitsblatt, Gesundheitsforschung, Gesundheitsschutz Vol. 63; no. 2; p. 206
Main Authors Kunz, Thomas, Lange, Benjamin, Selzer, Annika
Format Journal Article
LanguageGerman
Published Germany 01.02.2020
Subjects
Computer Security
Germany
Humans
Public Health
Software
Germany
Technical requirements
Health apps
Health data
Legal requirements
GDPR
Online AccessGet full text

Cover

More Information
Summary:Digital public health applications are becoming increasingly popular; for example, about 45% of smartphone users have health or fitness apps on their devices. Most of these applications transfer the user's personal data to the provider of the health app. Application providers must comply with the relevant data protection statutes.In this article we provide a survey of important data protection requirements and the necessary technical measures for data security that the provider of a health app must observe. This includes - amongst other things - mechanisms for consent, determination of and compliance with the legitimate purposes of the processing, and the granting of so-called "rights of the data subject" (e.g. right of access). Furthermore, the provider of the health application must follow best practice recommendations from the area of data security. Therefore, the provider must ensure that, for example, unauthorized access, manipulation, loss, and destruction of personal data are prevented by appropriate technical and organizational measures. State-of-the-art procedures such as encryption, rights management, securing integrity, pseudonymization, and logging are some examples of technical and organizational measures. When implementing these measures, it must be taken into account that the processing of health data generally entails high risk for the rights and freedoms of the data subjects and that unauthorized access to and/or manipulation of data, for example, can lead to the publication of a stigmatizing diagnosis or incorrect medication.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
ObjectType-Review-3
content type line 23
ISSN:1437-1588
1437-1588
DOI:10.1007/s00103-019-03083-w