A Novel Privacy Framework for Secure M-health Applications: The Case of the GDPR

Mobile health (M-health) applications are becoming increasingly popular as an ideal tool to monitor the long-term health conditions of a patient. They play a key role in the emerging monitoring and sensor technologies such as fitness trackers to surgical rehabs that improve the patient's safety and quality of healthcare. However, these applications, if not secure, can pose a significant risk to the privacy issues of the patient's medical data. It is necessary to ensure that there is minimal risk to patient's data privacy. The aim of this paper is to provide a comprehensive insight into the privacy requirements of the m-health application in the context of the new European Data protection regulation (GDPR). It presents a case study of an EU healthcare research project WELCOME and evaluates the privacy aspects of this project with regards to the privacy requirements of the law. WELCOME is an integrated care approach for continuous monitoring, early diagnosis, and detection of worsening events and treatment of patients suffering from Chronic Obstructive Pulmonary Disease (COPD). This paper describes the various security and privacy mechanisms implemented in different layers of the WELCOME architecture and proposes recommendations to design a secure and fully compliant mobile health application solution.