Introduction: The pandemic has led to unprecedented adoption of digital health tools in healthcare delivery, which has coincided with consumers’ increased engagement in their personal health and embrace of digital health products in their everyday life. Technological advances, increased access to data, and the rapid generation and digitization of data have led to science fiction-like innovation. The proliferation of data is prevalent throughout the healthcare product pipeline; from patient-focused mHealth applications allowing individuals to self-report all aspects of their physical and mental wellbeing, wearables measuring everything from steps and sleep to heartbeats, blood pressure, and oxygenation, to large, high throughput molecular testing instruments and sequencers found in hospital and laboratory settings. Data is generated by and accessible to both patients and practitioners at unprecedented levels, coming from these products as well as from increased access to testing. This trend has been further catalyzed by the increased interoperability and direct accessibility of medical information by consumers via application programming interfaces (APIs), which enable the consumer to connect to their healthcare providers’ electronic health or medical records (EHR/EMR). For both regulators and healthcare providers, this improved accessibility is driven by the underlying goal of instigating patient engagement, i.e., patients having a better understanding of and interest in their own health and the ability to better manage their health and wellness which - in turn - could lead to cost-savings and improved outcomes.
With these revolutionary changes, and in line with improved awareness of the sensitivity and vulnerability of data, comes an increased need for cybersecurity and privacy protection. Gone are the days when privacy and security features and controls are considered “nice to have” components of a digital health product. The ongoing slew of cyberattacks, data breaches, increased interest from regulators, and headline-worthy security flaws, in combination with the increased sensitivity and volume of health data, underscore how vital these features are.
Privacy and cybersecurity features are no longer simply checkmarks on a “long” list of product requirements needed for launch or Beta stage testing. Rather, these features are key components of healthcare products, whether to garner customer trust, gain a competitive advantage, or pass regulatory scrutiny. Companies developing these health and wellness products, already pressured to bring products to market at an unprecedented speed, may be tempted to release products that lack the very privacy or security features that customers, regulators, and users may assume - or worse expect - to be integrated. During product design, these features may also be viewed as an impediment to user experience as opposed to improving user optimization, and thus be omitted. Considerations and decisions of whether and how to include privacy and security functions are fundamental to strategizing the development of new products and maintenance throughout a product’s lifecycle. The most effective means to ensure that these capabilities and controls are integrated into digital health and mHealth products is for the manufacturers of such products to have in place fit-for-purpose privacy and security by design processes.
While the concepts of privacy and security by design are by no means new, the case for integrating privacy and security awareness and intention into the lifecycle of healthcare products and any data processed by such products is perhaps more important than ever. For mHealth and digital health products, the time is right to ensure that privacy and security by design are embedded in product and data lifecycles and the company’s very culture. Such processes and controls can and should be reframed from being an administrative burden and creative hindrance to a reward that translates into a competitive advantage and market differentiator.
Read the full publication here.