The dawn of Health 2.0: security needs quick fixin’

Short thesis

Digital health reached a tipping point: apps track our diabetes, medications, keep track of our pregnancies or periods. On the other hand, they generate a massive amount of sensitive data that is extremely valuable both for advertising and hackers. Health 2.0 is coming with 200 new health startups funded last year and a massive consumer base that’s ready to go. How about privacy and security? Way behind. David Szabo, SVP of Tresorit joins talks about what’s coming up in the world of Health 2.0 & security.


Health 2.0 empowers patients to take control of their health conditions by leveraging mobile and digital technologies. Technology helps patients and users extend doctor-patient communications, track conditions and so take better care of themselves. According to Rock Health, the number of digital health adopters doubled in the US in 2016 (compared to 2015).

However, to increase people’s trust in digital health applications and enable widespread adoption, developers and health professionals together need to solve security and privacy related challenges.

As health and medical data includes particularly sensitive information (PHI) about individuals, healthcare is one of the most targeted sector by hackers. According to a report, more than 180 health care institutions were breached in 2016, affecting around 500 to 3.6 million people each. Another striking data tells that patients’ health information is worth 10 times the value of a credit card data on the dark web.  No wonder, that a recent US research says that 89% of patients admitted to withholding information from their providers in 2016 because of security concerns.

Beyond security risks, patients’ privacy rights are often violated, too. Besides hackers, advertisers are also hungry for sensitive data of users. Free apps often share patients’ and users’ information without their knowledge with companies who the advertise to them. Privacy means that users can make educated decisions about how their data is used. To be able to do that, privacy policies should be easy-to-understand and transparent. It is not always the case. A survey from 2016 found that four-fifths of the examined diabetes apps (around 200) did not have privacy policies!

What can be the answer to all these concerns? Solutions should come from the technology community and policy makers, as well. First of all, all development has to put security and privacy to the core, and use innovative technologies to handle patient data with care. Privacy policies should need to be written in plain language. At the same time, regulations should be future-proof and outline strict data protection rules for developers and healthcare organizations. In Europe, the coming GDPR is a good first step towards this, while in the US, HIPAA ensures the same. 


This session is part of the re:health track, which is powered by BARMER.