New research aimed at providing policymakers, mobile health practitioners, and governments with a privacy law framework – which can be tailored to different cultures and environments – shows that greater trust needs to be built up between those receiving mobile health care and those providing it.

Entitled ‘Patient Privacy in a Mobile World’, the report – which reviews privacy and security policies surrounding mhealth – is backed by the mHealth Alliance (whose partners include the Vodafone Foundation), the Thomson Reuters Foundation, Merck (a global healthcare provider) and Baker & McKenzie (a business consultancy).

“Mobile health has the potential to improve health and wellbeing on a global scale, and this research now provides important guidance as to how this can be achieved while still protecting patient privacy,” said Roy Birnbaum, counsel in Merck’s International Law department and coordinator of Merck’s international pro bono programme.

Since the project was announced last November, the partner organisations have examined seven geographically diverse countries where mhealth projects are already underway in order to research and analyse the current status of laws and regulations that address health data security. These are Bangladesh, Chile, India, Nigeria, Peru, Tanzania, and Uganda.

Using “core principles present in existing privacy laws”, the report identifies guidelines for future regulation in areas such as scope of coverage, notice and consent requirements, data minimisation (or the reduction of irrelevant data collections, uses, and transmissions), data security, integrity and accessibility, data transfers, and enforcement and sanctions.

“In order for mHealth to reach scale, we have to build greater trust among the recipients of mHealth solutions in the privacy and security of their health data,” said Patricia Mechael, executive director of the mHealth Alliance. “The findings and recommendations from this research will help move the needle on mHealth privacy, and offer a valuable framework for how to proceed on complex issues related to securing health data.”

The report’s authors, however, are at pains to stress that they do not advocate one universal model law for the entire world. They conclude that a one-size-fits-all approach is simply not appropriate in the privacy context and much less in an environment, such as mobile health, where the technology is continually evolving.

The report says that efforts at legislative reform to address mobile health privacy and security concerns on the national level must first take stock of the cultural, technological, and legal context.

As well as providing a broad legal framework, the research also provides recommendations for ensuring the security of health data that is collected and transmitted over mobile devices.

The research was published by the Thomson Reuters Foundation through TrustLaw Connect, the global pro bono service that aims to “amplify the impact of NGOs (non-government organisations) and social enterprises by connecting them with the best lawyers around the world”.

“By connecting the mHealth Alliance with Baker & McKenzie and Merck and by shaping the scope of the project, the Foundation has played a vital role in generating outstanding and groundbreaking legal research,” said Monique Villa, CEO of the Thomson Reuters Foundation. “This collaboration is evidence that pro bono can bring together people from different sectors to achieve real impact.”