Mythbusters: Digital Health Data Protection on Engagement Platforms

Reading Time: 7 minutes

More than 1400 digital health device interactions per person per day were observed in 2020, while 30% of the world’s total data volume is accounted for digital health data. Around 350,000 health apps worldwide were available, with about 90,000+ launched in the same year. These apps monitor multiple things, from mental health management to disease-related information or medication.

So if any healthcare brand’s customers are entering symptoms in any of the apps or purchasing wearables to better their lifestyle, they’re voluntarily sharing health data with the brand.

But the question remains, how much of this data is being protected?

Is Digital Health Data at its Death Door?

$9.3M – that’s the global average cost of a healthcare data breach in 2021.

If the digital health market is expected to cross half a trillion dollars by 2027, how would you react if healthcare is the top industry for data breaches?

Yes, more and more brands have (or will have) access to their customer’s health data. The brands don’t need to spend millions anymore in collecting data from various sources. However, this doesn’t curb the data breach issues, especially with industry and data breaches rising.

A recent report by WebsitePlanet and Jeremy Fowler discusses a data breach of GetHealth, a New York-based unified solution that offers health and wellness data access for many wearables. A platform misconfiguration exposed a non-password protected database with 61 million digital health data records. The database contained wearables and fitness tracker data of Fitbit and Apple’s Healthkit.

Another instance is of a London-based digital health brand Babylon Health. The brand announced a data breach where one patient accessed another patient’s health records using the Hand app due to software malfunction.

Confidentiality, privacy, and security have been significant concerns regarding medical health data. Especially with the rising security breaches, health data privacy is becoming crucial.

That’s the reason why brands with personal health data encounters should design a regulatory environment. With privacy stipulated by GDPR, CCPA, and HIPAA, FHIR Server, most of your privacy work is already cut out for you. If you are still thinking about designing these privacy regulations and compliance, start by understanding your region-specific healthcare data privacy laws.

Digital Health Data Privacy for Various Regions

There’s a medium to a high probability that your customer’s digital health data is not secure enough. However, as a healthcare brand, if you’re following all the data privacy and security norms then you have safeguarded your customer’s data already. Consumer data protection and privacy laws across various geographies ensure that brands protect their customer’s data. Here’s how they are doing:

So these are the healthcare laws from various countries along with regulating bodies. But what about maintaining compliance? If privacy and health go hand-in-hand, so do privacy and compliance.

Establishing healthcare acts and laws fall under various government and private bodies. However, ensuring that these are adhered to is the job of healthcare brands and other vendors who help them. Most brands store healthcare data either in-house or take assistance from various third-party vendors. This scenario makes it crucial that all the parties involved in digital health data handling are aware of the laws and comply with them.

Wait for a second, though? How are regulation and compliance different from each other, you ask?

Difference between law regulation vs. compliance in healthcare

To maintain compliance with the healthcare laws, brands need to build processes and procedures to ensure stringent compliance. It is even more crucial for third-party software brands that store and process healthcare data for healthcare brands.

A customer engagement software brand like ours, MoEngage, would also need to comply with the laws and regulations.

And we are!

Building a New Data Relationship with an Engagement Platform like MoEngage

MoEngage partners with healthcare brands across geographies and recognize the importance of data privacy. Data security and privacy are imbibed in our brand’s culture from the beginning.

• We have processes to immediately contain and remove personal information from processing and storage systems upon a data subject(s) request.
• We ensure that the data stored and processed using our platform adheres to all the necessary data and security standards.
• Our ‘security by design’ structure with product managers, engineers, and compliance experts working at different levels to ensure our customers’ data is always secure.

How do we ensure that our healthcare customers’ data is secure?

• Consent forms and disclosures to process all personal data.
• Data servers at specific locations for specific geographies based on local privacy laws.
• A data protection team that creates impact assessments and trains employees on the new data privacy requirements and processes.
• Access controls and workflow approvals in the platform dashboard to allow customers to control who has access to the customer database in their organization.
• Data protection for the platform to include SAML-based (Security Assertion Markup Language) Single Sign-On (SSO) option allowing employees to sign in to their MoEngage product(s) using their organization-issued username and password.

Apart from these, we have some specific data compliance processes and certifications as well

• Security Firewall: This process limits and controls access to the dashboard to only trusted IP addresses/ranges along with a two-step verification process.
• AWS certification: MoEngage has gained certification from Amazon across multiple categories as part of our Amazon Web Services (AWS) Partner Competency Program.
• GDPR compliant: We entirely believe in safeguarding our customer’s data and privacy rights. Our platform is GDPR compliant, and we follow all the regulations stated under GDPR to ensure our customers’ rights are safeguarded.

• CCPA: MoEngage caters to customers across geographies and strictly adheres to all international and regional data privacy rules. We comply with CCPA completely to ensure that the highest level of protection is given to our customers’ database.
• ISO 27001 certification: MoEngage is ISO 27001 compliant, meaning our organization performed an extensive assessment of security risks and created ISMS (Information Security Management System). ISMS helps us comply with regulations within ISO’s (International Organization of Standardization) global information security management standard.
• SOC 2 Type 1 compliant: MoEngage follows Service Organization Controls (SOC) 2 that provides confidentiality, security, and availability of customer data. This is one of the highest standards of data security.

With over 1,000+ brands across 39+ countries who use MoEngage to send 80 billion messages to over 1 billion consumers every month, we understand the seriousness of data privacy and security. That’s why we always strive to ensure the highest level of data security and privacy protection. MoEngage constantly safeguards data and refines our privacy framework based on industry requirements.

What to Read Next

1. Want to understand the concerns when it comes to personalization vs privacy – here are 6 learnings from WhatsApp’s privacy policy update.
2. What do you need to know about GDPR compliance? Check out the five most critical aspects!
3. Is customer centricity of utmost importance for your brand? Well, here are 11 steps towards making your organizational culture customer-first!