This paper presents a case study on security and privacy implications on the design of a mobile application in digital health, the DeStress Assistant (DeSA) app, which utilizes sensing technologies and capabilities of the Internet of Things (IoT). An analysis of the applicable legislative framework is provided and selected challenges encountered during the app design are discussed, which are related with the practical implications of provisions of the international and national legislation for software applications in general as well as medical devices and handling of sensitive data in particular. We provide insights into design choices, including different possible scenarios for classification of a mobile app as a medical device and the pertaining legal risks the app developer is faced with as a consequence of possible legal obligations, and different possibilities of specifying the intended use. Also, we propose two designs of a mechanism that enables secure sharing of the patient’s health-related observations from the DeSA app with a medical professional within a treatment context. The first mechanism provides secure submission of health-related observations into a hospital information system, whereas the second mechanism enables secure short-term sharing of observations without storage.

VOLK, Mojca, STERLE, Janez, SEDLAR, Urban. Safety and privacy considerations for mobile application design in digital healthcare. International journal of distributed sensor networks, ISSN 1550-1477. [Online ed.], 2015, vol. 2015, str. 1-12, ilustr., doi: 10.1155/2015/549420.