Iberian Journal of Information Systems and Technologies, No 13 (2014), 35-50, Jun 2014

Seguridad y Privacidad en Carpetas Personales de Salud para Android e iOS

Belén Cruz Zapata, Antonio Hernández Niñirola, José Luis Fernández-Alemán, Ambrosio Toval



Durante los últimos años, el uso de dispositivos móviles como teléfonos inteligentes y tabletas ha suscitado gran interés entre los proveedores de servicios de salud en el mundo de la mSalud. Las Carpetas Personales de Salud (en inglés Personal Health Record o PHR) móviles proporcionan numerosas ventajas y aunque hay estudios que indican que los pacientes están dispuestos a utilizarlos, los índices de uso son aún bajos. La seguridad y la privacidad han sido identificadas como una importante barrera para lograr su amplia adopción. Haciendo uso de un método adaptado de la revisión sistemática de literatura se identificaron 24 PHRs móviles para Android e iOS. La seguridad y privacidad de estos PHRs móviles fueron evaluadas usando un cuestionario de 12 preguntas. Nuestra investigación muestra que los desarrolladores de PHRs móviles han de mejorar sustancialmente sus políticas de privacidad.




mSalud; Carpeta Personal de Salud Móvil; Android; iOS.


Al-Nayadi, F., & Abawajy, J. H. (2007). An Authentication Framework for e-Health Systems. In 2007 IEEE International Symposium on Signal Processing and Information Technology (pp. 616–620).
Archer, N., Fevrier-Thomas, U., Lokker, C., McKibbon, K. A., & Straus, S. E. (2011). Personal health records: a scoping review. Journal of the American Medical Informatics Association, 18(4), 515–522.
Aungst, T. (2013, July 12). Apple app store still leads Android in total number of medical apps. iMedicalApps. Retrieved October 17, 2013, from http://www.imedicalapps.com/2013/07/apple-android-medical-app/
Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., & Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software, 80(4), 571–583.
Carrion, I., Fernandez Aleman, J., & Toval, A. (2012). Personal Health Records: New Means to Safely Handle our Health Data? Computer, 45(11), 77–33.
Carrión Se-or, I., Fernández-Alemán, J. L., & Toval, A. (2012). Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies. Journal of Medical Internet Research, 14(4), e114.
Cliff Saran. (2014, February 24). Apple users at risk of SSL man-in-the-middle attacks. Retrieved July 4, 2014, from http://www.computerweekly.com/news/2240214897/Apple-users-at-risk-of-SSL-man-in-the-middle-attackDirective2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, § Official Journal of the European Communities (2002). Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:en:PDF International Organization for Standardization. (2011). ISO/TS 13606-4:2009: Health informatics -- Electronic Health Record Communication -- Part 4: Security. Retrieved from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50121
Eysenbach, G., & Köhler, C. (2004). Health-related searches on the Internet. JAMA: The Journal of the American Medical Association, 291(24), 2946. doi:10.1001/jama.291.24.2946
Fernández Alemán, J. L., Hernández, I., & Sánchez García, A. B. (2013). Opinion survey on the use of personal health records in the Region of Murcia (Spain). Gaceta sanitaria / S.E.S.P.A.S, 27(5), 454–458.
Fernández-Alemán, J. L., Se-or, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: a systematic literature review. Journal of Biomedical Informatics, 46(3), 541–562.
Huba, N., & Zhang, Y. (2012). Designing patient-centered personal health records (PHRs): health care professionals' perspective on patient-generated data. Journal of Medical Systems, 36(6), 3893–3905.
Jahns, R.-G., & Houck, P. (2013). Mobile Health Market Report 2013-2017. Retrieved November 23, 2013, from http://www.research2guidance.com/shop/index.php/mobile-health-trends-and-figures-2013-2017
Kaelber, D., & Pan, E. C. (2008). The Value of Personal Health Record (PHR) Systems. AMIA Annual Symposium Proceedings, 2008, 343–347.
Kharrazi, H., Chisholm, R., VanNasdale, D., & Thompson, B. (2012). Mobile personal health records: An evaluation of features and functionality. International Journal of Medical Informatics, 81(9), 579–593.
Kobsa, A. (2007). The Adaptive Web. In P. Brusilovsky, A. Kobsa, & W. Nejdl (Eds.), (pp. 628–670). Berlin, Heidelberg: Springer-Verlag.
Landis, J. R., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33(1), 159–174.
Li, M., Yu, S., Ren, K., & Lou, W. (2010). Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings. In S. Jajodia & J. Zhou (Eds.), Security and Privacy in Communication Networks (pp. 89–106). Springer Berlin Heidelberg.
Liu, L. S., Shih, P. C., & Hayes, G. R. (2011). Barriers to the Adoption and Use of Personal Health Record Systems. In Proceedings of the 2011 iConference (pp. 363–370). New York, NY, USA: ACM.
Lober, W., Zierler, B., Herbaugh, A., Shinstrom, S., Stolyar, A., Kim, E., & Kim, Y. (2006). Barriers to the use of a Personal Health Record by an Elderly Population. Proceedings of the AMIA Annual Symposium, 2006, 514–518.
Markle Foundation. (2003). Connecting For Health: The Personal Health Working Group Final Report. New York, NY. Retrieved from http://www.policyarchive.org/handle/10207/bitstreams/15473.pdf
Microsoft HealthVault. (n.d.). Microsoft HealthVault. Retrieved April 3, 2014, from http://www.healthvault.com
Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. Annals of Internal Medicine, 151(4), 264–269.
MyActiveHealth. (n.d.). MyActiveHealth. Retrieved April 3, 2014, from http://www.myactivehealth.com
Oh, H., Rizo, C., Enkin, M., & Jadad, A. (2005). What is eHealth (3): a systematic review of published definitions. Journal of Medical Internet Research, 7(1), e1.
Palmer, S. (2007). Web Application Vulnerabilities: Detect, Exploit, Prevent. Syngress Publishing.
Pino, F. J., García, F., & Piattini, M. (2006). Revisión Sistemática de Mejora de Procesos Software en Micro, Peque-as y Medianas Empresas. Revista Espa-ola de Innovación, Calidad E Ingeniería Del Software, 2(001), 6–23.
Rodrigues, P., & Santos, H. (2013). Health users' perception of biometric authentication technologies. In Proceedings of the IEEE 26th International Symposium on Computer-Based Medical Systems (pp. 320–325).
Stone, P. (2002). Popping the (PICO) question in research and evidence-based practice. Applied Nursing Research, 15(3), 197–8.
Tang, P. C., Ash, J. S., Bates, D. W., Overhage, J. M., & Sands, D. Z. (2006). Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption. Journal of the American Medical Informatics Association, 13(2), 121–126.
US Department of Health and Human Services, Office for Civil Rights. (2008). Personal Health Records and the HIPAA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf
Van De Belt, T. H., Engelen, L. J., Berben, S. A., & Schoonhoven, L. (2010). Definition of Health 2.0 and Medicine 2.0: A Systematic Review. Journal of Medical Internet Research, 12(2).
Van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International Journal of Medical Informatics, 78(3), 141–160.
Weitzman, E. R., Kaci, L., & Mandl, K. D. (2010). Sharing Medical Data for Health Research: The Early Personal Health Record Experience. Journal of Medical Internet Research, 12(2), e14.
World Health Organization. (2011). mHealth: New horizons for health through mobile technologies. Retrieved from http://www.who.int/goe/publications/ehealth_series_vol3/en/
Wu, K.-W., Huang, S. Y., Yen, D. C., & Popova, I. (2012). The effect of online privacy policy on consumer privacy concern and trust. Computers in Human Behavior, 28(3), 889–897.
Zuniga, A. E. F., Win, K. T., & Susilo, W. (2010). Biometrics for Electronic Health Records. Journal of Medical Systems, 34(5), 975–983.

Full Text: PDF

Iberian Journal of Information Systems and Technologies (RISTI, ISSN 1646-9895)

Copyright @ 2006-2014 by ACADEMY PUBLISHER – All rights reserved.