New trends in e-health: privacy issues that cannot be ignored

Over the past few years, the world has been gripped by COVID-19, which has seriously affected our daily lives. Countries around the world have responded to the pandemic by introducing several measures to prevent it from spreading. For example, many countries, including Australia, have introduced applications that record the movements of individuals, allowing them to record their location at any given time. Public health authorities use the location data to track and monitor the movement of infected individuals, to learn who has been exposed to the virus, and to prevent the spread of the virus further.

Moreover, Taiwan has similar tracking measures in place. For those who have already been infected, the government uses a mobile phone positioning system to restrict the activities of infected people. Since infected people are required to stay isolated at home for a week, the location information allows the government to know if they have moved or changed their position in real-time. Although this method is used for public safety, it also compromises the privacy of the movements of those being tracked.

In an era of rapid Internet of Things (IoT) technology, our daily lives are increasingly digitised. From portable smart devices to online shopping, remote working and learning, almost everything can be made much more convenient with the help of advanced technology. However, in recent years, the rapid aging of the population and the pandemic have led to a dramatic increase in the demand for healthcare services. The shortage of healthcare workers has further fuelled the rapid development of the smart medicine sector. Moreover, the global pandemic over the past few years has accentuated the problem of insufficient and uneven distribution of healthcare resources worldwide. These phenomena highlight the prospects of integrating the healthcare industry with digital technology.

What is eHealth?

eHealth is the integration of information and communication technology (ICT) in healthcare services, which pursues more efficient and quality healthcare services. With the rapid development of technology in recent years, electronic medicine, as an essential innovative concept in healthcare, has gradually become the leading direction of future healthcare development. It incorporates information technology, data analytics and artificial intelligence (AI), primarily considered to improve current healthcare services and reduce costs (Zegers et al., 2021). This can be highly effective in improving the efficiency of medical treatment since digital health data allows medical workers to retrieve and share a patient’s health information within seconds, satisfying the need for precise and personalised healthcare. Moreover, the integration of digital technology in healthcare services is also considered to facilitate telemedicine development due to the serious healthcare gap between urban and rural areas. The internet allows patients in the countryside to receive the same medical services at a distance as in the towns, which in turn compensates for the lack of medical resources.

In addition, the large-scale development and adoption of mobile electronic devices (Sahama et al., 2013), such as the Apple Watch, Xiaomi Mi Band, or electrocardiogram (ECG) monitor, has been one of eHealth’s services in recent years. These electronic monitoring devices record the user’s activities at all times, including personal and private information, such as heartbeat, walking steps, lifestyle, and other health information. Indeed, the development of such products is also the result of the pursuit of personalised services and can be helpful in complementary medicine.

Privacy concerns in eHealth

As an emerging area, the privacy and security of services that incorporate IoT and AI have been questioned. Although privacy concerns exist in various fields, they are even more significant in the healthcare industry. It is noticeable that the privacy challenge in the medical field is due to the fact that medical data has a high sale value and can quickly become a target for cybercrime or hacking, resulting in the leakage of sensitive information (Khab & Hoque, 2009). One of the most notable recent cases of private information being breached was the unauthorised breach of Catherine, Princess of Wales’ medical record. Such breaches, however, may be more common than expected in life. Inadequate public sector regulatory frameworks (Flew, 2021; Blobel et al., 2016) and unclear attribution of responsibility for the use of data (Sahama et al., 2013) prevent data providers from having a clear understanding of how data is collected, analysed and disseminated, resulting in the possibility that people’s privacy may be unknowingly exposed.

Furthermore, large technology companies’ monopolisation of the eHealth market (Thomason, 2021) will leave healthcare providers and recipients at the mercy of a single system. All three of the above may put the database at risk of exposure. If stored data is compromised or leaked, people’s privacy will be jeopardised, healthcare costs may also increase, and healthcare efficiency may decrease.

Inadequate Regulatory Framework

The ambiguity and lack of regulatory framework are significant challenges to medical data privacy. To begin with, the development and application of digital technology in the electronic medical system is relatively rapid, and regulatory agencies and regulations may not be able to keep up with the speed of technological advancement. This is because regulations require certain thresholds to be established and amended, and the whole process is cumbersome and lengthy, which makes it even more challenging to push for the amendment of the law. Moreover, although the law requires that the service supplier provide the user with the terms of service (TOS), the content of those TOS gives the supplier great power (Suzor, 2019) as it can maximise the supplier’s commercial interest. Even if the terms are unreasonable or unfavourable to the user, the provider can do anything with the collected data as long as it does not violate legal regulations.

Additionally, eHealth services cover many areas, including medical records, information collection and storage technologies, data access, etc. However, only some aspects can be governed by regulations from the public sector (Blobel et al., 2016). For example, for those with access to or possess control over data, such regulations are not explicitly limited in statute (Sahama et al., 2013) or even listed in the TOS. Consequently, security breaches may occur in obscure regulations sections, potentially exposing sensitive information to threats and breaches if a specific part of the process is targeted or compromised.

Monopolisation of the market by large companies

A few large technology corporations may provide the electronic services or products healthcare companies use. Further, the data storage systems used by public health departments may also be introduced by these private firms, implying that the healthcare data will not only be stored and used by healthcare providers but may also be accessed by third parties such as electronic product developers. More importantly, private companies may have a monopoly in the areas they specialise in. Flew (2021) argues that governments increasingly recognise many private companies as public infrastructure. Due to the lack of competitors in the service, the firms with the right to speak have an oligopoly or monopoly in the supply channel, making the market highly dependent on them (Thomason, 2021). Suppliers may prevent other similar types of companies from joining the competition by creating high-cost barriers to entry. Once the supply market is dominated, the cost to customers of adopting the service system will increase, which will not be conducive to improving the efficiency and quality of medical care.

Privacy Challenges for Data Providers

While patients are both recipients of healthcare services and providers of data collection, they are in a relatively weak position in eHealth as medical data is derived from their medical and disease records, including personal information that could potentially identify them. Generally speaking, this information is highly private and should be subject to the highest levels of security.

Before users receive the service, as well as before data is collected, they must sign a TOS agreement regarding privacy policies and how the data will be used. Nevertheless, these clauses typically contain a great deal of legal terminology. They are vague and complex in nature, with terminology that is difficult to understand. As previously mentioned, it is formulated to benefit platform operators or service providers and facilitate their use of such data (Suzor, 2019). This means that users may find it difficult to read or understand the terms of service due to their lengthy nature, leading to a lack of informed consent.

However, users must agree to comply with the TOS to receive the services the operator provides, which also means that the supplier has the right to collect, use or research their data. It is worth noting that users have very limited transparency and control over their personal information after consent (Australian Government, 2023). This is because they do not clearly understand the service provider’s mode of operation, who will access their personal information, or what it will be used for. As a result, it is difficult for people to solve the problem of misuse of personal data even if there is a TOS.

Potential solutions to privacy concerns

Concerns about privacy and security have been among the most prominent issues facing the healthcare sector in the past and present, requiring immediate attention. It is crucial to have a proper legal regulatory system to ensure that the collection, use and research of personal information are protected by law (Sahama et al., 2013). For the sake of data security, appropriate penalties should be established for data leakage so that the companies holding the data will be punished appropriately in case of such incidents, and the industry will be warned. Furthermore, a well-established regulatory system will also help build trust in eHealth and give users a clear understanding of how their data is protected and used. The digital healthcare system will be most effective when privacy and security concerns are addressed.

In addition, there are three other potential solutions to deal with the privacy issues caused by eHealth: User-based, user control and de-identification. First, user-centred services or user-based system design is considered one of the effective ways to improve privacy challenges (Hudson & Frazier, 2014, as cited in Blobel et al., 2016). Designing the electronic medical system around the usage needs of users at the early stages of design and development can better enhance their experience. Of course, the main purpose is to protect the security of data storage. Based on the service launched by users, service recipients can have a more intuitive understanding of the system’s mode of operation and build their trust in medical workers and the service system to eliminate the concern about the leakage of private data.

Second, allowing patients to manage their health data independently can also reduce privacy concerns. (Blobel et al., 2016). Users can personally control the use of their data and decide for themselves what data can be collected and stored. Furthermore, users can better protect their privacy if they agree or disagree with specific terms when reading the TOS. According to Valdez and Ziefle (2019), patients care about different types of data to varying degrees, with people being the least likely to want their mental illness exposed. If people had the power to decide what information could be accessed, they could choose to hide their mental illness records.

Lastly, de-identification is also an effective way to address privacy issues. As the name suggests, this means excluding information that would allow the patient to be identified, including name, phone number, email address, etc., that can be directly linked to them. Anonymisation is arguably the most effective way to protect an individual’s privacy (Hu et al., 2016, as cited in Valdez & Ziefle, 2019), as anonymised data has little economic value to some extent. Even if the data is exposed, the risk of harm to the provider is very small.


In conclusion, eHealth, a critical healthcare innovation, has provided efficient and quality healthcare services. However, with its development, privacy issues have become increasingly prominent, especially in collecting, storing and using digitised healthcare data. The causes of these privacy challenges include inadequate regulatory frameworks, monopolisation of the market by large companies, and unclear privacy permissions for data providers. The solution to these problems lies not only in a well-established regulatory framework but also in user-based systems, strengthening user control over personal data and promoting de-identification technologies. Patients’ private data can be better protected under reasonable use through these potential solutions. Only when these challenges are mitigated or resolved can the healthy development of eHealth be promoted to realise people’s pursuit of safe, efficient and convenient healthcare.


Australian Government. (2023). Government Response to the Privacy Act Review Report . In Attorney-General’s Department.

Blobel, B., Lopez, D. M., & Gonzalez, C. (2016). Patient privacy and security concerns on big data for personalized medicine. Health and Technology, 6(1), 75–81.

Flew, T. (2021). Regulating platforms. Polity Press.

Khan, S., & Hoque, A. (2016). Digital health data: a comprehensive review of privacy and security risks and some recommendations. Computer Science Journal of Moldova71(2), 273-292.

Kierkegaard, P. (2015). Governance structures impact on eHealth. Health Policy and Technology, 4(1), 39–46.

Sahama, T., Simpson, L., & Lane, B. (2013). Security and Privacy in eHealth: Is it possible? 2013 IEEE 15th International Conference on E-Health Networking, Applications and Services (Healthcom 2013), 249–253.

Sethi, N., & Laurie, G. T. (2013). Delivering proportionate governance in the era of eHealth: Making linkage and privacy work together. Medical Law International, 13(2-3), 168–204.

Suzor, N. P. (2019). Who Makes the Rules? In Lawless: The Secret Rules That Govern our Digital Lives (pp. 10–24). Cambridge University Press.

Thomason, Dr. J. (2021). Big tech, big data and the new world of digital health. Global Health Journal, 5(4).

Valdez, A. C., & Ziefle, M. (2019). The users’ perspective on the privacy-utility trade-offs in health recommender systems. International Journal of Human-Computer Studies, 121, 108–121.

Zegers, C. M. L., Witteveen, A., Schulte, M. H. J., Henrich, J. F., Vermeij, A., Klever, B., & Dekker, A. (2021). Mind Your Data: Privacy and Legal Matters in eHealth. JMIR Formative Research, 5(3), e17456.

Be the first to comment

Leave a Reply