Investigating Protected Health Information Leakage from Android Medical Applications
This addresses privacy and compliance issues for healthcare providers and users, but it is incremental as it builds on existing forensic methods.
The study investigated the risk of protected health information leakage from Android medical applications by forensically recovering residual data, finding that artifacts can be recovered to assess risks and aid digital forensic investigations.
As smartphones and smartphone applications are widely used in a healthcare context (e.g., remote healthcare), these devices and applications may need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. In other words, adequate safeguards to protect the user's sensitive information (e.g., personally identifiable information and/or medical history) are required to be enforced on such devices and applications. In this study, we forensically focus on the potential of recovering residual data from Android medical applications, with the objective of providing an initial risk assessment of such applications. Our findings (e.g., documentation of the artifacts) also contribute to a better understanding of the types and location of evidential artifacts that can, potentially, be recovered from these applications in a digital forensic investigation.