User Authentication in Smartphones for Telehealth




Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. 

Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealth


Author Biographies

Leming Zhou, University of Pittsburgh

Assistant Professor, Department of Health Information Management

Valerie J.M. Watzlaf, University of Pittsburgh

Associate Professor, Department of Health Information Management


Al Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., & Bourgeois, F. C. (2016). A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of “Bring Your Own Devices” Policies. JMIR mHealth uHealth, 4(2).

Anjarwalla, T. Inventor of cell phone: We knew someday everybody would have one. Retrieved February 12, 2016, from

Apple. (2017). About Touch ID advanced security technology. Retrieved from

Arora, S., Yttri, J., & Nilse, W. (2014). Privacy and Security in Mobile Health (mHealth) Research. Alcohol Research : Current Reviews, 36(1), 143–51. Retrieved from

Barrett, C. (2011). Healthcare Providers May Violate HIPAA by Using Mobile Devices to Communicate with Patients. Retrieved July 25, 2017, from

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. The 2015 Network and Distributed System Security (NDSS) Symposium.

Clarke, N. L., & Furnell, S. M. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119.

Crawford, H., & Renaud, K. (2014). Understanding user perceptions of transparent authentication on a mobile device. Journal of Trust Management, 1(7), 1–29.

Farhan Alam Zaidi, S., Ali Shah, M., Kamran, M., Javaid, Q., & Zhang, S. (2016). A Survey on Security for Smartphone Device. (IJACSA) International Journal of Advanced Computer Science and Applications, 7(4), 206–219.

Fernandez-Aleman, J. L., Belen Sanchez Garcia, A., Garcia-Mateos, G., & Toval, A. (2015). Technical solutions for mitigating security threats caused by health professionals in clinical settings. In 2015 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). Milan, Italy: IEEE.

Gabriel, M., Charles, D., Henry, J., & Wilkins, T. L. (2015). State and National Trends of Two-Factor Authentication for Non-Federal Acute Care Hospitals. Retrieved July 31, 2017, from

Guven, A., & Sogukpinar, I. (2003). Understanding users’ keystroke patterns for computer access security. Computers and Security, 22(8), 695–706.

Jiang, L., & Meng, W. (2017). Smartphone User Authentication Using Touch Dynamics in the Big Data Era: Challenges and Opportunities. In R. Jiang, S. Al-maadeed, A. Bouridane, P. D. Crookes, & A. Beghdadi (Eds.), Biometric Security and Privacy: Opportunities {&} Challenges in The Big Data Era (pp. 163–178). Cham: Springer International Publishing.

Kate, K., Hake, J., Ahire, S., & Shelke, H. (2017). International Journal of Science Technology Management and Research Authentication of Smartphone Users Using Behavioral Biometrics And OPass Technique, 2(1). Retrieved from

Koong, C.-S., Yang, T.-I., & Tseng, C.-C. (2014). A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices. The Scientific World Journal, 2014, 1–12.

Laghari, A., Waheed-ur-Rehman, & Memon, Z. A. (2016). Biometric authentication technique using smartphone sensor. 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), 381–384.

Landi, H. (2017). HHS OCR Launches Revised HIPAA Breach Reporting Tool. Retrieved July 31, 2017, from

Lee, J. D., Jeong, Y. S., & Park, J. H. (2014). A rhythm-based authentication scheme for smart media devices. Scientific World Journal, 2014.

Luxton, D. D., Kayl, R. a., & Mishkind, M. C. (2012). mHealth Data Security: The Need for HIPAA-Compliant Standardization. Telemedicine and E-Health, 18(4), 284–288.

Main Line Health. Multi-Factor Authentication Registration. Retrieved from

Martinez-Perez, B., de la Torre-Diez, I., & Lopez-Coronado, M. (2014). Privacy and Security in Mobile Health Apps: A Review and Recommendations. Journal of Medical Systems, 39(1).

Office for Civil Rights. The Security Rule | Retrieved September 26, 2016, from

Office of the National Coordinator for Health Information Technology. Five steps organizations can take to manage mobile devices used by health care providers and professionals. Retrieved from

Office of the National Coordinator for Health Information Technology. (2016). Breaches of Unsecured Protected Health Information. Retrieved July 25, 2017, from

Olmstead, K., & Smith, A. (2017). Americans and Cybersecurity. Pew Research Center, 1–5. Retrieved from

Pennsylvania State University. Two-Factor Authentication (2FA). Retrieved July 31, 2017, from

Pew Research Center. (2017). Demographics of Mobile Device Ownership and Adoption in the United States | Pew Research Center. Retrieved July 19, 2017, from

Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in Computing (5th Edition). Upper Saddle River, NJ: Prentice Hall Press. Retrieved from

Shafique, U., Khan, H., Sher, A., Zeb, A., Shafi, U., Ullah, R., … Ali Shah, M. (2017). Modern Authentication Techniques in Smart Phones : Security and Usability Perspective Sabah - ud - din Waqar. IJACSA ) International Journal of Advanced Computer Science and Applications, 8(1).

Sharma, S., Pathik, B., & Sahu, S. K. (2017). Review of Malware Data Classification and Detection in Smart Devices, 202–209.

Shen, C., Yu, T., Yuan, S., Li, Y., & Guan, X. (2016). Performance analysis of motion-sensor behavior for user authentication on smartphones. Sensors (Switzerland), 16(3).

Souppaya, M., & Scarfone, K. (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise.

Suarez-Tangil, G., Tapiador, J. E., Lombardi, F., & Pietro, R. Di. (2016). Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware. IEEE Transactions on Mobile Computing, 15(4), 789–802.

Teh, P. S., Teoh, A. B. J., & Yue, S. (2013). A Survey of Keystroke Dynamics Biometrics, A Survey of Keystroke Dynamics Biometrics. The Scientific World Journal, The Scientific World Journal, 2013, 2013, e408280., 10.1155/2013/408280

Teh, P. S., Zhang, N., Teoh, A. B. J., & Chen, K. (2016). A survey on touch dynamics authentication in mobile devices. Computers and Security, 59, 210–235.

Thacker, M. J., & Wilson, W. W. (2015). Telephony choices and the evolution of cell phones. Journal of Regulatory Economics, 48(1), 1–25.

U.S. Department of Health & Human Services - Office for Civil Rights. (n.d.). Retrieved July 31, 2017, from

University of Miami. Multi-Factor Authentication. Retrieved July 31, 2017, from

University of Pittsburgh. Multifactor Authentication at Pitt. Retrieved July 31, 2017, from

Yildirim, N., & Varol, A. (2015). Android Based Mobile Application Development for Web Login Authentication Using Fingerprint Recognition Feature. International Journal of Computer Science and Mobile Computing, 5(10).

Zubaydi, F., Saleh, A., Aloul, F., & Sagahyroon, A. (2015). Security of mobile health (mHealth) systems. 2015 IEEE 15th International Conference on Bioinformatics and Bioengineering, BIBE 2015, (November), 1–5.



How to Cite

Smith, K. A., Zhou, L., & Watzlaf, V. J. (2017). User Authentication in Smartphones for Telehealth. International Journal of Telerehabilitation, 9(2), 3–12.



Privacy and Security

Most read articles by the same author(s)