This week, we feature the third part in our series with Shahid Shah, an enterprise software analyst that specializes in healthcare IT with an emphasis on e-health, EMRs, data integration, and legacy modernization. He is also founder of the popular Healthcare IT Guy blog.
VPNHaus: What role does HIPAA play in mobile health?
Shahid Shah: Quite a bit because mobile devices are not treated any differently than any other computing device. If you’re running any application that has patient data on it, you must treat it the exact same way. It doesn’t matter if it’s on a computer or paper. That is, privacy must be protected using the rules and regulations laid out by HIPAA.
This essentially means you have encrypt data in transit and data at rest. If you’re dealing with a server and physical security, encryption at rest isn’t as big of a deal. It really comes into play for mobile devices. It’s important to point out that with healthcare application on mobile devices, it’s very difficult to enforce HIPAA regulations. Just because someone sets up a device to be secure, it doesn’t mean three months later that it’s operating that way.
VPNHaus: Do you think healthcare organizations do a good job of provisioning people on-and-off the network as appropriate?
Shah: Healthcare has roughly the same approach as other enterprises. That is, pretty poorly. How seriously people take provisioning is directly related to how big you are and how big your IT department is. A lot of companies do single sign-on solutions for provisioning but the most common reason for this is they don’t have central administration or the healthcare applications don’t support single sign-on. But once you have central administration, it becomes much easier.
VPNHaus: What other trends do you see in mobile health security?
Shah: The wireless sector is picking up steam because the numbers are really exciting for some people and really dangerous for others, depending on if you’re the guy handling the wireless. It’s exciting because the adoption rate in healthcare sector is significantly higher than other commercial sectors. When we think of wireless we think of mobile phones but that’s just one small area.
For the first two parts of this series, click here, and for more on upcoming trends on mHealth, see next week’s post.