Conversation with Shahid Shah on mHealth, Part 3

by VPNHaus | 11/30/2010 | Expert Q&A

 

This week, we feature the third part in our series with Shahid Shah, an enterprise software analyst that specializes in healthcare IT with an emphasis on e-health, EMRs, data integration, and legacy modernization.  He is also founder of the popular Healthcare IT Guy blog.

VPNHaus: What role does HIPAA play in mobile health?

Shahid Shah: Quite a bit because mobile devices are not treated any differently than any other computing device. If you’re running any application that has patient data on it, you must treat it the exact same way. It doesn’t matter if it’s on a computer o

This essentially means you have encrypt data in transit and data at rest. If you’re dealing with a server and physical security, encryption at rest isn’t as big of a deal. It really comes into play for mobile devices. It’s important to point out that with healthcare application on mobile devices, it’s very difficult to enforce HIPAA regulations. Just because someone sets up a device to be secure, it doesn’t mean three months later that it’s operating that way.

VPNHaus: Do you think healthcare organizations do a good job of provisioning people on-and-off the network as appropriate?

Shah: Healthcare has roughly the same approach as other enterprises. That is, pretty poorly. How seriously people take provisioning is directly related to how big you are and how big your IT department is. A lot of companies do single sign-on solutions fo

VPNHaus: What other trends do you see in mobile health security?

Shah: The wireless sector is picking up steam because the numbers are really exciting for some people and really dangerous for others, depending on if you’re the guy handling the wireless. It’s exciting because the adoption rate in healthcare sector is si

For the first two parts of this series, click here, and for more on upcoming trends on mHealth, see next week’s post.

back to overview