Revisiting mHealth with Dr. Ruchi Dass, Part 2

Today, we finish our conversation with Dr. Ruchi Dass on mobile health trends. We left off last week talking about the security issues surrounding mHealth. Below, Dr. Dass tells us more about mitigating security risks and what still needs to happen for mHealth to be fully optimized. Dr. Ruchi Dass: To mitigate the risks authentication systems raise, it is essential that they be designed to offer individuals control over their personal information by supporting traditional principles of fair information practices. While these principles have long formed the basis of federal and state law, industry rules of best practice, and international agreements related to information privacy protection, their application to authentication systems must be carefully considered and articulated so as to take into account the complex and unique questions raised by the technology. In fact, because fair information practices are often ignored in the current use of authentication, the move to new authentication systems offers implementers the ability to offer stronger privacy protections if privacy issues are addressed in the design of the technology. On the technology front, these risks may be mitigated through deployment of diverse authentication products, by decentralizing their design and limiting the amount of personal information collected. It discusses the importance of applying fair information practices to the management of authentication data. Also, computer and mobile solutions should be designed and implemented using an enterprise-wide architectural methodology. An architectural methodology helps IT by providing a framework to consider all of the major issues, highlight the interdependencies and facilitate decision making between conflicting tradeoffs. VPN Haus: What are the major barriers that need to be overcome before mHealth can be...

New Survey Finds that Healthcare IT Pros Most Concerned About Electronic Data Breach

Healthcare IT News recently asked its readers about the healthcare data breaches that worries them the most. Not surprisingly, the vast majority (80 percent) of respondents said electronic data breach/hack, while only 13% worried about hardware theft, followed by 7% concerned about the theft or loss of paper records. This trend is warranted. For instance, a recent article in the Fort Worth Star Telegram highlighted the growing trend of doctors using smartphones, tablets to access medical data. According to the story, hospitals in North America spent $7.4 billion on electronic records in 2010 – and the 2009 stimulus act has earmarked $50 billion to help government and private healthcare providers offer EHRs over the next five years. So what does this look like? Here’s an anecdote from the piece: If a patient of Arlington physician Ignacio Nuñez shows up at the emergency room when the doctor is not at the hospital, he doesn’t have to wait long to start investigating what might be wrong. The obstetrician/gynecologist can call up an expectant mother’s medical records on his iPhone, or even watch the fetus’s heartbeat on the device once the woman is connected to a hospital monitor, wherever he might be at the time. … According to AirStrip, the San Antonio software company that developed the app Nuñez uses, there is only a three- to five-second lag to get information to the physician’s mobile device. AirStrip also makes a version for cardiologists and has an upcoming version that will monitor other critical data in intensive care units and emergency rooms. Groundbreaking, indeed. But what about from a security perspective? We’d like...

Part 3, Conversation with Martin Rosner, Continua Health Alliance, on Consent Management

This week, we feature the final part of our conversation with Martin Rosner, director of standardization at Philips – North America. Rosner chairs Continua Health Alliance security and privacy discussions and contributes to relevant security initiatives within the healthcare industry. Continua Health Alliance is a non-profit, open industry organization of more than 230 healthcare and technology vendors focused on delivering interoperable health solutions. VPN Haus: How can patients manage the sharing of their health data? Martin Rosner: Sharing of health data can be realized only if there are means to prevent unauthorized access to the data and to protect it in accordance with security and privacy regulations. Furthermore, patient empowerment is an important aspect of preventative care—increasing the number of educated patients who have more control over their own healthcare increases the likelihood that conditions will be caught before they become more serious. Soon patients will have more fine-grained control over the dissemination of personally identifiable information as related to health status. Electronic consent that specifies and governs the use of patient health data will furthermore increase consistency, compliance and efficiency for both patients and healthcare providers in this process. VPN Haus: What role does Continua play in this? Rosner: Our architecture addresses several requirements enabling digital consent.  Patients should be able to define and manage their digital consent and privacy policies in a user-friendly manner, such as on an at-home device or online. Digital consent should propagate with patient data and systems of services and care providers should enforce this. Our 2011 guidelines will address the first two requirements, while work has begun to address the third requirement in...

Take Two VPN and Call Me in the Morning: Why Healthcare Solution Providers Rely on VPNs to Avoid IT Headaches

By Robert Dutt For resellers and other IT solution providers supporting healthcare clients, VPN is ubiquitous a tool as is the stethoscope their customers use every day “We will not support a client without a VPN. Period,” says Moshe Birnbaum, director of operations at EZ MSP, a Yonkers, NY-based solution provider. Fellow solution provider Stemp Systems Group, out of Long Island City, NY, considers the technology as an equally important component of its healthcare business. President and founder, Morris Stemp, says the company currently maintains some 750 VPN-based connections to its clients. So, why are VPNs so critical for healthcare solution providers? For one, VPNs are a significant part of the infrastructure these providers deploy and maintain for their customers. And, VPNs are the platform on which to build new applications and solve deep-seeded customer problems. “Part of the Infrastructure” Both EZ MSP and Stemp offer managed IT services for healthcare clients  — from doctors’ offices to hospitals. This means, in some cases, the solution providers act as a completely outsourced IT department — especially for many smaller clients. To successfully do this, solution providers need a VPN to quickly access technology on clients’ networks and to make sure everything is running as smoothly as possible. “We look at [VPN] as part of the infrastructure,” Birnbaum says. “It’s also a service opportunity that’s covered under the company’s support contract with their customers.” Stemp says that with just an IP address, his company can connect to any of its clients in seconds. To maximize uptime for customers’ mission-critical systems, the company rolls out dual redundant firewalls and Internet connections with...

Conversation with Shahid Shah on mHealth, Part 3

This week, we feature the third part in our series with Shahid Shah, an enterprise software analyst that specializes in healthcare IT with an emphasis on e-health, EMRs, data integration, and legacy modernization.  He is also founder of the popular Healthcare IT Guy blog. VPNHaus: What role does HIPAA play in mobile health? Shahid Shah: Quite a bit because mobile devices are not treated any differently than any other computing device. If you’re running any application that has patient data on it, you must treat it the exact same way. It doesn’t matter if it’s on a computer or paper. That is, privacy must be protected using the rules and regulations laid out by HIPAA. This essentially means you have encrypt data in transit and data at rest. If you’re dealing with a server and physical security, encryption at rest isn’t as big of a deal. It really comes into play for mobile devices. It’s important to point out that with healthcare application on mobile devices, it’s very difficult to enforce HIPAA regulations. Just because someone sets up a device to be secure, it doesn’t mean three months later that it’s operating that way. VPNHaus: Do you think healthcare organizations do a good job of provisioning people on-and-off the network as appropriate? Shah: Healthcare has roughly the same approach as other enterprises. That is, pretty poorly. How seriously people take provisioning is directly related to how big you are and how big your IT department is. A lot of companies do single sign-on solutions for provisioning but the most common reason for this is they don’t have central administration...