Posts Tagged ‘mobile health’

Today, we finish our conversation with Dr. Ruchi Dass on mobile health trends. We left off last week talking about the security issues surrounding mHealth. Below, Dr. Dass tells us more about mitigating security risks and what still needs to happen for mHealth to be fully optimized.

Dr. Ruchi Dass: To mitigate the risks authentication systems raise, it is essential that they be designed to offer individuals control over their personal information by supporting traditional principles of fair information practices.

While these principles have long formed the basis of federal and state law, industry rules of best practice, and international agreements related to information privacy protection, their application to authentication systems must be carefully considered and articulated so as to take into account the complex and unique questions raised by the technology. In fact, because fair information practices are often ignored in the current use of authentication, the move to new authentication systems offers implementers the ability to offer stronger privacy protections if privacy issues are addressed in the design of the technology.

On the technology front, these risks may be mitigated through deployment of diverse authentication products, by decentralizing their design and limiting the amount of personal information collected. It discusses the importance of applying fair information practices to the management of authentication data. Also, computer and mobile solutions should be designed and implemented using an enterprise-wide architectural methodology. An architectural methodology helps IT by providing a framework to consider all of the major issues, highlight the interdependencies and facilitate decision making between conflicting tradeoffs.

VPN Haus: What are the major barriers that need to be overcome before mHealth can be fully optimized and deployed on a wider scale?

Dr. Dass: When we think to e-connect patients with their providers, share their medical and other data and provide care i.e. anytime, anywhere; we get surrounded with questions of adoption, value, privacy & security, interoperability and standardisation. A lot of challenges remain because on one side, health care professionals are trying to make the world more healthful and connected through the use of technology, challenges are often a result of illogical or short-sighted business choices, not the technology challenges themselves.

When our approach will be sufficiently future focussed, interoperability and security implementations wouldn’t be cost consuming anymore. Cost to access vital data will drop, HIE will be easy, security concerns will be a few and we would be able to leverage technology more to solve some of the daily problems related to health systems, operations and delivery.

Ruchi Dass is CEO of HealthCursor Consulting based in India. 

In 2010, we spoke with Dr. Ruchi Dass,  on mobile health trends. We touched base with her again to find out, nearly two years later, what’s changed – and what’s on the horizon.

VPN Haus: We last spoke in 2010, what’s the dramatic change in mHealth since then?

Dr. Ruchi Dass: There is a lot of progress, promise and action since then. The World Health Organization (WHO) is tracking mHealth progress globally and is also examining the impact mobile networks and the Internet are already having on improving access to healthcare worldwide. WHO is also learning and conceptualizing ways to multiply reach moving forward, by surveying member states on their individual mHealth activities and concerns. One hundred twelve countries responded to the WHO call with 83% indicating they have already implemented at least one mHealth initiative. South East Asia, the Americas and Europe were the regions with the highest percentage of countries reporting initiatives.

VPN Haus: You mentioned when we last spoke, secure data in transit and authentication were the major security concerns surrounding mHealth. What strides have been made in mitigating these concerns and what challenges remain?

Dr. Dass: Interoperability is still a concern in the absence of proper standardisation methodologies. There are major security concerns related todata privacy, and hence, policies need to be put in place for achieving interoperability and implementing data standards amongst all facets of health IT integration, including clinical and non clinical information. To best leverage enterprise participation and potential of online/mobile networks data exchange; authentication systems often must collect and share personally identifiable information, raising potential risks to privacy. To mitigate the risks authentication systems raise, it is essential that they be designed to offer individuals control over their personal information by supporting traditional principles of fair information practices.

Ruchi Dass is CEO of HealthCursor Consulting based in India. 

As we’ve see over the last several years, mobile security continues to dominate the headlines and trade show chatter. So how is the conversation around mobile security taking shape, so far, in 2012– what’s new and what can expect? Here’s a round-up of what top security experts and thinkers are predicting.

  • Anti-Theft Protection – “If mobile devices aren’t under attack to the extent that PCs are, mobile devices still carry a well-known security risk: they tend to get lost or stolen. That fact alone should be reason enough for businesses to take a more rigorous approach to securing mobile devices, including tracking them when they go missing, and ensuring that remote-wipe capabilities are in place should it be too difficult to recover the devices.”—Mathew J. Schwartz, journalist at InformationWeek.
  • Mobile VPN – “A VPN that is designed to easily adapt to network changes and that enables seamless mobile roaming is the best option for teleworkers. Solutions should allow devices to automatically change between 3G/4G, Wi-Fi and LAN networks, for example, redirecting the VPN tunnel without interrupting mobile computing sessions. The VPN should also automatically recognize secure and unsecure networks, activating the appropriate firewall and security policies as needed.”—Rainer Enders, CTO Americas, NCP engineering.
  • Malvertising – “Malvertising has been one of the banes of Web for years and it is starting to go mobile. Malvertising is when there are genuine looking ads that link back to fraudulent sites that can download malware to a device.”—Dan Rowinski, journalist at ReadWriteWeb.
  • Sensitive Data Breaches – “Hackers are targeting mobile platforms not just because they can but also because these devices offer a treasure of personal and financial information…2012 will likely be the year that you start doing your personal banking on a cell phone. Banks are taking heed that customers demand websites that are functional on smart phone or tablet-sized touchscreens as well as apps that put account access a touch away. With the spread of Near Field Communication technology in the newest generation of phones, this may be the year that you start to reach for the phone instead of a credit card at the checkout counter.”—Erin Nealy Cox, contributor at Forbes.
  •  Increasing Employee Protection – “Securing mobile devices goes beyond traditional network security considerations and IT security managers have to consider whether they want to have firewalls on these devices, as well as if employees are even going to allow for the installation of security controls on their smartphones and tablets.”—Andrew Hay, Senior Security Analyst at 451 Research.
  • BYOD Complacency – The bring-your-own-device (BYOD) trend doesn’t seem to worry security professionals: 44% say mobile devices present only a minor threat, compared with 25% who say they are a major threat. The numbers were similar in 2011. “Respondents who perceive mobile devices as a security threat say the loss of a device is the most significant security concern with mobile devices, and we agree. These devices are easy to lose and easy to steal, so remediating the effects of a loss or theft should be the top priority for security teams.” – Michael A. Davis, CEO of Savid Technologies, a technology and security consulting firm.
What do you consider to be the biggest mobile security trends right now?

By Sylvia Rosen

Security breaches in are, no doubt, terrible for business owners. But when dealing with the healthcare sector, these breaches intensify in their potential for causing humiliating, or potentially, dangerous ramifications.

In 2010, 42,275 people were affected by stolen, paper healthcare records, encouraging hospitals to make the switch to electronic health records. Still, industry experts say that electronic health records are still at risk from security breaches if they aren’t handled with care. Kroll Advisory Solutions found that the frequency of healthcare data breaches has increased steadily over the past six years, and the main cause is a lack of training and awareness among staff.

“Human error by employees was a major factor in health breaches, according to respondents [in the 2012 Kroll/HIMSS Analytics Report]. Of the respondents, 79% said security breaches were initiated by an employee, and 56% said breaches occurred because employees had unauthorized access to information.” – Brian T. Horowitz, health writer at eWeek.

“Any server or other data warehouse with patient health information must be securely protected. The expanded use of mobile devices offers new operational efficiencies and increased vulnerabilities. Security steps for mobile devices should be included in the action plans so that guidelines are set.” – Lisa Gallagher, senior directory of privacy and security for HIMSS.

“Another significant takeaway [from the 2012 Kroll/HIMSS Analytics Report] is that mobile devices might be great for giving clinicians information at the point of care – but they’re not so good at keeping PHI safe. Nearly a third (31%) of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 2%  in 2010 and 4% in 2008).” – Mike Millard, managing editor at Healthcare IT News.

“As healthcare organizations turn to sources like the cloud and like remote computing, one of the things I think that every healthcare organization should do is to look across its suite of applications, is for those they are not hosting, that are not running on a remote server, that are running in the cloud if you will. They should be asking the questions like, what logs are there, what security features are there, what record keeping is turned on? As we move toward portability of electronic medical records, as we move toward new and evolving systems of payment, you can be certain that the risk factors are going to change. So, I think the key is continual vigilance; you can never get to the point of saying it’s good enough. Because the best you can is say it is good enough right now, today, under the circumstances in which we find ourselves.” – Alan Brill, senior managing director at Kroll Inc.

Security breaches in the healthcare industry might be inevitable. But with employee training, awareness and advanced data encryption on devices, healthcare professionals stand a better chance at preventing their patients from turning into victims.

Sylvia Rosen is an online writer who writes on a variety of security topics, trends and tools such as document management systems