Secure Mobile Health in a Pandemic
Healthcare entities can invest in the creation of better training for medical staff and technicians around the use and understanding of the data presented on mobile health devices. For example with Remote monitoring devices; better understanding of how it works, what conditions in the patient environment can affect the diagnostic readings and what HIPAA/HITECH requires of medical staff in protection of the information collected/received from these new technologies. The need for training is the same from the patient perspective; are they utilizing the devices properly?
In addition, are patients storing/caring for the technology properly so the healthcare provider has accurate results being sent. A strange example, but true a computer repair man has a video on YouTube where he was concerned because he kept getting a machine back with baby powder in it for repair. Turns out the person likes to baby powder everything post dusting their home for a fresh smell and did not realize the impact on electronic equipment. This is extreme example but a reality in education of technology and use when you don’t have control of the device and expect it to be maintained properly for the integrity of the information being collected. This is especially a concern with senior populations that are new adopters in many cases to mobile technology. Many of these mobile health technologies are aimed to assist seniors due to a higher population with limited mobility; however a quick class in how to use a technology when generationally this individual may have limited exposure to mobile technology increases poor adoption and lower results of better quality care. Both the patient and physician need to have clear understanding of the technology, how it works, it limitations and how security is being handled.
2. Ensure security is built into the mobile health solution. The utilization of mobile devices and applications have many security challenges inherent that are still being worked through from the healthcare entity perspective. The complication here is the addition of Protected Health Information (PHI) to these already mostly insecure devices/applications. In short the best role healthcare entitles can play is to work with entitles, e.g. a Covenant Security Solutions Intl, Inc, that can work with them to design into these devices security features that go beyond just encryption and password management. As noted in the above study the current cyber infrastructure in many medical facilities are basic and lack the rigor necessary to increase security of PHI, this concern is in mobile health technology as well. Cyber security providers can assist in technology developers and their adopters getting clarity on questions such as:
a. In the event a device is lost, stolen what happens? Whom does the patient and physician call to ensure PHI is protected and not accessed?
b. Clarity on where data is stored? Many of the companies bringing the technologies to bear are utilizing public cloud services for storage and retrieval of the data. This needs to be understood by both the medical facility and patient and what protections can and cannot be provided as a result of utilizing a service, e.g. Amazon cloud.
c. How does the patient and medical facility authenticate and verify access to PHI ?
d. Defining and designing security protections in medical health devices. Right now, in the limited instances we have viewed, the determination of what is enough security to protect patient data if not explicitly outlined in HIPAA or HITECH and is left to the developer. So there is a lack of standardization in how this is handled. In addition as many providers in this space are small business, it appears they are left to navigate cyber on their own with little background on what that means in a grander context of how a health insurer, hospital or physician office can or will support the security scheme if designed.
These are two key considerations for healthcare entities to manage mobile health solutions. Your technology and it's security is a critical part of the delivery of accurate and quality care to the patients you serve.
