Exactly how secure are the mobile health apps we use? Arxan Technologies set out to find that answer with its 5th Annual State of Application Security report. The new research assessed 71 popular mobile health apps from the US, UK, Germany, and Japan. It also examined the perception of app users and app executives in regards to the level of confidence they have in the security of their applications. Arxan discovered a huge discrepancy between consumer confidence in the level of security and the degree to which organizations address known application vulnerabilities.
Below are some of the report’s key findings:
Mobile health apps approved by regulatory/governing bodies are just as vulnerable as other mobile apps. Eighty-four percent of the US FDA-approved apps tested did not adequately address at least two of the OWASP Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.
Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. Ninety-five percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.
HIMSS released the results of the 2015 HIMSS Mobile Technology Survey at the annual HIMSS conference. This year’s study, of more than 200 healthcare provider employees, found that nearly 90 percent of respondents are utilizing mobile devices within their organizations to engage patients in their healthcare. The report also showed that respondents believe that mHealth technologies are beginning to drive cost savings and improve the quality of care delivered.
The adoption of mobile technologies has been rapid in recent years with 90 percent of American adults owning a mobile device. The healthcare industry continues to keep up, as these technologies are critical to the industry’s shift to patient-centered and value-based care. Respondents of this year’s survey reported leveraging a variety of mobile tools including: app-enabled patient portals (73 percent), telehealth services (62 percent) and text communications (57 percent). Of these technologies, 36 percent of respondents believe the use of app-enabled patient portals is the most effective tool in patient engagement to date.
“mHealth continues to evolve as a tool to drive healthcare efficiencies. The proposed Meaningful Use Stage 3 rule realizes this with the concept of APIs and patient generated health data, and this year’s survey showed that the wide spread availability of mobile technology has had a positive impact on the coordination of patient care,” said David Collins, senior director of HIMSS mHealth Community.
According to a new report from InMedica, a subsidiary of IMS Research, American healthcare providers are turning to telehealth in large numbers to help cut costs and projects patients using telehealth services to grow by nearly a factor of six by 2017. While 51 percent of HIMSS Mobile Technology Survey respondents indicated budget tolls as a key barrier to further implementation of mobile technologies, 54 percent indicated they had achieved cost savings when asked if the deployment of mobile technology had a positive effect in this capacity. Specifically, areas of impact included preventative support care (24 percent), telehealth interventions (23 percent) and resource utilization (21 percent).
Guest post by Komal Papneja, IT research and marketing expert, Calance.
It’s time for healthcare organization to conduct a routine checkup on their data management and storage capabilities. Wondering why? To put this into perspective, Kaiser Permanente, nation’s largest health plan based out of California alone manages 26 to 44 petabytes of data from its electronic health records only. And if you are wondering how much is that, it would take around 223,000 DVDs (4.7 GB each) to just hold 1 petabyte of data, according to a Delloittestudy. Now couple this issue of data explosion with the HIPAA/HITECH compliance regulations and you see healthcare industry struggling to keep pace with the emerging technologies. Gone are the days when you could manage data with pen and paper…or even in onsite data centers.
Data explosion has become a generic problem with US healthcare organizations, says Gaurav Garg, vice president – healthcare solutions at Calance Corporation. While working with a large US Healthcare provider, team Calanceobserved that their data was growing at the rate of 50TB per month and also that their onsite data centers will soon run out of capacity. Healthcare organizations in general need a secure, future-proof, and compliant solution that can help eliminate data explosion while remaining cost-effective. This is where hybrid cloud solution comes in.
Why hybrid? Because hybrid cloud model allows for tighter security than traditional public cloud while offering more flexibility than a private cloud. Here is a detailed overview of how a hybrid cloud solution can help healthcare industry overcome the biggest IT challenge which is – data explosion.
Get Storage Space Scaled for You
Critical patient data, confidential communications, and medical records, everything is stored digitally. There is always a need for more storage space. And hybrid cloud gives you that storage space without having to spend IT dollars on in-house data center expansion or to pay for under-utilized capacity. This enables maximum elasticity and efficiency. You only pay for the space you use! But that’s with every cloud model, whether private, public, or hybrid. What makes hybrid more suitable for healthcare industry then? Keep reading as we unfold a few reasons.
Guest post by Tom Giannulli, MS, MD, chief medical information officer, Kareo.
It seems like everywhere you look there is a new piece of wearable technology to help people monitor their health and lifestyle. The latest and greatest, of course, is the Apple Watch, which hit the newswire with a bang last month.
There is no doubt that mobile health apps and wearable technology and devices are big business. Both patients and clinicians are using mHealth apps on their smartphones and other devices. There are tens of thousands of these apps, and the Robert Wood Johnson Foundation says this number will grow by 25 percent a year. Their research also shows that by 2018 1.7 billion people worldwide will download a health app.
Despite what the media may say, the fact is most people aren’t using these apps and devices yet according to a new study from Technology Advice. Their research found that nearly 75 percent of adults do not track their weight, diet, or exercise using a fitness tracking device or app and most cited reason was general lack of interest.
However, one interesting thing to note is that more than half said they would be more likely to use a health tracking app or device if there was a possibility of lowering their insurance premiums. Just over 40 percent said better advice from their healthcare provider would be a possible incentive to use a fitness tracker.
Guest post by Scott Parker, senior marketing analyst, CureMD.
Healthcare needs to be efficient in delivering care to the patient. What if iPad and iPhone apps provide the services healthcare professionals need? Wouldn’t that be a dream come true? The mobile healthcare market is talk of the town in healthcare circuits. The amazing thing is, mostly mobile EHRs are free. Soon to be launched CureMD’s app Avalon will be free too. It is free because you only pay for the services you use.
Medical history on fingertips: Healthcare professionals only dreamt about a day, when the ease of access in terms of patient data could take a step further, and somehow make them get off their boring computer screens. All of patient’s data is just a few taps away with mobile EHR. Providers can access an up-to-date list of current and past diagnoses of the patient; along with list of medications the patient has been formally prescribed.
Empowering patients: Mobile EHRs are not just for care providers. They are for patients as well. Patients can use mobile EHR to view their test results along with clinical summaries of their visit to the practice. They can keep track of their vaccinations, making it convenient for the providers and staff to arrange an appointment. If providers are able to empower patients through mobile EHR they are essentially empowering themselves.
Accurate sharing of patient information: Mobile EHRs provides a coordinated system of care through its function of interoperability. It allows for secure exchange of data among multiple providers, practices and healthcare facilities in real-time. This will provide a better support structure for informed clinical decisions. All in all, it reduces manual medical errors caused by humans trying to provide information through lethargic channels.
Guest post by John Sung Kim, CEO of DoctorBase.com.
As been reported here and many other industry publications – patient use of mobile health apps is skyrocketing. So why can’t we email our doctors yet?
Since 2010, vendors of patient communications applications have seen a gradual uptick in healthcare providers who accept email from patients, but they are often for special circumstances and providers generally do not make their email address available to their entire patient tablet. When asked in an informal survey of 500 small to medium sized practices (SMB defined here as one to seven doctors in a single location) the top three reasons for not accepting patient email in 2011 were:
1) Lack of reimbursement
2) Potential to divest the practice of traditional in-office revenue
3) Security issues
In the same survey when asked how many doctors offered their email address to their patients the respondents indicated –
1) All my patients – less than 3%
2) In special circumstances – more than 22%
3) Rarely – more than 74%
4) If they were paid for their email response time – 46% said they would accept email from their general patient tablet if the reimbursement came direct from patients and bypassed payer paperwork.
That same survey in 2012 yielded as the top three reasons for not accepting patient email —
1) Lack of reimbursement
2) Potential to divest the practice of traditional in-office revenue
3) Security issues
When asked how many offered their email address to their patients the respondents indicated –
1) All my patients – less than 6%
2) In special circumstances – more than 37%
3) Rarely – more than 56%
4) If they were paid for their email time – 66% said they would accept email from their general patient tablet if the reimbursement came direct from patients and bypassed payer paperwork.
The lack of reimbursed time continues to be the primary concern for providers as they wrestle with the increasingly mobile and digital world of communications, with divesture of traditional in-office revenues as a close second. One thing not mentioned in the stats above was that “HIPAA compliance and security concerns” was a distant third behind economic factors in both annual surveys.
While we saw the explosion of smartphone sales from 2011 to 2012, the number of doctors offering their email address to their general patient tablet grew very little (about 3%) while the biggest gain was in doctors who offered their email in “special circumstances.”
From this sampling we can potentially infer that economic forces – not security – is the primary driver in doctors offering their patients email services. And who can blame them – would we work for free?
Most of those surveyed were small to medium sized (SMB) group practices that ranged from specialties such as OB/GYN to Internal Medicine. As such, the statistical significance is more relevant to this segment of the provider market. As well, the patient communications industry is in its infancy and coming regulatory changes with HIPAA Omnibus 2013 and Meaningful Use Stage 2 may affect provider behavior in the next 24 months. Surveys conducted using Surveymonkey.
The inventor of the first Cloud-based contact center and founder of Five9.com, John Sung Kim is the current CEO of DoctorBase.com – the leading provider of mSaaS (Mobile Software as a Service) that allows healthcare providers to easily monetize mobile communications with patients.
Guest post by Stein Soelberg, director of marketing, KORE Telematics
As a provider of machine-to-machine (M2M) wireless networking services specifically designed for connecting mHealth solutions, KORE is approached every day with new use-case scenarios where telemedicine can provide life-saving or quality-of-life improving solutions for patients.
Currently, there are many health conditions that are being positively affected by the growth of mHealth applications; however, the top five health conditions for telemedicine treatment are active heart monitoring, blood pressure, diabetes, prescription compliance and sleep apnea.
1. Active heart monitoring. For at-risk patients, wireless heart monitoring devices have already proven to reduce hospitalization through early detection of heart failure. In addition, these devices are able to limit the time that physicians spend looking at data that is not pertinent, since they only send notifications with information that is outside an acceptable range.
2. Blood pressure. Wireless sensor nodes have become cost-effective, compact and energy efficient, which allows for continuous cycle reporting and electronic dispatch in urgent situations. It is important, however, to distinguish in this category between “critical monitoring” and “convenience monitoring.” The former are able to account for stress, eating habits and other external triggers more completely and pinpoint life-or-death issues. The latter are iPhone Apps for the health conscious consumer.
3. Diabetes. Wireless glucose monitoring devices can send alerts to patients and doctors alike when values move outside an acceptable range. These devices can also monitor for dietary intake to help impact a patient’s lifestyle choices.
4. Prescription compliance. On the surface this is an easy one. Patient health risks — and the risk of hospital admission — get greatly reduced by patients taking their medications as directed. But there is also a need to ensure that people take entire drug courses and eliminate the potential for re-prescribing. Literally billions of dollars each year reach their expiration date in patient’s medicine cabinets. Additional intangible benefits include fewer provider phone calls, and even shorter wait times in provider offices, by eliminating visits from improper prescription utilization.
5. Sleep Apnea. The thing that is really interesting about telemedicine devices for sleep apnea is that they can handle both investigatory and direct treatment. The two-way nature of the device can report on sleep patterns, body position and breathing to refine research and treatment course for any given patient. There is a direct cost saving here as well, since the devices directly eliminate the need for expensive Polysomnography exams and limit the need for overnight hospital stays, on an ongoing basis.
These mHealth applications are helping to promote more efficient use of medical equipment and resources, ensuring that devices and medication are being used as prescribed, improving patient outcomes by providing real-time data, improving patient quality of life, decreasing treatment costs and minimizing travel to and from offices and hospitals to allow for ease in care. Overall, the rise of mHealth/telemedicine will drastically and positively affect the lives of patients with a wide variety of health conditions.
Stein leads a team whose responsibility is to own the branding, advertising, customer engagement, loyalty, partnership and public relations initiatives designed to propel KORE into the 21st century. With more than 15 years of technology marketing experience in the business to business software, Internet services and telecommunications industries, Stein brings a proven track record of launching successful MVNOs and building those brands into leaders.
In a great new white paper, “Essential Enterprise Mobile Security Controls,” sponsored by Blackberry and posted by Tech Target, mobile device security is the feature show. As it continues to be the main event for mobile technology, mobile devices will continue to be used to carry high-value personal and company information, as expected.
When personal devices are disconnected from company networks, security risks were relatively low, according to the report, but as the technology permeates and its use becomes even more closely connected to the work environment, the risks to security increase significantly.
Apparently things have been pretty slow until now, but that’s not likely to last. The turning point is here and hackers are on the move, including on iPhones, as well as the Android market place. Given these continual threats, and the importance of the data healthcare organizations protect, the need for improved mobile security controls an imperative for any organization looking to leverage mobility for competitive advantage.
According to the report, “A key challenge for improving mobile security is to understand what tools are available and how they can be leveraged.”
The following is a list of must-have mobile device security controls to protect workers and organizations, again according to Blackberry:
Device security. Remote lock, wipe and backup/recovery can help reduce the risk associated with lost or stolen devices. According to SearchSecurity.com, lost and stolen devices rank among organizations’ top mobile security concerns, and for good reason: “The easiest way to lose data via a mobile device is to lose the device itself. Every enterprise sanctions (or doesn’t prohibit) BYOD must ensure that any supported device can be locked and erased remotely, and that valuable data is backed up to a location under the organization’s control.”
Network security. The increased number of smartphones and other devices that are carried into the enterprise by end users increases the threat to corporate networks.” Attackers have started seeking ways to use unsecured mobile devices as a means to leapfrog into otherwise protected areas of the network, including databases.
Malware defense. The oncoming wave of mobile malware requires protection, like antivirus, personal firewalls, Web filtering and anti-spam. “It’s becoming necessary to invest in mobile add-ons from traditional antimalware vendors, or consider a mobile device management (MDM) product that can, among other things, facilitate the extension of anti-malware to a variety of mobile devices.”
Threat intelligence. Large enterprises should invest in threat monitoring tools and research teams, and train them on how to not only identify mobile threats, but enable rapid response. These functions can be closely tied to existing log analysis and security information and event management (SIEM) processes. “The most important tactic here is to develop a baseline of “normal” mobile device activity and use analytics and real-time monitoring to spot deviations that may be a sign of an attack.”
Centralized management. Central management tools provide a “single pane of glass” to set and enforce policies and perform many other security-related functions across all mobile devices. This is becoming an increasingly important capability in organizations where multi-platform support is essential.
Data encryption. Files, contacts and email need to be encrypted on mobile devices in the event of loss or theft. Each platform comes with different encryption challenges, some requiring additional encryption application for the data that lives on the device. While the market for mobile encryption for data in motion is immature, new options are emerging all the time.
Over-the-air capabilities. Mobile security requires over-the-air provisioning and configuration to ensure that workers always have the latest security capabilities without burdening IT, forcing them to physically touch each device. As demand grows for an increasingly diverse landscape of mobile devices, this feature is crucial for enterprises that need to scale their mobile security provisioning efforts.
According to the report, and this is a nice summation of the report (and I quote): “Mobile security is still in its infancy, but the trends around connectivity, device evolution and worker mobility means organizations must start planning their mobile security strategy now, and that process begins with assessing what mobile security controls are needed and developing a plan to put those controls into action.”
Lack of healthcare interoperability continues to throw its weight in the road of progress, stopping much traffic in its tracks.
But you know that already, don’t you; you work in healthcare IT. That electronic health records lack the ability to speak with their counterpart systems is no surprise to you. In fact, it’s probably caused you a great deal of frustration since the first days of your system implementation.
From my perspective, things are not going to change very soon. There’s not enough incentive for vendors to work together, though they can and in many cases are able to do so. The problem, though, is that vendors are not sure how to charge physicians, practices, hospitals and healthcare systems for the data that is transferred through their “HIE-like” portals that would connect each company’s technology.
The purpose of this piece is not to diverge into the HIE conversation; that’s a topic for another day. However, this is a piece about what have recently been listed as the biggest barriers physicians face when dealing with the concept of interoperability.
The magazine cites a study in which more than 70 percent of the physicians said that their EHR was unable to communicate electronically with other systems. This is the definition of a lack of interoperability that prevents electronic exchange of information, and ultimately will fuel health information exchanges.
It is notable that 30 percent of physicians said that their EHRs are interoperable with other systems. That makes me wonder if this is a verified fact or perception only verified by a marketing brochure.
Another barrier, according to the report, is the cost of setting up and maintaining interfaces and exchanges to share information. According to this statement, physicians are worried about the cost of being able to transmit data, too, which puts them in line with vendors, who, like I said, are worried about how they can monetize data transfer.
An interesting observation from the piece: “Making progress on interoperability will be essential as physicians move forward with different care delivery models such as the patient-centered medical home and the medical home neighborhood.”
What amazes me about this conversation is that given the purported advantage employees gain from the mobile device movement and how BYOD (bring your own device) seems to increase a staff’s productivity because it creates an always-on mentality. I don’t think it’s a stretch to think the same affect would be discovered if systems were connected and interoperable.
An interoperable landscape of all EHRs would allow physicians and healthcare systems to essentially create their own always on, always available information sharing system that would look a lot like what we see in daily lives with the devices in the palm of our hands.
Apparently, everyone wants and interoperable system; it’s just a matter of how it’s going to get paid for. And moving the data and the records freely from location to location opens up the health landscape like a mobile environment does.
Simply put, this is one issue that seems to resemble our current political landscape: a hot button issue that needs to be addressed but neither side wants to touch the issue because no one wants to or is able to pay for it.
One of the problems with this approach is that if we wait long enough, perhaps interoperability also will be mandated and we’ll all end up on its hook.
So, let’s take a lesson from the mobile deice world and allow for a greater opportunity to connect healthcare data to more care providers on behalf of the patients and their outcomes.
Patients are not the only ones who will become more engaged as mobile devices continue to infiltrate healthcare; physicians, too, are reaping the so-called rewards.
As the debate continues to rage about the efficiencies created when EHRs are used in a practice setting, there seems to be little argument as to whether tablet PCs, smart phones and even applications like Skype actually improve the business of communication and interaction with patients and their physician partners and physicians with their colleagues.
A physician whom I very much respect, Dr. David DeShan, is one such physician who communicates with patients and colleagues via Skype from his mission outpost in Moscow, Russia.
Spending weeks at a time in Russia each year, he also maintains his status as a partner and practicing physician at a growing OBGYN clinic in Midland, Texas. As an early adopter of the virtual visit, DeShan is able to maintain contact with his patients if they need a consult, and he’s also able to maintain his connection to his practice so he can check labs, review diagnosis and provide counsel to his practice mates should they request it.
By his own admission, he works a full-time practice schedule from abroad in addition to his full schedule as the leader of a major international mission. By partnering Skype and his EHR, DeShan is essentially a full-time practicing physician without a need to be restricted by the brick and mortar location of his practice. At the same time, he’s able to dedicate himself to his medical mission work in Russia and serve individuals throughout the world’s largest country in places that would never receive even the most primitive of care without him and his network of medical volunteers.
But, I digress. I’ll save DeShan’s story for another day.
The point I’m trying to make is in support of CDW Healthcare’s article “Momentum Surges for mHealth,” which cites a recent IDC Health Insights observation that shows clinicians use more than six mobile devices in the care setting each day.
Accordingly, as the mobile world continues to open new opportunities in all aspects of life, physicians, like all of us, know that they will come to rely more on these devices to practice, communicate and collaborate.
Clinicians and practice leaders continue to embrace the devices in the care setting, and they expect practices to allow them in their work. When technology delivers upon its promise and actually makes life easier, it is obviously going to be supported and used, like DeShan has done with Skype.
The technology helps him bridge gaps and essentially eliminate a half-the-world-away gap between himself and his practice. But, in some places, there are policies in place to inhibit this type of care offering. (Policies in opposition to this type of approach should be considered archaic and simply regrettable.)
The CDW piece goes on to state that according to a University of Chicago School Medicine study, providing tablet PCs to residents actually reduced patient wait times in hospitals. Likewise, the study found that the same residents did not have to look for an open computer for medical charting and actually allowed the residents to spend more time with patients.
Novel concept. Technology working as promised. Not so unbelievable when spelled out so clearly as this.
As I said, mobile health will continue to grow in popularity. If internal policies are not supported and encouraged, you’ll quickly find yourself in a BYOD environment, which is not such a bad thing.
In fact, if it develops or if you’re unable to support your own internal mobile device initiative, set some rules and let it bloom.
According to CDW, “You need to establish and enforce policies for mobile users including setting up passwords, separating personal from corporate data on devices … and you need to educate users on how to securely use mobile devices.”
When managing a population that’s more likely to use or own a mobile device like a tablet PC than the rest of the consumer population, the infiltration is well underway so it’s time to begin reaping your mobile rewards.