Exactly how secure are the mobile health apps we use? Arxan Technologies set out to find that answer with its 5th Annual State of Application Security report. The new research assessed 71 popular mobile health apps from the US, UK, Germany, and Japan. It also examined the perception of app users and app executives in regards to the level of confidence they have in the security of their applications. Arxan discovered a huge discrepancy between consumer confidence in the level of security and the degree to which organizations address known application vulnerabilities.
Below are some of the report’s key findings:
Mobile health apps approved by regulatory/governing bodies are just as vulnerable as other mobile apps. Eighty-four percent of the US FDA-approved apps tested did not adequately address at least two of the OWASP Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.
Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. Ninety-five percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.
Is your hospital or healthcare organization actually a technology company in disguise? Lots of companies are. After all, to win and hold onto customers, organizations have to make huge investments in IT and technology. At some point if, say, a financial services organization spends most of its money on technology, hasn’t it actually become a technology company that happens to deliver financial services? Are hospitals and health care organizations any different?
The thing is, while businesses are becoming tech companies, successful tech companies have realized it’s not about technology at all. It’s about experiences. Think about Uber or AirBnB: What they’re really selling is an experience enabled by technology.
Welcome to the experience economy. At Mad*Pow, the design firm where I lead experience design, we’re always trying to help hospitals and healthcare companies think about the patient experience as they travel through their healthcare journey.
It’s not easy work. The healthcare industry has gotten more than its fair share of disruption to deal with. Things like electronic medical records and the Affordable Care Act have unleashed waves upon waves of new technology into the clinical setting—none of which plays very well together. Meanwhile, doctors and clinicians have become data entry specialists, sacrificing important patient time for screen time. As a result, healthcare is behaving a bit too much like “sick care,” treating problems rather than treating people. It’s more about the transaction, less about the patient experience.
On the bright side, the industry is responding in exciting ways. Today, more and more hospitals are acting like tech start-ups. They’re sponsoring hack-a-thons to crowdsource innovation within their own walls. They’re incubating ideas from doctors and clinicians to build and test new devices and technologies. They’re partnering with universities and entrepreneurs and private business to fuel and fund and focus their innovation.
Alex Bratton, CEO of Lextech, discusses his company, its vision, why it’s important to healthcare and how the changing landscape of health app is affecting health outcomes and the industry as a whole.
What is Lextech and why does it matter to healthcare?
Lextech is a mobile app development company that evaluates business workflows to identify and build apps that improve processes and make the complex simple. Mobile apps will become increasingly important to the healthcare industry for two reasons: they are instrumental in helping caregivers and insurance companies build direct relationships with patients, and they can help drive healthcare costs down. With the massive changes taking place in healthcare, and the uncertainty that goes with change, it’s crucial for healthcare service providers to create a strong bond with patients by giving them tools and information that make their lives easier.
What do your clients say works wonderfully? What doesn’t work so well? Why?
Lextech is known for its Billion Dollar App (BDA) process, which focuses organizations on developing the right app for the right reason, and to use that app to improve processes. This approach often results in significant cost savings and efficiencies. The opposite of this, which doesn’t work well, is what we call the “obvious app.” An example of an obvious app in healthcare is to squish a desktop-oriented EHR system onto an iPad. This is inadequate because it doesn’t streamline a process and it certainly doesn’t simplify users’ access to information. The better approach is focusing on a portion of the healthcare workflow and driving small portions of the EHR data and functionality through a brand new window–an intuitive app. Important questions need to be asked before developing an app, including: what are we trying to accomplish with this app, how will people use this app, why will they use the app, and what problem does it fix?