Enterprise | Gryphn

States Can’t Agree on Smartphone Privacy: Businesses Protect Themselves (continued)

Posted on 26 Dec 2012 in Android, Apple, ArmorText applications, BYOD, Enterprise, News, Security, State Texting Laws 0 Comments

Continued from last week…

Overcoming uncertainty

To view the mobile security and privacy problem in management terms, consider that businesses generally dislike uncertainty of any kind. But the mobile revolution and resulting patchwork quilt of search and seizure laws across borders suggests plenty of businesses have zero certainty about whose hands their data could fall into. Once an unencrypted device is imaged, there is no going back. It is impossible to know with certainty how law enforcement authorities here or anywhere will parse patent drawings; budget spreadsheets or acquisition plans while searching for evidence. There are too many variables. Even if we assume authorizes will act in good faith and take measures to respect confidentiality, encryption is a far better bargain for applying controls over information, particularly if you are a lawyer worried about attorney-client privilege or work in an industry subject to tough data protection regimes. As mobile device searches become increasingly routine enterprise data swept up in evidence searches – “caught in the crossfire,” if you will – may have to be deemed “compromised,” if only for practical purposes.

The way forward

Companies need to monitor the global regulatory picture closely. The best defense, of course, is to compartmentalize access and information. A salesperson headed overseas does not need to carry your patent portfolio through border crossings. But except for these kinds of obvious cases, reconfiguring devices and networks around today’s shifting job roles and travel is tedious and impractical. Plus, when you strip-down handhelds to the point where they become safely “expendable” you start to offset the business value of all these great tools and connectivity. Why not build a standardized mobile security profile with encryption instead and let users bring the apps they need to be productive? Senior executives need to lay the foundation here by looking at requirements, risks that can be tolerated and mitigating them as far as possible.

On the technology side, mobile encryption is a powerful tool to tactically deploy in your plan. To securely harden many common types of smartphones quickly, look for encryption tools that to not require cumbersome hardware accessories or multi-tasking between apps just to read e-mail. Such ease of deployment positively empowers users and helps different types of devices in a company to benefit from consistent protection. Users of different hardware that all run some version of Android, for example, can in most cases go to the same app storefront and pull down their own security software. As technology rewrites our legal and societal perceptions of trust, privacy and security, businesses and consumers should expect continued legal dust-ups and uncertain times. Often the only recourse is to seize the initiative by taking proactive control. In this spirit, armoring-up your smartphone is easily done and could spare your company and career from needless future worry and pain.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

BYOD Security Alert! Malware Apps That Attack Company Data

Posted on 16 Nov 2012 in Android, Apple, ArmorText, Cyber Security, Enterprise, Security 0 Comments

Mobile Device Management companies ban a list of malware apps that could snatch company data; customer contacts, and e-mail history. Below are a few apps that should be added to these lists.

Mobile Malware Apps

The News: Companies need to have a defense plan to protect their mobile devices against the rising mobile security threats. There are more than 175,000 dangerous applications on the Android OS. Many believed that the iPhone was safe from these mobile malwares, but it appears that any jailbroken iPhone is susceptible to malware. Other malicious apps that have made their way into the App Store that affect more than just the jailbroken phones.

The App: Loozfon, Android Malware
The Threat: It poses as a work-from-home, opportunity; it promises the user that they can earn money by simply clicking a link and sending an email. Once the user clicks the link, the malware is downloaded to the phone and can steal contact information from the device.

The App: FinFisher, attacks Android, iPhone, Windows, Blackberry, and Symbian
The Threat: This malware poses as a system update, when the user clicks the link in the fake text message or email it uploads the virus. It is spyware that can remotely control and monitor your phone.

The App: Find and Call, found in Apple’s iOS App Store and Google Play
The Threat: It claims to be an app that will simplify your contact list, instead when you download this malicious app it uploads your entire phonebook and proceeds to send email and text spam to each contact.

The App: Trojan FakeLookout.A
The Threat: It acts as an update for the Lookout Security app in Google Play. The malware can remotely control and monitor the phone, access text messages and upload them to their server. It can also download files to the phone that threaten the user’s privacy and access their private information.

View More Mobile Malware Apps…

Security Apps

The News: With the rise of mobile malware, spyware, trojans, and viruses that can unknowingly be downloaded to our mobile devices, it is important to download security apps to your device. Security apps are important for protecting your mobile device, but your device may require more than one. Combining these security apps with a secure text messaging app, like ArmorText, will help ensure your mobile device is protected on all levels.

The App: Lookout Mobile Security, is available on iPhone and Android, protects your device from the multitude of security threats that exist. It can also locate your lost or stolen device.
The Threat: No threat! It helps you avoid mobile risks!

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Government BYOD = Consumer BYOA: Bring Your Own Android

Posted on 15 Nov 2012 in Android, Enterprise 3 Comments

BYOA Bring your own Android

Operating System By Marketshare Worldwide

Government is Switching to BYOD: Android the Most Common Device

“RIM will no longer have the exclusive contract for smartphone devices at the U.S. Defense Department. The potential size of any arrangement with the Defense Department is huge: it could span 8 million devices all told…Android could sway the DOD with their large, mature app ecosystem, which is apparently a key criteria for the U.S. government body.”

“Government, military officials (will) get Android phones… The phones will run a modified version of Google’s Android software, which is being developed as part of an initiative that spans multiple federal agencies and government contractors” “The government chose Android for its open source capabilities; in order to allow modifications to improve security layers and also reduce other facilities — such as access to potentially compromising services, including the Android market. Following federal officials meeting with Apple, their smartphone range was considered unsuitable due to the company being unwilling to provide access to the iOS source code, therefore limiting security development.” “Eventually, Android will have a higher security clearance than BlackBerry.”

U.S. Enterprise BYOD – Not a matter of “If” but “When”

Percentages reflect a multiplicity of devices, with some individuals claiming both a company owned and personal device used in the workplace – original stats included tablets.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Refer to http://www.idc.com/getdoc.jsp?containerId=prUS23771812 for more information.

DoD App Store Coming To A Smartphone Near You

Posted on 14 Nov 2012 in ArmorText, BYOD, Cyber Security, Enterprise, News, Security 0 Comments

Back in July, we discussed Mobile Device Solutions for the Department of Defense (DoD). We are still waiting for the DoD to release its mobile device implementation plan, but the Defense Information System Agency (DISA) has announced they are looking for a mobile device management (MDM) software and an enterprise mobile application store that will be able to support more than 250,000 mobile devices. The military has a longstanding relationship with DISA as their network service provider

“The mobility implementation plan is a way for the DoD to take advantage of where the rest of the world is going with mobile communications,” Air Force General Robert E. Wheeler said.

The benefits of BYOD driving many industries to implement such plans remains the same: reduced costs, increased security, and a productivity boost. This new strategy could completely enhance the functionality of the DoD, “allowing the department to move faster, make decisions quicker, stay ahead of adversaries, and make better business decisions.” This is all well and good as long as security concerns are appropriately managed. One security breach on a national or international level would nullify all cost savings and productivity gains.

The DoD’s enterprise-wide mobile strategy will center around DISA. DISA claims that the MDM and app store will eventually be able to meet all of the military’s requirements. To go along with the MDM, the DoD has categorized three types of devices that will go through the authorization process.

Devices that never need to connect to the DoD network, for example this may include tablets used by a pilot that contain checklists and charts.
Devices that connect to the unclassified networks, for example commercially available devices like iPhone and Android.
Devices that connect to the classified network; some of the previous devices may meet this requirement as well.

The mobile devices available to have the public have countless applications and if approved by DoD standards, users will be available to use one phone on the DoD classified and unclassified networks. The approved devices would also have the ability to download any mandatory apps from a DoD app store.

The DoD has a strong desire to adapt to commercial mobile technology, by having its own app store. Specialized apps for critical communications or processes could be approved, developed and deployed within three months.

“As new technology comes out we need to take advantage of that new technology and move with that new technology to keep our stuff more secure,” Wheeler said. “So, waiting two, three, four years to approve something is something that would actually hurt our ability to do the mobility implementation plan.”

ArmorText is a new technology that could be beneficial to the DoD app store and the DISA MDM Plan. It is a secure text messaging app that can be used regardless of “security clearance” associated with classified and nonclassified networks. Every employee at the DoD should be using ArmorText to encrypt their text messages.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Doctors: Be Cautious Of Mobile Device HIPAA Violations

Posted on 12 Nov 2012 in ArmorText, BYOD, Enterprise, Healthcare, HIPAA, Security 0 Comments

Mobile devices provide doctors a quick and easy way to communicate with patients, nurses, and other doctors. Misuse of these same devices can also threaten doctors with a hefty fine or prison time, if the use of these devices leads to a Health Insurance Portability and Accountability Act (HIPAA) violation. The most common violation is unencrypted data stored on lost or stolen devices.

VIOLATION TYPE	MINIMUM PENALTY	MAXIMUM PENALTY
Individual didn’t know they violated HIPAA	$100/violation; annual max of $25,000/repeat violations	$50,000/violation; annual max of $1.5 million
Reasonable cause and not willful neglect	$1,000/violation; annual max of $100,000/repeat violations	$50,000/violation; annual max of $1.5 million
Willful neglect but corrected within time	$10,000/violation; annual max of $250,000/repeat violations	$50,000/violation; annual max of $1.5 million
Willful neglect and is not corrected	$50,000/violation; annual max of $1.5 million	$50,000/violation; annual max of $1.5 million

Maximum Penalties in Mobile Device HIPAA violations:

2012: Massachusetts Ear and Eye Infirmary (MEEI) settled with the U.S. Department of Human Health Services (HHS) and agreed to pay a fine of $1.5 million for violations against the HIPAA of 1996 Security Rule. They also promised to take the necessary steps to upgrade the measures they take to protect the privacy and security of their patients’ protected health information (PHI). MEEI reported the theft of an unencrypted personal laptop that contained electronic PHI of their patients and research subjects, including patient prescriptions and clinical data.

Mobile Device Stolen
Unencrypted Data
Not Password Protected

Uncorrected, willful neglect with an unsecured, unencrypted mobile device. Situations like these cannot be repaired retroactively.

2012: South Shore Hospital admitted a security breach that affected 800,000 patients. The hospital shipped three boxes of backup tapes, containing patients’ personal information and medical records, to Archive Data Solutions to be erased and resold. Only one of the boxes made it to destination and the other two were not located. South Shore was fined a total of $750,000 for not encrypting the sensitive data and for not informing Archive Data that the tapes contained PHI or verifying that they would be able to securely handle this private information.

Unencrypted Data
Not Protecting PHI

South Shore received the maximum penalty for neglecting to encrypt their patient’s information, for losing two-thirds of the data, and for failing to protect their data when they sent it to an off-site location.

2011: Georgetown University Hospital reported a missing unencrypted USB thumb drive that contained data for 1, 526 patients. The patient information on the drive included their names, medical record number, birthday, blood type, blood test results, brief medical history, and physician’s name.

Mobile Device Lost/Stolen
Unencrypted Data
Not Password Protected

Again, no retroactive policy can repair the damage of the careless handling of unencrypted, unsecured mobile devices.

2010: Cincinnati Children’s Hospital Medical Center reported a stolen laptop that was password-protected, but the data was not encrypted. The laptop was stolen from an employee’s car, which was parked in front of her house. This security breach affected 61,000 records and included personal information about the patients: names, medical record numbers, and health treatment.

Mobile Device Stolen
Unencrypted Data

The laptop did utilize a password, but the information on the laptop was not encrypted and the employee left the laptop unattended, demonstrating that password-protection is not sufficient in guarding patient data.

Avoid HIPAA Violations With ArmorText

Although there aren’t any HIPAA security breaches or violations based solely on ePHI sent via text message, more than 70% of doctors have admitted to texting on the job. By implementing preventative actions, doctors can safely text without violating HIPAA. ArmorText was designed to help doctors and other healthcare industry workers securely text by encrypting their messages, both on the phone and in transit. Even if your mobile device is lost or stolen, your messages are guarded individually through encryption and overall with an app-specific password. It protects your text messages at every level. Leave it to ArmorText to keep all your texting communications protected, so you can communicate freely.

Click here to see security breaches affecting 500+ people: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Text Messages Are Not Private Under The Freedom Of Information Act

Posted on 8 Nov 2012 in ArmorText, Enterprise, FOIA, Press, Security 0 Comments

If you hold public office, your text messages with your wife, your husband, or your children are public property. Any text message you send, personal or business related, is accessible to the public under the Freedom of Information Act (FOIA). When the FOIA was enacted in 1966, it could not account for today’s technological advances, especially concerning text messages.

FOIA In The United States

Politicians and other public figures have had their text messages exposed as a result of FOIA. The political scandal involving Detroit Mayor Kwame Kilpatrick, in 2007, made headlines when The Detroit Free Press requested all records, including text messages sent from his government-issued device, be released to the public under FOIA. Information obtained from his text messages revealed an on-going affair with his Chief of Staff, Christine Beatty and their use of city funds for their romantic getaways. The messages disclosed how they conspired to fire Police Chief Brown, who was investigating Kilpatrick’s illegal activities and the corruption in his office, including racketeering, bribery, conspiracy, and extortion.

FOIA Reveals All

With the public’s right to access records, it has exposed the wasteful spending of our government in numerous documents. E-mails obtained through FOIA revealed that the Solicitor General’s office planned to groom Elana Kagan to ascend to the Supreme Court. A ruling in Illinois determined that text messages on government-issued or personal phones are considered public record, if business is conducted on their personal phone. According to the FOIA, all written text is public property.
In the Kilpatrick scandal, the public deserved to know how their elected official was running their government. Our elected officials are people too and should have the right to privacy in their personal and family lives, despite their career. In cases like these, there needs to be a way to distinguish between what information the public has the right to access and what information must remain private.

Freedom of Information Is World-Wide

The idea of Freedom of Information is not just a U.S. law that affects our elected officials, but it spans internationally as well. The latest scandal involves, British Prime Minister, David Cameron, who has been urged to publish his text messages with News International Chief Executive, Rebekah Brooks. Several of his personal messages were made public, stemming from a 2009 phone-hacking inquiry from Rebekah Brooks herself. The Prime Minister was granted some right to privacy since they didn’t publish the messages that could be embarrassing to P.M. Labour MP Chris Bryant stated that ordinary public members would consider all of the text messages sent by the Cameron to be relevant in determining the nature of their relationship. As a result, no text message would be safe from public record.

ArmorText Protects You and Your Loved Ones

Gryphn’s ArmorText is the secure solution for elected officials to keep their personal life private. Our secure, text-messaging app erects a barrier between your personal and professional communications, so you can conduct both appropriately on a single phone. FOIA requests that pull data from text messages on carrier servers would only have access to the encrypted version of your texts. As a public official, you have the right to privacy in your personal and family life. With the help of ArmorText, you can shield your family’s personal communications on the same phone you use to fulfill your public duties.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

NIST Releases New Draft For Securing Mobile Devices

Posted on 5 Nov 2012 in BYOD, Enterprise, Mobile Development, NIST, Press, Security 0 Comments

The National Institute of Standards and Technology (NIST) released a new draft titled Guidelines on Hardware-Rooted Security in Mobile Devices and are requesting comments from the public until December 14.

“This document is intended to accelerate industry efforts to implement security capabilities that can provide a higher degree of assurance of the trustworthiness of the device.”

NIST released this guideline in the wake of emerging technologies and the trend among businesses towards BYOD (Bring Your Own Device). Employees are bringing their own devices to access corporate enterprise services, data, and other work-related resources, a trend that has surpassed the use of organization-issued devices. The BYOD system can reduce costs for the enterprise and is more convenient for employees. To properly integrate BYOD into a secure system, enterprise needs to be cautious and verify that the mobile devices are secure enough for business use.

A company needs methods to test mobile devices brought in by employees to determine if they can adequately protect the organization’s information. Companies need to verify that the device itself has the capacity to follow their policies and that the device has not already been compromised. There is the need to verify that the device can be authorized to access the organization’s data and that the stored data from the organization will remain protected during access and on the device afterwards.

The guideline draft proposes that mobile devices should be required to contain these security elements:

Roots of Trust (RoTs): RoTs combine the hardware, firmware, and software components of the mobile device that are intended to provide crucial security features with the confidence that they will perform properly. The security needs to implemented in their design. The devices need to contain these specific RoTs:
- Root of Trust for Storage (RTS)- ability to securely save and manage business information with protected storage and interface
- Root of Trust for Verification (RTV)- protected engine and interface to authenticate digital signatures related to software/firmware
- Root of Trust for Integrity (RTI)- provides protected storage, integrity and interface to store and handle assertions.
- Root of Trust for Reporting (RTR)- provides a protected nature and interface to control identities and sign assertions.
- Root of Trust for Measurement (RTM): works with the RTI and RTR to provide protected measurement used by assertions
An application programming interface (API) to expose the RoTs to the platform: RoTs need to establish a chain of trust for user apps by being introduced to the device and OS. Mobile apps typically use the security functions provided by the RoTs to locally save cryptographic keys.
A Policy Enforcement Engine (PEnE): Facilitates the processing, maintenance, and administration of policies on the mobile device. The PEnE lets Information Owners of the device to control the information allowed; it also permits them to set the necessary conditions required for storing and sharing the information on the device, network, and policy.

The draft also recommends that the mobile devices contain these key security abilities. Device Integrity, to ensure there isn’t corruption in the hardware, firmware, or the software. Isolation to avoid any accidental contact between Information Owners on the same device. Thirdly, Protected Storage that sustains the confidentiality and integrity of the important data on device while in use, in rest, and with access cancellation.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Hurricane Sandy: Messaging Dependent on the Weather

Posted on 29 Oct 2012 in Apple, Enterprise, Healthcare, HIPAA, Media Roundup 0 Comments

Hurricane Sandy

Hurricane Sandy or “Frankenstorm” is expected to grind the East Coast to a halt over the next few days with widespread power failures and extensive evacuations. These disasters and outages represent yet another threat to message security for critical industries in the United States, including disaster relief efforts.

Apple has registered multiple outages over the past year in iMessage, FaceTime and Game Center due to server-side issues. Blackberry’s outages have become nearly legendary and Amazon’s servers went down in the last storm, taking out Instagram, Netflix and Pinterest as well as many others hosted on Amazon’s cloud.

Dependent on the Weather

These server farms are the On/Off switch for encrypted messaging services such as iMessage and BBM; a single point of failure which compromises the security of these messages during disasters, attacks, equipment malfunctions or any other situation that threatens server integrity.

In many cases the messages can still be sent, (iMessage defaults to standard text messaging when iMessage is not available) but in plain text. For defense, healthcare, financial services and other regulated industries, such backups are not an acceptable option. Encrypted communications must persist through disasters; the last thing a soldier or a doctor wants is a communication tool that is dependent on Pepco or the weather.

We here at Gryphn encourage you to be safe during Hurricane Sandy. Stay safe, stay protected.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Apple iMessage Down – Regulated Industries Exposed

Posted on 26 Oct 2012 in Apple, Enterprise, News, Security 0 Comments

iMessage Down – Why Does It Matter?

iMessage down since 5pm EST and is still down for many consumers as evidenced by twitter status updates.

Update: Continuing independent testing shows that iMessages are now being automatically switched to SMS texts[1].

iMessage Down – Regulated Industries, Such As Healthcare, Exposed

The iPhone has been considered a potential replacement in part because enterprise looked to diversify from the single point of failure Blackberry has become infamous for. It seems iMessage suffers from similar issues. Sporadic outages were also reported on July 22nd, and Sept 17th of this year.

It has been suggested that iMessage is a possible HIPAA compliant solution, allowing for encrypted messages to be sent between patients, doctors or other healthcare professionals. However, when iMessage fails to send, it is now confirmed it automatically reverts to a regular text message which is not encrypted. This fail-safe program for delivery is not sufficient for use in finance, healthcare or other heavily regulated industries where both the security AND deliverability of the message are of legal paramount.

More Details on iMessage Problems in Regulated Industry.

Other iMessage troubles.

Even if you use the extremely popular Whatsapp, which is not currently down, the slew of security issues and breaches should give you pause.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

11/18/12 UPDATE: Apple’s iMessage and FaceTime experiencing another disruption for “some users”

10/29/12 UPDATE: FaceTime and Game Center also down, joining iMessage just in time for Apple’s quarterly earnings report.

[1] http://appleinsider.com/articles/12/10/25/apples-imessage-down-for-many-ios-and-os-x-users

Mobile Healthcare = Better Healthcare: Medical Mobility Executive Panel Recap

Posted on 19 Oct 2012 in Android, Apple, ArmorText applications, BYOD, Enterprise, FIPS, Healthcare, HIPAA, NIST, Security 1 Comment

The Medical Mobility Executive Panel this week brought together the FDA, NCI, VHA, HHS and GSA. The discussions and presentations focused on problems faced and opportunities to improve in modern healthcare in a rapidly digitizing world.

Better healthcare – Mobile healthcare methods increase the speed of healthcare delivery and interactions between patient and healthcare provider which directly affects patient health (if this particular aspect interests you, as it does us, check back next week for details)

Better health – More efficient and accurate care

Reduced costs – Efficiencies never dreamed of with paper

Dr. Abdul Shaikh, Program Director, National Cancer Institute Behavioral Research Program

“Healthcare teams have no time – apps need to integrate w/ workflow, meet data standards and satisfy usability preferences.”

Mike Coene, Chief Technology Officer, FDA

“Our users want Android, Apple devices (& maybe Windows 8) – we need apps that keep data secure.”

“All apps must keep data secure and have offline capabilities. All apps require PIV and FIPS compliance.”

The FDA uses a variety of digital devices in the field as well as proprietary programs containing trade secret data. In managing these programs on user’s device-of-choice (often the iPad), the path toward FIPS compliance has not yet been charted. The FDA expresses hope that consumers will prefer the new Windows 8 phone as compliance with Windows devices is familiar territory, but, for the moment, consumers want Apple and Android devices. Currently the FDA uses phones that are extremely locked down. They cannot be used outside of work, download general apps and cannot take pictures except with an app-specific camera. There is some discussion as to whether an MDM (as was chosen for a contract by Veterans Affairs) or an MAM solution would be a better fit for to manage security in less hamstrung mobile devices in the future. All apps must keep data secure and have offline capabilities. All apps require PIV and FIPS encryption.

Update 10/24 - Agencies looking to adopt the new iPad mini will have security problems as iOS doesn’t yet have the cryptographic validation of the National Institute of Standards and Technology (NIST).

Kathy Frisbee, VHA Office of Informatics & Analytics Director of Web and Mobile Solutions

“Develop everything…so it works on all platforms.”

“Fail fast and fail small. There is a tsunami of patient data coming.”

“More than 1 BILLION has already been invested this year in mobile health”

The VHA recommends short pilots to solve current and upcoming problems with mobile security of patient data. They have focused on building a custom environment for cloud development of apps and a custom sandbox of data on the mobile device. Apps that meet the common information model are published to their app store and downloadable to a “Launchpad”. This container app allows for a single sign on to access a multiplicity of other apps and allows carryover of data between them. The patient data accessed in one app persists through the next app without having to search for the patient once again. None of these data sets persist on the device itself unless they meet FIPS encryption certification standards. These apps need to be designed around current, discrete workflows, focusing on usability; facilitating communication rather than adding additional steps to complete tasks. Currently the VHA works with an MDM called Airwatch.

Damon Davis, Special Assistant in the Office of the National Coordinator for Health IT, HHS

“Secure… and efficient delivery of appropriate care through electronic means = better healthcare.”

Mobile health tools enable actions – when you know your hemoglobin is high or know that your bank account is low – this knowledge enables appropriate behavior. There needs to be an attitude change on the provider side. Providing a patient with their data means the patient will be more engaged, that they are listening, not that they are leaving. Currently providers are not interested in sharing data with patients because of HIPAA – fear of a $1.5 million dollar fine and a listing on the Wall of Shame often means that no pertinent data is transfered to the patient. However, unknown to most, patients have a legal right to their data. In the future the HHS hopes to see data exchanged in both directions, creating feedback loops by patients reporting allergies, preferences and successes. Data not only needs to be successfully pulled out but also needs to be invited back into the system.

Through the Blue Button, you may have access to your claims or personal health information that is maintained by your doctors, hospitals, health plans, and others.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security‘

Follow @GryphnCo on Twitter & Like Us on Facebook

Older Entries »