The Healthcare Innovation and Marketplace Technologies Act: HR6626

Posted on 19 Dec 2012 in Android, ArmorText, BYOD, Healthcare, HIPAA, NIST 0 Comments

HR 6626 The Healthcare Innovation Marketplace Technologies Act ArmorText Encrypted Text Messaging

On December 3, 2012, Representative Mike Honda of California introduced The Healthcare Innovation and Marketplace Technologies Act (HIMTA) with the intent to foster more innovation in the health care industry by removing barriers in wireless health.

This bill offers loans, tax relief, and grants for Health Information Technology not covered by EHR incentives, offering up to $250,000 in a taxable year for medical care providers. Health Information Technology that would qualify for these loans includes “storage, retrieval, sharing, and use of health care information, data and knowledge for communication and decision-making.”

Small businesses are elibible to receive loans or financing for any health information technology that “enhance(s) continuity of care for patients ..such that this information is accessible at the times and places where clinical decisions will be or are likely to be made; (as well as) enhancement of communication between patients and health care providers (and) technology that has already been purchased.”

There is a particular emphasis placed on technologies that will be widely adopted and useful for patients, patient engagement, doctor-patient consultation and patient health monitoring. These technologies are offered grants and prizes.

Office of Wireless Health Technology

This document would also establish the Office of Wireless Health Technology, a subsidiary of the FDA designed to coordinate regulation of wireless health technology across federal agencies, offices and institutes such that such regulation might be “more robust, predictable, and easily understood and navigated by indiiduals and entities that design, produce, disseminate, or have a prevailing interest in wireless health technology.”

Mobile Health Software Application Tehcnology is defined thus;

A:) Offers health-related services and runs on a mobile device; OR

B:) enables health-related services through other portals associated with the use of a mobile device.

 

We have visited the unnecessarily confusing topic of regulatory requirements on mobile previously, calling for consistency and clarity similar to the aspirations present in the first draft of this bill. FINRA, FIPS, HIPAA and the DoD Mobile Strategy all contain similar concepts and security measures.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Policy and Regulatory Environments: A Mobile Perspective

Posted on 17 Dec 2012 in Android, ArmorText, BYOD, Healthcare, HIPAA 0 Comments

Encryption required in mHealth text messaging ArmorText

Gryphn had the pleasure to attend breakout sessions, in particular, “Policy & Regulatory Environments: A Mobile Perspective.” This session was moderated by Robert Jarrin of Qualcomm Incorporated and the panel included Lee Kim, Tucker Arsenberg PC; Ali Pabrai, CEO of ecfirst; James Ravitz, Partner at Arent Fox; and Marcy Wilder, Hogan Lovells US.

The panelists spoke about various regulations and their standards for mobile devices in the healthcare industry. mHealth is a topic of debate in the areas of: meaningful use, security on the device, breaches, and the introduction of a new bill called the Healthcare Innovation and Marketplace Technologies Act.

WHY MEANINGFUL USE:

The meaningful use program is a set of standards that are used to oversee the use of electronic health records (EHRs) and permits eligible providers and hospitals to earn incentives if they meet certain criteria. The meaningful use of EHRS supports complete and accurate information, better access to that information, and patient empowerment.

WHAT IS SECURITY ON THE DEVICE:

The rules and regulations that healthcare providers are required to follow, set standards for how devices should be secured. Encryption is “the last line of defense”, a required step that comes into play in the worst case scenarios of loss, theft, or hacking. it keeps the data protected even if the device itself is in the wrong hands. However,while encryption should be standard, is not enough. All devices, mobile or not, require strong authentication at the front and back end as well as audit controls.

WHERE DO DEVICE BREACHES COME FROM:

The moderator, Robert Jarrin, asked the panelists if it was true that most breaches come from the inside, believing loss to be more prevalent than hacks or theft. The panelists agreed. A lost device is as vulnerable as a stolen device if it does not have the necessary security measures installed. Some of these threats come from social media outlets like Facebook and Twitter. Both have links that if clicked could download Trojans that steal data without your knowledge.

HEALTHCARE INNOVATION AND MARKETPLACE TECHNOLOGIES ACT:

The panelists mentioned a new bill that was introduced Monday, the first day of the summit, called the Healthcare Innovation and Marketplace Technologies Act. The purpose of this new bill is to increase innovation in mobile health and other health care technologies. This legislation would require the FDA to set up a new wireless health technology office. The FDA would work with other government agencies and private businesses to help build a “consistent, reasonable, and predictable regulatory framework” for wireless and digital health tools. This bill would also:

  • Set up a HHS program to help mobile health developers create technologies that follow the necessary privacy and security regulations
  • Help small businesses purchase the necessary IT health devices through a low-interest program.
  • Institute tax incentive programs to give healthcare providers incentives to use the modern health technologies.
  • Establish a grant program to support healthcare providers who retrain employees for new health technology positions
  • Begin new prize and grant programs to increase new health IT device development,

Many policies and regulations that healthcare providers are required to follow have not yet found their modern interpretation. Mobile technologies are still discovering their footing, both in terms of violations and permissible use.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

mHealth 2012 Recap: Doctors are Texting and Healthcare Wants Protection from HIPAA Violations

Posted on 14 Dec 2012 in ArmorText, BYOD, Healthcare, HIPAA, News, Press 0 Comments

HIPAA text messaging for Doctors and healthcare encrypted

Our presence at the mHealth Summit 2012 was a great success. We were offered and took advantage of a booth in the primary and startup pavilions, receiving press for both. Our two locations were advantageous as we were able to funnel interested parties from our startup table to our relaxing couch and charging station in the main area. Our product was featured on camera, and we managed a flood of interested healthcare and healthcare related companies.

We learned more about our market, straight from the providers, users and practitioners themselves. Though aware of the risks, Doctors are still texting. They are downloading any text messaging app available on the app store that claims to secure text messaging and be HIPAA compliant. Providers, threatened with HIPAA related fines up to $4.3M, are interested in creating a cohesive policy, managing risks to confirm the safety of PHI and thus of HIPAA compliance. Representatives were searching for texting best practices, comparing and contrasting various secure texting options available on the market in order to make a recommendation to implement as policy. Here is a sample of our comparison, focused exclusively on usability. If you are interested in our comparisons in the basic and advanced security departments, please contact us.

encrypted text messaging comparison chart armortext whatsapp Tigertext

 

We received requests for protecting and tracking Doctor-patient text messages and their affect on patient behavior. Do patients that receive messages from their doctor have a reduced number of in-office visits? Some research regarding increased contact via mobile device suggests so.  We have developed our solutions specifically to adhere to HIPAA guidelines and are open to development solutions and applications in the Doctor-patient relationship. We are currently conducting pilots, let’s see how we can work together.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

BYOD in Healthcare: Now Please Make It Work!

Posted on 6 Dec 2012 in Android, ArmorText, ArmorText applications, BYOD, Healthcare, HIPAA 0 Comments

BYOD in healthcare - Gryphn ArmorText secure encrypted text messaging with audit trail for enterprise

Gryphn recently attended the mHealth conference and spoke with the following individuals: Lisa Gallagher Senior Director HIMSS, Brian Balow Member Dickinson Wright PLLC, Eleanor Chye Executive Director AT&T David Houlding Lead Architect Intel, Jay Savaiano Director CommVault. These interactions led to a more complete view of the healthcare space and the importance of secure messaging solutions such as Gryphn’s Enterprise Solutions that work with BYOD.

BYOD in Healthcare

BYOD penetration into healthcare is significant. According to an AT&T representative, more than 80% of healthcare workers on their network are using a smartphone at work.

“CIO’s and CSO are saying they can’t stop it (BYOD); it’s like a freight train running them over.” – Lisa Gallagher of HIMSS

Yet the improper use of these smartphones is damaging hospital reputations, destroying careers and driving fear of the devices in healthcare environments. On August 30th Cignet Health was fined $4.3M for HIPAA violations and investigation obstruction. A nurse was fired for texting an image containing PHI, even though that image saved a patient’s life (link pending).  Fines like these deter even the most stalwart hospitals from communicating PHI.

 “When hospitals are asked ‘Do you even want BYOD’, many are saying NO.” – Brian Balow of Dickinson Wright PLLC

Yet the largest fine to date in regards to HIPAA was for patients who requested and were denied their own PHI. The dichotomy of HIPAA and HITECH are their regulatory imperative to safeguard patient data while simultaneously making it available. Protect and share. HHS and the OCR have demonstrated the relative weight of non-compliance with each section: $1.5M for failing to protect patient data, $4.3M for failing to share it with the patient.

Security Must Work FOR the Healthcare Practitioner, AND the Patient

Security policies are required to protect patient data, but these policies cannot obstruct the delivery of data to the healthcare practitioners who need it. Security cannot obstruct information flow or care quality.

“Security cannot slow these devices down…workers will find workarounds to bypass IT. We have to improve user experience with security.” – David Houlding of INTEL

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

MDM And BYOD Possibilities In Healthcare

Posted on 23 Nov 2012 in ArmorText, BYOD, Healthcare, HIPAA 1 Comment

Potential MDM and BYOD Possibilities

BYOD, the bring-your-own-device trend that is sweeping enterprises, is not new to the healthcare industry. For years, doctors have been bringing their own cell phones to work, but have relied on pagers for secure communications. As the pager becomes obsolete, doctors are turning to their personal devices for communications. This is a boon to the budgets of healthcare IT departments, no longer required to purchase mobile communications equipment, but it presents a whole new problem in properly maintaing these devices to protect patient information and remain HIPAA compliant. Many hospitals are overwhelmed with (mobile device management) MDM and BYOD possibilities.

“There’s this momentum within healthcare where physicians or clinicians are bringing their own devices into work, and they want to use them in the practice of medicine,” Eric Westerlind of KLAS. “That’s a good thing because [these devices] are flexible … and there’s this coordination of care benefit. But the concern for providers is how do we secure these devices and make sure they’re HIPAA compliant, because the last thing they want to be is the guy on the front of the newspaper.”

Top Concerns: HIPAA Violations

Mobile device HIPAA violations can entail large fines, jail time, and ruin a hospital’s reputation. To avoid these violations, hospitals are turning towards encryption and MDM policies. All communications, including text messages, and documents about patients need to be secured by encryption. IT departments also need to be able to wipe the device remotely in case of loss or theft. BYOD can be an effective system if applied correctly.

Following In The VA’s Footsteps

Recently, the Veteran’s Affairs (VA) adopted an MDM solution, which may be the first step in regulatory modernization among hospitals. By using an MDM, 85% of doctors who were already bringing their mobile device to work, are able to use these devices to complete their work, while still protecting the privacy and PHI of former soldiers and marines at VA treatment facilities. By following the V.A’s lead, hospitals can apply mobile device policies of their choice to protect their own patients in all communications.

MDM + Secure Texting

An MDM solution is important and capable of solving a lot of BYOD issues for hospitals, but an MDM is only as valuable as the apps it can mandate the existence on the device, such as secure text messaging. More than 70% of doctors have admitted to texting other doctors and 72% believe within the next 3 years secure text messaging will replace pagers. MDM solutions must also maintain an up-to-date list of malware that is banned from the device.

Armortext is the perfect solution that can be used on its own or joined with MDM. It allows users to exchange public encryption keys, encrypt text messages, and secure text, audio, video and picture messaging. ArmorText users are able to control how messages are distributed in the future, the sender controls if the recipient can copy or forward and soon delete the content on the receiving device. ArmorText is the only application on the market that is secure enough to satisfy the VA and other U.S. Government encryption standards at the highest levels.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Doctors: Be Cautious Of Mobile Device HIPAA Violations

Posted on 12 Nov 2012 in ArmorText, BYOD, Enterprise, Healthcare, HIPAA, Security 0 Comments

Mobile devices provide doctors a quick and easy way to communicate with patients, nurses, and other doctors. Misuse of these same devices can also threaten doctors with a hefty fine or prison time, if the use of these devices leads to a Health Insurance Portability and Accountability Act (HIPAA) violation. The most common violation is unencrypted data stored on lost or stolen devices.

 

VIOLATION TYPE MINIMUM PENALTY MAXIMUM PENALTY
Individual didn’t know they violated HIPAA $100/violation; annual max of $25,000/repeat violations $50,000/violation; annual max of $1.5 million
Reasonable cause and not willful neglect $1,000/violation; annual max of $100,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect but corrected within time $10,000/violation; annual max of $250,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect and is not corrected $50,000/violation; annual max of $1.5 million $50,000/violation; annual max of $1.5 million

 

Maximum Penalties in Mobile Device HIPAA violations:

2012: Massachusetts Ear and Eye Infirmary (MEEI) settled with the U.S. Department of Human Health Services (HHS) and agreed to pay a fine of $1.5 million for violations against the HIPAA of 1996 Security Rule. They also promised to take the necessary steps to upgrade the measures they take to protect the privacy and security of their patients’ protected health information (PHI). MEEI reported the theft of an unencrypted personal laptop that contained electronic PHI of their patients and research subjects, including patient prescriptions and clinical data.

    1. Mobile Device Stolen
    2. Unencrypted Data
    3. Not Password Protected

Uncorrected, willful neglect with an unsecured, unencrypted mobile device. Situations like these cannot be repaired retroactively.

2012: South Shore Hospital admitted a security breach that affected 800,000 patients. The hospital shipped three boxes of backup tapes, containing patients’ personal information and medical records, to Archive Data Solutions to be erased and resold. Only one of the boxes made it to destination and the other two were not located. South Shore was fined a total of $750,000 for not encrypting the sensitive data and for not informing Archive Data that the tapes contained PHI or verifying that they would be able to securely handle this private information.

    1. Unencrypted Data
    2. Not Protecting PHI

South Shore received the maximum penalty for neglecting to encrypt their patient’s information, for losing two-thirds of the data, and for failing to protect their data when they sent it to an off-site location.

2011: Georgetown University Hospital reported a missing unencrypted USB thumb drive that contained data for 1, 526 patients. The patient information on the drive included their names, medical record number, birthday, blood type, blood test results, brief medical history, and physician’s name.

    1. Mobile Device Lost/Stolen
    2. Unencrypted Data
    3. Not Password Protected

Again, no retroactive policy can repair the damage of the careless handling of unencrypted, unsecured mobile devices.

2010: Cincinnati Children’s Hospital Medical Center reported a stolen laptop that was password-protected, but the data was not encrypted. The laptop was stolen from an employee’s car, which was parked in front of her house. This security breach affected 61,000 records and included personal information about the patients: names, medical record numbers, and health treatment.

    1. Mobile Device Stolen
    2. Unencrypted Data

The laptop did utilize a password, but the information on the laptop was not encrypted and the employee left the laptop unattended, demonstrating that password-protection is not sufficient in guarding patient data.

Avoid HIPAA Violations With ArmorText

Although there aren’t any HIPAA security breaches or violations based solely on ePHI sent via text message, more than 70% of doctors have admitted to texting on the job. By implementing preventative actions, doctors can safely text without violating HIPAA. ArmorText was designed to help doctors and other healthcare industry workers securely text by encrypting their messages, both on the phone and in transit. Even if your mobile device is lost or stolen, your messages are guarded individually through encryption and overall with an app-specific password. It protects your text messages at every level. Leave it to ArmorText to keep all your texting communications protected, so you can communicate freely.

Click here to see security breaches affecting 500+ people: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Hurricane Sandy: Messaging Dependent on the Weather

Posted on 29 Oct 2012 in Apple, Enterprise, Healthcare, HIPAA, Media Roundup 0 Comments

Protect your text messages with ArmorText encrypted text messages and full spectrum security

Hurricane Sandy

Hurricane Sandy or “Frankenstorm” is expected to grind the East Coast to a halt over the next few days with widespread power failures and extensive evacuations. These disasters and outages represent yet another threat to message security for critical industries in the United States, including disaster relief efforts.

Apple has registered multiple outages over the past year in iMessage, FaceTime and Game Center due to server-side issues. Blackberry’s outages have become nearly legendary and Amazon’s servers went down in the last storm, taking out Instagram, Netflix and Pinterest as well as many others hosted on Amazon’s cloud.

Dependent on the Weather

These server farms are the On/Off switch for encrypted messaging services such as iMessage and BBM; a single point of failure which compromises the security of these messages during disasters, attacks, equipment malfunctions or any other situation that threatens server integrity.

In many cases the messages can still be sent, (iMessage defaults to standard text messaging when iMessage is not available) but in plain text. For defense, healthcare, financial services and other regulated industries, such backups are not an acceptable option. Encrypted communications must persist through disasters; the last thing a soldier or a doctor wants is a communication tool that is dependent on Pepco or the weather.

We here at Gryphn encourage you to be safe during Hurricane Sandy. Stay safe, stay protected.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Text Messages Make You Buy More Stuff – Can Also Make You Healthier

Posted on 24 Oct 2012 in Android, ArmorText, ArmorText applications, BYOD, Healthcare, HIPAA 0 Comments

Mobile Marketing

Marketing in the Mobile space is a hot topic as we finish out 2012[1]. Companies such as Anheuser-Busch InBev, Coca-Cola and JP Morgan Chase consider mobile marketing the best way to develop closer, more connected relationships with their customers. Customers are more likely to receive and respond to an appropriately targeted text message than to an E-mail or a Facebook message.

Text message read rates are near 90%, where as e-mail read rates are less than 20%.

91% of people with a smartphone always have their device with them.

Spending for mobile ads increases every year and is projected to reach $20.5 billion by 2015[2].

Mobile Healthcare

These gains in customer engagement hold true when crossing into the healthcare industry. However the healthcare industry does not take advantage of these benefits with the same gusto as those marketing their products.

90% of smartphone users have a health related app. (Most often not affiliated with any healthcare institution)

52% say they would actively use an app to monitor their health if they had the option.

Healthcare workers’ concern with violating patient privacy regulations in HIPAA often means that no patient data is transferred at all, though there is significant proof that patient health is positively impacted when this data is transferred.  More engaged patients (that is patients with access to their healthcare staff without the need of a face to face meeting) are less likely to be readmitted to the hospital 30 days after their visit. They are less likely to experience a medical error[3]. Patients who have a condition or a recommendation from their doctor that they carry with them are more likely to follow recommendations and behave appropriate to their health.

Text messages are an increasingly personal way in which marketing departments can connect with and influence consumers to buy more of their product. Text messages can also improve people’s health, connecting them with their healthcare providers in a safe manner and in compliance with HIPAA.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

[1] http://www.cmo.com/cmo-surveys/using-mrm-put-more-interaction-hands-customer

[2] http://www.cmo.com/cmo-surveys/using-mrm-put-more-interaction-hands-customer

[3] Statements by Damon Davis of HHS at the Medical Mobility Executive Panel

Healthcare: The Transition From Pagers To Text Messages

Posted on 22 Oct 2012 in ArmorText, Healthcare, HIPAA, Security 0 Comments

“Smartphones have the ability to transform healthcare by driving efficiencies in an industry that is undergoing dramatic change in automation. Our research shows that secure text messaging represents a viable option today for meeting the unique healthcare communication needs and enabling more efficient ways to collaborate between physicians, nurses, and patients.” -Ed Gaudet, Imprivata CMO

Goodbye Old Pager, Hello Smartphone

The transition from pagers to text messages has already begun among doctors, but the transition to using secure text messaging is a relatively new idea. Doctors use text messages to communicate with doctors and their patients because it is easy and convenient. Text messages offer a better solution and can convey far more than the outdated pager’s buzz and hidden message. A text that reads “Patient Emergency, Call 555-5555,” is in no violation of the Health Insurance Portability and Accountability Act (HIPAA). The problems arise when doctors text electronic protected health information (ePHI) about their patients, which could lead to a HIPAA violation.

“More than 70% of doctors have admitted to texting other doctors.”
“72% believe pagers will be replaced by secure text messaging within 3 years.”
“64% of respondents classified themselves as very concerned over HIPAA compliance of sending PHI over text message.”

Why Encryption Is Necessary

Doctors have already admitted to texting to other physicians about patient information. Text messages between doctors should be encrypted and sent over a secure, closed network to ensure their patient’s information remains private. Encrypting text messages prevents unauthorized access into a patient’s ePHI, protects the patient’s privacy and protects the doctor against a HIPAA violation. Taking care of a patient doesn’t mean just caring for them physically, but also protecting their medical records.

The Office for Civil Rights (OCR) spokeswoman Rachel Seeger says, HIPAA privacy and security rules “do not expressly prohibit” sending electronic protected health information (ePHI) by text or e-mail but the security standards do “require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to ePHI.”

ArmorText Protects Doctors And Their Patients

The patient should always come first! If the quickest form of communication is with a text message then the last thing the Doctor should have to worry about is regulatory compliance. This is where ArmorText comes in…ArmorText was created to be a simple solution for doctors to communicate. We provide a peace of mind; ArmorText is an innovative messaging app that can encrypt messages, verify the identity of the user, and has even more features in progress. Communications through ArmorText will improve the speed and clarity of hospital life, while also guarding patient confidentiality, and user security.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

 

[1]http://portals.imprivata.com/ftp/marketing/Cortext/Healthcare_Texting_Survey.pdf
[2]http://www.darkreading.com/mobile-security/167901113/security/privacy/240007934/from-pagers-to-text-messages-healthcare-s-next-security-challenge.html

Mobile Healthcare = Better Healthcare: Medical Mobility Executive Panel Recap

Posted on 19 Oct 2012 in Android, Apple, ArmorText applications, BYOD, Enterprise, FIPS, Healthcare, HIPAA, NIST, Security 1 Comment

Gryphn ArmorText encrypted text messaging for healthcare
 The Medical Mobility Executive Panel this week brought together the FDA, NCI, VHA, HHS and GSA. The discussions and presentations focused on problems faced and opportunities to improve in modern healthcare in a rapidly digitizing world.

Better healthcare – Mobile healthcare methods increase the speed of healthcare delivery and interactions between patient and healthcare provider which directly affects patient health (if this particular aspect interests you, as it does us, check back next week for details)

Better health – More efficient and accurate care

Reduced costs – Efficiencies never dreamed of with paper

Dr. Abdul Shaikh, Program Director, National Cancer Institute Behavioral Research Program

“Healthcare teams have no time – apps need to integrate w/ workflow, meet data standards and satisfy usability preferences.”

 

Mike Coene, Chief Technology Officer, FDA

“Our users want Android, Apple devices (& maybe Windows 8) – we need apps that keep data secure.”

“All apps must keep data secure and have offline capabilities. All apps require PIV and FIPS compliance.”

 

The FDA uses a variety of digital devices in the field as well as proprietary programs containing trade secret data. In managing these programs on user’s device-of-choice (often the iPad), the path toward FIPS compliance has not yet been charted. The FDA expresses hope that consumers will prefer the new Windows 8 phone as compliance with Windows devices is familiar territory, but, for the moment, consumers want Apple and Android devices. Currently the FDA uses phones that are extremely locked down. They cannot be used outside of work, download general apps and cannot take pictures except with an app-specific camera. There is some discussion as to whether an MDM (as was chosen for a contract by Veterans Affairs) or an MAM solution would be a better fit for to manage security in less hamstrung mobile devices in the future. All apps must keep data secure and have offline capabilities. All apps require PIV and FIPS encryption.
Update 10/24 - Agencies looking to adopt the new iPad mini will have security problems as iOS doesn’t yet have the cryptographic validation of the National Institute of Standards and Technology (NIST).

 

Kathy Frisbee, VHA Office of Informatics & Analytics Director of Web and Mobile Solutions

“Develop everything…so it works on all platforms.”

“Fail fast and fail small. There is a tsunami of patient data coming.”

“More than 1 BILLION has already been invested this year in mobile health”

The VHA recommends short pilots to solve current and upcoming problems with mobile security of patient data. They have focused on building a custom environment for cloud development of apps and a custom sandbox of data on the mobile device. Apps that meet the common information model are published to their app store and downloadable to a “Launchpad”. This container app allows for a single sign on to access a multiplicity of other apps and allows carryover of data between them. The patient data accessed in one app persists through the next app without having to search for the patient once again. None of these data sets persist on the device itself unless they meet FIPS encryption certification standards. These apps need to be designed around current, discrete workflows, focusing on usability; facilitating communication rather than adding additional steps to complete tasks. Currently the VHA works with an MDM called Airwatch.


Damon Davis, Special Assistant in the Office of the National Coordinator for Health IT, HHS

“Secure… and efficient delivery of appropriate care through electronic means =  better healthcare.”

Mobile health tools enable actions – when you know your hemoglobin is high or know that your bank account is low – this knowledge enables appropriate behavior. There needs to be an attitude change on the provider side. Providing a patient with their data means the patient will be more engaged, that they are listening, not that they are leaving. Currently providers are not interested in sharing data with patients because of HIPAA – fear of a $1.5 million dollar fine and a listing on the Wall of Shame often means that no pertinent data is transfered to the patient. However, unknown to most, patients have a legal right to their data. In the future the HHS hopes to see data exchanged in both directions, creating feedback loops by patients reporting allergies, preferences and successes. Data not only needs to be successfully pulled out but also needs to be invited back into the system.

 

Through the Blue Button, you may have access to your claims or personal health information that is maintained by your doctors, hospitals, health plans, and others.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook