Protecting patient data and privacy requires prime attention when deploying mHealth technology, according to Michael Ash, chief transformation officer at Nebraska Medicine. The health system is conducting a $10 million research project on the impact of remote health monitoring of chronically ill patients, and is now deploying an Apple Watch-based version of its Epic MyChart app to let patients and physicians communicate and access data from test result notices to appointment information.
In a recent interview with HealthcareInfoSecurity, Ash says that security strategies surrounding such mobile endeavors must encompass all potential risk points, from user access to data sharing.
In deploying the app, Nebraska made a series of decisions regarding security to ensure data is protected at every point, from creation to transmission to storage. No data resides on the Watch and encryption technology is used for transmitting data between the Epic system and the wearable.
"We turned off Siri [Apple's digital voice assistant] capability for data transmission," Ash says, noting that user authentication also is a priority to ensure data security and privacy. "No permanent patient identifiable information is stored on the smartphone and that is the same for patient and physician apps.
"We want to push the envelope, but we want to do it in a way that is very, very safe so we haven't turned on every feature and we haven't enabled every device to communicate with our electronic medical record," he adds.
The provider's mHealth security focus is a comprehensive, end-to-end strategy that even played into choosing devices for the research project.
"We are picking and choosing, so we did not go with the cheapest glucometer," he says. "We went with the one that demonstrated a very secure encryption technology to make sure information is safely transmitted. We are looking at each area, each app and even each vendor to make sure they are meeting HIPAA requirements and that they are demonstrating the ability to securely transmit their information back and forth."
Earlier this year, as FierceMobileHealthcare reported, Beth Israel Deaconess Medical Center CIO John Halamka, an innovator in mHealth tech, described mHealth security as a balancing act between providing functionality to patients and caregivers while also ensuring security and data privacy. As sister site FierceHealthIT has reported, consumers want to know their data will be used for helpful purposes, yet seek assurances of privacy and protection against breaches.
A recent report noted that security, user privacy and regulatory concerns as top worries in mHealth adoption, as well as the potential of unvetted apps coming to market with many apps potentially problematic for users and caregivers.
Ash offers tips to other providers moving forward with a similar mHealth strategy. He says enterprises need to be open minded to where the technology is going and where it can take providers as caregivers.
For more information:
- check out the interview