Archive for September, 2010

“Come, Watson, come! The game is afoot.”  Says Sherlock Holmes as if to say “Ok, now the fun really starts”

This is exactly how I felt when I recently read the early reports of the long expected “MyChart” iPhone App that went live in several sites over the last couple of weeks.  First reported at the Dean Clinic the MyChart App brings several of the heavily used features (not all) of the My Chart web application to the iPhone.  We at Diversinet are thrilled to see Epic into our market space with MyChart, we believe it not only legitimizes what we do, but we think it will immediately spark discussion around several key questions.  Here are a few:

How is “MyChart” data secured when it goes “over the air” to the iPhone, and how does it stay secure once it gets there?

Is the “MyChart” App HIPAA Compliant? How do we know?

What are Epic’s Competitors (GE, McKesson, Allscripts, etc.) Going to do for HIPAA compliant mobile access to their systems?

Will Epic be content with the Apple IOS or will they redevelop for Android, RIM, Windows Mobile, etc.?

Other than a mobile port of “MyChart” are there any other mobile Apps that Epic will deliver to its customers?

Will Epic and any of its competitors deliver a secure development platform to their customers so additional Apps can be easily and securely developed?

Will any of the major consulting firms (CSC, Deloitte, PWC, etc.) get into the mobile App development, deployment space?

Do most large Providers / IDN’s (Epic’s main customer base) have mobile App strategies that will include “MyChart” like Apps?

Do any of these questions resonate with you? Now would be a great time to talk to Diversinet! Oh… The game is truly “afoot”

With smart phones exploding and data usage growing exponentially, there is an assumption in the marketplace that a mobile browser https (SSL on the mobile) session and the user’s name and password will be good enough to protect a patient’s identity and their access to their personal healthcare information.  Here are a few things to think about…

1. Let’s look at the mobile. This little guy is 15 x times more likely to be lost than a laptop.
2.  A very small percentage of people actually lock their phones.  The mobile browser / History and phone application icons are all open for inspection. All your bookmarks are available to review which gives unwanted eyes additional personal information.  All your downloaded documents, like copies of claims or lab tests are in the open. In many cases, all recent browser activity including your user name and all your personal health records and transactions are open for every one to see as these items have been cached. In addition, most bookmarks remember your user name/password and auto-sign you (or the intruder) in directly, to your personal health information.
3. From a communications security standpoint, the standard mobile SSL connection sets up a tunnel between the mobile and the web server. It does not authenticate you or your personal mobile device, it does not make sure you at the right intended site, nor does it provide end-to-end security to the application level.

Considering it takes an average of 130 hours to fix a financial identity when a person is a victim of identity theft imagine what it will take to restore health identity when your identity is compromised using the mobile internet.

There is a better way, the MobiSecure® Health solution downloads personal security credentials and an app to your mobile device that is locked to your specific healthcare organization. It demands a PIN to open the service, executes bi-lateral authentication between the server and the phone, and then performs dual encryption on all information and messages exchanged. No user names, bookmarks, downloads, cached screens, personal information or URL’s are available to prying eyes.

How do you want to access, store and interact with your personal health information?

Being a mobile tech fanatic since the days of the first generation Motorola’s (more about that in an upcoming post), but being in the mHealth business for a relatively short period, I have been reading all I can about the industry.  It did not take long for mobihealthnews.com to become my favorite place for industry updates and news.

Here are the 4 reasons I like and subscribe to  mobihealthnews.com…

1. Brian Dolan’s Style – I have met Brian a couple of times and like him personally, but it is how he writes that makes me anxious to read his updates.  He is factual and yet not overly opinionated.  He definitely shares his views, but to me always has the best interest in the industry as a whole in mind.

2. Not To Commercial – Sure Brian and mobihealthnews.com run ads and are in a commercial enterprise, but the site is not littered with trash ads and the ads that do run are usually of interest to me.

3. Most e-mailed Articles – I love this BLOG feature and wish others would include it.  It is a quick way to see what others viewing the posts have thought were most applicable… interestingly enough the ones that make the list are usually ones that I resonate with as well.

4. Link between Newsletter and Site – I really like how Brian uses both the mobihealthnews newsletter and the BLOG to compliment each other… A lot of the same content but a slightly different approach makes me look forward to both.

So… If you are in our industry go to mobihealthnews.com and subscribe to both the RSS feed in your Google Reader or like news source and subscribe to the newsletter… Good Stuff…  And while your at it search for “Diversinet” on the site for some fair and balanced reporting on us!

Mark

In an interesting recent post on the Whitehouse BLOG, entitled: The National Strategy for Trusted Identities in Cyberspace

Howard A. Schmidt – A former Diversinet Advisory Board Member and current Cybersecurity Coordinator and Special Assistant to President Obama, makes the following comment:

“…no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services”

When we were designing the the first version of the MobiSecure ® platform for secure mobile healthcare access our clients encouraged us to create a technology that was both extremely secure AND easy to use.  Our goal was to deliver the next generation of secure mobile tools that required NO URL’s, Usernames, Passwords,  Challenge Querstions, and without the need to navigate across multiple back end systems. We did this by creating a technology that installs “over the air” advanced cryptology that does both authentication and encryption in realtime from both the mobile device and secure servers… Let us show you a demo!

Read the Whitehouse BLOG entry here…