Security Awareness Blog

Mobile Health Cyber Hygiene

McGindley photo 090811 (2)Editor's Note: This Guest Blog series is by Meryt McGindley, Vice President of Communications and Public Affairs for the National Association for Trusted Exchange (NATE) and Daniel Weissman, Director at SANS Institute. In this blog they discuss how mobile health technologies make healthcare information sharing easier but require strong security hygiene by End Users.

Today, mobile health (mHealth) technologies are opening up all kinds of new avenues for healthcare consumers to take better care of themselves. For example medication information recording capabilities now exist in a variety of mobile devices, including Fitbits, exercise trackers, and other wearables. Most new smartphones have heart rate monitors and other exciting functionalities built in, and a wide range of health information tracking apps are available in most mobile app stores.

Many of these mHealth apps are designed to interoperate with the secure messaging systems baked into most healthcare providers' electronic medical record (EMR) systems, allowing providers to easily send a patient their personal health information (PHI) during or following their visit. Some devices and apps can even provide raw data flows directly from the patient's device to a medical professional, who can integrate this data with the patient's record online.

As an example, a rural diabetes patient who lives far away from the closest hospital can now receive his medical records electronically on an app on his smartphone and can often use that same app to record his or her daily blood glucose levels. This patient can then transmit this information directly to their general practitioner for follow-up without ever needing to leave home. Similarly, a person with a heart condition can now download their doctor's post-heart attack instructions from their doctor's patient portal to an app on their iPad. They can then keep a near-constant record of their heart rate and exercise program on their Fitbit dashboard and transmit that record electronically to a nurse in their cardiologist's office to ensure they are remaining on track and healthy.

Patients and providers alike are more easily sharing medical information with each other through mHealth and this revolution in medical information technology sharing is a game-changing advance for the efficient delivery of healthcare. However, the long-term success of these scenarios depends on the patient and provider utilizing strong security hygiene. For patients, this means keeping their recording and transmission devices physically safe and secure, and keeping their software patched. For providers and staff handling PHI, this means maintaining record safety by keeping the individual(s) in charge of receiving these records educated on the latest threats via organization-wide security awareness. And for providers sending data to patients over the Internet, this means using Direct secure messaging (with end-to-end encryption) or other secure methods of information sharing.

With new information-sharing technologies come new security challenges. Perhaps more than any previous similar information technology advance, keeping healthcare information sharing technologies secure depends on always using only secure information sharing mechanisms such as Direct secure messaging to exchange information and keeping up on the security awareness of those utilizing them: the individual patients and the individual providers.

Bio: Meryt McGindley is the Vice President of Communications and Public Affairs for the National Association for Trusted Exchange (NATE). NATE brings the expertise of its membership and other stakeholders together to find common solutions that optimize the appropriate exchange of health information for improved health outcomes and greater gains in technology adoption. In support of NATE's mission to address the legal, policy and technical barriers that inhibit electronic health information exchange between healthcare entities and patients, McGindley oversees all of NATE's public communications activities, including stakeholder education and media relations.