Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

Mobile Apps Pose Security Risks

Posted on July 11, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Mobile apps that share files via the cloud may be popular, but they pose risks in a clinical setting, according to a study reported by FierceMobileHealthcare.

The study, which was conducted by the Ponemon Institute, concluded that many health organizations aren’t taking the steps needed to guard protected health information on mobile devices and in the cloud.  In fact, more than half of respondents (54 percent) reported having an average of five data breaches involving the loss or theft of a mobile device containing  PHI, according to FierceMobileHealthcare.

About 33 percent of Ponemon respondents said they need to access PHI to do their work. That being said, only 15 percent of survey respondents were aware of HIPAA’s security requirements for regulated data on mobile devices.  This was the case despite the fact that 33 percent of respondents were part of a HIPAA-covered entity.

Meanwhile, 40 percent of respondents weren’t sure if their organization’s policies on employee access and use of regulated data on mobile devices were HIPAA-compliant. Twelve percent said they were compliant, 31 percent were partially compliant and 17 percent said they were noncompliant.

While healthcare organizations may be playing it a bit fast and loose where use of the cloud via mobile is concerned, they’re still being very cautious where other  uses of the cloud are concerned, FierceMobileHealthcare notes.

According to a recent survey by technology vendor CDW, healthcare organizations ranked seventh out of eight industries studied when it came to adoption of cloud computing.  According to CDW, healthcare leaders cited security concerns about proprietary data and applications as reasons they’d been reluctant to adopt cloud technology.

Mobile Health App Investments, Controlling Dreams With Remee: This Week in Healthcare Scene

Posted on June 24, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

While it was quiet around Healthcare Scene this week, there were still some great posts on a few of the websites. Be sure to check these articles out:

EMR and EHR

VC Firms Eyeing Mobile Health App Investments

It’s no secret that the Mobile Health App industry has taken off lately. Because of this, VC firms are more interested in investing in these companies. Anne Zeiger predicts there will be a handful of investments in the industry in the coming future. This post talks about different mobile health apps being created, and where the industry seems to be headed.

“Non Structured Data Is More Valuable to Practitioners Than Discrete Research Oriented Data” 

The title of this post was inspired by a comment on John’s recent post on the EHR Bubble. Here, John discusses the advantages of non-structured data for a physician. Does non-structured data help improve the quality of care? Join the debate over at EMR and EHR this week.

Smart Phone Health Care

Control Your Dreams With the Remee Sleep Mask

If you’re like me, I’ve always wished I could dictate what I was going to dream about. The latest product from Bitbanger Labs claims to do just that. The “Remee Lucid Dreaming Mask”, with practice, apparently gives the user the ability to control their dreams. The mask brings you into the “lucid dreaming” stage, which is a more aware state of dreaming. For only $95, this new product is available for pre-order here.

Go From Couch Potato to Runner with Couch-to-5K App

A program developed a few years ago has been the catalyst behind several mobile apps. The premise behind the program is to get couch potatoes (or just about anyone) running either a 5K or for 30 minutes straight in as little as 9 week. There are a variety of apps available to help wannabe-runners get started. This post gives a general overview of the official C25K app.

Mobile Health App Ratings by Kaiser

Posted on May 29, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently had the chance to sit down with Kaiser’s mobile group at the Health 2.0 conference in Boston. We had a really interesting discussion where I was able to learn a number of interesting things about Kaiser’s approach to mobile healthcare. As everyone knows they have a really unique environment with a number of incredible opportunities, but also with their own unique challenges. I’ll be discussing a number of these items in future posts.

Although one opportunity came to my mind in my discussion with Kaiser: A Mobile Health App Rating service by Kaiser.

Many people might remember my previous post about the atrocious idea of an mHealth App Certification. I think this is a really terrible idea and will do nothing to help physicians and patients be able to weed through the overwhelming number of mobile health apps.

With that side comment, I love the idea of Kaiser using its vast network of doctors and patients to rate various mobile health apps. Sure, there are some issues with this model as well, but the benefits of having so many valid doctors rate mobile health apps could be tremendous.

The challenge with most rating services is that you have no way of knowing if the person rating the service is actually who they say they are. For example, Sermo is supposedly a physician only forum. However, I know a lot of non-physicians that are on the forum. One advantage Kaiser has is that they could know if the person in their network is a Kaiser physician or not.

One key question is whether Kaiser would be open to making their physician mobile health app ratings available to the public. I’m sure this will be a tricky question for them to answer. No doubt they already kind of do some of this already in their internal network. Maybe it’s not totally codified into a website with a formal process, but it could be. Plus, the benefits to healthcare in general could be great.

What do you think of Kaiser physicians rating mobile health apps? Are there other better ways to filter through the volume of mobile health apps that exist out there?

Social Media for Patient Recruitment

Posted on May 1, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I previously posted about Patient Recruitment & EHR where I talked about some of the intricacies of patient recruitment and use of EHR for clinical study patient recruitment. While I’m certain that EHR will be a major player in the patient recruitment of the future, I saw a tweet today that made a great case for social media being the go to platform for patient recruitment today.

Here’s the tweet from @JeffBrittonMD:

70% of patients were recruited on Facebook. That number hit me when I saw it. Although, after thinking about it a little bit it makes a lot of sense. The real key to Facebook recruitment is that they know a lot of information about you which advertisers can use to target their ads. So, it makes perfect sense for Facebook to work for patient recruitment.

I think we’ll see other social media channels prove beneficial to patient recruitment as well. Although, it’s still early for many of the other platforms that I think will prove most valuable. Keep an eye on Twitter to start. Also, don’t underestimate the power of mobile apps and even a physician’s social media presence.

2012 EHR and Health IT Noise

Posted on January 6, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I have to admit, I’ve really enjoyed going through and making lists looking back on EMR and Health IT in 2011 and thinking about what is going to happen in EMR and Health IT in 2012. Thanks for everyone who has joined and added to the discussion. It’s been really great!

This next list might actually be the hardest one for me to create. I call it the 2012 EHR and Health IT Noise. You know what I’m talking about. The topics that are going to get talked to death, tweeted everywhere, but won’t really have any major impact on healthcare (at least in 2012). Some would call these distractions.

HIE – Yes, we’re going to hear more and more about HIE’s and their potential. 2012 will still enjoy all that federal grant money that was given to HIE’s. What will we see from it? Maybe a couple books describing lessons learned from all the money spent on trying to set up an HIE. If one or two HIE’s are successful and start sharing patient data with doctors I’ll be really impressed.

EHR Usability – In 2012 I predict we’re going to hear story after story about the lack of usability with EHR software. The complaints will start to pile up, but I don’t think any of that noise will do much to shift the usability of EHR software. It’s a really hard task to dramatically shift the usability of EHR software after the fact. I can’t see many of the legacy EHR accomplishing that shift.

Some new EMR startups may start to come into their own in 2012 with usable EHR software, but they likely won’t be heard above the noise of the other legacy EHR software that’s practically unusable. We’re in a selling spree cycle for EHR software, maybe 2013 will change that.

Mobile Health Apps – This is a little different noise than the others above. This will be noise because there will be so many mobile health apps out there in 2012 and none of them will really consolidate market share yet. I believe that a number of mobile health apps will start to differentiate themselves in 2012, but most people won’t know the difference. They’ll just hear all the noise and try and ignore it.

Meaningful Use – Oh wait, I already wrote about that one here. If you haven’t read the comments of that post, you should. Some good discussion.

Any other things you think will make noise in EMR and Health IT in 2012? I’d love to hear your additions.

A Possible Mobile Health App to Compliment EMR #mhs11

Posted on December 6, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the really interesting companies that I’ve seen at both the Digital Health Conference in NYC and now at the mHealth Summit in DC is a company called Force Therapeutics. This company is part of the Startup Health crew of companies and have a pretty interesting product for ensuring patient compliance using a really cool mobile and web based app.

Force Therapeutics is their first product which is focused on physical therapists which is a smart first step since the founder is a physical therapist. At its core, Force Therapeutics is an application where a physical therapist can “prescribe” exercises that need to be done by their patients. Those doing the exercises can log into the app and see the video demonstrating the exercise and then mark down whether they did the exercise or not. By having the video present during the exercise, it helps the patient to perform the exercise properly and then the physical therapist can know how well their patients are complying with the exercises they prescribed.

The app is available on the web or on the iPad and I believe Android. Plus, they offer a pretty cool online store where physical therapists can direct their patients to purchase the various products they need to do the physical therapy. I imagine that could be a nice revenue stream for Force Therapeutics and could be really convenient for physical therapists and patients.

Force Therapeutics also has a consumer version of their application available on the app store that could enable those interested in trying some physical therapy exercises without going to their doctor or the physical therapist. This feels wrong for many in the US who are so use to needing a doctors referral to go to physical therapy. Could be an interesting play for Force Therapeutics to help out with those aches and pains that we all have (and are getting more the older we get) that aren’t worthy of a doctor, but could benefit from some mild “therapy.” I’m sure this will have many doctors and physical therapists cringing a little bit, but whether it’s Force Therapeutics is used or some other app, there’s little doubt that patients will be doing this sort of self directed therapy anyway.

As I saw an app like Force Therapeutics, I could see it as a nice add on to EMR software. My only fear is that it feels more like a feature of an EMR software as opposed to a product unto its own. Although, I think Force Therapeutics has a chance for a number of different reasons.

First, I don’t see many EMR vendors really diving into this space. Sure, some might do some pieces of this, but they have so many things on their development plate that I think it’s unlikely for most EHR software vendors to develop these type of features.

Second, physical therapy is a space where EMR hasn’t gone very much. Sure, there’s WebPT, but most physical therapists are still in the paper world. The EHR incentive money passed over physical therapists and so it seems that many of them will continue sitting on the sidelines. That leaves a great opportunity for niche apps to satisfy the needs of these niche providers.

Plus, when I talked to the Force Therapeutics founder, I think that one of their biggest opportunities is outside the physical therapy space. Sure, it would be easy to expand Force Therapeutics into orthopedics or other medical specialty that wants to measure and support compliance in treatment. However, even more interesting to me is the idea of a Force Fitness type of app that focuses on trainers and exercise. When you start to think about trainers need to monitor their client’s exercise habits it makes a lot of since. In fact, if played right, Force Fitness could become a network that connects trainers with those interested in finding a personal trainer. Considering the amount of money spent on exercise each year, this is a really tremendous opportunity.

It’s still early in the life of something like Force Therapeutics, but it’s a pretty interesting little insight into the future of how various apps could impact healthcare. One of the panel speakers at the mHealth Summit said that there were 17,000 healthcare apps on the market today. I’m not sure where he got his number, but no matter how you slice it that’s a lot of healthcare apps. Multiply an app like Force Therapeutics by 17,000 and you can see there’s a sea of change happening in the mobile health space.