Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Wearables And Mobile Apps Pose New Data Security Risks

Posted on December 30, 2014 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In the early days of mobile health apps and wearable medical devices, providers weren’t sure they could cope with yet another data stream. But as the uptake of these apps and devices has grown over the last two years, at a rate surpassing virtually everyone’s expectations, providers and payers both have had to plan for a day when wearable and smartphone app data become part of the standard dataflow. The potentially billion-dollar question is whether they can figure out when, where and how they need to secure such data.

To do that, providers are going to have to face up to new security risks that they haven’t faced before, as well as doing a good job of educating patients on when such data is HIPAA-protected and when it isn’t. While I am most assuredly not an attorney, wiser legal heads than mine have reported that once wearable/app data is used by providers, it’s protected by HIPAA safeguards, but in other situations — such as when it’s gathered by employers or payers — it may not be protected.

For an example of the gray areas that bedevil mobile health data security, consider the case of upstart health insurance provider Oscar Health, which recently offered free Misfit Flash bands to its members. The company’s leaders have promised members that use the bands that if their collected activity numbers look good, they’ll offer roughly $240 off their annual premium. And they’ve promised that the data will be used for diagnostics or any other medical purpose. This promise may be worthless, however, if they are still legally free to resell this data to say, pharmaceutical companies.

Logical and physical security

Meanwhile, even if providers, payers and employers are very cautious about violating patients’ privacy, their careful policies will be worth little if they don’t take a look at managing the logical and physical security risks inherent in passing around so much data across multiple Wi-Fi, 4G and corporate networks.

While it’s not yet clear what the real vulnerabilities are in shipping such data from place to place, it’s clear that new security holes will pop up as smartphone and wearable health devices ramp up to sharing data on massive scale. In an industry which is still struggling with BYOD security, corralling data that facilities already work with on a daily basis, it’s going to pose an even bigger challenge to protect and appropriately segregate connected health data.

After all, every time you begin to rely on a new network model which involves new data handoff patterns — in this case from wired medical device or wearable data streaming to smartphones across Wi-Fi networks, smart phones forwarding data to providers via 4G LTE cellular protocols and providers processing the data via corporate networks, there has to be a host of security issues we haven’t found yet.

Cybersecurity problems could lead to mHealth setbacks

Worst of all, hospitals’ and medical practices’ cyber security protocols are quite weak (as researcher after researcher has pointed out of late). Particularly given how valuable medical identity data has become, healthcare organizations need to work harder to protect their cyber assets and see to it that they’ve at least caught the obvious holes.

But to date, if our experiences with medical device security are any indication, not only are hospitals and practices vulnerable to standard cyber hacks on network assets, they’re also finding it difficult to protect the core medical devices needed to diagnose and treat patients, such as MRI machines, infusion pumps and even, in theory, personal gear like pacemakers and insulin pumps.  It doesn’t inspire much confidence that the Conficker worm, which attacked medical devices across the world several years ago, is still alive and kicking, and in fact, accounted for 31% the year’s top security threats.

If malevolent outsiders mount attacks on the flow of connected health data, and succeed at stealing it, not only is it a brand-new headache for healthcare IT administrators, it could create a crisis of confidence among mHealth shareholders. In other words, while patients, providers, payers, employers and even pharmaceutical companies seem comfortable with the idea of tapping digital health data, major hacks into that data could slow the progress of such solutions considerably. Let’s hope those who focus on health IT security take the threat to wearables and smartphone health app data seriously going into 2015.

Great EMR and Healthcare IT Content

Posted on March 3, 2011 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today I’m happy to officially introduce readers of EMR and HIPAA to my latest project: The Healthcare Scene blog network. If you follow me on twitter (@techguy and @ehrandhit), then you’ve probably already come across one or more of the great blogs in this new healthcare IT blog network. I’m really excited with the group of bloggers that I have working on the network and the amazing content they’ve been creating and will create.

Before I introduce you to the various websites on the network, here’s a little background in why I decided to do this. As I looked at the various healthcare IT and EMR bloggers producing content, I was disappointed that many of them were creating great content that wasn’t getting nearly as much attention and traffic as the content deserved. Plus, many hadn’t benefited financially from all the great content they were creating. Combine lack of traffic with lack of financial rewards and these independent voices often disappear.

I saw this as a real opportunity to leverage many of the marketing and advertising tools that I’d created for EMR and HIPAA to the benefit of many others in the EMR and healthcare IT world. Plus, a number of my current advertisers told me that there weren’t enough online healthcare IT advertising options out there. I see this network as a real win for everyone. Independent bloggers can have their voices magnified while making money doing so. Readers and the EMR and Healthcare IT industry get more independently created content (including content by doctors). Healthcare IT advertisers will have more opportunities to advertise next to great content. I get to expand my network and work with a bunch of really smart people.

Now here’s a look at the websites that will be part of the Healthcare Scene blog network:

  • Meaningful HIT News – This blog written by Neil Versel started in May 2004 and has over 500 posts. Neil is one of the only pure healthcare IT journalists out there and has been doing it for the past 15 years across more publishers than you can count, but most recently at Fierce Healthcare. I’m excited that Neil has chosen to move his blog to the blog network. He’s a must read journalist for anyone in EMR and healthcare IT. I borrowed much of my writing style from Neil and so if you like this site, go and subscribe to Meaningful HIT News email list and you won’t be disappointed.
  • EMR and Healthcare IT News – The firehose of EMR and Healthcare IT news sent out by vendors. A great way for vendors to get their word out and for industry people to see the latest developments in EMR and healthcare IT. I’m looking to partner with healthcare IT PR firms on the site, so hit my Contact Us page if you’re interested.
  • Happy EMR Doctor – This blog first started out as a Doctor’s Blog guest post on EMR and EHR, but the content from Dr. West was too good. So, I rolled it off onto its own blog. Dr. West has been through a failed EHR implementation and now is using one of the Free EHR vendors. So, he has some interesting stories to tell.
  • Smartphone Health Care – I recently heard that there were something like 30+ mobile health conferences or conferences with a mobile health track in the past year. That seems like far too many, but it is quite clear that Smart Phones and other mobile devices are going to play a huge role in the future of healthcare. Consider this my foray into the mHealth world.
  • Wired EMR Practice – Many of you might remember that I already introduced Dr. Koriwchak’s blog on EMR and HIPAA earlier. Many of you subscribed to his blog and have seen the type of quality content he’s creating. I love doctor’s perspectives on EMR.
  • nextHospital – We’ll see how this blog evolves, but it’s the Healthcare Scene’s first blog that isn’t really IT focused. Written by Katherine Rourke (mentioned above), nextHospital will focus on the business of healthcare in hospitals.
  • EMR, EHR and HIPAA Wiki – Not a blog, but a pretty cool part of the network nonetheless. Be sure to add your EHR vendor if it’s not on there already.
  • EMR and EHR Job Board – Not a blog either, but this job board will be syndicated across all the websites. So, it’s a great places to post or look for a job.
  • EMR and HIPAA – Hopefully it needs no intro if you’re reading this post. Let’s just say, 1000 posts, 4713 comments, and over 4 million pageviews.
  • EMR and EHR – Very similar to EMR and HIPAA, but only about 2 years old. 300 posts, 1092 comments and 700,000+ pagevies. Katherine Rourke, a healthcare IT journalist with 15+ years of experience, recently started posting on EMR and EHR and is a welcome addition to the site.

I’d say that’s a pretty good start. I’m in talks with a few more bloggers that may or may not join the network. I think there’s still some interesting niches that haven’t been filled. For example, a blog tracking publicly traded healthcare IT stock movements and other healthcare IT investment opportunities could be interesting. Either way, I’m excited to see all the great content that will be created on these sites. Much like this site, each site encourages you to respectfully comment, share the content, and join the conversation. Please let your voice be heard in the comments.

Yes, right now each site looks very much like the rest, but we’re just getting started. Over time I’ll work to give each blogger it’s own brand while also building up the domain to better represent all the activity that’s happening on the network. I see it becoming a virtual hub of the best and brightest conversations happening in and around healthcare IT and EMR.

Let me know what you think of these additions in the comments or drop me a note on my Contact Us page.