Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Vendor Study Says Wearables Can Promote Healthy Behavior Change

Posted on November 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study backed by a company that makes an enterprise health benefits platform has concluded that wearables can encourage healthy behavior change, and also, serve as an effective tool to engage employees in their health.

The data from the study, which was sponsored by Mountain View, CA-based Jiff, comes from a two-year research project on employer-sponsored wearables. Rajiv Leventhal, who wrote about the study for Healthcare Informatics, argues that these findings challenge common employer beliefs about these type of programs, including that participation is typically limited to young and healthy employees, and that engagement with these rules can’t be sustained over time.

The data, which was drawn from 14 large employers with 240,000 employees, apparently suggests that wearable adoption and long-term engagement is possible for employees of all ages. The company reported that among the employers offered the wearables program via its enterprise health platform, 53% of employees under 40 years old participated, and 36% of employees over 50 years participated as well.

Jiff researchers also found that employee engagement had not measurably fallen for more than nine months following the program rollout, and that for one employer, levels of engagement have been progressively increasing for more than 18 months, the company reported.

According to Jiff, they have helped sustain employee engagement by employing three tactics:  Using “challenges,” time-bound immersive and social games that encourage healthy actions, “device credits,” subsidies that offset the cost of purchasing wearables and “behavioral incentives,” rewards for taking healthy actions such as walking a minimum number of steps per day.

The thing is, as interesting as these numbers might be — and they do, if nothing else, underscore the role of engaging consumers rather than waiting for them to engage with healthier behaviors on their own — the story doesn’t address one absolutely crucial issue, to wit, what concrete health impact are companies seeing from employee use of these devices.

I don’t think I’m asking for too much here when I demand some quantitative data suggesting that the setup can actually achieve measurable health results. Everything I’ve read about employee wellness initiatives to date suggests that they’ve been a giant bust, with few if any accomplishing anything measurable.

And here we have Jiff, a venture-backed hotshot company, which I’m guessing had the resources to report on results if it found any. After all, if I understand the study right, with their researchers had access to 540,000 employees for significant amount of time.  So where are the health conclusions that can be drawn from this population?

And by the way, no, I don’t accept that patient engagement (no matter how genuine) can be used as a proxy or predictive factor for health improvement. It’s a promising step in the right direction but it isn’t the real thing yet.

So, I shared the study with you because I thought you might find it interesting. I did. But I wouldn’t take it too seriously when it comes to signs of real change — either for wearables used for employee wellness initiatives. At this point both are more smoke than substance.

Are Healthcare Data Streams Rich Enough To Support AI?

Posted on November 21, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As I’ve noted previously, artificial intelligence and machine learning applications are playing an increasingly important role in healthcare. The two technologies are central to some intriguing new data analytics approaches, many of which are designed to predict which patients will suffer from a particular ailment (or progress in that illness), allowing doctors to intervene.

For example, at New York-based Mount Sinai Hospital, executives are kicking off a predictive analytics project designed to predict which patients might develop congestive heart failure, as well as to care for those who’ve are done so more effectively. The hospital is working with AI vendor CloudMedx to make the predictions, which will generate predictions by mining the organization’s EMR for clinical clues, as well as analyzing data from implantable medical devices, health tracking bands and smartwatches to predict the patient’s future status.

However, I recently read an article questioning whether all health IT infrastructures are capable of handling the influx of data that are part and parcel with using AI and machine learning — and it gave me pause.

Artificial intelligence, the article notes, functions on collected data, and the more data AI solution has access to, the more successful the implementation will be, contends Elizabeth O’Dowd in HIT Infrastructure. And there are some questions as to whether healthcare IT departments can integrate this data, especially Internet of Things datapoints such as wearables and other personal devices.

After all, O’Dowd notes, for the AI solution to crawl data from IoT wearables, mobile apps and other connected devices, the data must be integrated into the patient’s medical record in a format which is compatible with the organization’s EMR technology. Otherwise, the organization’s data analytics solution won’t be able to process the data, and in turn, the AI solution won’t be able to evaluate it, she writes.

Without a doubt, O’Dowd has raised some important issues here. But the real question, as I see it, is whether such data integration is really the biggest bottleneck AI and machine learning must pass through before becoming accessible to a wide range of users. For example, healthcare AI-based Lumiata offers a FHIR-compliant API to help organizations integrate such data, which is certainly relevant to this discussion.

It seems to me that giving the AI every possible scrap of data to feed on isn’t the be all and end all, and may even actually less important than the clinical rationale developers uses to back up its work. In other words, in the case of Lumiata and its competitors, it appears that creating a firm foundation for the predictions is still as much the work of clinicians as much is AI.

I guess what I’m getting to here is that while AI is doubtless more effective at predicting events as it has access to more data, using what data we have with and letting skilled clinicians manage it is still quite valuable. So let’s not back off on harvesting the promise of AI just because we don’t have all the data in hand yet.

E-Patient Update: The Patient Data Engagement Leader

Posted on October 20, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As healthcare delivery models shift responsibility for patient health to the patients themselves, it’s becoming more important to give them tools to help them get and stay healthy. Increasingly, digital health tools are filling the bill.

For example, portals are moving from largely billing and scheduling apps to exchanging of patient data, holding two-way conversations between patient and doctor and even tracking key indicators like blood glucose levels. Wearables are slowly becoming capable of helping doctors improve diagnoses, and patterns revealed by big data should soon be used to create personalized treatment plants.

The ultimate goal of all this, of course, is to push as much data power as possible into the hands of consumers. After all, for patients to be engaged with their health, it helps to make them feel in control, and the more sophisticated information they get, the better choices they can make. Or at least that’s how the traditional script reads.

Now, as an e-patient, the above is certainly true for me. Every incremental improvement in the data I get me brings me closer to taking on otherwise overwhelming health challenges. That’s true, in part, because I’m comfortable reading charts, extrapolating conclusions from data points and visualizing ways to make use of the information. But if you want less tech-friendly patients to get on board, they’re going to need help.

The patient engagement leader

And where will that help come from? I’d argue that hospitals and clinics need to create a new position dedicated to helping engage patients, including though not limited to helping them make their health data their own. This position would cut across several disciplines, ranging from patient health education clinical medicine to data analytics.

The person owning this position would need to be current in patient engagement goals across the population and by disease/condition type, understand the preferred usage patterns established by the hospital, ACO, delivery network or clinic and understand trends in health behavior well enough to help steer patients in the right direction.

It also wouldn’t hurt if such a person had a healthy dose of marketing skills under their belt, as part of the patient engagement process is simply selling consumers on the idea that they can and should take more responsibility for their health outcomes. Speaking from personal experience, a good marketer can wheedle, nudge and empower people by turns, and this will be very necessary to boost your engagement.

While this could be a middle management position, it would at least need to have the full support of the C-suite. After all, you can’t promote population-wide improvements in health by nibbling around the edges of the problem. Such measures need to be comprehensive and strategic to the mission of the healthcare organization as a whole, and the person behind the needs to have the authority to see them through.

Patients in control

If things go right, establishing this position would lead to the creation of a better-educated, more-confident patient population with a greater sense of self efficacy regarding their health. While specific goals would vary from one healthcare organization to the other, such an initiative would ideally lead to improvements in key metrics such as A1c levels population-wide, drops in hospital admission and readmission rates and simultaneously, lower spending on more intense modes of care.

Not only that, you could very well see patient satisfaction increase as well. After all, patients may not feel capable of making important health changes on their own, and if you help them do that it stands to reason that they’ll appreciate it.

Ultimately, engaging patients with their health calls for participation by everyone who touches the patient, from techs to the physician, nurses to the billing department. But if you put a patient engagement officer in place, it’s more likely that these efforts will have a focus.

What Do You Think Of Data Lakes?

Posted on October 4, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Being that I am not a high-end technologist, I’m not always up on the latest trends in database management – so the following may not be news to everyone who reads this. As for me, though, the notion of a “data lake” is a new one, and I think it a valuable idea which could hold a lot of promise for managing unruly healthcare data.

The following is a definition of the term appearing on a site called KDnuggets which focuses on data mining, analytics, big data and data science:

A data lake is a storage repository that holds a vast amount of raw data in its native format, including structured, semi-structured and unstructured data. The data structure and requirements are not defined until the data is needed.

According to article author Tamara Dull, while a data warehouse contains data which is structured and processed, expensive to store, relies on a fixed configuration and used by business professionals, a data link contains everything from raw to structured data, is designed for low-cost storage (made possible largely because it relies on open source software Hadoop which can be installed on cheaper commodity hardware), can be configured and reconfigured as needed and is typically used by data scientists. It’s no secret where she comes down as to which model is more exciting.

Perhaps the only downside she identifies as an issue with data lakes is that security may still be a concern, at least when compared to data warehouses. “Data warehouse technologies have been around for decades,” Dull notes. “Thus, the ability to secure data in a data warehouse is much more mature than securing data in a data lake.” But this issue is likely to receive in the near future, as the big data industry is focused tightly on security of late, and to her it’s not a question of if security will mature but when.

It doesn’t take much to envision how the data lake model might benefit healthcare organizations. After all, it may make sense to collect data for which we don’t yet have a well-developed idea of its use. Wearables data comes to mind, as does video from telemedicine consults, but there are probably many other examples you could supply.

On the other hand, one could always counter that there’s not much value in storing data for which you don’t have an immediate use, and which isn’t structured for handy analysis by business analysts on the fly. So even if data lake technology is less costly than data warehousing, it may or may not be worth the investment.

For what it’s worth, I’d come down on the side of the data-lake boosters. Given the growing volume of heterogenous data being generated by healthcare organizations, it’s worth asking whether deploying a healthcare data lake makes sense. With a data lake in place, healthcare leaders can at least catalog and store large volumes of un-normalized data, and that’s probably a good thing. After all, it seems inevitable that we will have to wring value out of such data at some point.

E-Patient Update: Is It Appropriate to Trash “Dr. Google”?

Posted on August 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Apparently, a lot of professionals have gotten a bit defensive about working with Google-using customers. In fact, when I searched Google recently for the phrase “Don’t confuse your Google search with my” it returned results that finished the phrase with “law degree,” “veterinary degree,” “nursing degree” and even “library degree.” And as you might guess, it also included “medical degree” among its list of professions with a Google grudge.

I first ran across this anti-Dr.-Google sentiment about a year ago, when a physician posted a picture of a coffee mug bearing this slogan on LinkedIn. He defended having the mug on his desk as a joke. But honestly, doc, I don’t think it’s funny. Let me explain.

First, I want to concede a couple of points. Yes, humor means different things to different people, and a joke doesn’t necessarily define a doctor’s character. And to be as fair as possible, I’m sure there are patients who use Web-based materials as an excuse to second-guess medical judgment in ways which are counterproductive and even inappropriate. Knowledge is a good thing, but not everyone has good knowledge filters in place.

That being said, I have, hmmm, perhaps a few questions for clinicians who are amused by this “joke,” including:

  • Wouldn’t people’s health improve if they considered themselves responsible for learning as much as possible about health trends, wellness and/or any conditions they might have?
  • Don’t we want patients to be as engaged as possible when they are talking with their doctors (as well as other clinicians)? And doesn’t that mean being informed about key issues?
  • Does this slogan suggest that patients shouldn’t challenge physicians to explain discrepancies between what they read and what they’re being told?
  • Does this attitude bleed over to a dislike of all consumer-generated health data, even if it’s being generated by an FDA-approved device? If so, have you got a nuanced understanding of these technologies and a well-informed opinion on their merits?

Please understand, I am in no way anti-doctor. The truth is, I trust, admire and rely upon the clinicians who keep my chronic illnesses at bay. I have a sense of the pressures they confront, and have immense respect for their dedication and empathy.

That being said, I need clinicians to collaborate with me and help me learn what I need to know, not discourage and mock my efforts. And I need them to be open to the benefits of new technologies – be they the web-based medical content that didn’t exist when you were in med school, remote monitoring, wearables, sensor-laden t-shirts, mobile apps, artificial intelligence or flying cars.

So, I hope you understand now why I’m offended by that coffee mug. If a doctor dislikes something so elementary as a desire to learn, I doubt we’ll get along.

AMA’s Digital Health ‘Snake Oil’ Claim Creates Needless Conflict

Posted on June 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Earlier this month, the head of the American Medical Association issued a challenge which should resonate for years to come. At this year’s annual meeting, Dr. James Madara argued that many direct-to-consumer digital health products, apps and even EMRs were “the digital snake oil of the early 21st century,” and that doctors will need to serve as gatekeepers to the industry.

His comments, which have been controversial, weren’t quite as immoderate as some critics have suggested. He argued that some digital health tools were “potentially magnificent,” and called on doctors to separate useful products from “so-called advancements that don’t have an appropriate evidence base, or that just don’t work that well – or that actually impede care, confuse patients, and waste our time.”

It certainly makes sense to sort the digital wheat from the chaff. After all, as of late last year there were more than 165,000 mobile health apps on the market, more than double that available in 2013, according to a study by IMS Institute for Healthcare Informatics. And despite the increasing proliferation of wearable health trackers, there is little research available to suggest that they offer concrete health benefits or promote sustainable behavior change.

That being said, the term “snake oil” has a loaded historical meaning, and we should hold Dr. Madara accountable for using it. According to Wikipedia, “snake oil” is an expression associated with products that offer questionable or unverifiable quality or benefits – which may or may not be fair. But let’s take things a bit further. In the same entry, Wikipedia defines a snake oil salesman “is someone who knowingly sells fraudulent goods or who is themselves a fraud, quack or charlatan.” And that’s a pretty harsh way to describe digital health entrepreneurs.

Ultimately, though, the issue isn’t whether Dr. Madara hurt someone’s feelings. What troubles me about his comments is they create conflict where none needs to exist.

Back in the 1850s, when what can charitably be called “entrepreneurs” were selling useless or toxic elixirs, many were doubtless aware that the products they sold had no benefit or might even harm consumers. And if what I’ve read about that era is true, I doubt they cared.

But today’s digital health entrepreneurs, in contrast, desperately want to get it right. These innovators – and digital health product line leaders within firms like Samsung and Apple – are very open to working with clinicians. In fact, most if not all work directly with both staff doctors and clinicians in community practice, and are always open to getting guidance on how to support the practice of medicine.

So while Dr. Madara’s comments aren’t precisely wrong, they suggest a fear and distrust of technology which doesn’t become any 21st century professional organization.

Think I’m wrong? Well, then why didn’t the AMA leader announce the formation of an investment fund to back the “potentially magnificent” advances he admits exist? If the AMA did that, it would demonstrate that even a 169-year-old organization can adapt and grow. But otherwise, his words suggest that the venerable trade group still holds disappointingly Luddite views better suited for the dustbin of history.

UPDATE:  An AMA representative has informed me that I got some details in the story above wrong, and I’m eager to correct my error. According to Christopher Khoury, vice president of environmental analysis and strategic analytics with the group, the AMA is indeed investing in digital health innovation. He notes that in January, the group announced the formation of San Francisco-based Health2047 (www.health2047.com), for which it serves as lead investor. Health2047 is dedicated to furthering the commercialization of digital tools and solutions that help practicing physicians. It also sponsors Matter, a healthcare incubator based in Chicago.

Securing IoT Devices Calls For New Ways Of Doing Business

Posted on June 8, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

While new Internet-connected devices can expose healthcare organizations to security threats in much the same way as a desktop PC or laptop, they aren’t always procured, monitored or maintained the same way. This can lead to potentially major ePHI breaches, as one renowned health system recently found out.

According a piece in SearchHealtlhIT, executives at Intermountain Healthcare recently went through something of a panic when connected audiology device went missing. According to Intermountain CISO Karl West, the device had come into the hospital via a different channel than most of the system’s other devices. For that reason, West told the site, his team couldn’t verify what operating system the audiology device had, how it had come into the hospital and what its lifecycle management status was.

Not only did Intermountain lack some key configuration and operating system data on the device, they didn’t know how to prevent the exposure of stored patient information the device had on board. And because the data was persistent over time, the audiology device had information on multiple patients — in fact, every patient that had used the device. When the device was eventually located, was discovered that it held two-and-a-half years worth of stored patient data.

After this incident, West realized that Intermountain needed to improve on how it managed Internet of Things devices. Specifically, the team decided that simply taking inventory of all devices and applications was far from sufficient to protect the security of IoT medical devices.

To prevent such problems from occurring again, West and his team created a data dictionary, designed to let them know where data originates, how it moves and where it resides. The group is also documenting what each IoT device’s transmission capabilities are, West told SearchHealthIT.

A huge vulnerability

Unfortunately, Intermountain isn’t the first and won’t be the last health system to face problems in managing IoT device security. Such devices can be a huge vulnerability, as they are seldom documented and maintained in the same way that traditional network devices are. In fact, this lack of oversight is almost a given when you consider where they come from.

Sure, some connected devices arrive via traditional medical device channels — such as, for example, connected infusion pumps — but a growing number of network-connected devices are coming through consumer channels. For example, though the problem is well understood these days, healthcare organizations continue to grapple with security issues created by staff-owned smart phones and tablets.

The next wave of smart, connected devices may pose even bigger problems. While operating systems running mobile devices are well understood, and can be maintained and secured using enterprise-level processes,  new connected devices are throwing the entire healthcare industry a curveball.  After all, the smart watch a patient brings into your facility doesn’t turn up on your procurement schedule, may use nonstandard software and its operating system and applications may not be patched. And that’s just one example.

Redesigning processes

While there’s no single solution to this rapidly-growing problem, one thing seems to be clear. As the Intermountain example demonstrates, healthcare organizations must redefine their processes for tracking and securing devices in the face of the IoT security threat.

First and foremost, medical device teams and the IT department must come together to create a comprehensive connected device strategy. Both teams need to know what devices are using the network, how and why. And whatever policy is set for managing IoT devices has to embrace everyone. This is no time for a turf war — it’s time to hunker down and manage this serious threat.

Efforts like Intermountain’s may not work for every organization, but the key is to take a step forward. As the number of IoT network nodes grow to a nearly infinite level, healthcare organizations will have to re-think their entire philosophy on how and why networked devices should interact. Otherwise, a catastrophic breach is nearly guaranteed.

Steps In Integrating Patient-Generated Health Data

Posted on May 24, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As the number of connected health devices in use has expanded, healthcare leaders have grappled with how to best leverage the data they generate. However, aside from a few largely experimental attempts, few providers are making active use of such data.

Part of the reason is that the connected health market is still maturing. With health tracking wearables, remote monitoring set-ups, mobile apps and more joining the chorus, it might be too soon to try and normalize all this data, much less harvest it for clinical use. Also, few healthcare organizations seem to have a mature strategy in place for digital health.

But technical issues may be the least of our problems. It’s important to note that providers have serious concerns around patient-generated health data (PGHD), ranging from questions about its validity to fears that such data will overwhelm them.

However, it’s possible to calm these fears, argues Christina Caraballo, senior healthcare strategist at Get Real Health.  Here’s her list of the top five concerns she’s heard from providers, with responses that may help put providers at ease:

  • Fear they’ll miss something in the flood of data. Add disclaimers, consent forms, video clips or easy-to-digest graphics clarifying what consumers can and can’t expect, explicitly limiting provider liability.
  • Worries over data privacy and security: Give consumers back some of the risk, by emphasizing that no medium is perfectly secure, including paper health records, and that they must determine whether the benefits of using digital health devices outweigh the risks.
  • Questions about data integrity and standardization: Emphasize that while the industry has made great process and standardization, interoperability, authentication, data provenance, reliability, validity, clinical value and even workflow, the bottom line is that the data still comes from patients, who don’t always report everything regardless of how you collect the data.
  • Concerns about impact on workflow: Underscore that if the data is presented in the right framework, it will be digestible in much the same way as other electronic medical data.
  • Resistance to pressure from consumers: Don’t demand that providers leverage PGHD out of the gate; instead, move incrementally into the PGHD management by letting patients collect data electronically, and then incorporate data into clinical systems once all stakeholders are on board.

Now, I’m not totally uncritical of Ms. Caraballo’s article. In particular, I take issue with her assertion that providers who balk at using PGHD are “naysayers” who “simply don’t want to change.” While there are always a few folks fitting this description in any profession, the concerns she outlines aren’t trivial, and brushing them off with vague reassurances won’t work.

Truthfully, if I were a provider I doubt I would be comfortable relying on PGHD, especially biometric data. As Ingrid Oakley-Girvan of Medable notes, wearables giant Fitbit was hit with a lawsuit earlier this year alleging that its heart rate monitoring technology is inaccurate, and I wouldn’t be surprised other such suits arise. Digital health trackers and apps have transitioned from novelty to quasi-official medical device very quickly — some might say too quickly – and being cautious about their output just makes sense.

Nonetheless, PGHD will play a role in patient care and management at some point in the future, and it makes sense to keep providers in the loop as these technologies progress. But rushing them into using such data would not be wise. Let’s make sure such technologies are vetted before they assume a routine role in care.

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

Emerging Health Apps Pose Major Security Risk

Posted on May 18, 2015 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As new technologies like fitness bands, telemedicine and smartphone apps have become more important to healthcare, the issue of how to protect the privacy of the data they generate has become more important, too.

After all, all of these devices use the public Internet to broadcast data, at least at some point in the transmission. Typically, telemedicine involves a direct connection via an unsecured Internet connection with a remote server (Although, they are offering doing some sort of encryption of the data that’s being sent on the unsecured connection).  If they’re being used clinically, monitoring technologies such as fitness bands use hop from the band across wireless spectrum to a smartphone, which also uses the public Internet to communicate data to clinicians. Plus, using the public internet is just the pathway that leads to a myriad of ways that hackers could get access to this health data.

My hunch is that this exposure of data to potential thieves hasn’t generated a lot of discussion because the technology isn’t mature. And what’s more, few doctors actually work with wearables data or offer telemedicine services as a routine part of their practice.

But it won’t be long before these emerging channels for tracking and caring for patients become a standard part of medical practice.  For example, the use of wearable fitness bands is exploding, and middleware like Apple’s HealthKit is increasingly making it possible to collect and mine the data that they produce. (And the fact that Apple is working with Epic on HealthKit has lured a hefty percentage of the nation’s leading hospitals to give it a try.)

Telemedicine is growing at a monster pace as well.  One study from last year by Deloitte concluded that the market for virtual consults in 2014 would hit 70 million, and that the market for overall telemedical visits could climb to 300 million over time.

Given that the data generated by these technologies is medical, private and presumably protected by HIPAA, where’s the hue and cry over protecting this form of patient data?

After all, though a patient’s HIV or mental health status won’t be revealed by a health band’s activity status, telemedicine consults certainly can betray those concerns. And while a telemedicine consult won’t provide data on a patient’s current cardiovascular health, wearables can, and that data that might be of interest to payers or even life insurers.

I admit that when the data being broadcast isn’t clear text summaries of a patient’s condition, possibly with their personal identity, credit card and health plan information, it doesn’t seem as likely that patients’ well-being can be compromised by medical data theft.

But all you have to do is look at human nature to see the flaw in this logic. I’d argue that if medical information can be intercepted and stolen, someone can find a way to make money at it. It’d be a good idea to prepare for this eventuality before a patient’s privacy is betrayed.