Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Wearables And Mobile Apps Pose New Data Security Risks

Posted on December 30, 2014 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In the early days of mobile health apps and wearable medical devices, providers weren’t sure they could cope with yet another data stream. But as the uptake of these apps and devices has grown over the last two years, at a rate surpassing virtually everyone’s expectations, providers and payers both have had to plan for a day when wearable and smartphone app data become part of the standard dataflow. The potentially billion-dollar question is whether they can figure out when, where and how they need to secure such data.

To do that, providers are going to have to face up to new security risks that they haven’t faced before, as well as doing a good job of educating patients on when such data is HIPAA-protected and when it isn’t. While I am most assuredly not an attorney, wiser legal heads than mine have reported that once wearable/app data is used by providers, it’s protected by HIPAA safeguards, but in other situations — such as when it’s gathered by employers or payers — it may not be protected.

For an example of the gray areas that bedevil mobile health data security, consider the case of upstart health insurance provider Oscar Health, which recently offered free Misfit Flash bands to its members. The company’s leaders have promised members that use the bands that if their collected activity numbers look good, they’ll offer roughly $240 off their annual premium. And they’ve promised that the data will be used for diagnostics or any other medical purpose. This promise may be worthless, however, if they are still legally free to resell this data to say, pharmaceutical companies.

Logical and physical security

Meanwhile, even if providers, payers and employers are very cautious about violating patients’ privacy, their careful policies will be worth little if they don’t take a look at managing the logical and physical security risks inherent in passing around so much data across multiple Wi-Fi, 4G and corporate networks.

While it’s not yet clear what the real vulnerabilities are in shipping such data from place to place, it’s clear that new security holes will pop up as smartphone and wearable health devices ramp up to sharing data on massive scale. In an industry which is still struggling with BYOD security, corralling data that facilities already work with on a daily basis, it’s going to pose an even bigger challenge to protect and appropriately segregate connected health data.

After all, every time you begin to rely on a new network model which involves new data handoff patterns — in this case from wired medical device or wearable data streaming to smartphones across Wi-Fi networks, smart phones forwarding data to providers via 4G LTE cellular protocols and providers processing the data via corporate networks, there has to be a host of security issues we haven’t found yet.

Cybersecurity problems could lead to mHealth setbacks

Worst of all, hospitals’ and medical practices’ cyber security protocols are quite weak (as researcher after researcher has pointed out of late). Particularly given how valuable medical identity data has become, healthcare organizations need to work harder to protect their cyber assets and see to it that they’ve at least caught the obvious holes.

But to date, if our experiences with medical device security are any indication, not only are hospitals and practices vulnerable to standard cyber hacks on network assets, they’re also finding it difficult to protect the core medical devices needed to diagnose and treat patients, such as MRI machines, infusion pumps and even, in theory, personal gear like pacemakers and insulin pumps.  It doesn’t inspire much confidence that the Conficker worm, which attacked medical devices across the world several years ago, is still alive and kicking, and in fact, accounted for 31% the year’s top security threats.

If malevolent outsiders mount attacks on the flow of connected health data, and succeed at stealing it, not only is it a brand-new headache for healthcare IT administrators, it could create a crisis of confidence among mHealth shareholders. In other words, while patients, providers, payers, employers and even pharmaceutical companies seem comfortable with the idea of tapping digital health data, major hacks into that data could slow the progress of such solutions considerably. Let’s hope those who focus on health IT security take the threat to wearables and smartphone health app data seriously going into 2015.

Do-It-Yourself Smartphone Healthcare

Posted on April 2, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re on the edge of a major shift to Do-It-Yourself healthcare and many don’t even realize it. Sure, everyone acknowledges that people search for health information on Google and they use some health related apps, but I think that’s just the small part of the iceberg that we can see above the water. Here are some stats on the growing digital health market:

A report by Parks Associates in February estimated that in the United States alone, revenue from digital health technology and services would exceed $5.7 billion in 2015, compared with $1.7 billion in 2010, fueled by devices that monitor chronic conditions like hypertension and diabetes and by wellness and fitness applications and programs. -Source

More and more people are getting interested in their smartphone as a health device. Plus, I don’t think any health app has really hit that sweet spot yet. There are tens of thousands of people working on it, but I don’t think we’ve really had that breakout health app that everyone has to have on their phone. However, it’s coming and soon.

Plus, there are other signs that health applications are going mainstream. Eric Topol’s been making the media rounds for it on both Rock Center with Brian Williams and The Colbert Report.

What’s going to really tip the scales with healthcare on the smartphone? I think the answer is being able to connect with your doctor on your smart phone. Once that connection is possible, reimbursable, etc. then the masses will adopt it and it will open up a myriad of other opportunities for healthcare on a smart phone.

Future of mHealth Dependent on Interoperability and Use of Available Technology

Posted on December 22, 2011 I Written By

My education in the healthcare industry is still somewhat in its infancy, but I really enjoy learning about mHealth in particular.  This probably stems from my general love of technology, but also from my fascination with business and watching companies and industries grow.

One of the biggest stumbling blocks with mHealth is there are way too many people developing products rather than businesses.

One of my favorite shows is Shark Tank which gives everyday people the opportunity to present their business to billionaires looking for an investment of some sort.  One of the most common comments the investors make is that the person has a product and not a business.  It is such a thin line but essential to true success.  Products of some sort are essential to a business, but they are not in and of themselves a business.

That is the problem with most of the companies in mHealth at this point.  There are tons of apps and gadgets and other fun things out there, but there is no one company that is trying to bring it all together.  Interoperability is the real basis of success in this industry.  Having to go to ten different companies for your healthcare needs is no different from what we have always had, except you are using electronics instead of paper.

While that is a step in the right direction, it is not the level of change that will be needed for real success in the industry.  There will inevitably be more companies that fail than succeed, as is the case in any industry.

The healthcare industry is very similar to aviation in this area.  The air traffic control system is essentially the same system that has been in use for decades.  While there have been great advances in technology, namely GPS, we still use the same archaic tools that keep the industry inefficient and cluttered.  Clearly major advancements have been implemented in terms of aircraft and related systems that make air travel faster and safer, but we are not even close to using all of the tools available.

There are plans in development to better use the improved tools that are available, but they have still not been widely implemented for numerous reasons.  Instead aviation remains inefficient and the consumer is the one who suffers in the form of increased costs with reduced service.

Healthcare is quickly following the same path.  While there have been amazing developments in the technology doctors use on a day-to-day basis, the system itself is still incredibly inefficient.

That being said, I have great hope that this will change in the coming years.  As more major companies like AT&T, Qualcomm, Verizon, etc. become involved in the industry we will start to see the real breakthroughs that will give mHealth its legitimacy.  What will be even more incredible is when some of these tech companies really link up with traditional healthcare companies that have real power in the industry.

About a decade ago eHealth companies were all the rage, and now they are all essentially gone.  While there is no guarantee that mHealth will not end up the same way, you have to think they stand a better chance.  Smartphones are an increasingly essential part of everyday life for almost everyone.  It only makes sense to include healthcare in that arena.

Flagstaff Medical Center to Send Patients Home with Smartphones

Posted on December 20, 2011 I Written By

Smartphones are amazing tools that can do amazing things to help people in need, but if the patient can’t afford one, or doesn’t see the need then it really doesn’t matter how great they are.  One hospital in Arizona is trying to overcome that stumbling block by sending patients home with all the technology they need.

Flagstaff Medical Center’s Care Beyond Walls and Wires initiative is designed to help patients in more rural areas receive the care they need without having to repeatedly come into the hospital.  Here are some of the highlights from the press release:

In collaboration with Qualcomm Incorporated, through its Wireless ReachTM initiative, Zephyr Technology, Verizon Wireless, and the National Institutes of Health (NIH), Care Beyond Walls and Wiresuses advanced 3G wireless technology and health-monitoring devices to enhance the care of patients with congestive heart failure (CHF) or other related conditions.

Care Beyond Walls and Wires uses wireless broadband tools, such as smart phones and 3G technology, to allow in-home daily monitoring of patients with CHF. These tools will collect and transfer critical data, such as weight, blood pressure, activity and other important health indicators, to nurses at FMC who are following patients enrolled in the program. Information will be sent daily for three to six months after the patient’s discharge from the hospital. This daily exchange of information enables health care providers and patients to work together to manage CHF.

According to the Federal government, 25 to 50 percent of CHF patients are rehospitalized within three to six months of a hospital discharge. The primary reasons for rehospitalization include patients not taking medications as prescribed, failure to follow a dietary plan, not knowing the early signs of CHF and lack of planned follow-up with a healthcare provider after leaving the hospital. Each of these factors can be addressed on a daily basis through Care Beyond Walls and Wires.
Each monitoring kit includes: 3G-enabled Motorola Droid X2 smart phone, provided by Verizon Wireless, with a mobile application that allows patients to rapidly record and send information to FMC via a secure Internet portal; an oxygen and pulse monitor; blood pressure cuff; and weight scale. Additional items in the kit may include an advanced Zephyr health-monitoring system to measure other vital signs such as breathing rate, skin temperature, activity and posture.
While I really like the idea, and I personally am a fan of technology in any form, I am not sure how effective this will be.  It said in the article that one of the main problems patients have is taking their medication properly and failure to follow recovery plans.  If people are unable or unwilling to do those simple things, how likely are they to use all of this new equipment, or enter the data and send it to the doctor.
It seems to me that the people who are most likely to benefit from technology like this are people who already do what they are supposed to do, but are willing to put forth more effort to take their care to the next level.  That being said, if it helps to save any lives then the effort is definitely worth it.

Great EMR and Healthcare IT Content

Posted on March 3, 2011 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today I’m happy to officially introduce readers of EMR and HIPAA to my latest project: The Healthcare Scene blog network. If you follow me on twitter (@techguy and @ehrandhit), then you’ve probably already come across one or more of the great blogs in this new healthcare IT blog network. I’m really excited with the group of bloggers that I have working on the network and the amazing content they’ve been creating and will create.

Before I introduce you to the various websites on the network, here’s a little background in why I decided to do this. As I looked at the various healthcare IT and EMR bloggers producing content, I was disappointed that many of them were creating great content that wasn’t getting nearly as much attention and traffic as the content deserved. Plus, many hadn’t benefited financially from all the great content they were creating. Combine lack of traffic with lack of financial rewards and these independent voices often disappear.

I saw this as a real opportunity to leverage many of the marketing and advertising tools that I’d created for EMR and HIPAA to the benefit of many others in the EMR and healthcare IT world. Plus, a number of my current advertisers told me that there weren’t enough online healthcare IT advertising options out there. I see this network as a real win for everyone. Independent bloggers can have their voices magnified while making money doing so. Readers and the EMR and Healthcare IT industry get more independently created content (including content by doctors). Healthcare IT advertisers will have more opportunities to advertise next to great content. I get to expand my network and work with a bunch of really smart people.

Now here’s a look at the websites that will be part of the Healthcare Scene blog network:

  • Meaningful HIT News – This blog written by Neil Versel started in May 2004 and has over 500 posts. Neil is one of the only pure healthcare IT journalists out there and has been doing it for the past 15 years across more publishers than you can count, but most recently at Fierce Healthcare. I’m excited that Neil has chosen to move his blog to the blog network. He’s a must read journalist for anyone in EMR and healthcare IT. I borrowed much of my writing style from Neil and so if you like this site, go and subscribe to Meaningful HIT News email list and you won’t be disappointed.
  • EMR and Healthcare IT News – The firehose of EMR and Healthcare IT news sent out by vendors. A great way for vendors to get their word out and for industry people to see the latest developments in EMR and healthcare IT. I’m looking to partner with healthcare IT PR firms on the site, so hit my Contact Us page if you’re interested.
  • Happy EMR Doctor – This blog first started out as a Doctor’s Blog guest post on EMR and EHR, but the content from Dr. West was too good. So, I rolled it off onto its own blog. Dr. West has been through a failed EHR implementation and now is using one of the Free EHR vendors. So, he has some interesting stories to tell.
  • Smartphone Health Care – I recently heard that there were something like 30+ mobile health conferences or conferences with a mobile health track in the past year. That seems like far too many, but it is quite clear that Smart Phones and other mobile devices are going to play a huge role in the future of healthcare. Consider this my foray into the mHealth world.
  • Wired EMR Practice – Many of you might remember that I already introduced Dr. Koriwchak’s blog on EMR and HIPAA earlier. Many of you subscribed to his blog and have seen the type of quality content he’s creating. I love doctor’s perspectives on EMR.
  • nextHospital – We’ll see how this blog evolves, but it’s the Healthcare Scene’s first blog that isn’t really IT focused. Written by Katherine Rourke (mentioned above), nextHospital will focus on the business of healthcare in hospitals.
  • EMR, EHR and HIPAA Wiki – Not a blog, but a pretty cool part of the network nonetheless. Be sure to add your EHR vendor if it’s not on there already.
  • EMR and EHR Job Board – Not a blog either, but this job board will be syndicated across all the websites. So, it’s a great places to post or look for a job.
  • EMR and HIPAA – Hopefully it needs no intro if you’re reading this post. Let’s just say, 1000 posts, 4713 comments, and over 4 million pageviews.
  • EMR and EHR – Very similar to EMR and HIPAA, but only about 2 years old. 300 posts, 1092 comments and 700,000+ pagevies. Katherine Rourke, a healthcare IT journalist with 15+ years of experience, recently started posting on EMR and EHR and is a welcome addition to the site.

I’d say that’s a pretty good start. I’m in talks with a few more bloggers that may or may not join the network. I think there’s still some interesting niches that haven’t been filled. For example, a blog tracking publicly traded healthcare IT stock movements and other healthcare IT investment opportunities could be interesting. Either way, I’m excited to see all the great content that will be created on these sites. Much like this site, each site encourages you to respectfully comment, share the content, and join the conversation. Please let your voice be heard in the comments.

Yes, right now each site looks very much like the rest, but we’re just getting started. Over time I’ll work to give each blogger it’s own brand while also building up the domain to better represent all the activity that’s happening on the network. I see it becoming a virtual hub of the best and brightest conversations happening in and around healthcare IT and EMR.

Let me know what you think of these additions in the comments or drop me a note on my Contact Us page.