Security and privacy have not always been a priority for the technology industry. Back in early 2007, Steve Jobs introduced the iPhone with a “slide to unlock” feature that prevented the phone from accidentally opening in the user’s pocket. The crowd gasped in amazement, but twelve years later it seems otherworldly that a smartphone would not have a passcode or other preventative means of securing itself beyond an elegant solution that only prevents pocket dialing. While early smartphones did store text messages and emails, the amount of sensitive information stored on mobile devices grew exponentially with the introduction of Apple’s App Store in July, 2008 (followed by Google’s Android Market a few months later). Apps from banks and financial services were published shortly after the App Store launched and, by the end of 2008, there were enough health-specific apps that Apple created a “Medical” category for apps. Dating apps began appearing in early 2009. Suddenly, smartphones contained not just text messages and emails but the most sensitive information about our finances, health and intimate personal lives.
Over the next decade, Apple and Google would increasingly focus on the security of their devices by adding support for VPNs, remote location and wiping, increased encryption, biometric identification and two-factor authentication. As we move towards a model of delivering healthcare that increasingly relies on remote patient monitoring and patient generated health data, the industry finds itself at a critical inflection point where consumer-oriented technology plays an increasingly important role in a patient’s healthcare.
Digital Security Begins With Digital Literacy
When we think of threats to data security and privacy, oftentimes the first things that come to mind are hackers and high-tech surveillance. In reality, some of the most common security vulnerabilities are much less exciting and have little to do with encryption or firewalls—signing into patient portals on shared or public devices; using weak or redundant passwords; and forgetting to set up biometric authentication or a passcode on mobile devices and laptops can all lead to data and privacy breaches for both patients and providers.
Moving forward, it seems clear that digital literacy will be a critical part of ensuring that protected health information stays secure and private. Patients will need to understand both the value of their health information and also how to take the basic steps to secure that data. That’s not to say that every patient must complete HIPAA training before they can begin taking advantage of connected health, but patient-facing digital literacy must be an important consideration for providers as they begin to bring this powerful new functionality online.
Security Design and Best Practices
Many consumer vendors have completely (or partially) pivoted to become healthcare companies in the last few years. Most show their commitment to security and privacy with detailed explanations of encryption protocols, secure key management and other infrastructure precautions. In reality, many non-healthcare consumer and enterprise cloud services meet the basic requirements for secure, HIPAA-compliant cloud security. Healthcare device and service vendors must go a step further, though, and incorporate security into their product and service design. Any social component, whether a share button to Tweet out a health achievement or a leaderboard to challenge friends and family to take more steps, must thoughtfully balance the advantages of social sharing and gamification with the risk of exposing sensitive health data. In some cases, passwords or biometric authentication should be required at the session level, even if it adds an extra step for users.
Vendors must also be proactive in device management. Few wearable devices currently allow for passcodes or biometric authentication, but as that technology becomes available it must be incorporated into remote patient monitoring. Special care must also be taken to ensure that any medical data transmitted over wifi and bluetooth is done so with the proper encryption and authentication. As the medical data is increasingly linked with the internet of things, vendors and manufacturers must begin to think about those devices with the same care and caution in the same way they would a traditional electronic medical record system.
Health technology is evolving faster than ever before and it’s important that innovation does not outpace privacy and security. From increasing levels of encryption to security-focused product design, many organizations are doing just that. Here at HealthSnap, security is a top priority—our technical infrastructure meets or exceeds all HIPAA requirements and best practices, including view/edit audit logs, minimal caching, strong encryption and data integrity measures, to ensure that sensitive information remains private and secure. We also incorporate security into our product and user experience design, creating authentication protocols and workflows that are easy for the patient to navigate while also working to prevent accidental data exposure. If your organization is interested in remote patient monitoring but concerned about security and privacy, please reach out—we’d love to share the ways our platform can help you leverage the power of digital and connected health while ensuring security and privacy for both patients and providers!
Sign up for free to easily understand and remotely monitor your patients’ lifestyle health!