SlideShare uma empresa Scribd logo

HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices

Project HealthDesign
Project HealthDesign

This webinar, held Jan. 26, 2011, served to inform and engage the five current Project HealthDesign teams around legal and policy topics involved when clinicians communicate with patients via mobile devices.

Saúde e medicina
1 de 31
Baixar para ler offline
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices January 26, 2011 1
Agenda Increase in health care providers’ and patients’ use of mobile devices Overview of select Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule requirements Special security risks presented by mobile devices Initial best practice suggestions for grantee review and discussion NOTE: When we say “mobile device” in this presentation we mean a pocket-sized computing device, which typically has a display screen with touch input and/or a miniature keyboard. This generally includes “smart phones,” and personal digital assistants (e.g. the IPOD Touch and the IPAD). This does not include laptop computers. 2
Increasing Physician Use of Mobile Devices Can “ By 2012, all physicians will walk around with a stethoscope and a smart mobile device, and there will be very few Help Inform Discussion of Patient Use of Mobile professional activities that physicians won’t be doing on Devices their handhelds. ” Monique Levy, Sr. Dir. Of Research at Manhattan Research , October 2009 of American physicians 81% will own smart phones by 2012 (Manhattan Research October 2009) 85% Are you looking to use tablets or other mobile devices? (Impravata Inc.) 15% 3 Yes No Full citations listed in back.
A Growing Market of Patients The $60 Billion Global Mobile Health Market (McKinsey): In the next five years, an estimated 1.4 billion people will use smart phones worldwide; more than 1 out of 3 people with a smart phone will have a health-related app on their phone. A global market survey from McKinsey & Company suggested that mobile health opportunities in 2010 could be worth $20 billion in the US alone. Another study conducted by the Euro RSCG Life Group found that over 44% of American smart phone users expect to use more mobile health and wellness applications in the near future. 4
Project HealthDesign Grantees’ Use of Mobile Devices San Francisco State University of California, RTI International and University of California at Carnegie Mellon University Irvine Virginia Commonwealth Berkeley (To be University confirmed) Name of ODLs Via Mobile Platforms Use of ODLs among Low BreathEasy- A PHR for Crohnology.MD Embedded Assessment of Project for Youth with Obesity and Birth Weight Infants and Adults Living with Asthma Elder Activities (Cognitive Depression Their Caregivers to and Depression Decline and Arthritis) for Improve Care and Reduce Augmenting PHRs Incidence of Chronic Conditions over the Lifespan Devices iPod Touches Smart phones Smart phones Smart phones Sensors Given to Scale Sensors (e.g. pedometers) Laptops Patients CyTek report card Information ODLs are sent from iPod ODLS are sent from smart ODLs are sent from smart ODLs are sent from smart ODLS are sent from phones to the RTI server. Flow Touch to TheCarrot.com phone to HealthVault Clinicians view phones to Google Health laptops to HealthVault. through app on device. The through FitBaby app on reports/dashboards through a and project servers. Reports will be generated, Carrot.com generates phone. Patients access portal or EHR. Clinicians view which clinicians and reports, which patients view reports through app on Patients may also view reports reports/dashboards patients may view on through app on device. smart phone. through dashboard on smart through a portal or EHR. their laptops. phones. Use of SMS? Yes. Clinicians send SMS No. Not planned at this time. Possible. No messages to patients. 5
General Applicability of HIPAA to Grantees’ Projects 6
Key HIPAA Security Rule Principles Few Bright Line Establishes categories of safeguards to secure electronic protected Requirements health information (“EPHI”). Provides Covered Entities (“CEs”) with discretion to determine which safeguards to employ in each category. Scalable Level of safeguards can vary with size and resources of CE. Small physician practices do not have to adopt the same types of safeguards as a large hospital system or insurer. Standards include those that are “required” and those that are Required vs. “addressable.” Addressable standards do not have to be implemented Addressable if, through a risk analysis, a CE determines that a standard is not feasible Standards and adopts alternative safeguards to the extent practical. 7
The Importance of Risk Analysis Conducting a risk analysis is the first step in identifying and implementing appropriate safeguards. Risk analyses inform which technology (and other) solutions a CE should adopt, when they should be adopted, and whether and which alternative safeguards should be implemented instead. The risk analysis implementation specification (Section 164.308(a)(1)(ii)(A)) requires CEs to: “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.” 8
Key Security Rule Requirements Relevant to Use of Mobile Devices Implementation Specifications Standards Citation (R)= Required, (A)=Addressable Access Control 164.312(a)(1) Unique User (R) Identification Emergency Access (R) Procedure Automatic Logoff (A) Encryption and (A) Decryption Audit Controls 164.312(b) (R) Integrity 164.312(c)(1) Mechanism to (A) Authenticate Electronic Protected Health Information Person or Entity 164.312(d) (R) Authentication Transmission Security 164.312(e)(1) Integrity Controls (A) Encryption (A) 9
Standard 1: Access Control Standard Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights as specified in the “Administrative Safeguards” section of the Security Regulations. Implementation Specifications 1. Unique User Identification. [Required] Assign a unique name and/or number for identifying and tracking user identity. 2. Emergency Access Procedure. [Required] Establish (and implement as needed) procedures for obtaining necessary EPHI during and emergency. 3. Automatic Logoff. [Addressable] Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. 4. Encryption and Decryption. [Addressable] Implement a mechanism to encrypt and decrypt EPHI. 10
Standard 2: Audit Controls Standard Implement hardware, software, and/or procedural mechanisms that record and examine activity information systems that contain or use EPHI. Implementation Specifications None. The CE’s risk assessment and risk analysis can help determine how intensive the entity’s audit control function should be. 11
Standard 3: Integrity Standard Implement policies and procedures to protect the integrity of EPHI and assure it is not improperly altered or destroyed. Implementation Specifications Mechanism to Authenticate EPHI. [Addressable] Implement electronic mechanisms to corroborate that EPHI has not been altered or destroyed in an unauthorized manner. 12
Standard 4: Person or Entity Authentication Standard Implement procedures to verify that persons or entities seeking access to EPHI are who they claim to be. Implementation Specifications None. Personal authentication can be achieved through a variety of mechanisms, including passwords, tokens, biometric identification, and others. 13
Standard 5: Transmission Security Standard Implement technical security measures to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network. Implementation Specifications 1. Integrity Controls. [Addressable] Implement data integrity measures to ensure that electronically transmitted EPHI is not improperly modified without detection until disposed of. 2. Encryption. [Addressable] Implement a mechanism to encrypt EPHI whenever deemed appropriate. 14
Special Risks Presented by Mobile Devices1 Loss, Theft or Disposal Risk level: high Because of their small size, mobile devices can be lost or misplaced. They are also an easy target for theft. If proper measures are not in place and activated, gaining access can be straightforward, potentially exposing sensitive data that resides on the device or is accessible from it. Unauthorized Access Risk level: high According to the National Institute of Standards and Technology (“NIST”), most cell phone users seldom employ security mechanisms built into a device, and if employing them, often apply settings that can be easily determined or bypassed (e.g. passwords). HHS cites data storage and transmission as potential risk areas as well. 1The risks listed here were identified either by NIST in its 2008 “Guidelines for Cell Phone and PDA Security” Special Publication 800-124 or the U.S. Department of Health and Human Services in its 2006 HIPAA Security Guidance for Mobile Devices 12/18/2006. 15
Special Risks Presented by Mobile Devices2 Malware (Viruses) Risk level: low Mobile malware can infect a mobile device when a user downloads a virus disguised as a game or security patch etc. Malware can also be appended to email, text and other instant messages available on cell phones. Malware can intercept or access information on the mobile device, collect and send information out of the device and/or, destroy stored information, among various other behaviors. According to NIST, malware outbreaks on mobile devices have been mild when compared to malware incidents on laptops. Cloning Risk level: low If certain unique identifiers built into a cell phone are reprogrammed into a second cell phone, a clone is created that can masquerade as the original. According to NIST, cloning is not as prevalent among digital networks as it was when cell phones relied on analog networks. Today, encryption prevents most device identifiers from being recovered and used to clone a device. 2Id. 16
Mobile Device Security Risk: Lessons Learned from HHS Breach Notification Reports3 Majority of reported breaches involve loss or theft of paper records, portable medium (CD or tape) or laptops. Few reported breaches involve hacking or other external technical penetration. Out of 214 total breach reports, only 23 involved “portable electronic devices” (other than laptops) and all of those were loss or thefts. Breaches affecting 500 or more individuals are reported by HHS at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/ breachtool.html 3HHS breach reports accessed on December 27, 2010. 17
Initial Best Practice Suggestions for Grantee Review and Discussion Overarching Questions for Grantees: Do These Suggestions Sound Feasible? Necessary? Sufficient? 18
Implementing Appropriate Security Practices Analyzing security practices when patients are using mobile devices raises issues not contemplated under the Security Rule. When conducting a risk analysis to determine which strategies to use to protect EPHI communicated to/from a patient using a mobile device, health care providers should consider the following factors: The complexity and cost of the security measure (e.g. downloading and installing a third-party encryption program). The ability of the patient to perform the task. The effect the security measure will have on the efficient delivery of clinical care (e.g. the effect of locking a device or application with a password on the patient’s willingness to report ODLs). The probability and criticality of potential risks to EPHI. Question for Grantees: Are There Other Factors We Should Include? 19
Best Practice Recommendations: Road Test Transmission Security HIPAA Standard: Implement technical security measures to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network. Background: Mobile devices can send data in various ways, such as: Internet protocols (e.g. those used by many of the unique software applications grantees have developed under their projects) Email (which uses traditional Internet protocols) Voice (e.g. traditional telephone) Text (“SMS/MMS”) messaging Most of these channels are secure without the patient having to take any additional steps...except for text messages… 20
Spotlight on Text Messages When “at rest” on a smart phone, data is generally stored in the computer inside the smart phone (often called “on-board memory”) or on a memory card that is inside of the Where Are phone but can be removed. Text Some data can also be stored on what is called a SIM card, which ties a smart phone to a Messages user’s phone number and can also be removed. Located? Data at rest can also be stored offsite on a wireless carrier’s server. Data can be “in transit” to another smart phone or elsewhere. 21
Spotlight on Text Messages: Encrypting Data at Rest Many smart phones include built-in encryption capabilities for data at rest. For example, through the Blackberry Enterprise Server, Blackberry enables “enterprises” to set the security policies for its employees’ phones. Patients who have smart phones that are not provided by their employer or otherwise part of an enterprise system would probably have to work with their wireless carrier or device provider to enable their options for encrypting data at rest on their phones…OR…clinicians providing the smart phones could take responsibility for enabling encryption options for them. Many smart phones allow patients or enterprises to add third party applications, including encryption/decryption and other security tools, to their phones. There are a number of third-party applications available in the iPhone App Store, for example, that will further encrypt data at rest on a smart phone. The price of these applications varies, and the difficulty of installation/use can be high. 22
Spotlight on Text Messages: Encrypting Data in Motion Unlike wireless Internet, the network channels over which text messages are sent in the United States are not encrypted via Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”) encryption methods. This means that text messages are not automatically encrypted as they transverse carriers’ wireless channels en route to another smart phone (or elsewhere). Unless an enterprise or a patient buys a third-party software tool that scrambles the text message before it leaves his/her phone and unscrambles it upon reaching its destination, text messages can be intercepted in transit and read. Third-party software applications to encrypt text messages in transit are available in the iPhone App Store, for example. The cost of these software tools varies. Most tools require the user to configure various options after the software is downloaded, to obtain additional keys, and to engage in other activities that make installation and use of these software applications challenging. It is probably not realistic to assume that individual patients would be capable of installing third-party text message encryption software on their smart phones for the purposes of protecting ODLs or other information they communicate to their health care providers through their smart phones. 23
Best Practice Recommendations: Road Test Securing Text Messages Providers that give patients smart phones should investigate whether they can preset the smart phones’ built-in encryption tools for data at rest. Providers should also investigate the availability, effectiveness, and price of third party encryption tools that encrypt data as it is being transmitted to and from smart phones. If implementation of encryption tools is not feasible, providers should engage in alternative protection behaviors: Limit EPHI transmitted via unencrypted channels (e.g. carefully word communiqués with patients); Direct patients to obtain detailed information through a web portal or other secure means. Providers should also offer education/training to patients on the risks of transmitting EPHI to clinicians through text messages. Question for Grantees: Does this sound feasible to you? 24
Best Practice Recommendations: Road Test Person/Entity Authentication and Access HIPAA Standard: Implement procedures to verify that persons or entities seeking access to EPHI are who they claim to be. HIPAA Standard: Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights as specified in the “Administrative Safeguards” section of the Security Regulations. Providers should offer education/training to patients with whom they communicate via mobile device on things like use of passwords and proper device handling. Providers should also encourage patients to sign a statement indicating they understand the heightened risks if they do not:4 Protect their mobile devices with passwords; Enable their device’s automatic logoff function after a specified amount of time; Refrain from sharing their device with friends and family. Question for Grantees: Does this sound feasible to you? 4Project 25 HealthDesign grantees need not retroactively have participating patients sign such a statement.
Best Practice Recommendations: Road Test Audit Controls Integrity HIPAA Standard: Implement policies HIPAA Standard: Implement policies and procedures to protect the and procedures to protect the integrity of EPHI and assure it is not integrity of EPHI and assure it is not improperly altered or destroyed. improperly altered or destroyed. Not Applicable/Providers need not take Not Applicable/Providers need not take any additional action. any additional action. As with the other Security Rule As with the other Security Rule standards, the audit control standards, the audit control requirement does not apply to requirement does not apply to devices controlled by patients. devices controlled by patients. From a best practice perspective, From a best practice perspective, there is no need for a patient to log there is no need for a patient to take and audit his own use of his/her steps to ensure the integrity of the mobile device as it is generally only EPHI they store and/or transmit the patient who will have access to through their mobile devices as risk the device. of alteration or destruction is low. Question for Grantees: Does this sound feasible to you? 26
Next Steps Determine whether the webinar approach is a good one for collecting grantees’ feedback on cross-cutting policy issue obstacles. Question for Grantees: Does the webinar approach work for you? Is there an alternative approach you would prefer? Remaining cross-cutting policy issue obstacles to be addressed: Uncertainty about health care providers’ liability when incorporating ODLs into clinical practice and communicating with patients electronically Uncertain policy environment regarding an individual’s use of internet-based tools to share health information 27
Appendix 28
Citations: Mobile Device Use Estimates “Physicians in 2012: The Outlook for On Demand, Mobile and Social Digital Media.” Accessed on 12/29/2010. Released October 2009. http://www.manhattanresearch.com/newsroom/Press_Releases/physician-smart phones-2012.aspx “2008 Identity Management Trends in Healthcare Survey Research Brief” Imprivata, Inc. Accessed on 12/29/2010. Released 2008. http://www.imprivata.com/custom/confirmation/resource/research/2008_id_mgmt_trends_health care.pdf McKinsey Mobile Health Care Survey 2009. McKinsey & Co. Accessed on 12/29/2010. http://www.mckinsey.it/idee/practice_news/global-mobile-healthcare-opportunity.view “Mobile Health Market Report 2010-2015” Research2guidance. Accessed 12/29/2010. http://www.research2guidance.com/500m-people-will-be-using-healthcare-mobile-applications-in- 2015/ “Bigger than DTC? The Promise of Mobile Health.” Euro RSCG Life 4D. Survey conducted September 2010. 29
HIPAA Security Rule Overview “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits.” “Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.” “Availability means the property that data or information is accessible and useable upon demand by an authorized person.” “Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes.” §164.304 and 164.306(a)(1) 30
HIPAA Security Rule Overview Cont’d A covered entity must comply with the applicable standards, implementation specifications, and requirements of the Security Rule with respect to electronic Protected Health Information. Covered Entities means: Electronic Protected Health Information (EPHI) means: (1) A health plan (2) A health care clearinghouse individually identifiable health (3) A health care provider who information ... that is (i) Transmitted transmits any health information in by electronic media; or (ii) electronic form Maintained in electronic media 31

Recomendados

SMART PHONES IN MEDICINE
SMART PHONES IN MEDICINE SMART PHONES IN MEDICINE
SMART PHONES IN MEDICINE Society for Microbiology and Infection care
 
Webinar: Innovations in Mobile Health: Highlights and Future Directions
Webinar: Innovations in Mobile Health: Highlights and Future DirectionsWebinar: Innovations in Mobile Health: Highlights and Future Directions
Webinar: Innovations in Mobile Health: Highlights and Future DirectionsHHS Digital
 
Smartphones and Tablets in your medical practice
Smartphones and Tablets in your medical practice Smartphones and Tablets in your medical practice
Smartphones and Tablets in your medical practice ctsully
 
smartphone in medical practice
smartphone in medical practicesmartphone in medical practice
smartphone in medical practicedr tushar chokshi
 
INTERNET OF THINGS
INTERNET OF THINGSINTERNET OF THINGS
INTERNET OF THINGSNehagupta1247
 
Wearable medical devices
Wearable medical devicesWearable medical devices
Wearable medical deviceshimanshu garg
 
Mobile medicine
Mobile medicineMobile medicine
Mobile medicineSung-Un Park
 
Iaetsd techno-hospital
Iaetsd techno-hospitalIaetsd techno-hospital
Iaetsd techno-hospitalIaetsd Iaetsd
 

Recomendados

SMART PHONES IN MEDICINE
SMART PHONES IN MEDICINE SMART PHONES IN MEDICINE
SMART PHONES IN MEDICINE Society for Microbiology and Infection care
 
Webinar: Innovations in Mobile Health: Highlights and Future Directions
Webinar: Innovations in Mobile Health: Highlights and Future DirectionsWebinar: Innovations in Mobile Health: Highlights and Future Directions
Webinar: Innovations in Mobile Health: Highlights and Future DirectionsHHS Digital
 
Smartphones and Tablets in your medical practice
Smartphones and Tablets in your medical practice Smartphones and Tablets in your medical practice
Smartphones and Tablets in your medical practice ctsully
 
smartphone in medical practice
smartphone in medical practicesmartphone in medical practice
smartphone in medical practicedr tushar chokshi
 
INTERNET OF THINGS
INTERNET OF THINGSINTERNET OF THINGS
INTERNET OF THINGSNehagupta1247
 
Wearable medical devices
Wearable medical devicesWearable medical devices
Wearable medical deviceshimanshu garg
 
Mobile medicine
Mobile medicineMobile medicine
Mobile medicineSung-Un Park
 
Iaetsd techno-hospital
Iaetsd techno-hospitalIaetsd techno-hospital
Iaetsd techno-hospitalIaetsd Iaetsd
 
Sunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case PropSunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case PropDaniel Feeman
 
Information Technology in Pandemic
Information Technology in PandemicInformation Technology in Pandemic
Information Technology in PandemicSwati Karn
 
It กับการดูแลผู้ป่วย
It กับการดูแลผู้ป่วยIt กับการดูแลผู้ป่วย
It กับการดูแลผู้ป่วยสปสช นครสวรรค์
 
Emerging trends in medical technology
Emerging trends in medical technologyEmerging trends in medical technology
Emerging trends in medical technologybharathiaswin22
 
Recent trends in healthcare technology
Recent trends in healthcare technologyRecent trends in healthcare technology
Recent trends in healthcare technologyAnil Pethe
 
Top IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare IndustryTop IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare IndustryPixel Crayons
 
New ppt
New pptNew ppt
New pptYatheeshaB1
 
Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...Francisco (Paco) Florez-Revuelta
 
Wearable technology role in respiratory health and disease
Wearable technology role in respiratory health and diseaseWearable technology role in respiratory health and disease
Wearable technology role in respiratory health and diseasessusera8803c
 
Smartphones & Medicine
Smartphones & MedicineSmartphones & Medicine
Smartphones & MedicineIris Thiele Isip-Tan
 
Wearable electronics in healthcare
Wearable electronics in healthcareWearable electronics in healthcare
Wearable electronics in healthcareJeffrey Funk
 
The Power of Social in health and healthcare
The Power of Social in health and healthcareThe Power of Social in health and healthcare
The Power of Social in health and healthcareD3 Consutling
 
healthphone-Healthcom 2009
healthphone-Healthcom 2009healthphone-Healthcom 2009
healthphone-Healthcom 2009Nay Lin Soe
 
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020Innomantra
 
Ambient computing spk
Ambient computing spkAmbient computing spk
Ambient computing spkSupriyaKurlekar2
 
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...Ofer Atzmon
 
2nd wireless asia summit
2nd wireless asia summit2nd wireless asia summit
2nd wireless asia summitMR Narayana Superspeciality Hospital
 
A Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent LivingA Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent LivingHealth Informatics New Zealand
 
A Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi ModuleA Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi ModuleIRJET Journal
 
IRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical EmergencyIRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical EmergencyIRJET Journal
 
KANT Report: HEALTH
KANT Report: HEALTHKANT Report: HEALTH
KANT Report: HEALTHPeter Bihr
 
Kant health report
Kant health reportKant health report
Kant health reportMartin Spindler
 

Mais conteúdo relacionado

Mais procurados

Sunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case PropSunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case PropDaniel Feeman
 
Information Technology in Pandemic
Information Technology in PandemicInformation Technology in Pandemic
Information Technology in PandemicSwati Karn
 
Emerging trends in medical technology
Emerging trends in medical technologyEmerging trends in medical technology
Emerging trends in medical technologybharathiaswin22
 
Recent trends in healthcare technology
Recent trends in healthcare technologyRecent trends in healthcare technology
Recent trends in healthcare technologyAnil Pethe
 
Top IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare IndustryTop IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare IndustryPixel Crayons
 
Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...Francisco (Paco) Florez-Revuelta
 
Wearable technology role in respiratory health and disease
Wearable technology role in respiratory health and diseaseWearable technology role in respiratory health and disease
Wearable technology role in respiratory health and diseasessusera8803c
 
Wearable electronics in healthcare
Wearable electronics in healthcareWearable electronics in healthcare
Wearable electronics in healthcareJeffrey Funk
 
The Power of Social in health and healthcare
The Power of Social in health and healthcareThe Power of Social in health and healthcare
The Power of Social in health and healthcareD3 Consutling
 
healthphone-Healthcom 2009
healthphone-Healthcom 2009healthphone-Healthcom 2009
healthphone-Healthcom 2009Nay Lin Soe
 
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020Innomantra
 
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...Ofer Atzmon
 
A Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent LivingA Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent LivingHealth Informatics New Zealand
 
A Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi ModuleA Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi ModuleIRJET Journal
 
IRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical EmergencyIRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical EmergencyIRJET Journal
 

Mais procurados (20)

Sunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case PropSunrise Beacons of Hope Case Prop
Sunrise Beacons of Hope Case Prop
 
Information Technology in Pandemic
Information Technology in PandemicInformation Technology in Pandemic
Information Technology in Pandemic
 
It กับการดูแลผู้ป่วย
It กับการดูแลผู้ป่วยIt กับการดูแลผู้ป่วย
It กับการดูแลผู้ป่วย
 
Emerging trends in medical technology
Emerging trends in medical technologyEmerging trends in medical technology
Emerging trends in medical technology
 
Recent trends in healthcare technology
Recent trends in healthcare technologyRecent trends in healthcare technology
Recent trends in healthcare technology
 
Top IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare IndustryTop IoT Applications in a Connected Healthcare Industry
Top IoT Applications in a Connected Healthcare Industry
 
New ppt
New pptNew ppt
New ppt
 
Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...Visual monitoring of people in private spaces. From the “Big Brother” to the...
Visual monitoring of people in private spaces. From the “Big Brother” to the...
 
Wearable technology role in respiratory health and disease
Wearable technology role in respiratory health and diseaseWearable technology role in respiratory health and disease
Wearable technology role in respiratory health and disease
 
Smartphones & Medicine
Smartphones & MedicineSmartphones & Medicine
Smartphones & Medicine
 
Wearable electronics in healthcare
Wearable electronics in healthcareWearable electronics in healthcare
Wearable electronics in healthcare
 
The Power of Social in health and healthcare
The Power of Social in health and healthcareThe Power of Social in health and healthcare
The Power of Social in health and healthcare
 
healthphone-Healthcom 2009
healthphone-Healthcom 2009healthphone-Healthcom 2009
healthphone-Healthcom 2009
 
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
Innomantra viewpoint vital sign monitors covid 19 v1.0FF July 2020
 
Ambient computing spk
Ambient computing spkAmbient computing spk
Ambient computing spk
 
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
The Evolution of Wearable M-Health Applications - Mobile Health Expo New York...
 
2nd wireless asia summit
2nd wireless asia summit2nd wireless asia summit
2nd wireless asia summit
 
A Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent LivingA Smart Healthcare Monitoring System for Independent Living
A Smart Healthcare Monitoring System for Independent Living
 
A Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi ModuleA Healthcare Monitoring System Using Wifi Module
A Healthcare Monitoring System Using Wifi Module
 
IRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical EmergencyIRJET- Virtual Assistant for Medical Emergency
IRJET- Virtual Assistant for Medical Emergency
 

Semelhante a HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices

KANT Report: HEALTH
KANT Report: HEALTHKANT Report: HEALTH
KANT Report: HEALTHPeter Bihr
 
The Future of mHealth - Jay Srini - March 2011
The Future of mHealth - Jay Srini - March 2011The Future of mHealth - Jay Srini - March 2011
The Future of mHealth - Jay Srini - March 2011LifeWIRE Corp
 
Mobile trends in healthcare
Mobile trends in healthcareMobile trends in healthcare
Mobile trends in healthcarePharmHouse Inc
 
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...IJMTST Journal
 
Role of Artificial Intelligence in Public Health
Role of Artificial Intelligence in Public HealthRole of Artificial Intelligence in Public Health
Role of Artificial Intelligence in Public HealthDr. Arshid Hussain
 
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...TheEntrepreneurRevie
 
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...Kapil Khandelwal (KK)
 
Digital Health Complete Notes and Elaboration
Digital Health Complete Notes and ElaborationDigital Health Complete Notes and Elaboration
Digital Health Complete Notes and ElaborationCaptainAmerica99
 
1. Genome sequencingAdvances in genome sequencing and the associat.pdf
1. Genome sequencingAdvances in genome sequencing and the associat.pdf1. Genome sequencingAdvances in genome sequencing and the associat.pdf
1. Genome sequencingAdvances in genome sequencing and the associat.pdfkaran8801
 
Requirements identification and modeling 2.0 updates
Requirements identification and modeling 2.0 updatesRequirements identification and modeling 2.0 updates
Requirements identification and modeling 2.0 updatesAbdullahhussain60
 
The Rise of AI: Technology Trends in Healthcare
The Rise of AI: Technology Trends in HealthcareThe Rise of AI: Technology Trends in Healthcare
The Rise of AI: Technology Trends in HealthcareDashTechnologiesInc
 
Trends brief: Quantified self & Wearable Technologies
Trends brief: Quantified self & Wearable TechnologiesTrends brief: Quantified self & Wearable Technologies
Trends brief: Quantified self & Wearable TechnologiesG. Kofi Annan
 
Presentation of Voice of Healthcare
Presentation of Voice of HealthcarePresentation of Voice of Healthcare
Presentation of Voice of Healthcarehospitalsoftwareshop
 
The integration of mobile and medical technologies
The integration of mobile and medical technologies The integration of mobile and medical technologies
The integration of mobile and medical technologies UBMCanon
 
AIC_2020_Presentation_Slides.pdf
AIC_2020_Presentation_Slides.pdfAIC_2020_Presentation_Slides.pdf
AIC_2020_Presentation_Slides.pdfsifatzubaira
 

Semelhante a HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices (20)

KANT Report: HEALTH
KANT Report: HEALTHKANT Report: HEALTH
KANT Report: HEALTH
 
Kant health report
Kant health reportKant health report
Kant health report
 
The Future of mHealth - Jay Srini - March 2011
The Future of mHealth - Jay Srini - March 2011The Future of mHealth - Jay Srini - March 2011
The Future of mHealth - Jay Srini - March 2011
 
Ruder Finn mHealth report
Ruder Finn mHealth reportRuder Finn mHealth report
Ruder Finn mHealth report
 
Mobile trends in healthcare
Mobile trends in healthcareMobile trends in healthcare
Mobile trends in healthcare
 
Mobile trends in healthcare
Mobile trends in healthcareMobile trends in healthcare
Mobile trends in healthcare
 
Mobile Trends In Healthcare
Mobile Trends In HealthcareMobile Trends In Healthcare
Mobile Trends In Healthcare
 
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...
Advance IoT-based BSN Healthcare System for Emergency Response of Patient wit...
 
Role of Artificial Intelligence in Public Health
Role of Artificial Intelligence in Public HealthRole of Artificial Intelligence in Public Health
Role of Artificial Intelligence in Public Health
 
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...
7 Best Points of The Future of Digital Technology in Healthcare | The Entrepr...
 
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...
Idiagnostics - The Power of Diagnostics and Imaging in your iPhone. Kapil Kha...
 
Digital Health Complete Notes and Elaboration
Digital Health Complete Notes and ElaborationDigital Health Complete Notes and Elaboration
Digital Health Complete Notes and Elaboration
 
Digital health
Digital healthDigital health
Digital health
 
1. Genome sequencingAdvances in genome sequencing and the associat.pdf
1. Genome sequencingAdvances in genome sequencing and the associat.pdf1. Genome sequencingAdvances in genome sequencing and the associat.pdf
1. Genome sequencingAdvances in genome sequencing and the associat.pdf
 
Requirements identification and modeling 2.0 updates
Requirements identification and modeling 2.0 updatesRequirements identification and modeling 2.0 updates
Requirements identification and modeling 2.0 updates
 
The Rise of AI: Technology Trends in Healthcare
The Rise of AI: Technology Trends in HealthcareThe Rise of AI: Technology Trends in Healthcare
The Rise of AI: Technology Trends in Healthcare
 
Trends brief: Quantified self & Wearable Technologies
Trends brief: Quantified self & Wearable TechnologiesTrends brief: Quantified self & Wearable Technologies
Trends brief: Quantified self & Wearable Technologies
 
Presentation of Voice of Healthcare
Presentation of Voice of HealthcarePresentation of Voice of Healthcare
Presentation of Voice of Healthcare
 
The integration of mobile and medical technologies
The integration of mobile and medical technologies The integration of mobile and medical technologies
The integration of mobile and medical technologies
 
AIC_2020_Presentation_Slides.pdf
AIC_2020_Presentation_Slides.pdfAIC_2020_Presentation_Slides.pdf
AIC_2020_Presentation_Slides.pdf
 

Mais de Project HealthDesign

Project HealthDesign Round One Final Report
Project HealthDesign Round One Final ReportProject HealthDesign Round One Final Report
Project HealthDesign Round One Final ReportProject HealthDesign
 
Project HealthDesign -Technical Architecture Diagrams
Project HealthDesign -Technical Architecture DiagramsProject HealthDesign -Technical Architecture Diagrams
Project HealthDesign -Technical Architecture DiagramsProject HealthDesign
 
Project HealthDesign: Early Findings and Challenges
Project HealthDesign: Early Findings and ChallengesProject HealthDesign: Early Findings and Challenges
Project HealthDesign: Early Findings and ChallengesProject HealthDesign
 

Mais de Project HealthDesign (6)

Aacn 10.28 no movies
Aacn 10.28 no moviesAacn 10.28 no movies
Aacn 10.28 no movies
 
Connected health no movie
Connected health no movieConnected health no movie
Connected health no movie
 
Phd webinar 25sep2012
Phd webinar 25sep2012Phd webinar 25sep2012
Phd webinar 25sep2012
 
Project HealthDesign Round One Final Report
Project HealthDesign Round One Final ReportProject HealthDesign Round One Final Report
Project HealthDesign Round One Final Report
 
Project HealthDesign -Technical Architecture Diagrams
Project HealthDesign -Technical Architecture DiagramsProject HealthDesign -Technical Architecture Diagrams
Project HealthDesign -Technical Architecture Diagrams
 
Project HealthDesign: Early Findings and Challenges
Project HealthDesign: Early Findings and ChallengesProject HealthDesign: Early Findings and Challenges
Project HealthDesign: Early Findings and Challenges
 

Último

High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...
High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...
High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...narwatsonia7
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceNehru place Escorts
 
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Me
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near MeHigh Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Me
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Menarwatsonia7
 
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi NcrDelhi Call Girls
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking Models
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking ModelsMumbai Call Girls Service 9910780858 Real Russian Girls Looking Models
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking Modelssonalikaur4
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowNehru place Escorts
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformKweku Zurek
 
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any TimeCall Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Timevijaych2041
 
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...narwatsonia7
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.ANJALI
 
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknow
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service LucknowVIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknow
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknownarwatsonia7
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...narwatsonia7
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersnarwatsonia7
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsMedicoseAcademics
 
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...narwatsonia7
 
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbai
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service MumbaiLow Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbai
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbaisonalikaur4
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 

Último (20)

High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...
High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...
High Profile Call Girls Kodigehalli - 7001305949 Escorts Service with Real Ph...
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
 
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Me
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near MeHigh Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Me
High Profile Call Girls Mavalli - 7001305949 | 24x7 Service Available Near Me
 
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr
9873777170 Full Enjoy @24/7 Call Girls In North Avenue Delhi Ncr
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
 
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking Models
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking ModelsMumbai Call Girls Service 9910780858 Real Russian Girls Looking Models
Mumbai Call Girls Service 9910780858 Real Russian Girls Looking Models
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy Platform
 
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any TimeCall Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
 
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.
 
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknow
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service LucknowVIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknow
VIP Call Girls Lucknow Nandini 7001305949 Independent Escort Service Lucknow
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes Functions
 
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
 
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbai
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service MumbaiLow Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbai
Low Rate Call Girls Mumbai Suman 9910780858 Independent Escort Service Mumbai
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 

HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices

  • 1. HIPAA Security Rule Compliance When Communicating with Patients Using Mobile Devices January 26, 2011 1
  • 2. Agenda Increase in health care providers’ and patients’ use of mobile devices Overview of select Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule requirements Special security risks presented by mobile devices Initial best practice suggestions for grantee review and discussion NOTE: When we say “mobile device” in this presentation we mean a pocket-sized computing device, which typically has a display screen with touch input and/or a miniature keyboard. This generally includes “smart phones,” and personal digital assistants (e.g. the IPOD Touch and the IPAD). This does not include laptop computers. 2
  • 3. Increasing Physician Use of Mobile Devices Can “ By 2012, all physicians will walk around with a stethoscope and a smart mobile device, and there will be very few Help Inform Discussion of Patient Use of Mobile professional activities that physicians won’t be doing on Devices their handhelds. ” Monique Levy, Sr. Dir. Of Research at Manhattan Research , October 2009 of American physicians 81% will own smart phones by 2012 (Manhattan Research October 2009) 85% Are you looking to use tablets or other mobile devices? (Impravata Inc.) 15% 3 Yes No Full citations listed in back.
  • 4. A Growing Market of Patients The $60 Billion Global Mobile Health Market (McKinsey): In the next five years, an estimated 1.4 billion people will use smart phones worldwide; more than 1 out of 3 people with a smart phone will have a health-related app on their phone. A global market survey from McKinsey & Company suggested that mobile health opportunities in 2010 could be worth $20 billion in the US alone. Another study conducted by the Euro RSCG Life Group found that over 44% of American smart phone users expect to use more mobile health and wellness applications in the near future. 4
  • 5. Project HealthDesign Grantees’ Use of Mobile Devices San Francisco State University of California, RTI International and University of California at Carnegie Mellon University Irvine Virginia Commonwealth Berkeley (To be University confirmed) Name of ODLs Via Mobile Platforms Use of ODLs among Low BreathEasy- A PHR for Crohnology.MD Embedded Assessment of Project for Youth with Obesity and Birth Weight Infants and Adults Living with Asthma Elder Activities (Cognitive Depression Their Caregivers to and Depression Decline and Arthritis) for Improve Care and Reduce Augmenting PHRs Incidence of Chronic Conditions over the Lifespan Devices iPod Touches Smart phones Smart phones Smart phones Sensors Given to Scale Sensors (e.g. pedometers) Laptops Patients CyTek report card Information ODLs are sent from iPod ODLS are sent from smart ODLs are sent from smart ODLs are sent from smart ODLS are sent from phones to the RTI server. Flow Touch to TheCarrot.com phone to HealthVault Clinicians view phones to Google Health laptops to HealthVault. through app on device. The through FitBaby app on reports/dashboards through a and project servers. Reports will be generated, Carrot.com generates phone. Patients access portal or EHR. Clinicians view which clinicians and reports, which patients view reports through app on Patients may also view reports reports/dashboards patients may view on through app on device. smart phone. through dashboard on smart through a portal or EHR. their laptops. phones. Use of SMS? Yes. Clinicians send SMS No. Not planned at this time. Possible. No messages to patients. 5
  • 6. General Applicability of HIPAA to Grantees’ Projects 6
  • 7. Key HIPAA Security Rule Principles Few Bright Line Establishes categories of safeguards to secure electronic protected Requirements health information (“EPHI”). Provides Covered Entities (“CEs”) with discretion to determine which safeguards to employ in each category. Scalable Level of safeguards can vary with size and resources of CE. Small physician practices do not have to adopt the same types of safeguards as a large hospital system or insurer. Standards include those that are “required” and those that are Required vs. “addressable.” Addressable standards do not have to be implemented Addressable if, through a risk analysis, a CE determines that a standard is not feasible Standards and adopts alternative safeguards to the extent practical. 7
  • 8. The Importance of Risk Analysis Conducting a risk analysis is the first step in identifying and implementing appropriate safeguards. Risk analyses inform which technology (and other) solutions a CE should adopt, when they should be adopted, and whether and which alternative safeguards should be implemented instead. The risk analysis implementation specification (Section 164.308(a)(1)(ii)(A)) requires CEs to: “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.” 8
  • 9. Key Security Rule Requirements Relevant to Use of Mobile Devices Implementation Specifications Standards Citation (R)= Required, (A)=Addressable Access Control 164.312(a)(1) Unique User (R) Identification Emergency Access (R) Procedure Automatic Logoff (A) Encryption and (A) Decryption Audit Controls 164.312(b) (R) Integrity 164.312(c)(1) Mechanism to (A) Authenticate Electronic Protected Health Information Person or Entity 164.312(d) (R) Authentication Transmission Security 164.312(e)(1) Integrity Controls (A) Encryption (A) 9
  • 10. Standard 1: Access Control Standard Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights as specified in the “Administrative Safeguards” section of the Security Regulations. Implementation Specifications 1. Unique User Identification. [Required] Assign a unique name and/or number for identifying and tracking user identity. 2. Emergency Access Procedure. [Required] Establish (and implement as needed) procedures for obtaining necessary EPHI during and emergency. 3. Automatic Logoff. [Addressable] Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. 4. Encryption and Decryption. [Addressable] Implement a mechanism to encrypt and decrypt EPHI. 10
  • 11. Standard 2: Audit Controls Standard Implement hardware, software, and/or procedural mechanisms that record and examine activity information systems that contain or use EPHI. Implementation Specifications None. The CE’s risk assessment and risk analysis can help determine how intensive the entity’s audit control function should be. 11
  • 12. Standard 3: Integrity Standard Implement policies and procedures to protect the integrity of EPHI and assure it is not improperly altered or destroyed. Implementation Specifications Mechanism to Authenticate EPHI. [Addressable] Implement electronic mechanisms to corroborate that EPHI has not been altered or destroyed in an unauthorized manner. 12
  • 13. Standard 4: Person or Entity Authentication Standard Implement procedures to verify that persons or entities seeking access to EPHI are who they claim to be. Implementation Specifications None. Personal authentication can be achieved through a variety of mechanisms, including passwords, tokens, biometric identification, and others. 13
  • 14. Standard 5: Transmission Security Standard Implement technical security measures to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network. Implementation Specifications 1. Integrity Controls. [Addressable] Implement data integrity measures to ensure that electronically transmitted EPHI is not improperly modified without detection until disposed of. 2. Encryption. [Addressable] Implement a mechanism to encrypt EPHI whenever deemed appropriate. 14
  • 15. Special Risks Presented by Mobile Devices1 Loss, Theft or Disposal Risk level: high Because of their small size, mobile devices can be lost or misplaced. They are also an easy target for theft. If proper measures are not in place and activated, gaining access can be straightforward, potentially exposing sensitive data that resides on the device or is accessible from it. Unauthorized Access Risk level: high According to the National Institute of Standards and Technology (“NIST”), most cell phone users seldom employ security mechanisms built into a device, and if employing them, often apply settings that can be easily determined or bypassed (e.g. passwords). HHS cites data storage and transmission as potential risk areas as well. 1The risks listed here were identified either by NIST in its 2008 “Guidelines for Cell Phone and PDA Security” Special Publication 800-124 or the U.S. Department of Health and Human Services in its 2006 HIPAA Security Guidance for Mobile Devices 12/18/2006. 15
  • 16. Special Risks Presented by Mobile Devices2 Malware (Viruses) Risk level: low Mobile malware can infect a mobile device when a user downloads a virus disguised as a game or security patch etc. Malware can also be appended to email, text and other instant messages available on cell phones. Malware can intercept or access information on the mobile device, collect and send information out of the device and/or, destroy stored information, among various other behaviors. According to NIST, malware outbreaks on mobile devices have been mild when compared to malware incidents on laptops. Cloning Risk level: low If certain unique identifiers built into a cell phone are reprogrammed into a second cell phone, a clone is created that can masquerade as the original. According to NIST, cloning is not as prevalent among digital networks as it was when cell phones relied on analog networks. Today, encryption prevents most device identifiers from being recovered and used to clone a device. 2Id. 16
  • 17. Mobile Device Security Risk: Lessons Learned from HHS Breach Notification Reports3 Majority of reported breaches involve loss or theft of paper records, portable medium (CD or tape) or laptops. Few reported breaches involve hacking or other external technical penetration. Out of 214 total breach reports, only 23 involved “portable electronic devices” (other than laptops) and all of those were loss or thefts. Breaches affecting 500 or more individuals are reported by HHS at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/ breachtool.html 3HHS breach reports accessed on December 27, 2010. 17
  • 18. Initial Best Practice Suggestions for Grantee Review and Discussion Overarching Questions for Grantees: Do These Suggestions Sound Feasible? Necessary? Sufficient? 18
  • 19. Implementing Appropriate Security Practices Analyzing security practices when patients are using mobile devices raises issues not contemplated under the Security Rule. When conducting a risk analysis to determine which strategies to use to protect EPHI communicated to/from a patient using a mobile device, health care providers should consider the following factors: The complexity and cost of the security measure (e.g. downloading and installing a third-party encryption program). The ability of the patient to perform the task. The effect the security measure will have on the efficient delivery of clinical care (e.g. the effect of locking a device or application with a password on the patient’s willingness to report ODLs). The probability and criticality of potential risks to EPHI. Question for Grantees: Are There Other Factors We Should Include? 19
  • 20. Best Practice Recommendations: Road Test Transmission Security HIPAA Standard: Implement technical security measures to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network. Background: Mobile devices can send data in various ways, such as: Internet protocols (e.g. those used by many of the unique software applications grantees have developed under their projects) Email (which uses traditional Internet protocols) Voice (e.g. traditional telephone) Text (“SMS/MMS”) messaging Most of these channels are secure without the patient having to take any additional steps...except for text messages… 20
  • 21. Spotlight on Text Messages When “at rest” on a smart phone, data is generally stored in the computer inside the smart phone (often called “on-board memory”) or on a memory card that is inside of the Where Are phone but can be removed. Text Some data can also be stored on what is called a SIM card, which ties a smart phone to a Messages user’s phone number and can also be removed. Located? Data at rest can also be stored offsite on a wireless carrier’s server. Data can be “in transit” to another smart phone or elsewhere. 21
  • 22. Spotlight on Text Messages: Encrypting Data at Rest Many smart phones include built-in encryption capabilities for data at rest. For example, through the Blackberry Enterprise Server, Blackberry enables “enterprises” to set the security policies for its employees’ phones. Patients who have smart phones that are not provided by their employer or otherwise part of an enterprise system would probably have to work with their wireless carrier or device provider to enable their options for encrypting data at rest on their phones…OR…clinicians providing the smart phones could take responsibility for enabling encryption options for them. Many smart phones allow patients or enterprises to add third party applications, including encryption/decryption and other security tools, to their phones. There are a number of third-party applications available in the iPhone App Store, for example, that will further encrypt data at rest on a smart phone. The price of these applications varies, and the difficulty of installation/use can be high. 22
  • 23. Spotlight on Text Messages: Encrypting Data in Motion Unlike wireless Internet, the network channels over which text messages are sent in the United States are not encrypted via Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”) encryption methods. This means that text messages are not automatically encrypted as they transverse carriers’ wireless channels en route to another smart phone (or elsewhere). Unless an enterprise or a patient buys a third-party software tool that scrambles the text message before it leaves his/her phone and unscrambles it upon reaching its destination, text messages can be intercepted in transit and read. Third-party software applications to encrypt text messages in transit are available in the iPhone App Store, for example. The cost of these software tools varies. Most tools require the user to configure various options after the software is downloaded, to obtain additional keys, and to engage in other activities that make installation and use of these software applications challenging. It is probably not realistic to assume that individual patients would be capable of installing third-party text message encryption software on their smart phones for the purposes of protecting ODLs or other information they communicate to their health care providers through their smart phones. 23
  • 24. Best Practice Recommendations: Road Test Securing Text Messages Providers that give patients smart phones should investigate whether they can preset the smart phones’ built-in encryption tools for data at rest. Providers should also investigate the availability, effectiveness, and price of third party encryption tools that encrypt data as it is being transmitted to and from smart phones. If implementation of encryption tools is not feasible, providers should engage in alternative protection behaviors: Limit EPHI transmitted via unencrypted channels (e.g. carefully word communiqués with patients); Direct patients to obtain detailed information through a web portal or other secure means. Providers should also offer education/training to patients on the risks of transmitting EPHI to clinicians through text messages. Question for Grantees: Does this sound feasible to you? 24
  • 25. Best Practice Recommendations: Road Test Person/Entity Authentication and Access HIPAA Standard: Implement procedures to verify that persons or entities seeking access to EPHI are who they claim to be. HIPAA Standard: Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights as specified in the “Administrative Safeguards” section of the Security Regulations. Providers should offer education/training to patients with whom they communicate via mobile device on things like use of passwords and proper device handling. Providers should also encourage patients to sign a statement indicating they understand the heightened risks if they do not:4 Protect their mobile devices with passwords; Enable their device’s automatic logoff function after a specified amount of time; Refrain from sharing their device with friends and family. Question for Grantees: Does this sound feasible to you? 4Project 25 HealthDesign grantees need not retroactively have participating patients sign such a statement.
  • 26. Best Practice Recommendations: Road Test Audit Controls Integrity HIPAA Standard: Implement policies HIPAA Standard: Implement policies and procedures to protect the and procedures to protect the integrity of EPHI and assure it is not integrity of EPHI and assure it is not improperly altered or destroyed. improperly altered or destroyed. Not Applicable/Providers need not take Not Applicable/Providers need not take any additional action. any additional action. As with the other Security Rule As with the other Security Rule standards, the audit control standards, the audit control requirement does not apply to requirement does not apply to devices controlled by patients. devices controlled by patients. From a best practice perspective, From a best practice perspective, there is no need for a patient to log there is no need for a patient to take and audit his own use of his/her steps to ensure the integrity of the mobile device as it is generally only EPHI they store and/or transmit the patient who will have access to through their mobile devices as risk the device. of alteration or destruction is low. Question for Grantees: Does this sound feasible to you? 26
  • 27. Next Steps Determine whether the webinar approach is a good one for collecting grantees’ feedback on cross-cutting policy issue obstacles. Question for Grantees: Does the webinar approach work for you? Is there an alternative approach you would prefer? Remaining cross-cutting policy issue obstacles to be addressed: Uncertainty about health care providers’ liability when incorporating ODLs into clinical practice and communicating with patients electronically Uncertain policy environment regarding an individual’s use of internet-based tools to share health information 27
  • 28. Appendix 28
  • 29. Citations: Mobile Device Use Estimates “Physicians in 2012: The Outlook for On Demand, Mobile and Social Digital Media.” Accessed on 12/29/2010. Released October 2009. http://www.manhattanresearch.com/newsroom/Press_Releases/physician-smart phones-2012.aspx “2008 Identity Management Trends in Healthcare Survey Research Brief” Imprivata, Inc. Accessed on 12/29/2010. Released 2008. http://www.imprivata.com/custom/confirmation/resource/research/2008_id_mgmt_trends_health care.pdf McKinsey Mobile Health Care Survey 2009. McKinsey & Co. Accessed on 12/29/2010. http://www.mckinsey.it/idee/practice_news/global-mobile-healthcare-opportunity.view “Mobile Health Market Report 2010-2015” Research2guidance. Accessed 12/29/2010. http://www.research2guidance.com/500m-people-will-be-using-healthcare-mobile-applications-in- 2015/ “Bigger than DTC? The Promise of Mobile Health.” Euro RSCG Life 4D. Survey conducted September 2010. 29
  • 30. HIPAA Security Rule Overview “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits.” “Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.” “Availability means the property that data or information is accessible and useable upon demand by an authorized person.” “Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes.” §164.304 and 164.306(a)(1) 30
  • 31. HIPAA Security Rule Overview Cont’d A covered entity must comply with the applicable standards, implementation specifications, and requirements of the Security Rule with respect to electronic Protected Health Information. Covered Entities means: Electronic Protected Health Information (EPHI) means: (1) A health plan (2) A health care clearinghouse individually identifiable health (3) A health care provider who information ... that is (i) Transmitted transmits any health information in by electronic media; or (ii) electronic form Maintained in electronic media 31