Speaking at the 2012 AHIMA Convention and Exhibit, SoftServe`s Russ Hertzberg, Vice President, Technology Solutions, shared some valuable insights on “Enabling Software Technologies for Mobile Healthcare Solutions”. Here is the presentation that Russ delivered at this important educational event.

1. Enabling Software Technologies
for
Mobile Healthcare Solutions
September 15, 2012
Russ Hertzberg
Vice
President, Technology
Solutions

2. Agenda
▪ Security Services and Technologies
▪ Mobile Device Management
▪ Rich User Interface on Small Form Factor Mobile
Devices
▪ Web Services; HL7; Performance Considerations
▪ Mini Case Study
▪ Conclusions; Q and A

3. Security Services and Technologies
▪ The Compliance Domain:
– Protected Health
Information (PHI)
– What PHI Exactly to Protect
▪ How to Protect It
▪ Tools, Techniques, Tips

4. PHI is:
▪ Names
▪ All geographical identifiers smaller than a state
▪ Dates (other than year) directly related to an individual
▪ Phone numbers
▪ Fax numbers
▪ Email addresses
▪ Social Security numbers
▪ Medical record numbers
▪ Health insurance beneficiary numbers
▪ Account numbers
▪ Certificate/license numbers
▪ Vehicle identifiers and serial numbers, including license plate numbers;
▪ Device identifiers and serial numbers;
▪ Web Uniform Resource Locators (URLs)
▪ Internet Protocol (IP) address numbers
▪ Biometric identifiers, including finger, retinal and voice prints
▪ Full face photographic images and any comparable images
▪ Any other unique identifying number, characteristic, or code except the unique code
assigned by the investigator to code the data

5. What PHI to Protect…Abstract or
Complex Cases
▪ “Any other unique identifying
number, characteristic, or code
except the unique code assigned
by the investigator to code the
data”
– External application identifiers
– Legacy application identifiers
– Medical Device generated
identifiers
– Others?
▪ Better Safe than Sorry

6. Known/Measured Breaches in
Summary…2005-2011
http://www.healthcarefinancenews.com/news/top-10-data-security-breaches-2012)

7. How to Protect: Encryption
▪ http://en.wikipedia.org/wiki/Encryption
▪ In cryptography, encryption is the process of
transforming information (referred to as plaintext) using
an algorithm (called a cipher) to make it unreadable to anyone
except those possessing special knowledge, usually referred to
as a key. The result of the process is encrypted information (in
cryptography, referred to as ciphertext). The reverse
process, i.e., to make the encrypted information readable
again, is referred to as decryption (i.e., to make it
unencrypted)
▪ HIPAA doesn't strictly require that PHI be encrypted "at rest"
(aka on disk/storage) but unless you have a very good
reason, it is highly recommended you do so.

8. How to Protect: Encryption
▪ HIPAA and Encryption:
– Notification for PHI Breach
Without Encryption
– No Notification With
Encryption Used for Storage
(at Rest) and Transmission
(over Networks)
▪ Common Key Types
(Algorithms):
– RSA
– AES
– DES
– 3DES
– Others
▪ Key Types: Public/Private; Secret

9. What to Protect (Physician Practice)
▪ Practice Management
System
▪ Electronic Medical Records
▪ Claims Documents
▪ Scanned Images
▪ Email

10. Encryption on Strategic Mobile
Device Platforms
▪ Data At Rest iOS/Apple = Yes
(Hardware)
▪ Data At Rest Android/Google
= No (3rd party solutions or
components)
▪ Data In Motion = Integration
Services Often Required
▪ Developing Multi-Platform
and Targeting In Motion?
– Re-useable Tools and
Components Can Save a Lot
of Time and Meet The
Complex Requirements

11. Mobile Authentication
▪ Strong Passwords on
Mobile Devices…Pain!
▪ Biometric….Promise (2D in
next iOS Release??...
9/12/2012, AuthenTec
Deal)
▪ Complexity…Larger Scale
Identity Management
Solutions such as OAuth
2.0

12. Mobile Audit Considerations
▪ KPMG HIPAA Audits in 2012 on Behalf
of HHS OCR (150 proposed to 115 as
of summer 2012)
▪ The Mass General, Cignet, and UCLA
Examples (Fines)
▪ Expected Focus:
– Inadequate security of wireless networks
– Lack of adequate updates to software
and operating systems
– Access log recordkeeping
– Insufficient incident detection and
response procedures
– Inadequate user access controls and
password management controls
– Risk of theft or loss of mobile devices
– Information access
management, including role-based
access
▪ Mobile Security Implementation or
Remediation…Sooner or Later

13. Mobile Device Management
▪ BYOD Will Not Go Away, But
Markets Are Trending
Towards Greater
Organizational Funding
▪ A Combination Business and
Personal Use
Device…Common Practice
▪ How to Meet MDM
Requirements:
– Data Storage and Segregation
– Lost Device
– Remote cleaning
– Access control

14. Mobile Device Management
Local Data Block Track Disable
▪ Bifurcated Solution Cleanse Access Device Device
Marketplace:
Practice
Mgmt
– Do it themselves ISVs
EMR
– 3rd Party Solution Platforms
▪ Define Specific Use Cases Claims
▪ Build a Matrix of Mobile Doc
Apps, MDM Use
Images
Cases, and Potential Password Management
Solutions Simple Pswd Value Maximum Password Age
Alphanumeric Value Required Maximum # Failed Attempts
Enforce Min Length Enforce Min # Complex
Characters

15. Rich User Interface on Small Form
Factor Mobile Devices
▪ Complex Patient Data and
Small Screens
▪ Slower Wireless Networks
▪ Native Apps
▪ Mobile Web
▪ Hybrid Native and Mobile
Web

16. Rich User Interface on Small Form
Factor Mobile Devices
▪ Persona Elaboration
▪ Simplified Use Cases
▪ HTML 5; Native App UI
Objects
▪ 3rd Party Tools and
Components

17. Rich User Interface on Small Form
Factor Mobile Devices
Creative Solutions for Rich
Healthcare Data:
– Sparkline's
– Push Notification for Patient
Monitoring

18. Thinking About Web Services, HL
7, and Performance
▪ HL7…An XML Based
Standard for Exchanging
Information Between Medical
Applications
▪ The Good:
– Standard Data Exchange over
TCP/IP
– EDI Like Formatting Allowed
for Development of
Successful Parsers
– HL7 Standards for Many
Healthcare Data Types
– Great Resources for
Healthcare IT

19. The Case for JSON, Especially on
Mobile
▪ Speed Over Networks
▪ Data Model Change
Flexibility
▪ RESTful
▪ Does not Require One
Truth Reference Data
Modeling

20. HL7 and JSON: A Future of Détente??
▪ Clinical Document
Architecture with HL7
▪ Rich Data Models within
Healthcare Organizations
▪ Data Exchange moving
Towards JSON
▪ Data Exchange Between
Organizations Based on
Common Data Model
Elements
▪ Translation Middleware

21. Mini Case Study
▪ A SOLUTION FOR HOME
HEALTHCARE AND HOSPICE
AGENCIES
▪ TECHNOLOGIES: WINDOWS PHONE
7, VS2010 / EXPRESSION BLEND
4, WCF, SILVERLIGHT, MVVM, NINJECT, NI
NJA DATABASE
PRO, SSL, AUTOMAPPER, STRUCTUREMAP,
NUNIT, NHIBERNATE, RHINO.MOCKS, LOG4
NET

22. Carefully Designed UI/UX for
Windows Phone 7

23. Architecture - Communication
Web
Phone
Homecare
DB Services WCF
Mobile Services
WCF
Security
Security Framework Web service
DB

24. Architecture - Phone
Web
Providers
Common UI
Views
(ViewModels)
Facade
Domain
Local
cache Cache
Manager

25. Mapping, GPS, and Office
Productivity
▪ BING Maps and GPS for Routing From
Patient to Patient
– Track and Audit Patient Visits
– Track and Control Mileage Expenses
– Optimize Travel Routing
– Submit Daily Reports Instantly. Roll Up Patient
Data Instantly and Daily. Eliminate Clinician
Reporting Work and Errors

26. Contacts and Questions?
US Headquarters Europe Headquarters
12800 University Drive, Suite 250 52 V. Velykoho Str.
Fort Myers, FL 33907, USA
Lviv 79053, Ukraine
Main Tel: 239-690-3111
Main Fax: 239-690-3116
Tel: +380-32-240-9090
Fax: +380-32-240-9080
E-mail: rhert@softserveinc.com
E-mail: info@softserveinc.com
Thank You!