using and securing mobile health apps: managing mobile ... · •zocdoc •users may quickly book...

VITL Summit ‘14 Track 4: Patient and Provider Engagement

Using and Securing Mobile Health Apps: Managing Mobile Device Complexity in

Health Care

John McConnell Enterprise Architect

Fletcher Allen Health Care


Agenda

• The BYOD Wave – Trends & Expectations

– Customer Requirements

• The State of the Network – Policy

– Infrastructure

– Security: The Three Laws

• Challenges and Issues

• Where from here?

2


The BYOD Wave

• Bring Your Own Device is a fait accompli – 85% of all physicians use a Smartphone and/or tablet today1

– Electronic Health Record (EHR) Vendors with mobile apps today: • Epic, Greenway, NextGen, Cerner, GE, Allscripts and eClinicalWorks.

– “122 companies said they would introduce fully functional mobile access to their EHR products, native iPad versions, or both by the end of this year. Another 135 EHR vendors said that mobile apps were in their strategic plans.”2

3

1 See http://www.pmlive.com/blogs/digital_intelligence/archive/2012/may_2014/us_doctors_ipad_smartphone_mobile_devices_manhattan_research

2 See http://www.informationweek.com/mobile/ehr-makers-answer-doctors-calls-for-mobile-apps/d/d-id/1110240?

http://www.pmlive.com/blogs/digital_intelligence/archive/2012/may_2014/us_doctors_ipad_smartphone_mobile_devices_manhattan_research



http://www.informationweek.com/mobile/ehr-makers-answer-doctors-calls-for-mobile-apps/d/d-id/1110240?



















Expectations & Trends

4


Requirements Spectrum

5

Limit Basic Enhanced Advanced

Tight Control • IT chooses

devices • IT manages

devices with onsite access

• All other devices prohibited

Basic Access • Larger device set • IT manages

devices with onsite access

• Employee-owned & guest devices with Internet only

Any Device Anywhere Enhanced Security

• Wide range of devices

• Corp & employee devices with full on-site and off-site access

• Device-side security

• Guest devices with Internet only

Any Device Anywhere

Anyone • Wide range of

devices • Corp & employee

devices with full on-site and off-site access

• Device-side security

• Guest/Customer devices with enhanced services

• Custom Native Applications

• BYOD for competitive advantage

Poll: Where is your organization on this spectrum?


The State of the Network - Policy

• A well-designed and published Mobile Devices policy is always the first step

– Beware of “unachievable/unenforceable” requirements!

– Policy servers are just beginning to appear

• Future integration with Network Access Control and IDS/IPS systems

6



• Major Policy Positions: – Who does this policy apply to? • Employees • Guests • Patients • Business Partners • Affiliates

– What does this policy apply to? • Device Identity

• Device Classification

• Device Health / Posture

7



• Major Policy Positions:

– Where does this policy apply? • Geography (Geofencing) • Floor/wing/department • SSID • Switch Port

– When does this policy apply?

• Off hours access

• Traffic throttling and prioritization

8


An Example BYOD “Policy”

9

Endpoint Identity

•Active Directory membership • SAML Tokens • Certificates •MDM custom

attributes

Authentication • ID/Password •User certs •Location •2FA

Device Type • iOS •Android •Windows phone

Authorization •Deny Access • Full Access • Partial Access • Internet Only •MicroVPNs


The State of the Network - Infrastructure

10

Collaboration

Workspace Management

Secure Mobility

Policy Management

Core Infrastructure

Email, Calendaring, Lync, Skype, etc.

MDM & VDI

VPN clients & Micro VPNs

Radius, NAC, BYOD on-boarding

Wireless infrastructure Authentication & Authorization Services

Important Building Blocks


The State of the Network - Infrastructure

• Your method(s) of Application Delivery will affect your strategy:

11

Native App

Native Local data on device Maximum Performance Native Device Experience

Native App

Web Browser

HTML

Native App

Browser Local data on device Highly Portable to many devices Web Browser Experience

Virtual Desktop

Native App

Virtual Desktop

Virtual No local data on device Maximum Security “Translated” Experience


The State of the Network - Security

• Follow McConnell’s Three Laws of Mobile Device Security™

12


First Law

• The First Rule of Protecting Patient Data: – Keep PHI off hard drives!

• Implications – VDI keeps patient info in the data center where it belongs

– Active Directory Group Policies can redirect local folders to a network drive (“Documents”, “Desktop”, etc.)

– Implement a managed cloud-based file sharing tool: • Box Enterprise

• OneDrive

• Citrix ShareFile

• Etc.

13


Second Law

• Make it painless for providers to access PHI:

– If you just say “no,” users will just find a way to work around your “rules”

– Provide a standard desktop and storefront experience, regardless of device type or location

– Improve authentication (enable multi-factor) on the desktop

14


Third Law • Encrypt. Encrypt. Encrypt.

– Encrypt all hard drives that can walk (and maybe soon those that cannot…)

– Use FIPS 140-2 (AES256) encryption: • Note: This is NOT the default in Windows BitLocker and Mac

FileVault2

– Implement a Mobile Device Management policy which enforces encryption

– Implement an MDM: • Exchange ActiveSync • VMWare Airwatch • Citrix XenMobile • MobileIron • MAAS360 • Microsoft InTune

15


Challenges & Issues

• The world of Enterprise Mobility Management is in its infancy. – No one vendor has it all working (yet)

– Device turn-over and churn, as well as most providers having an average of three devices each, acts as a drag on innovation

– Ultimately, you are at the mercy of: • Apple

• Google

• Microsoft

16


Where From Here?

• Recommendations:

– Write a policy first and communicate it

– Select your application delivery method(s)

– Implement an EMM/MDM solution

– Bolster your authentication services

• Implement multi-factor

– Develop, test and implement role-based access policies

17


Contact Info

John McConnell

Email: [email protected]

[email protected]

Twitter: john0831vt

Blog: http://jrmcconnell.com

18


Using and Securing Mobile Health Apps:

Mark Daly

| Programmer/Analyst

mHealth Showcase

http://mobihealthnews.com/wp-content/uploads/2013/12/AskMD.jpg


The mHealth Boom

• Mobile technology is being rapidly adopted – Faster adoption than any other technology. Ever.

– Increasingly, clinicians are using mobile devices at work

• Consumer Patient Monitoring Devices – Vision: you will share your exercise levels, heart rate, activity,

and other essential data gathered by your mobile device with your doctor

• Medical Industry Adoption of Mobile Tech – EHR System integration for medical professionals

20


The mHealth Boom

• FDA recently released draft guidance which relaxes regulations for some medical devices – Class II medical devices that no longer need a 510(k) review to

ensure their safety and effectiveness

– Class I medical devices that do not meet the "reserved" criteria of the Federal Food, Drug and Cosmetic Act

• Smartphone-enabled tools that are affected: – Clinical digital thermometers

– Ophthalmic cameras

– Stethoscopes

21


The mHealth Boom

• Mobile App Developers have a clear path forward – Investment remains high in this mobile niche

– Thousands of apps currently available for both the consumer and the clinician

– Many different categories of mHealth apps exist, including….

22


mHealth Apps: Health & Fitness

• FitBit Flex

– Wristband with many sensors for the user to wear

– Compatible with your smartphone

– Monitors your fitness by tracking many things:

• Steps

• Distance

• Calories burned

• Sleep Cycle

• Personal goals

– Wakes you silently

23


• Strava Cycling

– Presents a clean, simple UI for:

• Tracking bike rides

• Viewing your data during a ride

• Comparing your stats against friends or pros

• Finding new rides

– Connects to heart rate monitors

– Running version also available

24

mHealth Apps: Health & Fitness


mHealth Apps: Wellness

• SmokeFree

• Help users quit smoking by showing them:

• Money they’ve saved since quitting

• Quantity of avoided tar and cigarettes

• Regenerative steps the body has made since stopping

• Users can then share their success over social media, such as Twitter or Facebook

25

http://mobihealthnews.com/wp-content/uploads/2014/02/SmokeFree.jpeg


• Sleep Cycle – Bio-alarm clock that analyzes sleep

patterns and wakes you in the lightest sleep phase

– Uses iPhone accelerometer to monitor your movement to determine which sleep phase you are in

– Waking up in the lightest sleep phase is a natural way to wake up where you feel rested and relaxed

26

mHealth Apps: Wellness


• Fooducate

– Scan the barcode on food packaging to get easy to digest nutritional information

– Proposes healthier alternatives when something is scanned that may not be healthy for you

– A gluten-free version is also available

27

mHealth Apps: Nutrition


• Fitocracy Macros

• Allows users to target foods with macronutrients

• Embark on a diet and eat foods that help you stay satisfied, energetic, and calm.

• Search for and add foods from a nutritional database

• Count fiber, water, and alcohol

• Can sync to backup data

28

mHealth Apps: Nutrition

http://mobihealthnews.com/wp-content/uploads/2014/02/Fitocracy-Macros.jpeg


mHealth Apps: Psychological

• Paul McKenna – 7 Days Thin, Sleep, Confidence, Phobias – McKenna is a hypnotist who believes

his app can alter the user’s thoughts, habits and patterns related to weight loss, confidence and sleep

– Can help to make the user: • Thin

• Sleep better

• Gain confidence

• Be free of certain phobias

29

http://mobihealthnews.com/wp-content/uploads/2014/02/PaulMcKenna1.jpg


• Stress Check • Quantifies psychological or physical stress by

measuring your heart rate through the camera and light features on your iPhone

• Determines the effects of different stressors

• User can control stress and observe progress

• Can reduce chances of certain chronic diseases known to be correlated with stress

• Works by measuring time variations between consecutive heart beats

30

mHealth Apps: Psychological


• NFL Play 60

– Users run, jump, and turn while holding their smartphone and the character in the game does the same

– Incentivizes the user to be more active:

• Unlock fun characters

• Get American Heart Association hearts that make the player invincible

• Collect coins used to buy NFL team gear

31

mHealth Apps: Fitness Games

http://mobihealthnews.com/wp-content/uploads/2014/02/NFLPlay60.jpeg


• Zombies, Run!

– What better motivation to run than being chased by a horde of zombies?

– Places the user in an immersive audio experience and makes you feel like you’re in your favorite zombie movie

– Allows the user to:

• Track progress on the web

• Share runs with friends

• Sync your runs

32

mHealth Apps: Fitness Games


mHealth Apps: Medical - Patient

• SkinVision

• Helps to guard against skin cancer

• Takes a photo with your smartphone and provides an analysis and any recommendations

• Users may check their moles more frequently and take action with their doctor if there seems to be something wrong

33


• iHealth Wireless Smart Gluco – Monitoring System

– Allows Diabetes sufferers to:

• Easily monitor blood glucose levels

• Save results

• Track trends

• Be reminded when medication is due

– Other iHealth devices include:

• Blood pressure monitors

• Scales

• Activity and sleep trackers

• Other glucometers

34



• ZocDoc

• Users may quickly book doctor and dentist appointments

• Simple, clean interface and method:

• Enter your zip code

• Enter insurance information

• Search available doctors

• Book appointments

35



• iTriage • “Swiss Army Knife” of mHealth apps

• Integrates Aetna’s CarePass and other personal health record systems for mobile patient data access

• View your health record

• Look up medical symptoms

• Search for doctors

• View hospital wait times

• And much more…

• Offers patient information and engagement

36



mHealth Apps: Medical - Clinician

• Eprocrates – Provider Directory

– Drug prescribing and safety information

– Harmful drug-drug interactions

• Drug insurance coverage information

• Identify pills by imprint code and physical characteristics

• Perform dozens of calculations such as BMI and GFR

• Medical news and research information

37



• iBlueButton

– Part of the Blue Button Initiative, a nationwide movement to get patients’ health records into the hands of patients

– Download patient data from Medicare, insurance providers, or providers’ patient portals

– View medication lists

– View treatment histories

– Share data with care providers

38



• Google Glass

– Glass apps are being developed for clinicians and surgeons

– Heads-up displays can provide immediate access to patient records, prescription information and medical databases while doctors are interacting with patients

– Natural Language Processing technology helps to digitize the capture, sharing and auditing of clinical and administrative information

39



• iPad

– Professor Karl Oldhafer, chief physician of general and visceral surgery at the Asklepios Clinique in Hamburg-Barmbek, used 3D imaging technology and an iPad to localize two tumors in a liver

• A flexible, portable and easily deployed distraction solution for patients choosing to avoid sedation and use a local anesthetic

40

http://www.mevis.fraunhofer.de/en/news/aktuellstepressemitteilung


The mHealth Boom: Bottom Line

• This is just the tip of the iceburg! – Many, many more mHealth apps and new compatible

hardware are currently being developed

• Steady adoption by the medical industry – Including EHR system vendors such as Epic and Allscripts

• Prevention, Prevention, Prevention! – Ultimately saves the health care system time and money

– Easier sharing of health information

– Better wellness for the patient

41


The mHealth Boom

Mark Daly

Programmer / Analyst

Vermont Information Technology Leaders (VITL)

[email protected]

42

Poll: Do you use 1 or more mHealth

apps today?

QUESTIONS ??

Thank you !!

mailto:[email protected]