using and securing mobile health apps: managing mobile ... · •zocdoc •users may quickly book...
TRANSCRIPT
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Using and Securing Mobile Health Apps: Managing Mobile Device Complexity in
Health Care
John McConnell Enterprise Architect
Fletcher Allen Health Care
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Agenda
• The BYOD Wave – Trends & Expectations
– Customer Requirements
• The State of the Network – Policy
– Infrastructure
– Security: The Three Laws
• Challenges and Issues
• Where from here?
2
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The BYOD Wave
• Bring Your Own Device is a fait accompli – 85% of all physicians use a Smartphone and/or tablet today1
– Electronic Health Record (EHR) Vendors with mobile apps today: • Epic, Greenway, NextGen, Cerner, GE, Allscripts and eClinicalWorks.
– “122 companies said they would introduce fully functional mobile access to their EHR products, native iPad versions, or both by the end of this year. Another 135 EHR vendors said that mobile apps were in their strategic plans.”2
3
1 See http://www.pmlive.com/blogs/digital_intelligence/archive/2012/may_2014/us_doctors_ipad_smartphone_mobile_devices_manhattan_research
2 See http://www.informationweek.com/mobile/ehr-makers-answer-doctors-calls-for-mobile-apps/d/d-id/1110240?
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Expectations & Trends
4
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Requirements Spectrum
5
Limit Basic Enhanced Advanced
Tight Control • IT chooses
devices • IT manages
devices with onsite access
• All other devices prohibited
Basic Access • Larger device set • IT manages
devices with onsite access
• Employee-owned & guest devices with Internet only
Any Device Anywhere Enhanced Security
• Wide range of devices
• Corp & employee devices with full on-site and off-site access
• Device-side security
• Guest devices with Internet only
Any Device Anywhere
Anyone • Wide range of
devices • Corp & employee
devices with full on-site and off-site access
• Device-side security
• Guest/Customer devices with enhanced services
• Custom Native Applications
• BYOD for competitive advantage
Poll: Where is your organization on this spectrum?
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Policy
• A well-designed and published Mobile Devices policy is always the first step
– Beware of “unachievable/unenforceable” requirements!
– Policy servers are just beginning to appear
• Future integration with Network Access Control and IDS/IPS systems
6
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Policy
• Major Policy Positions: – Who does this policy apply to? • Employees • Guests • Patients • Business Partners • Affiliates
– What does this policy apply to? • Device Identity
• Device Classification
• Device Health / Posture
7
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Policy
• Major Policy Positions:
– Where does this policy apply? • Geography (Geofencing) • Floor/wing/department • SSID • Switch Port
– When does this policy apply?
• Off hours access
• Traffic throttling and prioritization
8
VITL Summit ‘14 Track 4: Patient and Provider Engagement
An Example BYOD “Policy”
9
Endpoint Identity
•Active Directory membership • SAML Tokens • Certificates •MDM custom
attributes
Authentication • ID/Password •User certs •Location •2FA
Device Type • iOS •Android •Windows phone
Authorization •Deny Access • Full Access • Partial Access • Internet Only •MicroVPNs
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Infrastructure
10
Collaboration
Workspace Management
Secure Mobility
Policy Management
Core Infrastructure
Email, Calendaring, Lync, Skype, etc.
MDM & VDI
VPN clients & Micro VPNs
Radius, NAC, BYOD on-boarding
Wireless infrastructure Authentication & Authorization Services
Important Building Blocks
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Infrastructure
• Your method(s) of Application Delivery will affect your strategy:
11
Native App
Native Local data on device Maximum Performance Native Device Experience
Native App
Web Browser
HTML
Native App
Browser Local data on device Highly Portable to many devices Web Browser Experience
Virtual Desktop
Native App
Virtual Desktop
Virtual No local data on device Maximum Security “Translated” Experience
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The State of the Network - Security
• Follow McConnell’s Three Laws of Mobile Device Security™
12
VITL Summit ‘14 Track 4: Patient and Provider Engagement
First Law
• The First Rule of Protecting Patient Data: – Keep PHI off hard drives!
• Implications – VDI keeps patient info in the data center where it belongs
– Active Directory Group Policies can redirect local folders to a network drive (“Documents”, “Desktop”, etc.)
– Implement a managed cloud-based file sharing tool: • Box Enterprise
• OneDrive
• Citrix ShareFile
• Etc.
13
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Second Law
• Make it painless for providers to access PHI:
– If you just say “no,” users will just find a way to work around your “rules”
– Provide a standard desktop and storefront experience, regardless of device type or location
– Improve authentication (enable multi-factor) on the desktop
14
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Third Law • Encrypt. Encrypt. Encrypt.
– Encrypt all hard drives that can walk (and maybe soon those that cannot…)
– Use FIPS 140-2 (AES256) encryption: • Note: This is NOT the default in Windows BitLocker and Mac
FileVault2
– Implement a Mobile Device Management policy which enforces encryption
– Implement an MDM: • Exchange ActiveSync • VMWare Airwatch • Citrix XenMobile • MobileIron • MAAS360 • Microsoft InTune
15
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Challenges & Issues
• The world of Enterprise Mobility Management is in its infancy. – No one vendor has it all working (yet)
– Device turn-over and churn, as well as most providers having an average of three devices each, acts as a drag on innovation
– Ultimately, you are at the mercy of: • Apple
• Microsoft
16
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Where From Here?
• Recommendations:
– Write a policy first and communicate it
– Select your application delivery method(s)
– Implement an EMM/MDM solution
– Bolster your authentication services
• Implement multi-factor
– Develop, test and implement role-based access policies
17
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Contact Info
John McConnell
Email: [email protected]
Twitter: john0831vt
Blog: http://jrmcconnell.com
18
VITL Summit ‘14 Track 4: Patient and Provider Engagement
Using and Securing Mobile Health Apps:
Mark Daly
| Programmer/Analyst
mHealth Showcase
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The mHealth Boom
• Mobile technology is being rapidly adopted – Faster adoption than any other technology. Ever.
– Increasingly, clinicians are using mobile devices at work
• Consumer Patient Monitoring Devices – Vision: you will share your exercise levels, heart rate, activity,
and other essential data gathered by your mobile device with your doctor
• Medical Industry Adoption of Mobile Tech – EHR System integration for medical professionals
20
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The mHealth Boom
• FDA recently released draft guidance which relaxes regulations for some medical devices – Class II medical devices that no longer need a 510(k) review to
ensure their safety and effectiveness
– Class I medical devices that do not meet the "reserved" criteria of the Federal Food, Drug and Cosmetic Act
• Smartphone-enabled tools that are affected: – Clinical digital thermometers
– Ophthalmic cameras
– Stethoscopes
21
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The mHealth Boom
• Mobile App Developers have a clear path forward – Investment remains high in this mobile niche
– Thousands of apps currently available for both the consumer and the clinician
– Many different categories of mHealth apps exist, including….
22
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Health & Fitness
• FitBit Flex
– Wristband with many sensors for the user to wear
– Compatible with your smartphone
– Monitors your fitness by tracking many things:
• Steps
• Distance
• Calories burned
• Sleep Cycle
• Personal goals
– Wakes you silently
23
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Strava Cycling
– Presents a clean, simple UI for:
• Tracking bike rides
• Viewing your data during a ride
• Comparing your stats against friends or pros
• Finding new rides
– Connects to heart rate monitors
– Running version also available
24
mHealth Apps: Health & Fitness
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Wellness
• SmokeFree
• Help users quit smoking by showing them:
• Money they’ve saved since quitting
• Quantity of avoided tar and cigarettes
• Regenerative steps the body has made since stopping
• Users can then share their success over social media, such as Twitter or Facebook
25
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Sleep Cycle – Bio-alarm clock that analyzes sleep
patterns and wakes you in the lightest sleep phase
– Uses iPhone accelerometer to monitor your movement to determine which sleep phase you are in
– Waking up in the lightest sleep phase is a natural way to wake up where you feel rested and relaxed
26
mHealth Apps: Wellness
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Fooducate
– Scan the barcode on food packaging to get easy to digest nutritional information
– Proposes healthier alternatives when something is scanned that may not be healthy for you
– A gluten-free version is also available
27
mHealth Apps: Nutrition
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Fitocracy Macros
• Allows users to target foods with macronutrients
• Embark on a diet and eat foods that help you stay satisfied, energetic, and calm.
• Search for and add foods from a nutritional database
• Count fiber, water, and alcohol
• Can sync to backup data
28
mHealth Apps: Nutrition
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Psychological
• Paul McKenna – 7 Days Thin, Sleep, Confidence, Phobias – McKenna is a hypnotist who believes
his app can alter the user’s thoughts, habits and patterns related to weight loss, confidence and sleep
– Can help to make the user: • Thin
• Sleep better
• Gain confidence
• Be free of certain phobias
29
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Stress Check • Quantifies psychological or physical stress by
measuring your heart rate through the camera and light features on your iPhone
• Determines the effects of different stressors
• User can control stress and observe progress
• Can reduce chances of certain chronic diseases known to be correlated with stress
• Works by measuring time variations between consecutive heart beats
30
mHealth Apps: Psychological
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• NFL Play 60
– Users run, jump, and turn while holding their smartphone and the character in the game does the same
– Incentivizes the user to be more active:
• Unlock fun characters
• Get American Heart Association hearts that make the player invincible
• Collect coins used to buy NFL team gear
31
mHealth Apps: Fitness Games
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• Zombies, Run!
– What better motivation to run than being chased by a horde of zombies?
– Places the user in an immersive audio experience and makes you feel like you’re in your favorite zombie movie
– Allows the user to:
• Track progress on the web
• Share runs with friends
• Sync your runs
32
mHealth Apps: Fitness Games
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Medical - Patient
• SkinVision
• Helps to guard against skin cancer
• Takes a photo with your smartphone and provides an analysis and any recommendations
• Users may check their moles more frequently and take action with their doctor if there seems to be something wrong
33
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• iHealth Wireless Smart Gluco – Monitoring System
– Allows Diabetes sufferers to:
• Easily monitor blood glucose levels
• Save results
• Track trends
• Be reminded when medication is due
– Other iHealth devices include:
• Blood pressure monitors
• Scales
• Activity and sleep trackers
• Other glucometers
34
mHealth Apps: Medical - Patient
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• ZocDoc
• Users may quickly book doctor and dentist appointments
• Simple, clean interface and method:
• Enter your zip code
• Enter insurance information
• Search available doctors
• Book appointments
35
mHealth Apps: Medical - Patient
VITL Summit ‘14 Track 4: Patient and Provider Engagement
• iTriage • “Swiss Army Knife” of mHealth apps
• Integrates Aetna’s CarePass and other personal health record systems for mobile patient data access
• View your health record
• Look up medical symptoms
• Search for doctors
• View hospital wait times
• And much more…
• Offers patient information and engagement
36
mHealth Apps: Medical - Patient
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Medical - Clinician
• Eprocrates – Provider Directory
– Drug prescribing and safety information
– Harmful drug-drug interactions
• Drug insurance coverage information
• Identify pills by imprint code and physical characteristics
• Perform dozens of calculations such as BMI and GFR
• Medical news and research information
37
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Medical - Clinician
• iBlueButton
– Part of the Blue Button Initiative, a nationwide movement to get patients’ health records into the hands of patients
– Download patient data from Medicare, insurance providers, or providers’ patient portals
– View medication lists
– View treatment histories
– Share data with care providers
38
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Medical - Clinician
• Google Glass
– Glass apps are being developed for clinicians and surgeons
– Heads-up displays can provide immediate access to patient records, prescription information and medical databases while doctors are interacting with patients
– Natural Language Processing technology helps to digitize the capture, sharing and auditing of clinical and administrative information
39
VITL Summit ‘14 Track 4: Patient and Provider Engagement
mHealth Apps: Medical - Clinician
• iPad
– Professor Karl Oldhafer, chief physician of general and visceral surgery at the Asklepios Clinique in Hamburg-Barmbek, used 3D imaging technology and an iPad to localize two tumors in a liver
• A flexible, portable and easily deployed distraction solution for patients choosing to avoid sedation and use a local anesthetic
40
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The mHealth Boom: Bottom Line
• This is just the tip of the iceburg! – Many, many more mHealth apps and new compatible
hardware are currently being developed
• Steady adoption by the medical industry – Including EHR system vendors such as Epic and Allscripts
• Prevention, Prevention, Prevention! – Ultimately saves the health care system time and money
– Easier sharing of health information
– Better wellness for the patient
41
VITL Summit ‘14 Track 4: Patient and Provider Engagement
The mHealth Boom
Mark Daly
Programmer / Analyst
Vermont Information Technology Leaders (VITL)
42
Poll: Do you use 1 or more mHealth
apps today?
QUESTIONS ??
Thank you !!