enabling software technologies for mobile healthcare solutions
DESCRIPTION
Speaking at the 2012 AHIMA Convention and Exhibit, SoftServe`s Russ Hertzberg, Vice President, Technology Solutions, shared some valuable insights on “Enabling Software Technologies for Mobile Healthcare Solutions”. Here is the presentation that Russ delivered at this important educational event.TRANSCRIPT
Enabling Software Technologiesfor
Mobile Healthcare Solutions
September 15, 2012
Russ HertzbergVice President,
Technology Solutions
Agenda
▪ Security Services and Technologies
▪ Mobile Device Management
▪ Rich User Interface on Small Form Factor Mobile Devices
▪ Web Services; HL7; Performance Considerations
▪ Mini Case Study
▪ Conclusions; Q and A
Security Services and Technologies
▪ The Compliance Domain:– Protected Health
Information (PHI)– What PHI Exactly to
Protect
▪ How to Protect It
▪ Tools, Techniques, Tips
PHI is:
▪ Names▪ All geographical identifiers smaller than a state▪ Dates (other than year) directly related to an individual▪ Phone numbers▪ Fax numbers▪ Email addresses▪ Social Security numbers▪ Medical record numbers▪ Health insurance beneficiary numbers▪ Account numbers▪ Certificate/license numbers▪ Vehicle identifiers and serial numbers, including license plate numbers;▪ Device identifiers and serial numbers;▪ Web Uniform Resource Locators (URLs)▪ Internet Protocol (IP) address numbers▪ Biometric identifiers, including finger, retinal and voice prints▪ Full face photographic images and any comparable images▪ Any other unique identifying number, characteristic, or code except the unique code
assigned by the investigator to code the data
What PHI to Protect…Abstract or Complex Cases
▪ “Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data”
– External application identifiers
– Legacy application identifiers
– Medical Device generated identifiers
– Others?
▪ Better Safe than Sorry
Known/Measured Breaches in Summary…2005-2011
http://www.healthcarefinancenews.com/news/top-10-data-security-breaches-2012)
How to Protect: Encryption
▪ http://en.wikipedia.org/wiki/Encryption
▪ In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted)
▪ HIPAA doesn't strictly require that PHI be encrypted "at rest" (aka on disk/storage) but unless you have a very good reason, it is highly recommended you do so.
How to Protect: Encryption
▪ HIPAA and Encryption:– Notification for PHI Breach
Without Encryption– No Notification With
Encryption Used for Storage (at Rest) and Transmission (over Networks)
▪ Common Key Types (Algorithms):– RSA– AES– DES– 3DES– Others
▪ Key Types: Public/Private; Secret
What to Protect (Physician Practice)
▪ Practice Management System
▪ Electronic Medical Records
▪ Claims Documents
▪ Scanned Images
Encryption on Strategic Mobile Device Platforms
▪ Data At Rest iOS/Apple = Yes (Hardware)
▪ Data At Rest Android/Google = No (3rd party solutions or components)
▪ Data In Motion = Integration Services Often Required
▪ Developing Multi-Platform and Targeting In Motion?
– Re-useable Tools and Components Can Save a Lot of Time and Meet The Complex Requirements
Mobile Authentication
▪ Strong Passwords on Mobile Devices…Pain!
▪ Biometric….Promise (2D in next iOS Release??... 9/12/2012, AuthenTec Deal)
▪ Complexity…Larger Scale Identity Management Solutions such as OAuth 2.0
Mobile Audit Considerations
▪ KPMG HIPAA Audits in 2012 on Behalf of HHS OCR (150 proposed to 115 as of summer 2012)
▪ The Mass General, Cignet, and UCLA Examples (Fines)
▪ Expected Focus:– Inadequate security of wireless networks– Lack of adequate updates to software
and operating systems– Access log recordkeeping– Insufficient incident detection and
response procedures– Inadequate user access controls and
password management controls– Risk of theft or loss of mobile devices– Information access management,
including role-based access
▪ Mobile Security Implementation or Remediation…Sooner or Later
Mobile Device Management
▪ BYOD Will Not Go Away, But Markets Are Trending Towards Greater Organizational Funding
▪ A Combination Business and Personal Use Device…Common Practice
▪ How to Meet MDM Requirements:– Data Storage and
Segregation– Lost Device– Remote cleaning– Access control
Mobile Device Management
▪ Bifurcated Solution Marketplace:– Do it themselves ISVs– 3rd Party Solution
Platforms
▪ Define Specific Use Cases
▪ Build a Matrix of Mobile Apps, MDM Use Cases, and Potential Solutions
Local Data Cleanse
BlockAccess
TrackDevice
DisableDevice
Practice Mgmt
EMR
Claims
Doc Images
Password Management
Simple Pswd Value Maximum Password Age
Alphanumeric Value Required Maximum # Failed Attempts
Enforce Min Length Enforce Min # Complex Characters
Rich User Interface on Small Form Factor Mobile Devices
▪ Complex Patient Data and Small Screens
▪ Slower Wireless Networks
▪ Native Apps▪ Mobile Web▪ Hybrid Native and
Mobile Web
Rich User Interface on Small Form Factor Mobile Devices
▪ Persona Elaboration
▪ Simplified Use Cases
▪ HTML 5; Native App UI Objects
▪ 3rd Party Tools and Components
Rich User Interface on Small Form Factor Mobile Devices
Creative Solutions for Rich Healthcare Data:
– Sparkline's
– Push Notification for Patient Monitoring
Thinking About Web Services, HL 7, and Performance
▪ HL7…An XML Based Standard for Exchanging Information Between Medical Applications
▪ The Good:– Standard Data Exchange
over TCP/IP– EDI Like Formatting
Allowed for Development of Successful Parsers
– HL7 Standards for Many Healthcare Data Types
– Great Resources for Healthcare IT
The Case for JSON, Especially on Mobile
▪ Speed Over Networks
▪ Data Model Change Flexibility
▪ RESTful
▪ Does not Require One Truth Reference Data Modeling
HL7 and JSON: A Future of Détente??
▪ Clinical Document Architecture with HL7
▪ Rich Data Models within Healthcare Organizations
▪ Data Exchange moving Towards JSON
▪ Data Exchange Between Organizations Based on Common Data Model Elements
▪ Translation Middleware
Mini Case Study
▪ A SOLUTION FOR HOME HEALTHCARE AND HOSPICE AGENCIES
▪ TECHNOLOGIES: WINDOWS PHONE 7, VS2010 / EXPRESSION BLEND 4, WCF, SILVERLIGHT, MVVM, NINJECT, NINJA DATABASE PRO, SSL, AUTOMAPPER, STRUCTUREMAP, NUNIT, NHIBERNATE, RHINO.MOCKS, LOG4NET
Carefully Designed UI/UX for Windows Phone 7
Architecture - Communication
DB
SecurityDB
SecurityFramework
Homecare Services
Mobile Services
Web
Phone
Web service
WCF
WCF
Architecture - Phone
Local cache
Views Common UI (ViewModels)
Domain
Web
Faca
de
Cache Manager
Providers
Mapping, GPS, and Office Productivity
▪ BING Maps and GPS for Routing From Patient to Patient
– Track and Audit Patient Visits– Track and Control Mileage Expenses– Optimize Travel Routing– Submit Daily Reports Instantly. Roll Up
Patient Data Instantly and Daily. Eliminate Clinician Reporting Work and Errors
Contacts and Questions?
US Headquarters
12800 University Drive, Suite 250Fort Myers, FL 33907, USA
Main Tel: 239-690-3111 Main Fax: 239-690-3116
E-mail: [email protected]
Thank You!
Europe Headquarters
52 V. Velykoho Str.
Lviv 79053, Ukraine
Tel: +380-32-240-9090Fax: +380-32-240-9080
E-mail: [email protected]