Last week Dr. Farzad Mostashari, the National Coordinator for Health Information Technology at HHS, kicked off a half-day HHS event focused on privacy and security issues surrounding the use of mobile devices in healthcare. Mostashari's comments summed up the mobile health opportunity for providers while pointing out the potential problems, too.
Mostashari described mobile phones as ubiquitous, connected platforms that are always with us and that "connect to the world's knowledge". He said these platforms can have a "near infinite number of applications" that can run on the hardware.
"That is when disruptive innovation -- in the best sense of the word -- is unleashed," Mostashari said. "[It's a] ubiquitous, connected platform. A ubiquitous, connected platform," he stressed.
Mostashari noted that what is interesting about mobile technology is that unlike many of the innovations in medicine that start with the military or NASA and slowly trickle down to the consumer market, mobile technology innovations have started in the consumer market and found their way into healthcare settings.
"[This is] medicine, one of the most conservative bastions for adoption of technology -- with good reason in many cases because the stakes are literally life and death... I heard [recently that] the military was using modified video game controllers for their arial unmanned vehicles. The same thing is happening in medicine," Mostashari said. "Like it or not."
"Increasingly, mobile devices meant for a consumer technology marketplace, are so usable, so pleasurable, so ubiquitous, so connected... that they are being increasingly used in healthcare," he said. "And so we have to think about not only the possibilities but also the potential perils. Ubiquitous means you always have it with you, which means you can lose it at any time. Connected means that it's not just the data on the device that could be compromised, it's the data in the cloud that could be compromised. Platform means different applications have to be able to access the same data. Those, as we have seen and heard recently, there are vulnerabilities that could be introduced there. An application that you had no idea was accessing certain parts of your information [could be] tapping into your contacts, your locations. Each of those characteristics creates risks for privacy and security."
Because of mobile's increasing popularity among healthcare providers, ONC and HHS are looking to understand the related privacy and security issues that follow this unprecedented technology adoption trend. Mostashari noted that there is a connection to the meaningful use of electronic health records in Stage 2 meaningful use proposed rules. He also said that CMS stressed encryption as part of its proposed rule recently, too. The ONC proposed rule suggested that data kept on mobile devices should be automatically encrypted by EHR software, he said.
Mostashari described those as "small pieces of a much larger question about how can we ensure that we have done everything we can to maintain the privacy and security of health information wherever it sits."
"One of the biggest difficulties we face is around authenticiation of individuals, making sure it is the right person accessing that information," he said. "People have talked about two-factor authentication, not just something you know but something you are or something you have. If we do all have something in our hands, that too could serve as a second factor or authentication."
Watch Mostashari's talk here.