Security-conscious healthcare providers rue the day a doctor logs into the EMR through his or her Facebook page, or accesses patient data from a Google account on a child's laptop. And heaven forbid they use their pet's name or favorite NFL team for authentication.
But what about a clinician using a hosted telemedicine service who needs to see a patient's medical history?
The surge of third-party applications and platforms is pushing privacy and security companies to scramble to keep track of all available endpoints. Among them is TrueVault, which has rolled out a white-label identity management solution designed to allow providers to securely access multiple applications with one log-in.
[See also: Mobile security in healthcare needs a checkup]
Dubbed TrueVault Connect, the HIPAA-compliant service is designed for the Internet-of-Things environment that' sall the rage these days, says Jason Wang, the San Francisco-based company's CEO. It creates a warehouse for protected data – called the Secure Data Store – then offers an API to allow healthcare providers access from any number of locations.
"What we're seeing is a (proliferation) of open platforms and third-party tools," Wang told mHealth News. For example, a provider or payer working with a hosted telemedicine service (perhaps even after-hours and at home) might need to view a patient's health or claims history, or a home care nurse might want to pull up more information on a patient through his or her laptop or smartphone.
The service is similar to someone using Facebook to connect with Yelp or Uber, in that it allows a healthcare professional to use one secure sign-in process to access other applications or platforms.
A recent Ponemon Institute study found that security is an increasing concern in healthcare's ever-more-mobile landscape, and for good reason. Healthcare breaches have more than doubled over the past five years, according to Ponemon, with nine out of every 10 providers reporting some sort of attack in the past two years. And the average data breach now costs a provider more than $2 million.
“The healthcare industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized healthcare databases are more valuable,” Tom Kellermann, chief cybersecurity officer at Trend Micro, told Bloomberg in an article earlier this month.
Wang said app developers face a difficult environment in mapping out digital pathways for healthcare providers, and that task won't get any easier with the development of the smart home and smart car, wearable devices like smartwatches and smart glasses, and more sophisticated home health monitoring platforms. Even EHR providers are developing their own APIs and apps, he pointed out.
While health data is valuable to criminals, it's also a valuable commodity for the providers, Wang said, and they don’t want to outsource its storage or security. Companies like TrueVault are therefore designing solutions that highlight the provider's control over the data and the sign-in process to access that data.
But whether they allow a doctor to call up data while playing war games on an XBox remains to be seen.
See also:
