Low Tech Digital Data Security – A look at Sneaker Thief

November 26th, 2009

Many offices have little or no security when it come to protecting their clients and patients data. HealthNet a payer/insurance company had a breach last week of 15 million customer health data. This breach was not masterminded by some computer wiz hacking into their system but an employee utilizing a portable disk drive and leaving it on their desk unguarded long enough for some one walking by to steal it.

There are a few simple thinks that anyone can do to reduce “sneaker theft” before it happens to you.

  1. Lock up your servers in a closest or room, If you use a closest make sure it has enough HVAC to keep the computer cool.

  2. Install a good lock on the door.

  3. Consider computer locks and enclosures (see links)

  4. Restrict access, Access to servers that have patient data on them should be restricted on a “need to” basis.

  5. Keep a log of repairs and access to these servers.

  6. If laptops are used make sure that they have cable locking devices so they do not just walk off.

  7. Make sure you have a firewall installed to limit access through the Internet.

  8. Consider whole disk encryption, especially with laptops.

    1. If whole disk encryption is not an option for you consider file/folder encryption programs like Meo offer free from Apple. http://www.apple.com/downloads/macosx/networking_security/meofileencryption.html

  9. Consider remote hosting your server in a secure hosting center.

  10. Disable USB drives where they are not needed.

  11. Consider installing tracking software on all mobile devices http://www.gadgettrak.com/

  12. Write Security policies and enforce them.

    1. This can be one of the best things you can do to help secure you computers. Make your staff is aware of the Policies and consequence of a violation.

  13. Hold staff meeting on security

Cyber security tips from Office of Home Land Security

Security lock and enclosures

Remember that many thief of sensitive data is facilitated via “Sneaker Thief” Laptops, Smartphone, memory stick and servers are stolen everyday. You can help to protect your business and your patients data with a few simple steps.

Note that these tips are not to replace the utilization of a qualified computer security specialist to evaluate the security of your system. This article did not cover cyber thief via the Inter/Intranet.

Jeff Brandt

www.comsi.com

Tags: , , , ,
Posted in Android, Doctors, EHR, EMR, G1, Mobile phones, PHR, blackberry, cell phone, cellphone, health, healthcare, hit, iphone | No Comments »

Open Source PHR/PHA Platform AKA HealthDesign Common Platform

November 24th, 2009

I spent some time looking at the documentation of theProject HealthDesign Common Platform“,  a Robert Woods Johnson Foundation (RWJF) Project.  This is an interesting project to provide an Open Source platform to facilitate the building and sharing of applications for Personal Health Record systems.  As many Open Source projects they are built to help communities or companies get a step-up on projects with a common software base.  Think of these projects as Lego kits that you start with a basic design that you can add your idea and designs to produce a unique finished product.  Open Source projects are not for novices,  they demand highly skilled Java EE (Enterprise Edition) trained software engineers to build a useful product.  The other interesting point is that Open Source Projects like this one tend to follow commercial products as an alternative to the high cost.  Most HIT systems out today are based on Microsoft which doesn’t lend itself to Open Source Projects.  Most Open Source projects are UNIX based and have a large community of support.  I am supportive of RWF for stepping out of the Microsoft controlled domain to support Open Source for health care.  This effort and strategy will reduce cost in the long term.

The documentation at first glance looks very good and is extensive.  One thing that you have to remember about Open Source projects is that many times this is all of the information that you are going to get on the software other than digging into the code to understand or correct problems.  There are blogs that developers can share information, but normally no paid support.

The design is based on Java EE 5  this is a structured design that is based on a system designed by SUN Micro Systems.  The software must have an application server to support the development and runtime (make it work).  There are Open Source options (e.g., JBoss, Glassfish) and commercial paid version (e.g., IBM’s WebSphear and BEA Weblogic)  My company has had extensive experience with WebSphere, WebLogic and JBoss.  The data base is MySQL another OpenSource project.

The basic module provides WSDL (Web Services Description Language) and SOAP (Simple Object Access Protocol) XML based systems to support WebServices  which facilitates common communication via the Web with disparate system (e.g., Microsoft HealthVault).  An Authentication Service is provided to facilitate single sign-on  and access security. A Registry Service is provided to support patient processing (ad, edit, delete) and a Observation Service which is one of RWF projects ODL (Observation of Daily Living).

This project is a good step for providing a common base software structure to facilitate Open Source development for Health Care.  It will be up to Software Engineers to decide if this is right for their project.  As all Open Source projects they need  support to gain traction.  Time will tell.

For more of on Open Source for health care; amednews

Jeff Brandt

www.comsi.com


Posted in Uncategorized | No Comments »

Finally, A Smartphone for Medical Applications and the Enterprise

October 19th, 2009

Verizon, Motorola and Google along with 9 other cell phone manufactures http://www.openhandsetalliance.com/oha_members.html  and countless world carriers have teamed up to provide a Smartphone with the power to deliver useful applications for the medical, business and enterprise world,  the Verizon “Droid” Smartphone which is  based on Motorola “Sholes” phone.  The Droid’s processor is a TI Omap 3440 the same processor that powers the iPhone.  The main reasons this phone is different is that it has the hardware and software features needed to build and support multi-task enterprise software.  The phone is equipped with a 3.7-inch touch-sensitive display with a resolution of 854×480 pixels, 16 million color depth, 512mb RAM and a real keyboard . It is also equipped with a Standard mini USB and a 8GB MicroSD memory card.  Android supports both CDMA and GSM cell networks.

So, what makes this a better phone than the iPhone for medical and business?  Almost everything.  First, like the Blackberry, it has a real keyboard which most professionals  prefer.  It also has the touch screen keyboards for quick edits.  It provides a standard mini USB connector unlike the iPhone that utilizes an expensive ($19) proprietary 30 pin connector.  For medical device connections the USB is a necessary standard.  The MicroSD card provides a much needed facility to back up your application data from the phone and transfer it to another device.  The iPhone currently has no facility to get app data off of the phone except for email which is not acceptable for transferring sensitive data.  There is currently a misconception that iTunes backs up App data.  iTunes only backs up Apple apps such as iTunes and contacts.   MotionPHR our Personal Health Record iPhone product utilizes Google docs to backup it’s user medical record data.  Communication Software, Inc motionPHR is currently the only medical app on the iPhone that has a backup function.

The main difference in the Android phone is the OS,  Android was written by Google and released to Open Source.   Motorola has embraced this OS and has incorporated it into their entire line of Smartphones.  This Operating System if far superior to the iPhone OS for enterprise software mainly because it is multi-threaded (it can run more than on application at a time).  This is a must have for any mission critical application.  In contrast, the iPhone Apps are limited to small programs that perform only one function.  That is why Apple states “there is an app for everything”.  Here is a real world situation of how an iPhone and Android phone handle a simple problem.

Preamble:

Doctor is reviewing a Chart on their phone via a Chart app and an incoming call is received.

iPhone:

Once the iPhone receives the call the Chart app is stopped and the user can answer the phone.  If the doctor wants to see the chart during the call, he/she will have to hangup the call and reopen the Chart app.

Android:

When the phone rings, Android suspends the Chart app so that the call can be answered.  If the doctor want to view the chart while on the call they just switch back to the Chart app which is at the same place that they left it when the call was received.  Note, the call is still in progress.

The next advantage of Android is the OS memory management and  what software engineers call “automatic garbage collection”,  this is a very important feature that helps keep applications from crashing/stopping and having to be restarted.  If memory management is left in the hands of  the programmer, as it is in the iPhone and the programmer forgets to release unused memory (e.g., memory of a chart must be release when a chart is deleted) , the program will eventually run out of memory and quit.   Programmer memory management takes a skilled software engineer to control.  Since most of the apps in the iPhone are for entertainment this is not a huge problem, the user will just restart the app.  Mission critical apps must perform to a higher standard.

Android is a feature rich OS that provides a skilled Computer Scientist with the power to write very sophisticated mission critical enterprise software.  Where the  iPhone OS was built as an entertainment platform.  They are both great phones but with two different types of applications and audiences.  The software developing company has to make the decision which platform their application will be best suited for.  There is no “one size fits all” phone.   The customer will in-turn need to make a decision on the phone based on the software that fulfills their professional needs.

In conclusion,  Android OS built and backed by Google, Offered on Motorola phones along with many other manufactures (there are 18 Android phones to be released in 2009) on the Verizon network, the largest in the nation,  need I say more.

Jeff Brandt

www.comsi.com

www.motionPHR.com

Tags: , , , , , , , , , , ,
Posted in Android, Doctors, G1, Mobile phones, PHR, Uncategorized, cell phone, health, healthcare, hit, iphone, wireless | 1 Comment »

The Differences in Blackberry, iPhone and Android phones and their use in Medical Informatics.

September 25th, 2009

Blackberry:
It’s success is based on their integration with Microsoft Exchange. IT department have to support exchange so they support Blackberry. Other than that Blackberry has little to offer in the future of Medical Applications. My predictions is that Blackberry will be deprecated over time along with Exchange.

iPhone:
Cool way cool, it is the new Breitling watches, lots of gadgets, but for real medical application it’s Operating System (OS) is very limiting. The OS is single threaded, that is, It can do only one job at a time. If you are looking at a chart and you get a call the chart app will shut down. Apple is also a “walled garden”, a closed system. You can not even print or backup data from an App. The other issue is that there is no keyboard. Users that are moving from Blackberry see this a major block to acceptance. iPhone is also only available on one carrier, AT&T. For many users AT&T is not a acceptable choice.

Apple has the power to change but it has not been their policy in the past. The enterprise is not their forte.

Google Android:
Android is not a Phone it is an OS. This year there will be 18 phones released by different manufactures to multiple carrier. These phones will have different features such as keyboard so the user has the choice of the phone and carrier that meets their needs. This is the dark horse that has the power to be the best OS available for Medical enterprise application. The Android OS is open, that is, you can change the OS to do what is needed to perform a task. The OS is multi-threaded, i.e., the OS can perform one task at a time and you can easily switch between apps.
Today, this is the best choice for enterprise medical application. But, this to may change.

Jeff Brandt http://www.motionPHR.com for the iPhone
http://www.myMedBox.info for the Android

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Answer to what role will Mobile play in healthcare

September 19th, 2009

The availability of low-cost mobile phones and the already broad coverage of GSM networks in India is a huge opportunity to provide services that would trigger development and improve people’s lives. Today’s Newspaper (Times of India) says- “3G Hand… Read more at Dr Ruchi Dass »

Ruchi Bhatt

* This article was submitted on September 16, 2009 at 11:27 AM PDT
* By Ruchi Bhatt, Wireless Healthcare, E-health and Healthcare IT Champion

Comment (1)

1. Ruchi Bhatt

1. How Should the Evolution of Mobile Healthcare Take Form? Simple or Advanced Services Development?

2. Where does mobile play a role – Limitations and Advantages, Extent of digitalisation, and support infrastructure required ?

3. Consumer Needs, Information Gaps and Role of the Ecosystem Player in the Healthcare Value Chain?

4. Challenges and things to watch out?

5. Exploration of Services and Evaluation of New Business Models?
By Ruchi Bhatt Wireless Healthcare, E-health and Healthcare IT Champion

posted 3 days ago

—-Answer —–

Mobile will play a major role in healthcare in the very near future. Smartphones are the new PC. Cellphone outsell TV’s. They are inexpensive, and ubiquitous. The main distractor for the present is the health community itself (USA). This is a change in culture, a change in the delivery of care, this will take a while for Providers and healthcare workers to catchup with the technology and the new ways to deliver care.

The role of mobile is huge, From ODL reporting to medication reminders to monitoring body sensors. smartphone have the power to deliver JIT (Just In Time) monitoring,reporting and healthcare delivery.

Another Challenge is the phones themselves, which will have to change and they soon will. Apple’s iPhone is one of the most popular phone on today’s market but it is the most limiting OS. It is what we call a “Walled Garden”, e.g., it is very difficult to even print or get data off of the phone, there is not SIM card, no usable USB, and a single threaded machine (can only perform one duty at a time). Other phones such as Android with their Open Source OS are much more suitable for Healthcare. But this too will change, Soon you will be able to run Android OS on the iPhone or vice versa.

These changes to the delivery of healthcare will be disruptive, But the saving that can be achieved through these tools will be demonstrable. One thing I can say this is an exciting time to be in Healthcare delivery. Once we get the health records in digital form the sky is the limit.

Jeff Brandt www.motionPHR.com and www.mymedbox.com

Tags: , , ,
Posted in Uncategorized | No Comments »

PHR Comparisons, there is one for everybody

September 5th, 2009

PHR Comparisons, there is one for everybody

There is much confusion about Personal Health Record (PHR) in the market these days. I became aware of this by an analyst review of our mobile PHR (mPHR). He compared our mobile PHR with a Web App /cloud/browser based PHR. He then proceeded to give our mPHR a undeserved low rating. This is understandable if you do not know the difference in a Smartphone app mPHR and a Web App also known by the new name Cloud applications. There are numerous Cloud PHRs on the market today with different capabilities, strengths, weaknesses and cost. From a high level, it can sometimes be difficult to tell the difference between applications and their platforms. When making a selection of any tool you need to know what are the requirements and how you want to use it.

The PHRs today are divided into three groups; Mobile SmartPhone (mPHR), Cloud Apps, and other devices such as USB and smartcards i.e., credit card with memory chips. Each type of PHR serves a different purpose and provides a useful and needed service. I will speak to the strengths and weaknesses of each of them.

Web Apps/Cloud PHR:

These are browser/server based systems that need to be connected to the Internet to operate. There is no store and forward capability and if you are not connected to the Internet you have no access to your data. They provide convenience for entering and reading data and some have a simple client interface so that at least some of your critical data may be viewed on a Smartphone Web browser if an Internet connection is available. The client smartphone option is usually offered for an additional cost. Internet browsers on smartphones tend to be slow and have limited area access. Mobile PHRs normally provide fewer features than Cloud based systems, but this too will be changing as bandwidth availability grows larger and smartphones acquire more memory capabilities.

Smartphone and mPHR:

Smartphone are cellphones that are more of a computer than standard cellphones, e.g., iPhone, Android, Blackberry… Today, mPHR’s run on these smartphones. As I mentioned before Smartphones of today do not offer as much computing power, memory, or bandwidth as Cloud/WebApp systems. Inprovements in memory and computing power in smartphones is improving rapidly. Remember your first computer? Smartphone’s differentiating feature is that they are totally portable and can go literally anywhere you go. Which means that your health data is always with you when you need it. There are many areas all over the world that do not have Internet service and you will likely find dead zones within ten miles of your home. http://www.deadcellzones.com/ If you need access to your medical record in one of these areas you will need a mPHR or USB device that is not tethered to the Internet, i.e., Your health data is on your phone and with you. At a minimum important health information such as Medications and Allergies should be carried with you at all times. In most cases, when you need your health information the most, you do not have it with you and you are not sitting in front of your computer at home.

A mPHR that connects to a browser based Cloud PHR is a good option, you can manage your health at home and carry your most important data with you on your mPHR. Note that most mPHR’s do not contain as much information as Cloud PHRs because of memory constraints. Some mPHR’s, like motionPHR a product of Communication Software, Inc. also offer an ICE (In Case of Emergency). ICE is a feature that provides first responders, such as EMTs, with much needed data about your health and contacts. With the exception of the data you decide to provide with the ICE feature, a mPHR that is password protected will be of no help to first responders.

One of the drawbacks of a mPHR can be security. Most of the mPHR’s on the market today have little or no security or they just have simple password protection which does not protect your data on the phone. When selecting a mPHR make sure that the data is encrypted and password protected.

USB and SmartCards Devices

These devices are based on a USB connection to a PC. They are produced in all shapes and sizes from key fobs to credit cards with USB connectors. These devices are good alternatives to a mPHR if you do not have a Smartphone. They are cost effective, small and very portable. The major drawback that I have encountered is that doctors offices will not let you plug in a USB device into one of their computers because of the potential risk of a computer virus. My recommendation to medical facilities is to disable their USB ports for this reason. Hopefully trauma centers have computers available that can read their patient electronic devices if the need arises. I do not have any information on first responders ability to read these devices in a emergency situation.

PHR’s are fairly new concept in the Medical world and I expect a significant evolution to occur in the next few years due to the current and intense focus. Whether you have a USB device, Cloud PHR, or mPHR, having a PHR is the first step to taking charge of your health. The cost of these systems to you, the consumer, is quite low and the government has considerable interest in making them an integral part of your care. Expectations are that the PHR and your participation will improve health care outcomes and reduce your overall costs. I suggest that you try one, the investment of time and a small amount of money may save your or a family members life.

Jeff Brandt
CTO
MotionPHR a mPHR for the iPhone
MyMobileMedBox for Android

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Welcome to our new home

September 5th, 2009

Welcome All

We are in the process of moving our blog from http://mobilefutureshock.blogspot.com/  to our own hosted blog

Posted in Uncategorized | No Comments »

ChromeOS for HealthCare

July 13th, 2009

I have been reading a article on linkedin about Google and Microsoft’s jousting for the Health IT dollar. It is suggesting that ChromeOS may be the key for Google. First 99% of all EHRs, PMS and Health Financial Systems run on Microsoft. Many of these are desktop applications that use Citrix to emulate an enterprise system. ChromeOS and Google Health is all about Cloud computing. It is a bit of a step to see Google in any health business in the near future besides PHR (Personal Health Record) and they have quite a bit of catch-up to do to equal the features of MS Health Vault. But, with enough money and time you can do anything.

Many Healthcare facility HIT departments are run by desktop IT personnel and the Cloud architecture is quite a leap. In saying that, people can be trained and things do change but very slowly and at a cost. I know of one hospital in Central Oregon that is looking at implementing their third EMR because the wrong people were making the wrong decisions.

Cloud technology is not new, It has been in every major industry for a long time. It could save the healthcare industry hundreds of millions of dollars. By hosting a system you reduce your personnel overhead, maintenace, and capital equipment cost. You gain “Ecomomies of Scale” by utilizing shared resources. With a true cloud architected system, you reduce the cost of your client machines, i.e., netbooks or mobile devices instead of tablets and laptops. This is where ChromeOS comes into play and provides a considerable cost saving for the client. The Operating System is free just like Android for the Smartphones, which reduces your cost considerably. Ask your IT department for a report on MS licening for your facility if you do not believe me. Another feature is increased security. With no storage on the clients machine (netbooks, smartphones) you know longer have to worry about laptops being lost or stolen.

The potential for HIT saving with cloud technology is just starting to be realized. Think about this example. You pay for your EMR via subscription which run via Cloud, the patient data is stored in a HealthBank where the customer owns and pays for the storage, and you can access the data from anywhere because it is all in the Cloud.

Jeff

Posted in EMR, Google Market, PHR, chromeos, cloud, hit | No Comments »

PHR Comparisons, there is one for everybody

July 9th, 2009

PHR Comparisons, there is one for everybody

There is much confusion about Personal Health Record (PHR) in the market these days. I became aware of this by an analyst review of our mobile PHR (mPHR). He compared our mobile PHR with a Web App /cloud/browser based PHR. He then proceeded to give our mPHR a undeserved low rating. This is understandable if you do not know the difference in a Smartphone app mPHR and a Web App also known by the new name Cloud applications. There are numerous Cloud PHRs on the market today with different capabilities, strengths, weaknesses and cost. From a high level, it can sometimes be difficult to tell the difference between applications and their platforms. When making a selection of any tool you need to know what are the requirements and how you want to use it.

The PHRs today are divided into three groups; Mobile SmartPhone (mPHR), Cloud Apps, and other devices such as USB and smartcards i.e., credit card with memory chips. Each type of PHR serves a different purpose and provides a useful and needed service. I will speak to the strengths and weaknesses of each of them.

Web Apps/Cloud PHR:

These are browser/server based systems that need to be connected to the Internet to operate. There is no store and forward capability and if you are not connected to the Internet you have no access to your data. They provide convenience for entering and reading data and some have a simple client interface so that at least some of your critical data may be viewed on a Smartphone Web browser if an Internet connection is available. The client smartphone option is usually offered for an additional cost. Internet browsers on smartphones tend to be slow and have limited area access. Mobile PHRs normally provide fewer features than Cloud based systems, but this too will be changing as bandwidth availability grows larger and smartphones acquire more memory capabilities.

Smartphone and mPHR:

Smartphone are cellphones that are more of a computer than standard cellphones, e.g., iPhone, Android, Blackberry… Today, mPHR’s run on these smartphones. As I mentioned before Smartphones of today do not offer as much computing power, memory, or bandwidth as Cloud/WebApp systems. Inprovements in memory and computing power in smartphones is improving rapidly. Remember your first computer? Smartphone’s differentiating feature is that they are totally portable and can go literally anywhere you go. Which means that your health data is always with you when you need it. There are many areas all over the world that do not have Internet service and you will likely find dead zones within ten miles of your home. http://www.deadcellzones.com/ If you need access to your medical record in one of these areas you will need a mPHR or USB device that is not tethered to the Internet, i.e., Your health data is on your phone and with you. At a minimum important health information such as Medications and Allergies should be carried with you at all times. In most cases, when you need your health information the most, you do not have it with you and you are not sitting in front of your computer at home.

A mPHR that connects to a browser based Cloud PHR is a good option, you can manage your health at home and carry your most important data with you on your mPHR. Note that most mPHR’s do not contain as much information as Cloud PHRs because of memory constraints. Some mPHR’s, like motionPHR a product of Communication Software, Inc. also offer an ICE (In Case of Emergency). ICE is a feature that provides first responders, such as EMTs, with much needed data about your health and contacts. With the exception of the data you decide to provide with the ICE feature, a mPHR that is password protected will be of no help to first responders.

One of the drawbacks of a mPHR can be security. Most of the mPHR’s on the market today have little or no security or they just have simple password protection which does not protect your data on the phone. When selecting a mPHR make sure that the data is encrypted and password protected.

USB and SmartCards Devices

These devices are based on a USB connection to a PC. They are produced in all shapes and sizes from key fobs to credit cards with USB connectors. These devices are good alternatives to a mPHR if you do not have a Smartphone. They are cost effective, small and very portable. The major drawback that I have encountered is that doctors offices will not let you plug in a USB device into one of their computers because of the potential risk of a computer virus. My recommendation to medical facilities is to disable their USB ports for this reason. Hopefully trauma centers have computers available that can read their patient electronic devices if the need arises. I do not have any information on first responders ability to read these devices in a emergency situation.

PHR’s are fairly new concept in the Medical world and I expect a significant evolution to occur in the next few years due to the current and intense focus. Whether you have a USB device, Cloud PHR, or mPHR, having a PHR is the first step to taking charge of your health. The cost of these systems to you, the consumer, is quite low and the government has considerable interest in making them an integral part of your care. Expectations are that the PHR and your participation will improve health care outcomes and reduce your overall costs. I suggest that you try one, the investment of time and a small amount of money may save your or a family members life.

Jeff Brandt
CTO
MotionPHR a mPHR for the iPhone
MyMobileMedBox for Android

Posted in Uncategorized | No Comments »

EMR have to many buttons, what a mess

June 24th, 2009

http://mobihealthnews.com/2917/kibbe-successful-emrs-will-be-like-the-iphone-platform/comment-page-1/#comment-5771

Answer to this request for “iPhone like” EMR

What is being asked for, is a well designed system. Many EMR systems available today have been hacked together, not designed with Engineering principles. I hear these complains from both HIT and from Domain/caregivers experts. What is needed when creating any system is tried and true engineering process. Start with the domain experts, doctors, nurses, lab tech, etc. add an group of software system architects and develop the requirements. Then design a system based on requirement and build system. The domain experts and system architects also develop a test and acceptance plan that is used to determine if the system works per design. It takes both sides of the equation to build a good system, domain expertise and engineering.

This is the first generation of real EMRs. Like most new technologies the domain expert has a great idea and learns how to program a prototype (a few buttons) which evolves into a product. The products are introduced to the market, many more functions and more buttons are added until you have a mess. Second generation, the idea’s are taken to the next level, this usually comes after an influx of money. Some companies start over using standard engineering practices. Other companies keep the original system and keep hacking away. Look how long it took Microsoft to get rid of DOS. Almost all software companies face these problems from time to time. Ebay started as a small program that was written in a guy’s garage to sell his wife figurines.

The good new is that Enterprise system in HIT are relatively new and the market will wash out the bad EMR or they will redesign to meet the needs of their customers. The problem is that these systems are very expensive and it will cost us all to flesh them out. Make sure that when selecting such an important system that you have done your due diligence.

Jeff Brandt
CTO motionPHR mobile Personal Health Record for the iPhone
MyMobileMedBox for Android

Posted in Uncategorized | No Comments »

« Older Entries