Skip to main content

mHealth and Network security


1. What are the major trends you’re noticing in healthcare mobility?

In a country like India where Doctor to patient ratio is 1:900, Doctors are a few and work is like 24/7. Patient demands low cost, timely and quality healthcare coverage. For Healthcare enterprises, Patient Data is critical to collect and manage and hence mhealth is primarily aimed at bridging the economic divide in terms of healthcare. Mobility is the key here- Many Healthcare enterprises which are spread over 10-20 establishments in India are now using VPNs as the enabling technology which allows Doctors to use standard public Internet ISPs and high-speed lines to access closed private networks. A simple use case for this is to access Virtual Patient Health records and there are other wireless technologies designed specifically for use in the provision of healthcare, like:

  1. Standard Mobile enterprise services used by health-care workers, such as remote access to e-mail and health-information systems;
  2. Mobile Applications to meet a specific need of medical workers, such as mobile prescriptions and remote diagnoses;
  3. Applications that play a direct role in the provision of care, such as mobile data collection and wireless transmission of health data; and
  4. Consumer-targeted applications to encourage health and help prevent illness.

2. What are the security concerns around these trends?

Security of patient data is important. Even if you comply with HIPAA, it doesn’t have that depth and breadth of protection which is required as health care is comprised of exceedingly complex information environments that demand comprehensive patient data security approaches especially when the data is shared across networks. For a simple use case of accessing a patient’s Virtual Electronic Patient Records with a wireless device, there are 3 main security issues to address:
1. To Authenticate & authorize from the wireless to the wired network
2. Secure Data share in transit
3. Integrity & Good Resolution in the information that is requested and visualized by the users/doctors.

3. Is there a security risk re: healthcare mobility that is overrated or underrated? What are they?

Not overrated actually. Healthcare mobility is the key. As manpower is scanty in hospitals, therefore in scenarios where large volumes of background traffic needs to be sent from automated programs talking to other automatic programs, IPsec here serves the best. End to end security is however required in several Govt Health missions where there are a lot of private partners in the value chain and secured/encrypted communication is a must. SSL enabled VPN is useful here. With SSL, a secure tunnel is established directly from the client to the resource the client is accessing. With true end-to-end security, no data is sent in the clear, either on the internal network or on the Internet. Everything from the client to the resource is securely authenticated and encrypted.


4. What are the security concerns around sensor technology, portable medical devices and wireless health applications – and how will they be mitigated?

There are several security concerns and hence before we deploy mobility we need to understand that fully automated Remote Access VPN Management is necessary. Solutions should be easy to use and efficient as well. A holistic remote access solution is required to integrate all essential technologies regarding security and communication. Hospitals and Healthcare enterprises are looking to upgrade and hence low switching costs is the major driving force coupled with greater efficiency and ease to use and deploy.

5. What role will IPsec play in mobile health security?

Two parties who wish to create an IPSec tunnel must first negotiate on a standard way to communicate. Since IPSec supports several modes of operation, both sides must first decide on the security policy and mode to use, which encryption algorithms they wish to communicate with and what type of authenticate method to use. IPSec and WPA EAP-TLS solutions are very efficient against MITM, impersonation and session hijacking attacks. Both solutions are not efficient against DoS attacks. It is possible to successfully perform DoS attacks using freely available tools. For systems where availability is essential, it is necessary to complement those solutions with more mechanisms that reduce the risk of such attack. It is thus necessary to use tools like Intrusion Detection Systems (IDS) and vulnerability scanners. Because IPSec sits at the network layer not only is all your network traffic encrypted, but all users gain access to all company resources as if they were physically resident in the office connected to that LAN. Hospitals may or may not want partners or temporary remote employees to be part of their network. The network may only need to have a small portion of its traffic secure. Hospitals may not want to encrypt everything from the remote client to the corporate network. Also scalability is a problem with IPsec. On the other side, SSL proxies enforce much stronger authentication methods than a back-end resource could ever support natively. Many Web servers today do not natively support authentication methods other than SSL.

Inference: Solutions require high degree of integrational ability and interoperability that makes it possible for Healthcare enterprises to deploy these software products in an already available IT infrastructure.

Popular posts from this blog

Healthcare On Mobiles: Featured post- mHealth fighting malnutrition

Healthcare On Mobiles: Featured post- mHealth fighting malnutrition
Malnutrition is a byword in the forested hills of the Melghat region inhabited mostly by Korku Adivasis. Every year 400-500 children between the ages of 0 and 6 die in the region, comprising Chikhaldhara and Dharni taluks, according to official figures from 2005.


The Problem: Thousands of kids die every year in the tribal area of Melghat (Maharashtra, India) due to lack of medical attention and nutritional support. Increased incidence and rapid spread of infectious diseases such as pneumonia, typhoid, and dysentery are primary cause of high child mortality. Situation worsens during monsoon when the food supplies are low and the communicable diseases are at their peak.

Melghat is also a place known for high infant mortality rate. Some reasons for the health crisis in Melghat include lack of infrastructure, under-equipped and under-staffed public health and ICDS centres, the tradition of early marriages and early mothe…

The Formula of Driver and Demand- Indian Startups story

The healthcare industry is currently experiencing change at an unprecedented rate. Change is not only occurring in the technology used in diagnostics and care delivery, but this change is so fundamental that it could, and likely will, fundamentally alter the business model of the industry.
Today we have fitness bands, healthcare apps, appointment schedulers, health chats and several such means to access healthcare but one thing that all of this does not necessarily correlate with high quality of care or better outcomes. We need to understand that “Not even a Ferrari will get us to our destination without a driver.”Formula of Driver:
Driver = (Need + Incentive) where;
Incentive = (Value + Reward) Need = (Gap + Demand)
To define the best drivers, we need to first address the need. Need might not make economic or business sense but it is the best opportunity to leave an impact. No one remembers how much business a “Mughal-e-Azam” or “Usual suspects” did but everyone remembers that these were…

Why we never noticed ZIKA?- Indian Research and Development

“Zika had 'disappeared' because it wasn’t worth worrying about and people weren’t paying attention.”

Zika virus was first identified in 1947 in a sentinel monkey that was being used to monitor for the presence of yellow fever virus in the Zika Forest of Uganda. At this time cell lines were not available for studying viruses, so serum from the febrile monkey was inoculated intra-cerebrally into mice. All the mice became sick, and the virus isolated from their brains was called Zika virus. The same virus was subsequently isolated from Aedes africanus mosquitoes in the Zika forest.

In 1950, when some serological studies were being done, it was found that we humans developed antibodies against this virus. Further studies revealed evidence of infection in other African countries, including Uganda, Tanzania, Egypt, Central African Republic, Sierra Leone, and Gabon, as well as Asia (India, Malaysia, Philippines, Thailand, Vietnam, Indonesia). The virus circulating in Brazil is an Asi…