Skip to main content

mHealth and Network security

1. What are the major trends you’re noticing in healthcare mobility?

In a country like India where Doctor to patient ratio is 1:900, Doctors are a few and work is like 24/7. Patient demands low cost, timely and quality healthcare coverage. For Healthcare enterprises, Patient Data is critical to collect and manage and hence mhealth is primarily aimed at bridging the economic divide in terms of healthcare. Mobility is the key here- Many Healthcare enterprises which are spread over 10-20 establishments in India are now using VPNs as the enabling technology which allows Doctors to use standard public Internet ISPs and high-speed lines to access closed private networks. A simple use case for this is to access Virtual Patient Health records and there are other wireless technologies designed specifically for use in the provision of healthcare, like:

  1. Standard Mobile enterprise services used by health-care workers, such as remote access to e-mail and health-information systems;
  2. Mobile Applications to meet a specific need of medical workers, such as mobile prescriptions and remote diagnoses;
  3. Applications that play a direct role in the provision of care, such as mobile data collection and wireless transmission of health data; and
  4. Consumer-targeted applications to encourage health and help prevent illness.

2. What are the security concerns around these trends?

Security of patient data is important. Even if you comply with HIPAA, it doesn’t have that depth and breadth of protection which is required as health care is comprised of exceedingly complex information environments that demand comprehensive patient data security approaches especially when the data is shared across networks. For a simple use case of accessing a patient’s Virtual Electronic Patient Records with a wireless device, there are 3 main security issues to address:
1. To Authenticate & authorize from the wireless to the wired network
2. Secure Data share in transit
3. Integrity & Good Resolution in the information that is requested and visualized by the users/doctors.

3. Is there a security risk re: healthcare mobility that is overrated or underrated? What are they?

Not overrated actually. Healthcare mobility is the key. As manpower is scanty in hospitals, therefore in scenarios where large volumes of background traffic needs to be sent from automated programs talking to other automatic programs, IPsec here serves the best. End to end security is however required in several Govt Health missions where there are a lot of private partners in the value chain and secured/encrypted communication is a must. SSL enabled VPN is useful here. With SSL, a secure tunnel is established directly from the client to the resource the client is accessing. With true end-to-end security, no data is sent in the clear, either on the internal network or on the Internet. Everything from the client to the resource is securely authenticated and encrypted.

4. What are the security concerns around sensor technology, portable medical devices and wireless health applications – and how will they be mitigated?

There are several security concerns and hence before we deploy mobility we need to understand that fully automated Remote Access VPN Management is necessary. Solutions should be easy to use and efficient as well. A holistic remote access solution is required to integrate all essential technologies regarding security and communication. Hospitals and Healthcare enterprises are looking to upgrade and hence low switching costs is the major driving force coupled with greater efficiency and ease to use and deploy.

5. What role will IPsec play in mobile health security?

Two parties who wish to create an IPSec tunnel must first negotiate on a standard way to communicate. Since IPSec supports several modes of operation, both sides must first decide on the security policy and mode to use, which encryption algorithms they wish to communicate with and what type of authenticate method to use. IPSec and WPA EAP-TLS solutions are very efficient against MITM, impersonation and session hijacking attacks. Both solutions are not efficient against DoS attacks. It is possible to successfully perform DoS attacks using freely available tools. For systems where availability is essential, it is necessary to complement those solutions with more mechanisms that reduce the risk of such attack. It is thus necessary to use tools like Intrusion Detection Systems (IDS) and vulnerability scanners. Because IPSec sits at the network layer not only is all your network traffic encrypted, but all users gain access to all company resources as if they were physically resident in the office connected to that LAN. Hospitals may or may not want partners or temporary remote employees to be part of their network. The network may only need to have a small portion of its traffic secure. Hospitals may not want to encrypt everything from the remote client to the corporate network. Also scalability is a problem with IPsec. On the other side, SSL proxies enforce much stronger authentication methods than a back-end resource could ever support natively. Many Web servers today do not natively support authentication methods other than SSL.

Inference: Solutions require high degree of integrational ability and interoperability that makes it possible for Healthcare enterprises to deploy these software products in an already available IT infrastructure.

Popular posts from this blog

Royal Society of Medicine elected Dr Ruchi Dass Fellow

Popular Health Technology Author and Founder, HealthCursor Consulting Group Dr. Ruchi V Dass elected Royal Society of Medicine Honorary Fellow in the United Kingdom. (Photo courtesy of Ruchi Dass)

Joining some of the elite names among scientists and physicians, Health Technology Author and Business Icon Ruchi Dass has been elected as a fellow of The Royal Society of Medicine in the United Kingdom.

Dass is a renowned Physician and has worked with development organisation across the world driving technology driven public health initiatives. She is the Founder of the consulting group HealthCursor, and Author of several journals, including her upcoming book on “Big Data in Healthcare” with Springer.

Dr Dass wrote a book on “Innovations in Healthcare” that was unveiled by the Honourable President of India Mr. Pranab Mukherjee in 2013. Dr. Ruchi Dass was listed amongst Most Powerful and Influential leaders in IT by Information week in 2013 and also received INTEROP’s “Women leader” recogni…

The Formula of Driver and Demand- Indian Startups story

The healthcare industry is currently experiencing change at an unprecedented rate. Change is not only occurring in the technology used in diagnostics and care delivery, but this change is so fundamental that it could, and likely will, fundamentally alter the business model of the industry.
Today we have fitness bands, healthcare apps, appointment schedulers, health chats and several such means to access healthcare but one thing that all of this does not necessarily correlate with high quality of care or better outcomes. We need to understand that “Not even a Ferrari will get us to our destination without a driver.”Formula of Driver:
Driver = (Need + Incentive) where;
Incentive = (Value + Reward) Need = (Gap + Demand)
To define the best drivers, we need to first address the need. Need might not make economic or business sense but it is the best opportunity to leave an impact. No one remembers how much business a “Mughal-e-Azam” or “Usual suspects” did but everyone remembers that these were…