Healthcare: Enforcing HIPAA compliance using Mobile Apps!

How would patient care function today without mobile applications? 

Apps on smartphones and tablets help to promote wellness, ensure sound recovery after treatment or an operation, and remind patients to take medication or engage in other care routines.Healthcare staff use their mobile computing devices to consult the electronic health record (EHR) of a patient, download medical scan images, and check on patient progress and rehabilitation. Inside or outside a healthcare establishment, on the road, in a patient’s home, doctors, nurses, and therapists increasingly rely on their mobile devices and apps.

However, digital healthcare and apps mean digital risk. Patient medical records are highly confidential, as are associated data such as details of health insurance and credit cards. In the wrong hands, they can also be dangerous. For example, by combining various pieces of information, criminals can take over and illicitly use a person’s identity (identity theft). From there, the doors are open to attacks ranging from emptying a victim’s bank account to fraudulently obtaining tax rebates or large personal loans, all behind the smokescreen of the stolen identity.

This kind of vulnerability makes healthcare a prime target for cybercriminals. Statistics from the US Department of Health and Human Services (HSS) indicate that on average four data breaches occurred per week in the healthcare sector in 2016. Consultancy organization Forrest Research adds that attacks via apps currently account for the largest data losses and the most devastating breaches.

Consequently, high standards of data privacy and security have become legal requirements. HIPAA (Health Insurance Portability and Accountability Act) legislation lays out the duties of healthcare actors to protect personal health information (PHI) whether it is in storage or in transit. To drive the message home, the HSS Office of Civil Rights is authorized to fine offenders of these rules. Fines and settlements in 2016 for neglecting to take sufficient precautions to protect patient information amounted to more than $15 million. The dollar equivalent in terms of reputational damage to the healthcare organizations involved may have been even higher.

So, how can healthcare organizations improve protection and HIPAA compliance? Mobile apps that are created internally must be tested properly before release. Those that can be downloaded from app stores must be checked before sanctioning their use by staff or patients. Speed, however, is of the essence. Internal development cycles are often now short, as Agile and DevOps methodologies are increasingly used. In parallel, commercially available apps continue to arrive thick and fast on the market.

The answer is to use technology that tests apps thoroughly, reliably, and rapidly – and without the need for the app source code, which is unavailable for downloaded apps and third party code modules used by developers. The savings in time can be dramatic, testing taking only a few minutes instead of the two or three weeks required by conventional approaches. This is one of the features of AppInterrogator, which also offers extensive analytic capability to show not only how an app behaves, but the endpoints to which it connects, and their vulnerabilities and reputations, for even stronger HIPAA compliance.

When healthcare situations can literally be matters of life or death, technology must be dependable and safe. Whether viruses, worms or other nefarious entities are biological or digital, they must be detected and dealt with effectively and efficiently to protect the wellbeing of the people or things they seek to attack. While scientists and doctors continue to work to find new medicaments and treatments against illness and disease, the good news is that an excellent cure for app security ailments already exists