Scary news for HIPPA enforcement

http://www.latimes.com/politics/washington/la-na-essential-washington-updates-trump-budget-envisions-big-cuts-for-1489664310-htmlstory.html

2017 Counterintelligence Symposium

Found this cool event about information security and privacy.  This should provide a lot of contextual research regarding the security implications in mobile healthcare policies and standards.

https://www.blogger.com/blogger.g?blogID=8691754965303487363#editor/target=post;postID=7960673576386952553

Research Proposal II

Statement of investigation

Our research seeks to prove that new, mHealth-specific HIPAA regulations can improve the overall care experience including quality, access and reliability.

Readings on research topics

Helm, Anne Marie, and Daniel Georgatos. "Privacy and mHealth: How Mobile Health'Apps' Fit into a Privacy Framework Not Limited to HIPAA." (2014).

This research paper done by the University of California Hastings School of Law examines how the privacy problems relevant to mHealth have been and continue to be addressed. The federal health privacy statute is very central to the mHealth privacy analysis, but this article highlights the legal landscape that consists of a gaps in privacy protections, some health-sector-specifc and some not. This research paper offers privacy analysis on a wide variety of mobile health technologies while also offering commentary on what the future holds for mHealth’s privacy law protections. This paper will be critical to our examination of a need for evolving HIPPA laws to accommodate new technologies in the field of mHealth.

Luxton, David D., Robert A. Kayl, and Matthew C. Mishkind. "mHealth data security: The need for HIPAA-compliant standardization." Telemedicine and e-Health 18.4 (2012): 284-288.

This research paper deals with the new concerns for data security and integrity for medical devices and the networks that enable their use. The authors make a case for the need of standardized HIPPA regulations in compliance with electronic data security. The lack of standardized data security regulations presents a barrier to patient care and accessibility. This article will provide us with the necessary research to make a case for better medical record accessibility with the standardization of HIPPA regulations.

He, Dongjing, et al. "Security concerns in Android mHealth apps." AMIA Annual Symposium Proceedings. Vol. 2014. American Medical Informatics Association, 2014.

Many Android and iOs applications related mHealth lie outside of HIPPA regulatory protections. An increasing number of applications are handling sensitive data for both the medical professionals and the patients. This research paper focuses on a three different studies of mHealth applications in the Google play store to show the widespread use of unsecured Internet communications and third party servers in the mHealth field. This paper focuses more on what the tech companies need to do to fix their applications rather than a critique of the HIPPA laws in place. This research will give us a differing perspective on what tech companies need to do to make sure the bare minimum is met while also showing compliance gaps in current mHealth applications.

Avancha, S., Baxi, A., & Kotz, D. (2012). Privacy in mobile technology for personal healthcare. ACM Computing Surveys (CSUR), 45(1), 3.

This article examined privacy requirements for mobile healthcare technologies, the privacy framework for mHealth systems, necessary privacy properties, and supportive technologies for these systems.  Privacy-related threats within the mHealth system can be categorized into three main groups: misuse of patient identities (identity threat), unauthorized access to PHI/PHR (access threat), and unauthorized access to PII/PHI(disclosure threat).  However, authentication technologies can be used to combat some of these issues.  For example, a simple two-step username/password verification process can reduce the probability of an access or disclosure threat.  This is just an example.  There are many factors to consider when combating security issues, and this report examines them in depth.

Estrin, D., & Sim, I. (2010). Open mHealth architecture: an engine for healthcare innovation. Science, 330(6005), 759-760.

The article discusses an approach involving the integration of mobile devices and internet data, known as mHealth. mHealth applications have the potential to improve disease prevention but also lacks a proper structure. There are several potential solutions for mHealth to improve their model. Open architecture mHealth apps combined with an update mechanism can lead to advancements in clinical care research innovation.  

Silberman, M. J., & CIark, L. (2012). M-health: the union of technology and healthcare regulations. The Journal of medical practice management: MPM, 28(2), 118.

Mobile Health (mHealth) refers to the application of mobile devices for health monitoring purpose. This article examines the increasing prevalence of mHealth technologies as well as the increasing potential for government regulations. To better understand the relationship between mHealth development and government regulations, an examination of a state role versus a federal role.  

Prasad, A., & Kotz, D. (2010, August). Can I access your data? Privacy management in mHealth. In Proceedings of the USENIX Workshop on Health Security and Privacy.

Security among mHealth devices and mechanisms is a high-priority concern for mobile health application development.  An efficient framework is necessary for managing the input of data from wearable technologies.  However, there are several challenges including when to collect data, what data is appropriate for doctors versus patients, and standards for usability requirements. In order for patients to support mHealth technologies, they need to be reassured of their privacy through a user-friendly and effective interface.

Questions, interviews and surveys

To gather evidence supporting our thesis, our interviewing phase will consist of both patient feedback and provider feedback.  By examining patient feedback, we can determine specific requirements and features that need to be taken into consideration when developing solutions.  By examining provider feedback, we can gain a more thorough understanding of the potential for mHealth to improve patient monitoring.  Patient-related feedback will be gathered through focus groups and surveys that will examine how patients feel in regards to mHealth privacy and security standards.  Provider-related feedback will be gathered through the conduction of interviews with individuals who work within the industry.  Potential interviewees include a health-insurance provider, clinical nurse, data analyst and healthcare executive.  To insure an accurate collection of data, surveys will seek more specific responses while interview questions will seek more open-ended responses.

Examples survey questions for patients:

1. Rate on a scale of 1 to 10 what you think your chance of having compromised health data, with 1 being the lowest chance and 10 being the highest chance?

2. Rate on a scale of 1 to 10 how comfortable you feel with your health data being wirelessly transferred to third parties via a mobile device, with 1 being the least comfortable and 10 being the most comfortable.

3. Rate on a scale of 1 to 10, with full knowledge of mHealth’s benefits, how interested you would be in purchasing wearable technology, with 1 being the least interested and 10 being the most interested.

4. Rate on a scale of 1 to 10, how likely you would be to engage in mHealth applications if you discovered that a third-party had gain access to health data, with 1 being the least likely and 10 being the most likely.

5. Rate on a scale of 1 to 10, how important privacy and security are to you in regards to mHealth technologies, with 1 being the least important and 10 being the most important

6. Have you or anyone you know been the victim of data-hacking (i.e. identity fraud, credit card fraud, internet viruses, etc.)?

7. Do you believe that your doctor should have full discretion, restricted access, or no access to health-data obtained from wearable technologies?

8. Do you think that HIPAA and mHealth regulations should be decided on a federal level or state level?

9. Do you think current HIPAA regulations adequately maintain the security and privacy of individual medical data.

Interview questions for providers:

1. What do you believe is the most important component to address when designing and implementing standards and regulations?

2. Do you believe that standardization of HIPAA regulations will lead to improved medical record accessibility?

3. What privacy properties need to be considered when developing supportive applications?

4. Do you agree that an open architecture design is the most efficient design approach for mobile health applications?

5. Rate on a scale of 1 to 10, how important is a user-centric design for mHealth applications, with 1 being the least important and 10 being the most important.

6. Rate on a scale of 1 to 10, how important usability standards are to the success of an mHealth-based application, with 1 being the least important and 10 being the most important.

7. Do you think current HIPAA regulations adequately maintain the security and privacy of individual medical data.

Professionals and experts

Below is a list of professionals from within the industry that we hope to interview and why they can be beneficial to our research:

• Suzanne Keye: Health insurance provider with more than 20 years of experience
• Provide insight into state and federal regulations on healthcare

• Paula Rutt: a clinical nurse with more than 15 years of experience
• Provide insight regarding the real-world application of mHealth mechanisms in a clinical setting

• Eric McCune: Principal Application Systems Analyst & Developer for CESL
• Provide insight regarding effective data architectures

• Martha Brumfield: CEO & President of C-Path
• Provide insight into the modern challenges for healthcare analytics and

mHealth and HIPPA Compliance

Overview

After switching topics for the second time, we have finally settled on researching privacy in the age of mobile health. The field of mHealth includes technology ranging from a fitbit to a physicians’ medical device application. Since this technology is used by physicians and other healthcare professionals, the technology is legally required to follow all health-specific laws and regulations. The Health Insurance Portability and Accountability Act of 1996, widely known as HIPPA was signed into law by President Clinton and requires standards for processing electronic healthcare transactions as well as privacy compliance regulations. For the most part, mHealth primarily deals with whether or not an application meets HIPPA requirements. We want to research the overall effects mHealth has on HIPPA and vice versa.

Research Questions:

What are the ethical implications behind privacy regulations in HIPPA?

Can the overall health of a population be improved through standardized HIPPA requirements?

As technology rapidly evolves, will HIPPA be forced to evolve as well?