Recent articles in the media
Privacy is a massive issue in the healthcare industry these days. Privacy is a big issue in every facet of society. The public won’t tolerate their most intimate information falling into the wrong hands. With the rise of the Internet, the healthcare industry has had to scramble to make sure they can stay ahead of cyber attackers.
This guide is going to show you how the healthcare industry can avoid damaging privacy breaches.
Limit the Number of Staff The way healthcare used to work is that one person always saw the same doctor, unless they had to be referred to a specialist. These days a patient can see a different general practitioner every time they visit. The more people with access to data the more likely it is that certain pieces of data will be lost, misplaced, or given to the wrong people.
If only a few people have access to and are responsible for the data of one patient it naturally reduces the chances of a data breach.
Encrypt All Data on Storage Devices Most data handled in the healthcare industry is only active for a limited period. Most of the time it will sit on some form of storage device. The reason why there have been millions of data loss incidents in the healthcare industry is because this data is simply left. It’s not encrypted.
The healthcare industry needs to insist on encrypting all storage devices with the latest encryption technology. Sadly, many hospitals and clinics fail to update their encryption techniques with the times.
Create a Secure Link for Healthcare Professionals It’s amazing how many healthcare practitioners still use standard messaging apps to send information to each other. It’s also not uncommon for them to use their personal smartphones to communicate. This is a massive problem because it represents an unsecure and vulnerable connection.
A better way to go about this is to use a secure app like ShareSmart, which is effectively the WhatsApp of healthcare. It’s a secure clinical messaging and photo taking app for doctors and healthcare professionals. They would be able to share information on clinical cases with each other through encrypted channels.
Insist on Penetration Testing Penetration testing is an integral part of ensuring that your security arrangements are the strongest they could possibly be. It’s true that penetration testing can be expensive, but it’s a check that can prevent a lot of problems later. The way it works is an outsider is brought in and told to attempt to penetrate the current security arrangements in place.
They’ll be able to tell you where the vulnerabilities are. Many of these security experts were hackers themselves and have since designed to offer their skills to help others.
Make People Aware of Security Many security flaws are not caused by a total failure of a hospital’s security systems. They happen because of simple human error. Healthcare experts aren’t necessarily aware of the way that data can be lost and how systems work. The healthcare industry needs to make a conscious effort to educate healthcare professionals on security.
They need to learn about how attackers are likely to breach security systems and what they can do about it. Not everyone needs to become a security expert but they need to know the basics. For example, they should be taught to regularly change their passwords and to avoid sending confidential information over unsecured connections.
Review Your Security Policies Regularly Security is something that never ends. You will always run into new threats and there will be new solutions on the market. The healthcare industry needs to make sure that it’s constantly reviewing its security policies. That means they need to conduct an audit at least a few times per year. Without those checks, security systems become outdated.
The healthcare industry is a bigger target than most, so checks must be even more stringent than they do for other types of businesses.
Conclusion – Action is Needed Now There are literally millions of security breaches in the healthcare industry. Security experts say action is urgently needed. Until that happens patients are not going to have the confidence to submit their confidential data without worrying about it being taken by an outsider.
What do you think is the best way for the healthcare industry to change the current security crisis?
VANCOUVER, British Columbia, Oct. 3, 2016 /PRNewswire/ — With a little interdisciplinary collaboration assistance from ShareSmart, Canadian healthcare is better poised to embrace the digital era. The chat and photo-sharing app for providers is now available as a free download for iOS and Android devices.
As Rena Tabata, CEO of Think Tank Innovations, the company behind the app noted, ShareSmart is Canadian health information privacy legislation compliant and runs on NorthCloud, Canada’s most secure cloud server for healthcare.
ShareSmart hit the market 2 months ago and it’s already managed to capture more than 3,200 users, courtesy of a dozen backers who run some of Canada’s biggest financial firms, medicolegal practices, health centers and medical schools.
“Canadian health information legislation compliancy is essential when you are handling sensitive patient photos and information. What you’re using now on your smartphone likely isn’t,” Tabata noted, adding that the app allows users to take high definition photos and share them immediately with colleagues, and patients can provide their consent by finger or stylus signature.
“Consent is automatically synced with the photos. And you can track how you’ve shared the photo and when you should archive it until.”
The creators of the app were inspired to launch ShareSmart after colleagues published studies that showed how many Canadian doctors were taking clinical photos with their smartphones. Because these devices do not typically feature the level of security that is needed for handling sensitive patient information, many doctors reportedly had inadvertently breached confidentiality.
ShareSmart may only be downloaded by licensed healthcare workers. The photos that are taken by the user are not kept in the phone’s built-in storage; rather, they are kept separate and directly uploaded to the secured cloud. In the event that a user’s smartphone is lost, patient health information is not deemed ‘compromised.’
“Photos and messages can only be sent within ShareSmart to other registered users; further eliminating privacy breaches by accidentally misdirecting messages,” Tabata noted.
We are all connected. By 2020 there will be more than 50 billion smart connected devices worldwide, to collect analyze and share data. In a digital landscape where we can find answers to our every query with a few taps of a finger, we have become increasingly demanding and educated consumers – and when it comes to our healthcare we are more discerning than ever. We get second onions, we consult online medical professionals and we do our own research to ensure the best outcomes for our health and the health of our loved ones. Canadian healthcare practitioners want the same thing – excellence in patient care.
Modern Medicine, meet ShareSmart, the preferred smartphone communication app for healthcare professionals. It enables healthcare workers to securely collaborate at the point-of-care to improve outcomes on a case-by-case basis. With the help of ShareSmart, they are able to transfer confidential clinical photography and encrypted records, as well as collaborate and engage in provider-to-provider chat services. Data is protected, so users get peace of mind – and patients continue to receive top-notch care.
Canada’s hard-working and dedicated healthcare professionals are some of the finest in the world. They undergo rigorous training and education. They do their best to ensure all Canadians receive quality care. And they go above and beyond even when it comes to protecting sensitive patient information. We celebrate these healthcare practitioners and commit to helping them elevate their practice.
Canadian Healthcare Network
Mobile Privacy Still a Challenge in Healthcare (Oct. 2016)
That’s quite a list which, inadvertently, makes a reasonable point, which is that we shouldn’t expect doctors to be lawyers. We want them to be able to get on with the job—and if an application can have their backs covered, so much the better. Clinicians shouldn’t be experts on jurisdictional privacy legislation. At the same time, any technology that helps them do their jobs should be affordable and powerful. ShareSmart, for its part, has a decent price point and ample storage.
“ShareSmart has an ‘Infinite’ package that provides for 1 terabyte of photo storage capacity for $10.95 a month,” says Tabata. “The full suite of app features are provided for free. We are of the belief that the utility of a communication app increases as the community of users increases.”
That community of users is a key factor, because although any application provider in healthcare would like to see their base grow, they also want to ensure that only authorized people are participating. To do that, ShareSmart relies on a combination of individual and institutional authentication.
“Institutions can authenticate and on-board their own verified and licensed healthcare professionals via the institutional or admin web interface,” says Tabata. “Alternatively, independent users are manually authenticated. Once the process is complete, authenticated users have a check-mark beside their user profile photo, or in the user info details.”
The application is hosted by NorthCloud, which is SOCII certified, and which ensures that the data is kept in Canada and can scale as needed. Given that there are an estimated one million health professionals in Canada, the market opportunity is there. At present, ShareSmart – which has only been on the market for a few months – has more than 3,200 users.
However, residents and physicians will continue to use their own devices, which to some extent puts them outside of the big vendors’ ecosystems. BYOD (Bring Your Own Device) is a dominant trend supporting strong cumulative, year-over-year global growth of 8.13% (2016-2020). Given that the world’s healthcare mobility solutions market is estimated to approach $85 billion by 2020, with healthcare cyber security to reach $10.85 billion by 2022, it’s high time we looked to affordable and simple solutions.
One problem with the relationship between technology and policy is that large vendors can sometimes try and influence decision-making to favour their offerings. This is partly because the mobile device management market is consolidated with big players, with high opportunity costs that can act as barriers to small vendors.
Who knew so many Fellows were creating apps? We didn’t! After publishing news on Dr. Brian Rotenberg’s efforts to text patient care info securely via an app that he co-created, we heard from several other Fellows who have taken their own initiative to solve modern clinical dilemmas with mobile applications.
This month, we spoke to Rena Tabata, MSc, Justin Yeung, MD, FRCSC, Demetrios Rizis, MD, FRCSC, and Robert Jung, JD, members of the team behind ShareSmart— a texting and image-sharing app that boasts more than 3,200 users (and growing).
While Dr. Rotenberg’s PageMe app was built for efficient exchanges and intentional auto-deletion of messages after a set time, ShareSmart is distinguishable for storing information for several years on secure Canadian servers to act as a formal medical record in accordance with provincial/territorial legislation and/or regulatory authority policies.
So, how did the team get from idea to market?
Getting ShareSmart to the app store: Some critical steps Dr. Yeung, based in Calgary, Alta., and Dr. Rizis, who operates out of Montreal, are both plastic surgeons with a specialization in hand surgery. Their discipline requires a lot of before-and-after photos, visual tracking of healing, teaching using patient photos, hand-over of large volumes of patients among interdisciplinary care teams, etc.; the current process to take patient photos and collaborate via chat in real-time seemed out-of-step with the capabilities and convenience of the ubiquitous smartphone. They wanted to unburden the process and at the same time legally protect themselves.
“If we were to use current technology to safeguard ourselves against privacy issues, we would have to keep a camera in a locked room, get patients’ written consent, upload the photo to a secure server, back-up that secure server, delete the photo from the camera and put the camera back in the locked box,” Dr. Yeung explained. “ShareSmart came from us coming together and saying, ‘how do we make an app that complements our clinical flow?’”
Learnings in app development *The following commentary was provided by Dr. Justin Yeung and Dr. Demetrios Rizis.
Do your research – does something already exist that meets your needs?
“We’d have gladly just paid someone for a product, but the only ones we found were ones with servers in Australia and in the USA (which would open us up to data sovereignty considerations and third party storage unit security risks). They also lacked many of the critical features for medicine that we were looking for. We wanted something that would align with best practices in clinical photography, including a flow to obtain patient consent prior to photo-taking, the ability to collect different levels of consent and the hard-coding of consent with digital images so that the consent does not get separated from photos.” Build your multi-disciplinary team
“We made a list of the people that we thought we would need: people who are specialized in privacy law, people who know how to develop secure apps and then Rena Tabata, who knows a lot about business and health ethics. These were mainly people we knew within our networks; we picked people we thought we could work well with and who had a wide-range of skills that were complementary with one another.” Define your app’s scope (talk to people, write your wish list)
“Apps are most useful when the intended user population is engaged from the conceptualization-stage of the app. For ShareSmart, we had a big group of doctors, nurses, physiotherapists, pharmacists, dentists and oral surgeons devote many hours to describe the flow of how they currently use their cellphones and take photos: where they’re stored, who they send them to, etc. Then we worked with them to understand the deficiencies in existing technologies as they see it.” Refine, refine, refine
“We sat down for a few days and went through the first blueprint. That blueprint was over 40 pages long and it went through everything the app should and shouldn’t do. We went through 20 versions of this blueprint, which was continually reviewed by our health care professional advisors. We said ‘hey, is it going to work for nurses? Is this going to work for pharmacists? Is this going to work for doctors?’ And compromises happened to make one app that works for everybody — that took months.
In parallel to app design, and on the advice of privacy commissioners, we worked with server infrastructure security experts to build a network of servers across various provinces so that our app could work as envisioned (e.g. secure long-term data storage).” Legal considerations – does your product adhere to privacy laws?
“We had four lawyers join the conversation to say, ‘hey look, whereas that is very convenient, I’d recommend that you don’t do that because you’re going to leave yourself very unprotected.’ We built layers upon layers of security features around our app and server. Then we went through the Access to Information Act with a fine-toothed comb to make sure that we were covered from top to bottom.” Keep talking to people
“We presented at privacy and m-health conventions. Partly, to pick the brains of other people in the industry; partly, to see if there was another product out there that would enable us to revisit the possibility of adopting an existing technology.” Secure funding
“In our case, we went to friends and family to fund this because we wanted to develop the app quickly and with minimal constraints.” Build the app
“We had three groups who are leaders in app development help us with this product.” Beta-test and improve
“We had a tonne of beta-testers come back and comment that ‘we could really use this app today.’ So we decided to throw it into the market as soon as our core features were ready. We release updates bi-monthly which include refinements to existing features and introduction of new, value-added features.” Promote
“Our next step is really to keep engaging with people and different institutions to see if people who are more powerful, smarter and with more resources than us, think that this is a necessary endeavor for Canada. We have an open dialogue with stakeholders to ensure that development aligns with their goals and user feedback.”
Health care is becoming increasingly collaborative. Traditional solo practices are disappearing and being replaced with multidisciplinary teams of family doctors, specialists, nurses, dietitians and pharmacists. But how does such a team communicate effectively about you, the patient, while also seeing tens of other patients throughout the day?
Apps such as WhatsApp and iMessage are becoming the communication mode of choice between many health-care workers. According to Canadian Health Privacy Legislation however, these apps do not meet the encryption standards and data sovereignty rules needed to communicate sensitive medical information.
In most cases, pictures and messages about patients are sent in an anonymized way (for example: “Here are the key slices from the CT scan for that patient we discussed”). But in a minority of cases, accidental privacy breaches do happen, such as a reported case in which a doctor sold his iPhone on Kijiji but failed to completely erase thousands of sensitive photos from it.
Health-care workers are fined $20,000 and institutions $50,000 for each reported privacy breach. But this is only done after it’s too late and the breach has happened. It’s still largely up to physicians to decide how to best maintain patient confidentiality and what tools to use.
This is what led doctors Justin Yeung and Demetrios Rizis to launch ShareSmart.
“It was starting to get uncomfortable using iMessage and WhatsApp for clinical communication because it was unprofessional, insecure and illegal. We looked for an alternative but there wasn’t anything available, so we decided to just make it ourselves, tailoring it for Canada’s unique health-care system,” says Rizis, a Montreal plastic surgeon.
All photos taken and messages sent in ShareSmart bypass the smartphone’s public storage and are sent directly to a secure Canadian cloud facility. Encrypted content can only be sent to other registered health-care professionals. The app also comes with a few features such as photo archiving and tagging that make doctors more productive.
“When we talk to other doctors, it is very well received. Everyone is looking for an app that does just what ShareSmart does. However, we wish there was more uptake from other health-care professionals such as nurses, occupational therapists, physiotherapists, dentists and pharmacists, because that would allow for the multidisciplinary collaboration that it was designed to do,” says Yeung, who’s a plastic surgeon based in Calgary.
The team is currently working with regional authorities to adopt the app system wide. Any health professional can install and start using the app today on iOS and Android devices for free.