Medical Privacy Secured on Smartphones

R. Colin Johnson |


• Anti-cloning encryption technology is being used to secure validated medical data, which can only be accessed by an attending physician or the patient.The U.S. Health Insurance Portability and Accountability Act (HIPAA) mandated that medical data be standardized for easy exchange between institutions, but was crafted before the proliferation of smartphones and other wireless access devices. To protect standardized medical records from being hacked--while simultaneously securing confidential communications of medical advice to patients on their smartphones--is the aim of a new genre of anti-cloning encryption algorithm.
  Smartphones and tablets have given health care providers, including attending physicians, a wireless portal into medical databases. In fact, according to some industry estimates, more than 50 percent of the U.S. population will have smartphones by the end of 2011, a percentage that will grow to more than 70 percent by 2013.
  
  
  MobiSecure Health’s mobile technology supports secure data messaging such as alerts, question/response and advanced questionnaires.
  Unfortunately, most of the security measures already in place for HIPAA-compliant databases assume that access will be from computer terminals that are secured by virtue of being on-site. Today, however, physicians expect access from wireless devices. In addition, app-generation patients expect medical professionals to offer smart software that can give advice and reminders about specific directions they are supposed to be following. Both require a new generation of anti-cloning technologies to insure that HIPAA-compliant databases are not exposed by hackers gaining access through wireless devices.
  Many U.S. service providers are addressing the need to integrate wireless access into HIPAA-compliant databases, but Diversinet Corp. (Toronto) claims to have a unique approach to the mobile-health care--what it calls "MobiHealth"--that locks secure medical data to a specific mobile device. Diversinet's end-to-end MobiSecure solution--based on Open Authentication (OATH)--secures messaging, and on-the-go storage of personal health data.
  Diversinet's unique patented technology (U.S. Patent No. 8,051,297) locks data to a specific mobile device by using its serial number to generate a unique encryption key. As a result, even if medical data is cloned to another device and the hacker steals the user's password, access to the data will still be denied by decryption algorithms which combine the password with a device's serial number to derive the correct decryption passkey.
  Other solutions require that user's be online to access medical data, but Diversinet's MobiSecure solution enables both doctors and patients to store and view medical data on their smartphones--Apple, Android or BlackBerry--even when no network access is available.
  Merck--the pharmaceutical giant---recently chose Diversinet's solution as a part of a deal with MiHealth Global Systems to promote MobiSecure to Canadian doctors. Part of that effort includes the ability to prompt patients to take their medications on time and to follow other directions, which are securely loaded into the patient's smartphone and accessed with an app.