Posts

swyMe takes the Stage at Partners Symposium

Andy Oram, an editor at O’Reilly media and frequent contributor to EMR & EHR, attended the Connected Health Symposium that swyMed was a part of a few weeks ago.  He’s written about the experience on the EMR & EHR blog, but we’ve added (with permission, of course) the section regarding swyMe below.

It’s encouraging to see the progress of patient engagement at Massachusetts General Hospital, as reported by Gregg Meyer of Partners Healthcare System (the funder behind the Center for Connected Health that put on the symposium). But can small and rural providers struggling with cash flow join the movement?

These institutions would be comfortable using swyMe, a HIPAA-compliant telemedicine system that allows doctors to interview patients over everyday mobile devices and perhaps avoid a trip to the hospital. swyMe can also transmit audio and video from devices that EMTs can connect up to the phone. (Not many devices with the necessary hardware connectors are on the market, though.)

swyMe was one of the “innovators” highlighted in a conference demo. Jeffrey Urdan, COO of the company that makes it, told me later that he felt “low tech” compared to some of the fancy, expensive devices at the demo. But most of the providers in the US, and elsewhere, are more on swyMe’s level than theirs.

Please follow this link to read Andy’s entire article.  We’re thankful for the efforts of those making sure the medical industry is aware of all the tools at its disposal.

Hackers and Telemedicine Security – Thoughts?

hacked

Today’s reporting (and here, here, and many other places) that Community Health Systems hospital network was hacked for personal information is alarming.  Although no credit card–and NO CARE INFORMATION–was taken, social security, birthdays, and addresses all were.  That is, everything necessary to open bank accounts, sign up for credit cards, and nearly anything else that counts as identity theft.

As potentially bad for the patients as this is, it’s equally bad for Community Health Systems.  Apparently their stock took only a brief hit (CYH), although it wouldn’t be shocking if it moves lower again assuming the news becomes more widespread and if they are sued.  This scenario is possible because although–and I would like to emphasize this yet again–NO CARE INFORMATION WAS TAKEN (medical histories, treatments, etc.) the information was still covered under HIPAA.  (They do have insurance to cover cyber liability, but even so…)

I do not know how the data was kept or encrypted.  It’s interesting…and somewhat heartening…to know that the care information was not accessed by the hackers.  However, I believe it helps us remember that no system is completely safe, and that the highest available level of security should always be used.  Currently, regarding encryption, that would be AES 256-bit encryption.  It also means use of secure one-time-use keys for communication software endpoints and conscientious use of regularly changed passwords by users.  It means keeping devices used within networks either on VPNs (vitual private networks) or, again, using 256-bit encrypted, password-secured communication over non-VPN networks (and why not do it on the VPNs anyway?).

So, now the question is: Does this security breach have any implications for telemedicine and mHealth?  My guess is that mHealth is probably at the greater risk.  I think there’s less of a general use for cybercriminals for care data than simply personal data, and that certain types of personal data, such as location data combined with the pedometer on (could indicate you’re out jogging 10 miles from your house…might be a good time to break in), make mHealth a little more nerve-wracking.  Just a guess.  There may be very creative ways to make use of mass medical histories and treatment information that just hasn’t been discovered yet.  Thoughts?