For my first article I chose "What is mobile health technology?" It deals with mobile health
technology, or mHealth, is a rapidly developing factor in health care today, promising to make
health care better and more efficient. According to a recent survey, 83 percent of physicians in
the U.S. already use mobile health technology or mHealth to provide patient care. Mobile
health technology uses smartphones, tablets and other mobile devices to deliver health care
and preventive health services for patients. Other methods would be remote patient
monitoring, which is able to monitor patient data remotely with a device. The information is
then transferred electronically to the specific healthcare provider.
For my second article I chose "How to prevent a data breach at your business". It deals with
Data breaches and showcases how even small business owners or big business owners don’t
always know how to handle them. Security breaches are pretty costly and consume a lot of
time. Hackers still data such as email addresses, social security numbers, phone numbers,
billing information, and bank information to name a few. Conducting employee security
awareness training can help to prevent security breaches by the staff knowing what to look for.
Anything out of the ordinary would have the staff to inspect and discover if it is a breach or not
and how to handle it.
In the healthcare world mobile devices are commonly used. It can be a simple mobile device
like a smartphone, tablet, or special handheld device for point of care testing. Patients in this
society have now become accustomed to staying in contact with their healthcare providers
through patient portals, emails, and Telemedicine services. Many mobile apps are not intended
to replace desktop applications but are meant to complement them. (Ventola, 2014)
Digital healthcare services have paved the way for easier and more accessible patient
treatment. (Seh et al., 2020) Data security breaches happen more frequently in healthcare due
to the technological world of healthcare. Healthcare records are shown to be exposed by both
internal and external attacks, such as hacking, theft/loss, unauthentic internal disclosure, and
the improper disposal of sensitive data. (Seh et al., 2020) To help prevent security breaches the
IT team needs to oversee the technological tools at the healthcare organization.
Relating to this week’s discussion the one of two articles that I researched is 'How to Prevent a
Data Breach In your Company. The author goes into detail of what a modern security breach is
which is a uncontained leak of information that is traveling to an untrusted source, and the
techniques to prevent an accidental security breach. Some of these might be seen as mundane,
but in an ever growing digital world these key steps are absolutely necessary to contain patient
or critical business information. Most of the steps is to restrict employee access to critical
systems, and train employees on how to reduce errors that can lead to a security breach. Also,
the article talks about the best steps to contain the breach, and how to engage leadership if a
possible leak happens involving confidential data. What I really liked about this article is that
its written in everyday language there is no technical wording that can confuse readers, and the
authors put in easy steps for companies for their employees to get involved with programs to
lessen the security breach risk, and continue to educate employees on what are the latest risks
are for critical information, and what can be done to stop any future leaks, I consider this a
great beginner article on the subject, which can lead to more employee involvement in the
education of security breaches for their company.
The second article named ' Emerging New Era of Mobile Health Technologies talks about how
mobile health technologies are changing the way patients are served. In which, the author talks
about how mobile health technologies are being adopted in the healthcare space as mobile
sensors to test blood pressure, and other body tests. According to the article the general
adoption for these technologies has been growing at a fast pace as providers are learning to use
these technologies to make the patients more comfortable in getting care from their doctor. In
addition, this article goes though on how the technology is impacting the healthcare sphere,
and how legislation is being put into place to manage the technology in the workplace, and not
being abused for patient health. I think this is a good introduction of how technology has
changed healthcare, and what the future can hold for the field overall regarding the
implementation of such technologies.
Finally, about the posted question above regarding the scenario, I think that there was not any
kind of limitations on the improper disclosure of health information, there was not any kind of
protocol to stop the incident before information got out of the facility. I think how the patient
was compromised was when the parents neighbour decided to view the patients’ medical
information without their permission for non-work-related activities. In which that was a
violation of patient privacy, and confidentiality, and the medical coder was spreading his
information around her community made him more compromised because different parties
can see his information and what his health status is currently. The outcome for that is the
patient’s information was shared among non-recognized parties from an internal source, and
could damage the patient medical background due to exposed information. The HIM
practitioners did not practice any kind of ethics that are related to ahima, and audit trails can be
useful when viewing patient information, it can be used to track the information being viewed
by employees, and where is that information is being used in the facility overall.
Impact of mobile health and medical applications on clinical practice in gastroenterology
This article talked about the digital interventions of mobile health apps (MHAs) and medical
apps (MAs) for diagnosing and treating gastroenterology in managing chronic diseases in
patients. Despite the advantages of using MHAs and MAs, some challenges must be met,
including ethical and legal aspects, before utilizing these technologies.
Ethical considerations before using these apps are that users of health-related apps understand
how to use the app, including the positive and negative in using the apps. Ensure that users
understand the possibility of being treated by avatars or telemedical consultants. Also, medical
providers/ organizations need to consider that some users might be elderly with a lack or
limited access to modern ICT devices (smartphones) when planning digital medical solutions.
(Bork et al., 2020).
Scripps Health was attacked by hackers. Now, patients are suing for failing to protect their
health data
e e e e After a ransomware attack hit the organization, a San Diego Scripps Health patient filed a
class-action lawsuit. The hackers stole data from 150,000 patients. Scripps Health notified
147,267 patients of the breach and that the hackers acquired health and personal information.
The hospital had to take a portion of its health system offline for several weeks, causing a
disruption in care and forcing medical personnel into using paper records. One of the patients
affected, Johnny Corning, states that the breach harmed him and suffered lost time,
annoyance, interference, and inconvenience resulting from the data breach. Losing access to
the Scripps portal caused him the inability to communicate with his doctors, access test results,
and request prescription refills (Landi, 2021).
e e e e e e Educating employees on HIPAA policies and the consequence of not abiding by the rules
established by the policies can help minimize unintentional security breaches. Having a
designated team monitoring staff access ensures that their entry is limited to their role.
The first article I found is from the American Psychiatric Association (APA) and it discusses
the growing use of mobile mental health apps and how to use them ethically. Technological
advancements in healthcare have changed the way patients manage their care and when
coupled with the Covid pandemic, telehealth visits and mobile apps have become increasingly
popular. According to the article, "there are over 325,000 apps to choose from across all health
domains," which raises many questions and concerns regarding which app is the most
appropriate to use, the ethics surrounding mobile health apps, and how to effectively use these
apps in treatment, especially when providing mental health care. The APA has developed a
model for providers and patients to use to evaluate which apps would be best suited for the
patient and their needs.
The article goes on to discuss legal and ethical issues surrounding mental health apps, and the
point I found most interesting is the importance of a discussion between the provider and
patient as to how adding a mobile app to the treatment process will change the dynamics of the
traditional patient-provider relationship. The app should not be used for serious and/or
emergent correspondence and the provider needs to set boundaries so that the patient is aware
that the provider will not be always monitoring the app. It is also imperative that the provider
and patient understand that the app is to act as an aid to the overall treatment and not a
replacement in any aspect.
The second article I chose discusses some statistics of healthcare data breaches in 2021, and
ways to prevent these breaches of PHI. Cyberattacks hit a record high in 2021, affecting 45
million individuals which was up from 34 million in 2020. The article continues by listing
some potential reasons for the surge in data breaches and one that I had not heard before was
the fact that IT departments are also stretched thin due to staffing issues caused by the
pandemic. This staffing shortage could lead to issues with keeping up on routine security
measures, essentially causing an organization to "let their guard down." The author suggests
that for organizations to build up their defences they need to implement a comprehensive risk
management program and pair up with a reputable cybersecurity company to manage
incursion detection and response plans. e
The pandemic threw everyone into telehealth. During the first six months of COVID, I was
forced into remote work with a young child at home due to no daycare services, my husband
was deployed, and then our company started layoffs in October 2020. The stress brought on
my shingles, and I needed medication. My primary care physician was not performing
telehealth and wanted me to come into the office, but I was uncomfortable going near any
health facility and bringing my daughter. I was extremely practicing social distancing out of
concern for her health and safety, and I reached out to my insurance for a telehealth provider
who could assist me. According to a mHealth Intelligence article from December 2021, 52%
of providers declined telehealth due to security concerns. My primary care physician was one
of these providers. According to the article, some providers did perform telehealth services
over apps not specifically designed for medical care, such as FaceTime, Facebook Messenger,
and Zoom. With all of the "Zoom bombing" going on early in the pandemic, I would not have
felt comfortable meeting over Zoom with a health provider for medical needs. The US
Department of Health and Human Services did put out a notice of discretion for Telehealth
remote communications during the onset of COVID-19. Providers were authorized to use apps
such as Apple FaceTime, Facebook Messenger, Google Meet, and Skype even though they
thought these vendors might not be HIPAA compliant and providers did not have enough time
to enter into a formal business agreement. OCR stated penalties would not be imposed against
covered entities in good faith of the health care provider trying to serve patients during the
pandemic. HHS stated that Facebook Live, TikTok, and other public-facing apps should not
be used for telehealth services. Health providers were given a significant grace to be allowed
to provide services over popular communication applications. e
The pandemic was not enough for health care. Current world events are impacting health
services, such as the Russian invasion of Ukraine. I work for a health technology company,
and there is an increased alert for potential cyber-attacks by Russia. The White House asked
all organizations to test their cyber security, and healthcare is particularly vulnerable due to the
pandemic. My company has taken precautions and provided additional training. If we hear of
a cyber-attack in our community, it is communicated to us, especially how it happened. Was it
a phishing email or a targeted attack on an organization? Always alert for things out of the
norm and ask IT about it before clicking anything. Continued education has been the
company's approach to combating cyber-attacks.
Mobile health apps leak sensitive data through APIs, report finds
Recovering hacker” Alissa Knight calls personal health information the most valuable data on
the dark web. The Knight Ink cybersecurity researcher says, “It's 10 times more the price of a
credit card for a single PHI record.”
Knight partnered with mobile security company Approov to hack 30 mobile health apps to
highlight the threats they face through application program interfaces (APIs).
All the apps were found to be vulnerable to API attacks, and some allowed access to electronic
health records (EHRs). The 30 apps collectively expose 23 million mobile health users to
attacks.
APIs are the communication channels between a mobile app and a cloud service, physical
server, or hospital infrastructure.
It is predicted that by 2022 API attacks will no longer be infrequent but will become the most
frequent attack vector for application breaches. APIs allow mobile phones to access X-rays,
pathology reports and allergy data.
During her research, Knight hacked into the system of one hospital, changing the values of an
EHR by one digit and then was able to access the health records of the patient’s family
members and other information that a hospital’s registration desk had captured for a patient.
Knight used a hacking tool that looks like it is generating data from a mobile health app
(Horowitz, 2021).
Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2022
Phishing attacks are one of the most common security challenges that both individuals and
companies face in keeping their information secure. Whether it is getting access to passwords,
credit cards, or other sensitive information, hackers are using email, social media, phone calls,
and any form of communication they can to steal valuable data.
Phishing attacks are done via email. Phishing attacks use an email address that resembles a
legitimate email address, person, or company. The email will include a request to click a link,
change a password, send a payment, respond with sensitive information, or open a file
attachment.
There are multiple steps a company can take to protect against phishing.
Educate your employees and conduct training sessions with mock phishing scenarios.
Deploy a SPAM filter that detects viruses, blank senders, etc.
Keep all systems current with the latest security patches and updates.
Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all
equipment.
Develop a security policy that includes but isn't limited to password expiration and complexity.
Deploy a web filter to block malicious websites.
Encrypt all sensitive company information.
Convert HTML email into text only email messages or disable HTML email messages.
Require encryption for employees that are telecommuting.
(Phishing attack prevention: How to identify & avoid phishing scams in 2022 2022)
References:
Horowitz, B. (2021, February 24). Mobile health apps leak sensitive data through apis, report
finds. Fierce Healthcare. Retrieved June 2, 2022, from
https://www.fiercehealthcare.com/tech/mobile-health-apps-leak-sensitive-data-through-apis-
report-finds
Phishing attack prevention: How to identify & avoid phishing scams in 2022. Digital
Guardian. (2022, March 14). Retrieved June 2, 2022, from
https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-
scams
Office for Civil Rights. (2021, June 28). Notification of Enforcement Discretion for
Telehealth Remote Communications During the COVID-19 Nationwide Public Health
Emergency. HHS.gov. Retrieved June 2, 2022, from https://www.hhs.gov/hipaa/for-
professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-
telehealth/index.html
Pifer, R. (2022, March 18). 'On high alert': Hospitals wary of cyber threats from Russia-
Ukraine war. Healthcare Dive. Retrieved June 2, 2022, from
https://www.healthcaredive.com/news/high-alert-hospitals-wary-cybersecurity-russia-
ukraine/620576/
The United States Government. (2022, March 22). Fact sheet: Act Now to Protect Against
Potential Cyberattacks. The White House. Retrieved June 2, 2022, from
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-
now-to-protect-against-potential-cyberattacks/
Vaidya, A. (2021, November 30). 52% of Providers Say Patients Declined Telehealth Due to
Security Concerns. mHealthIntelligence. Retrieved June 2, 2022, from
https://mhealthintelligence.com/news/52-of-providers-say-patients-declined-telehealth-due-
to-security-concerns
How to use mobile mental health apps ethically. (2021). Psychiatric News, 56(01).
https://doi.org/10.1176/appi.pn.2021.1.38
Landi, H. (2022, February 1). Healthcare data breaches hit all-time high in 2021, impacting
45M people. Fierce Healthcare. Retrieved June 2, 2022, from
https://www.fiercehealthcare.com/health-tech/healthcare-data-breaches-hit-all-time-high-
2021-impacting-45m-people
Bork, U., Bottcher, M. D., Busse, T. S., Ehlers, J., Kernebeck, S., & Weitz, J. (2020, Aug 7).
Impact of mobile health and medical applications on clinical practice in gastroenterology.
doi:10.3748/wig. v26.i29.4182
Landi, H. (2021, Jun 22). Scripps Health was attacked by hackers. Now, patients are suing for
failing to protect their health data. Fierce Healthcare:
https://www.fiercehealthcare.com/tech/following-ransomware-attack-scripps-health-now-
facing-class-action-lawsuits-over-data-breach
Nead, N. (2022, April 14). Council post: How to prevent a data breach in your company.
Forbes. Retrieved June 4, 2022, from
https://www.forbes.com/sites/forbesbusinesscouncil/2021/07/30/how-to-prevent-a-data-
breach-in-your-company/?sh=edfa15a18da7
Park, Y.-T. (2016, October). Emerging new era of mobile health technologies. Healthcare
informatics research. Retrieved June 4, 2022, from
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5116535/
Ventola, C. L. (2014, May). Mobile devices and apps for Health Care Professionals: Uses and
benefits. P & T: a peer-reviewed journal for formulary management. Retrieved June 2, 2022,
from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4029126/
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Khan, R. A.
(2020, May 13). Healthcare data breaches: Insights and implications. Healthcare (Basel,
Switzerland). Retrieved June 3, 2022, from
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7349636/
"What is mobile health technology?"
https://www.athenahealth.com/knowledge-hub/healthcare-technology/what-is-mobile-health-
technology/healthcare
"How to prevent a data breach at your business"
https://www.insureon.com/blog/how-to-prevent-a-data-breach-at-your-business