SECURING API’S FOR mHEALTH APPS IN THE CLOUD
While mobile devices vertically proliferate into every business, cybersecurity has inevitably progressed into the top-priority, especially considering network breaches this past year. As a result, security for mobile health systems has been called into question, providing multiple challenges for hospital IT systems to overcome. Using mobile devices to store, access, and transmit electronic healthcare records outpaces the privacy and security protection of these devices, leaving many healthcare organizations with the possibility of patient record exposure. Many institutions lack necessary safeguards, ensuring security of patient data when medical providers use mobile devices communicating with existing EHR infrastructure.
The National Cybersecurity Center of Excellence (NCCoE) within the National Institute of Standards and Technology (NIST) works with industry members to pinpoint aforementioned cybersecurity obstacles across a broad spectrum. The NCCoE locates problems, identifies solutions, and welcomes participation in the process from the technology vendor community. Together, vendors and the NCCoE reseach their off-the-shelf products and develop modules in the end-to-end reference designs in our labs. Through collaboration with multiple technology businesses, the NCCoE delivers results that benefit multiple sectors within the industry.
In late July, 2015, the NCCoE published “Securing Electronic Health Records on Mobile Devices”, a draft of its first cybersecurity practice guide. In summary, the guide recommends use of commercially available, open source tools and technologies consistent with cybersecurity standards. These instruments will help healthcare organizations utilizing mobile devices securely share electronic health records and begin implementing more mHealth apps.
From an application perspective, consider the architecture of your mHEalth app; use the security characteristics in the workflow diagram (shown below) and ensure secure transfer of health data records among mobile devices and your applicationS
- Wireless device security
- Wireless device data security
- Wireless device transmission security
- EHR message authentication
- EHR network security
- EHR system security
Although this is only an outline from the application perspective, it is important to remember the IT organization must supply the necessary hardware and software on the network side for full security. The NCCoE cybersecurity guide encapsulates key architecture components necessary for security to help get you started.