SlideShare a Scribd company logo

Securing Mobile Healthcare Application

CitiusTech
CitiusTech

This document discusses securing healthcare mobile applications in compliance with HIPAA regulations. It covers topics like common mobile security threats, weaknesses in mobile apps, best practices for securing apps, and HIPAA technical, administrative and physical safeguards for mobile devices. The document is intended to introduce measures to develop secure healthcare apps that protect electronic protected health information on mobile platforms.

Healthcare
1 of 19
This document is confidential and contains proprietary information, including trade secrets of CitiusTech. Neither the document nor any of the information contained in it may be reproduced or disclosed to any unauthorized person under any circumstances without the express written permission of CitiusTech. CitiusTech Thought Leadership Securing Healthcare Mobile Apps in Compliance with HIPAA 30 September 2017 | Author: Sonal Raskar, Technical Lead Grade I, CitiusTech
2 Agenda  Securing Healthcare Mobile Apps in Compliance with HIPAA  Cyber Security and Data Breaches in healthcare  Top Mobile Security Threats  Potential Weaknesses in Mobile Applications  HIPAA – Regulatory Compliance Review  Security considerations to protect mobile devices  Security considerations to protect mobile devices  Security Best Practices for healthcare Applications  Secure HIPAA Implementation Cycle  HIPAA Regulation Safeguards for Mobile Devices  References
3 Securing Healthcare Mobile Apps in Compliance with HIPAA  Mobile health has gathered tremendous pace in the recent years. The extensive use of mobile technology in various clinical areas has changed many aspects of clinical practice. o There has been a rapid growth in development of medical software applications for mobile platforms o Many mobile applications enable healthcare providers to track prescription drugs, view patient information and manage their schedules  Mobile health has made healthcare data security and confidentiality more challenging, as sensitive protected health information is utilized by the healthcare mobile applications,  If adequate security controls are not implemented, devices become vulnerable to compromise and expose the electronic Protected healthcare Information (ePHI) stored on them  One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device  This document introduces the measures to secure healthcare applications in compliance with HIPAA
4 Cyber Security and Data Breaches in Healthcare The volume, frequency, impact and cost of data breaches in healthcare industry has been constantly high since last few years. The healthcare data breach database maintained by the Office Of Civil Rights (OCR), highlights that the top 10 healthcare data breaches for the year 2016 were the results of hacking or health IT related incident which thereby emphasize the need of better technical safeguards in healthcare industries. 79% have experienced multiple breaches over two years 45% have experienced five or more breaches in the past two years Only 4.2% breaches were “secure breaches” where encryption rendered the stolen data useless 89% 11% Data Breach over past 2 years [2015-16] Data Breach Data Secure 28% 15% 12% 12% 11% 9% 13% Data Breach by Industry Healthcare Government Retail Finance Technology Education Other 59% of the organizations don’t think their security budget is sufficient to curtail or minimize data breach 89% of the healthcare organizations experienced data breaches over past two years
5 Top Mobile Security Threats Implementing security best practices against cyber threats will provide reasonable assurance that the mobile application is secured from the cyber attacks. 28% 26% 9% 7% 4% 0% 5% 10% 15% 20% 25% 30% Cyber Attacks Employee Negligence and Malicious Insiders Mobile Applications Insecurity of IoT Devices DDoS attacks on Network Top Security Threats in Healthcare Criminal attacks are the main cause of data breaches. 50% of healthcare organizations report the root cause of the breach was a criminal attack. Top Cyber Attack Concerns in Healthcare Denial of Service [48%] Ransomware [44%] Malware [41%] Phishing [32%] Rogue Software [11%] Password Attacks [8%]
6 Potential Weaknesses in Mobile Applications Data Flow Can you establish an audit trail for data? Is data in transit protected? Who has access to it? Data Storage How is data stored on the device? Is it encrypted? Cloud solutions can be a weak link for data security. Data Leakage Is data leaking to log files, or out through notifications? Authentication When and where are users challenged to authenticate? How are users authorized? Is it possible to track password and IDs in the system? Server-Side Controls Are there server side validations present on the input fields? Are all potential client-side routes into the application being validated? Session Management Is the user session being invalidated after idle timeout and after user logout, to prevent unauthorized access to the application? There are many potential weak spots in mobile apps. Understanding them can help developers to build a robust app and protect the user data
7 HIPAA – Regulatory Compliance Review (1/2)  HIPAA Security Rule sets US National Standards to ensure protection of ePHI that is created, modified or maintained by the covered entities  Required specifications are mandatory, whereas the addressable specifications can be skipped if not relevant to the organization, after stating and documenting a valid reason  The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures are put in place to protect ePHI  The Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI  The Technical Safeguards focus on the technology that protects PHI and controls access to it HIPAA REGULATION
8 HIPAA – Regulatory Compliance Review (2/2) •Administrative Safeguards •Physical Safeguards •Technical Safeguards •Organizational Requirements •Uses and Disclosures §164.508, §164.510, and §164.512 • Password Security • Account Lockout Policy Authentication Security • System Administrator identity • Device Login Procedures • Auto Log offs Identity Access Management • Access Control Lists • Emergency Access Control Access Control • Encryption of Data at Rest • Encryption of Data in Transit Encryption • Audit Logs and Retention • Remote Access Logs • Log Review Process Audit Controls §164.314 and §164.316 § 164.312 §164.310 §164.308
9 Security Considerations to Protect Mobile Devices (1/2) User authentication Authentication is the process of verifying the identity of a user, process, or device. Mobile devices can be configured to require passwords, personal identification number, or passcodes to gain access to it. Install and enable encryption Encryption protects health information stored on and sent by mobile devices. Data encryption keys should be updated periodically and they should be stored separately from the data. Install remote wiping Remote wiping enables deletion of data on a mobile device remotely. If the remote wipe feature is enabled, data stored on a lost or stolen mobile device can be permanently deleted. Disable file sharing applications File sharing is a software or a system that allows users to connect to each other and trade computer files. But file sharing can also enable unauthorized users to access the mobile without user knowledge.
10 Security Considerations to Protect Mobile Devices (2/2) Install and enable security software Security software can be installed to protect against malicious applications, viruses, spyware, and malware- based attacks. Keep your security software up to date Regular update of security software, prevent unauthorized access to health information on or through the mobile device. Protect data in transit over public Wi-Fi Public Wi-Fi networks allows unauthorized users to intercept information. Protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless over secure, encrypted connections. Delete all stored health information before discarding or reusing the mobile device Use software tools that thoroughly delete (or wipe) data stored on a mobile device before discarding or reusing the device, to protect and secure health information from unauthorized access.
11 Security Best Practices for Healthcare Applications (1/4) Implementing software development best practices can help mitigate most of the common vulnerabilities in the application and reduce the implementation cost of fixing the issues that would come up after the application is developed. Some of these best practices derived from OWASP Mobile Top 10 are broadly categorized as: Category Implementation Best Practices Session Management Session management is the technique used by developers to make the stateless HTTP protocol support session as state.  Implement an idle or inactivity timeout preferably after 15-20 minutes of inactivity on all sessions  Enforce session timeout management and expiration at server-side  Immediately invalidate session on logout. In addition, discard/terminate the session token on server side once logged out of the session  Generate random and complex session IDs/ Auth tokens. Session IDs must not be related to any personal information of the user or device (like the device ID)  Send session IDs over secure channels (for example HTTPS), to prevent adversary from hijacking the session
12 Category Implementation Best Practices Data at Rest Data at Rest generally refers to data stored in persistent storage. Mobile devices are often subject to specific security protocols to protect Data at Rest from unauthorized access when lost or stolen.  Avoid storing sensitive data on device, and if stored, always encrypt the data using strong encryption algorithms which are FIPS 140-2 compliant - such as AES, RSA and SHA-256  Use strong encryption so that if access controls such as usernames and passwords fail, encrypted data is not compromised  Periodically update data encryption keys and store them separately from the data  Remove unnecessary application and system documentation that can reveal sensitive information to attackers Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  SSL Certificate Pinning: Certificate pinning means keeping a keystore (Certificate extract) on the mobile device. This keystore is generated out of the SSL certificate hosted on the server. By using this technique, the app can guarantee that it is getting connected to the correct server. One disadvantage is that if the certificate on server changes, you need to update the keystore in mobile app accordingly  Implement network security solutions like firewalls and network access control to secure the networks used to transmit data against malware attacks or intrusions  Enable user prompting, blocking, or automatic encryption for sensitive data in transit  Maintain cached data only for a session Security Best Practices for Healthcare Applications (2/4)
13 Category Implementation Best Practices Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  Use server authentication as an anti-spoofing measure. Although server authentication is optional in the SSL/TLS protocols, it is always recommended to be implemented. Otherwise, an attacker might spoof the server, affecting the users and damaging organization’s reputation in the process  Never send passwords over a network connection in clear text form.  Prevent the interception of highly sensitive values (e.g., login IDs, passwords, PINs, account numbers, etc.) via a compromised SSL/TLS connection, with additional encryption (e.g., VPN) in transit  Use the set-cookies headers like Secure and HTTPOnly settings. Setting the HTTPOnly flag on a cookie prevents attacks such as cross-site scripting (XSS), because the cookie cannot be accessed via the client side scripts  Do not use loopback when using sensitive data. Use proper cache-control headers to ensure data is not cached when requesting resources Code Obfuscation Mobile applications contain compiled code which, when extracted and decompiled can enable the attacker to read the complete source code  Obfuscation is the strategy to make code harder to understand or read, generally for privacy or security purposes  Use obfuscator tools or online libraries to convert straight forward code to an imperceptible format, so that an attacker wouldn't be able to understand the logic behind the code. For example, variable names would be renamed from patientNameString to shsggehehheh Security Best Practices for Healthcare Applications (3/4)
14 Category Implementation Best Practices Audit Logs Audit logs provide documentary evidence of the events that affect the application at any specific time or event. It is necessary for an application to maintain logs to trace back to an event in case of an incident or error  Document the IP addresses, timestamp and information of crucial events of the application and other information depending on the business requirement in the Audit logs  Maintain the Audit logs locally in the device memory and periodically sync with the Log server  Audit logs contain sensitive information as compared to other generic Transaction logs, therefore implement proper authorization checks before providing access to these logs Hard Coded Sensitive Information Developers often leave sensitive information such as security tokens or encryption keys or proprietary algorithms, hardcoded in the application code  Do not store passwords, connection strings or other sensitive information in clear text or in any non-cryptographically secure manner on the client side. This includes embedding in insecure formats like ms-viewstate, Adobe Flash or compiled code  Always remember to use encryption and never save passwords or SSN directly in app or server. It should be encrypted with hashes and should not be recognized by anyone unless it is in the decrypted format  Remove comments in user accessible production code that may reveal backend system or other sensitive information Security Best Practices for Healthcare Applications (4/4)
15 Secure HIPAA Implementation Cycle PHASE 1  Identify entry points of the PHI information  Identify locations of ePHI information storage  Identify ePHI in transit PHASE 2  Identify vulnerabilities in components, design, implementation using security testing  Identify threats  Identify risks (vulnerabilities + threats) and rate the impact PHASE 3  Review the systems and applications based on HIPAA technical and administrative safeguards  Identify non-compliance based on Risk Assessment report and HIPAA review PHASE 4  Identify appropriate controls to mitigate top risks  Implement the security measures to reduce or eliminate the risk  Mitigate high and medium risks PHASE 5  Test the controls implemented to mitigate risks  Document the process of HIPAA risk analysis  Repeat the process annually  Conduct mobile device privacy and security awareness and training for providers and professionals Risk Assessment / Threat Analysis HIPAA Compliance Review Implement Controls Test, Train and Repeat Define Scope [PHI Data Flow]
16 HIPAA Regulation Safeguards for Mobile Devices (1/2) Implementation Specification and Requirement for Administrative and Physical Safeguards Administrative Safe Guards: Information Access Management - 164.308(a)  Access Authorization 164.308(a)(4) : Implement policies and procedures for granting access to ePHI, for workstations, transactions, programs, processes, or other mechanisms  Protection from Malicious Software 164.308(a)(5): Implement procedures for guarding against, detecting, and reporting malicious software  Log-in Monitoring 164.308(a)(5): Implement procedures for monitoring and reporting log-in attempts and discrepancies  Password Management 164.308(a)(5)(ii)(D): Implement procedures for creating, changing, and safeguarding appropriate passwords  Data Backup Plan 164.308(a)(7): Establish and (implement as needed) procedures to create and maintain retrievable, exact copies of ePHI during unexpected negative events Physical Safeguards HIPAA Regulation: 164.310  Media Disposal and Disposition or Reuse 164.310(d)(2)(i),(ii) : The practice has policies and procedures for removing ePHI from hardware or electronic media on which it is stored prior to disposal or re-use
17 HIPAA Regulation Safeguards for Mobile Devices (2/2) Implementation Specification and Requirement for Technical Safeguards Technical Safeguards: HIPAA Regulation: 164.312  Unique User Identification 164.312(a)(2)(i): Assign a unique name and/or number for identifying and tracking user identity  Automatic Logoff 164.312(a)(2)(iii): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity  Encryption and Decryption 164.312(a)(2)(iv) & Encryption 164.312(e)(2)(ii) : Implement an appropriate mechanism to encrypt and decrypt ePHI  Audit Controls 164.312(b): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Confidentiality 164.312(c)(1): Web-based email account such as (but not limited to) yahoo and hotmail are not allowed to be used for transmitting any type of ePHI  Mechanism to Authenticate Electronic PHI 164.312(c)(2): Implement electronic mechanisms to corroborate that ePHI not been altered or destroyed in an unauthorized manner  Person or Entity Authentication 164.312(d): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Integrity Controls 164.312(e)(2)(i): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of
18  http://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/  https://www.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health- information-when-using-mobile-device  https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage- mobile-devices-used-health-care-pro  http://www.aapcps.com/services/documents/compliance-checklist-hipaa-security-and-hitech- sample.pdf  https://www.owasp.org/  https://www.sans.org/  http://www.hipaasurvivalguide.com/hipaa-regulations/part-164.php  https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html  http://blog.securitymetrics.com/  https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in- healthcare.html  https://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of- healthcare-data-1 References
19 Thank You Authors: Sonal Raskar Technical Lead Grade I thoughtleaders@citiustech.com About CitiusTech 2,700+ Healthcare IT professionals worldwide 1,200+ Healthcare software engineers 700+ HL7 certified professionals 30%+ CAGR over last 5 years 80+ Healthcare customers  Healthcare technology companies  Hospitals, IDNs & medical groups  Payers and health plans  ACO, MCO, HIE, HIX, NHIN and RHIO  Pharma & Life Sciences companies

Recommended

Kanta services for healthcare: Prescription service and Patient Data Repository
Kanta services for healthcare: Prescription service and Patient Data RepositoryKanta services for healthcare: Prescription service and Patient Data Repository
Kanta services for healthcare: Prescription service and Patient Data RepositoryTHL
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Blueplanet Inventory & Federation - Alvaro Osle, blueplanet
Blueplanet Inventory & Federation - Alvaro Osle, blueplanetBlueplanet Inventory & Federation - Alvaro Osle, blueplanet
Blueplanet Inventory & Federation - Alvaro Osle, blueplanetNeo4j
 
National Kanta Services Support Clinical Work in Finland
National Kanta Services Support Clinical Work in FinlandNational Kanta Services Support Clinical Work in Finland
National Kanta Services Support Clinical Work in FinlandTHL
 
Chapter 2 - Computer Networking a top-down Approach 7th
Chapter 2 - Computer Networking a top-down Approach 7thChapter 2 - Computer Networking a top-down Approach 7th
Chapter 2 - Computer Networking a top-down Approach 7thAndy Juan Sarango Veliz
 
Wireless Sensor Networks UNIT-1
Wireless Sensor Networks UNIT-1Wireless Sensor Networks UNIT-1
Wireless Sensor Networks UNIT-1Easy n Inspire L
 
Enterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperEnterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperBart de Witte
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 

Recommended

Kanta services for healthcare: Prescription service and Patient Data Repository
Kanta services for healthcare: Prescription service and Patient Data RepositoryKanta services for healthcare: Prescription service and Patient Data Repository
Kanta services for healthcare: Prescription service and Patient Data RepositoryTHL
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Blueplanet Inventory & Federation - Alvaro Osle, blueplanet
Blueplanet Inventory & Federation - Alvaro Osle, blueplanetBlueplanet Inventory & Federation - Alvaro Osle, blueplanet
Blueplanet Inventory & Federation - Alvaro Osle, blueplanetNeo4j
 
National Kanta Services Support Clinical Work in Finland
National Kanta Services Support Clinical Work in FinlandNational Kanta Services Support Clinical Work in Finland
National Kanta Services Support Clinical Work in FinlandTHL
 
Chapter 2 - Computer Networking a top-down Approach 7th
Chapter 2 - Computer Networking a top-down Approach 7thChapter 2 - Computer Networking a top-down Approach 7th
Chapter 2 - Computer Networking a top-down Approach 7thAndy Juan Sarango Veliz
 
Wireless Sensor Networks UNIT-1
Wireless Sensor Networks UNIT-1Wireless Sensor Networks UNIT-1
Wireless Sensor Networks UNIT-1Easy n Inspire L
 
Enterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperEnterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperBart de Witte
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 
IT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIIT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIpkaviya
 
wireless sensor network my seminar ppt
wireless sensor network my seminar pptwireless sensor network my seminar ppt
wireless sensor network my seminar pptEisha Madhwal
 
Remote patient monitoring in home health
Remote patient monitoring in home healthRemote patient monitoring in home health
Remote patient monitoring in home healthSamantha Haas
 
G7 patient record system
G7 patient record systemG7 patient record system
G7 patient record systemGaith Rammaha (OCA ,OCP)
 
6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRFDr Sandeep Kumar Poonia
 
Wireless Body Area Network (WBAN)
Wireless Body Area Network (WBAN)Wireless Body Area Network (WBAN)
Wireless Body Area Network (WBAN)Sheik MD. Arifunnabi
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01mrmr2010i
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemRam Krishna Shukla
 
MOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMSMOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMSPallepati Vasavi
 
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14mihinpr
 
Gsm radio-interface
Gsm radio-interfaceGsm radio-interface
Gsm radio-interfaceMustaf Mohamed
 
Unit 1 - mobile computing introduction
Unit 1 - mobile computing introductionUnit 1 - mobile computing introduction
Unit 1 - mobile computing introductionVintesh Patel
 
5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring System5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring SystemSmart Medical Buyer
 
HIE technical infrastructure
HIE technical infrastructureHIE technical infrastructure
HIE technical infrastructureAbdul-Malik Shakir
 
ZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsSysMech
 
4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband Overview4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband OverviewSigit Priyanggoro
 
Multicast address
Multicast addressMulticast address
Multicast addressEdgardo Scrimaglia
 
Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care Anthony Fanning
 
Hostpital management system(srs)
Hostpital management system(srs)Hostpital management system(srs)
Hostpital management system(srs)maamir farooq
 
Dr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient MonitoringDr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient MonitoringSamantha Haas
 
building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfPixelQA
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 

More Related Content

What's hot

IT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIIT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIpkaviya
 
wireless sensor network my seminar ppt
wireless sensor network my seminar pptwireless sensor network my seminar ppt
wireless sensor network my seminar pptEisha Madhwal
 
Remote patient monitoring in home health
Remote patient monitoring in home healthRemote patient monitoring in home health
Remote patient monitoring in home healthSamantha Haas
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01mrmr2010i
 
MOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMSMOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMSPallepati Vasavi
 
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14mihinpr
 
Unit 1 - mobile computing introduction
Unit 1 - mobile computing introductionUnit 1 - mobile computing introduction
Unit 1 - mobile computing introductionVintesh Patel
 
5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring System5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring SystemSmart Medical Buyer
 
ZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsSysMech
 
4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband Overview4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband OverviewSigit Priyanggoro
 
Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care Anthony Fanning
 
Hostpital management system(srs)
Hostpital management system(srs)Hostpital management system(srs)
Hostpital management system(srs)maamir farooq
 
Dr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient MonitoringDr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient MonitoringSamantha Haas
 

What's hot (20)

IT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit IIIT6601 Mobile Computing Unit II
IT6601 Mobile Computing Unit II
 
wireless sensor network my seminar ppt
wireless sensor network my seminar pptwireless sensor network my seminar ppt
wireless sensor network my seminar ppt
 
Remote patient monitoring in home health
Remote patient monitoring in home healthRemote patient monitoring in home health
Remote patient monitoring in home health
 
G7 patient record system
G7 patient record systemG7 patient record system
G7 patient record system
 
6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF
 
Wireless Body Area Network (WBAN)
Wireless Body Area Network (WBAN)Wireless Body Area Network (WBAN)
Wireless Body Area Network (WBAN)
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 
MOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMSMOBILE COMPUTING MANETS,ROUTING ALGORITHMS
MOBILE COMPUTING MANETS,ROUTING ALGORITHMS
 
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
MiHIN Overview - Health Information Exchange Meet and Greet v7 10 22-14
 
Gsm radio-interface
Gsm radio-interfaceGsm radio-interface
Gsm radio-interface
 
Unit 1 - mobile computing introduction
Unit 1 - mobile computing introductionUnit 1 - mobile computing introduction
Unit 1 - mobile computing introduction
 
5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring System5 Reasons to go for Remote Patient Monitoring System
5 Reasons to go for Remote Patient Monitoring System
 
HIE technical infrastructure
HIE technical infrastructureHIE technical infrastructure
HIE technical infrastructure
 
ZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for TelecomsZenPM Big Data Analytics for Telecoms
ZenPM Big Data Analytics for Telecoms
 
4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband Overview4G LTE Mobile Broadband Overview
4G LTE Mobile Broadband Overview
 
Multicast address
Multicast addressMulticast address
Multicast address
 
Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care Remote Patient Monitoring (RPM) - Enabling New Models of Care
Remote Patient Monitoring (RPM) - Enabling New Models of Care
 
Hostpital management system(srs)
Hostpital management system(srs)Hostpital management system(srs)
Hostpital management system(srs)
 
Dr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient MonitoringDr. Kristi Henderson - Remote Patient Monitoring
Dr. Kristi Henderson - Remote Patient Monitoring
 

Similar to Securing Mobile Healthcare Application

building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfPixelQA
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxMyAppGurus
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2sharing notes123
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 
Implementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control PlanImplementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control PlanAngie Willis
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfLarisaAlbanians
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfasiyahanif9977
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 

Similar to Securing Mobile Healthcare Application (20)

building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 
Implementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control PlanImplementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control Plan
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Data security
Data securityData security
Data security
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 

More from CitiusTech

Member Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health PlansMember Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health PlansCitiusTech
 
Evolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in HealthcareEvolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in HealthcareCitiusTech
 
Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations CitiusTech
 
Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)CitiusTech
 
CMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An AnalysisCMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An AnalysisCitiusTech
 
Accelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOpsAccelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOpsCitiusTech
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life SciencesCitiusTech
 
Leveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk PatientsLeveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk PatientsCitiusTech
 
FHIR Adoption Framework for Payers
FHIR Adoption Framework for PayersFHIR Adoption Framework for Payers
FHIR Adoption Framework for PayersCitiusTech
 
Payer-Provider Engagement
Payer-Provider Engagement Payer-Provider Engagement
Payer-Provider Engagement CitiusTech
 
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021CitiusTech
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingCitiusTech
 
Progressive Web Apps in Healthcare
Progressive Web Apps in HealthcareProgressive Web Apps in Healthcare
Progressive Web Apps in HealthcareCitiusTech
 
RPA in Healthcare
RPA in HealthcareRPA in Healthcare
RPA in HealthcareCitiusTech
 
6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLPCitiusTech
 
Opioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and FutureOpioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and FutureCitiusTech
 
Rising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes ResearchRising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes ResearchCitiusTech
 
ICD 11: Impact on Payer Market
ICD 11: Impact on Payer MarketICD 11: Impact on Payer Market
ICD 11: Impact on Payer MarketCitiusTech
 
Testing Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on HadoopTesting Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on HadoopCitiusTech
 
Driving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data AnalyticsDriving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data AnalyticsCitiusTech
 

More from CitiusTech (20)

Member Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health PlansMember Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health Plans
 
Evolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in HealthcareEvolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in Healthcare
 
Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations
 
Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)
 
CMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An AnalysisCMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An Analysis
 
Accelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOpsAccelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOps
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life Sciences
 
Leveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk PatientsLeveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk Patients
 
FHIR Adoption Framework for Payers
FHIR Adoption Framework for PayersFHIR Adoption Framework for Payers
FHIR Adoption Framework for Payers
 
Payer-Provider Engagement
Payer-Provider Engagement Payer-Provider Engagement
Payer-Provider Engagement
 
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation Testing
 
Progressive Web Apps in Healthcare
Progressive Web Apps in HealthcareProgressive Web Apps in Healthcare
Progressive Web Apps in Healthcare
 
RPA in Healthcare
RPA in HealthcareRPA in Healthcare
RPA in Healthcare
 
6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP
 
Opioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and FutureOpioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and Future
 
Rising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes ResearchRising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes Research
 
ICD 11: Impact on Payer Market
ICD 11: Impact on Payer MarketICD 11: Impact on Payer Market
ICD 11: Impact on Payer Market
 
Testing Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on HadoopTesting Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on Hadoop
 
Driving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data AnalyticsDriving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data Analytics
 

Recently uploaded

hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...delhimodelshub1
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Modelsindiancallgirl4rent
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591adityaroy0215
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Call Girls Noida
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxAyush Gupta
 
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service HyderabadCall Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...Vip call girls In Chandigarh
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...High Profile Call Girls Chandigarh Aarushi
 
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Call Girls Service Chandigarh Ayushi
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girls Service Gurgaon
 
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in LucknowRussian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknowgragteena
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Russian Call Girls Amritsar
 

Recently uploaded (20)

hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
 
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptx
 
#9711199012# African Student Escorts in Delhi 😘 Call Girls Delhi
#9711199012# African Student Escorts in Delhi 😘 Call Girls Delhi#9711199012# African Student Escorts in Delhi 😘 Call Girls Delhi
#9711199012# African Student Escorts in Delhi 😘 Call Girls Delhi
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service HyderabadCall Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
 
College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
 
Russian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your bookingRussian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your booking
 
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
 
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
 
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
 
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in LucknowRussian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
Russian Escorts Aishbagh Road * 9548273370 Naughty Call Girls Service in Lucknow
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
 

Securing Mobile Healthcare Application

  • 1. This document is confidential and contains proprietary information, including trade secrets of CitiusTech. Neither the document nor any of the information contained in it may be reproduced or disclosed to any unauthorized person under any circumstances without the express written permission of CitiusTech. CitiusTech Thought Leadership Securing Healthcare Mobile Apps in Compliance with HIPAA 30 September 2017 | Author: Sonal Raskar, Technical Lead Grade I, CitiusTech
  • 2. 2 Agenda  Securing Healthcare Mobile Apps in Compliance with HIPAA  Cyber Security and Data Breaches in healthcare  Top Mobile Security Threats  Potential Weaknesses in Mobile Applications  HIPAA – Regulatory Compliance Review  Security considerations to protect mobile devices  Security considerations to protect mobile devices  Security Best Practices for healthcare Applications  Secure HIPAA Implementation Cycle  HIPAA Regulation Safeguards for Mobile Devices  References
  • 3. 3 Securing Healthcare Mobile Apps in Compliance with HIPAA  Mobile health has gathered tremendous pace in the recent years. The extensive use of mobile technology in various clinical areas has changed many aspects of clinical practice. o There has been a rapid growth in development of medical software applications for mobile platforms o Many mobile applications enable healthcare providers to track prescription drugs, view patient information and manage their schedules  Mobile health has made healthcare data security and confidentiality more challenging, as sensitive protected health information is utilized by the healthcare mobile applications,  If adequate security controls are not implemented, devices become vulnerable to compromise and expose the electronic Protected healthcare Information (ePHI) stored on them  One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device  This document introduces the measures to secure healthcare applications in compliance with HIPAA
  • 4. 4 Cyber Security and Data Breaches in Healthcare The volume, frequency, impact and cost of data breaches in healthcare industry has been constantly high since last few years. The healthcare data breach database maintained by the Office Of Civil Rights (OCR), highlights that the top 10 healthcare data breaches for the year 2016 were the results of hacking or health IT related incident which thereby emphasize the need of better technical safeguards in healthcare industries. 79% have experienced multiple breaches over two years 45% have experienced five or more breaches in the past two years Only 4.2% breaches were “secure breaches” where encryption rendered the stolen data useless 89% 11% Data Breach over past 2 years [2015-16] Data Breach Data Secure 28% 15% 12% 12% 11% 9% 13% Data Breach by Industry Healthcare Government Retail Finance Technology Education Other 59% of the organizations don’t think their security budget is sufficient to curtail or minimize data breach 89% of the healthcare organizations experienced data breaches over past two years
  • 5. 5 Top Mobile Security Threats Implementing security best practices against cyber threats will provide reasonable assurance that the mobile application is secured from the cyber attacks. 28% 26% 9% 7% 4% 0% 5% 10% 15% 20% 25% 30% Cyber Attacks Employee Negligence and Malicious Insiders Mobile Applications Insecurity of IoT Devices DDoS attacks on Network Top Security Threats in Healthcare Criminal attacks are the main cause of data breaches. 50% of healthcare organizations report the root cause of the breach was a criminal attack. Top Cyber Attack Concerns in Healthcare Denial of Service [48%] Ransomware [44%] Malware [41%] Phishing [32%] Rogue Software [11%] Password Attacks [8%]
  • 6. 6 Potential Weaknesses in Mobile Applications Data Flow Can you establish an audit trail for data? Is data in transit protected? Who has access to it? Data Storage How is data stored on the device? Is it encrypted? Cloud solutions can be a weak link for data security. Data Leakage Is data leaking to log files, or out through notifications? Authentication When and where are users challenged to authenticate? How are users authorized? Is it possible to track password and IDs in the system? Server-Side Controls Are there server side validations present on the input fields? Are all potential client-side routes into the application being validated? Session Management Is the user session being invalidated after idle timeout and after user logout, to prevent unauthorized access to the application? There are many potential weak spots in mobile apps. Understanding them can help developers to build a robust app and protect the user data
  • 7. 7 HIPAA – Regulatory Compliance Review (1/2)  HIPAA Security Rule sets US National Standards to ensure protection of ePHI that is created, modified or maintained by the covered entities  Required specifications are mandatory, whereas the addressable specifications can be skipped if not relevant to the organization, after stating and documenting a valid reason  The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures are put in place to protect ePHI  The Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI  The Technical Safeguards focus on the technology that protects PHI and controls access to it HIPAA REGULATION
  • 8. 8 HIPAA – Regulatory Compliance Review (2/2) •Administrative Safeguards •Physical Safeguards •Technical Safeguards •Organizational Requirements •Uses and Disclosures §164.508, §164.510, and §164.512 • Password Security • Account Lockout Policy Authentication Security • System Administrator identity • Device Login Procedures • Auto Log offs Identity Access Management • Access Control Lists • Emergency Access Control Access Control • Encryption of Data at Rest • Encryption of Data in Transit Encryption • Audit Logs and Retention • Remote Access Logs • Log Review Process Audit Controls §164.314 and §164.316 § 164.312 §164.310 §164.308
  • 9. 9 Security Considerations to Protect Mobile Devices (1/2) User authentication Authentication is the process of verifying the identity of a user, process, or device. Mobile devices can be configured to require passwords, personal identification number, or passcodes to gain access to it. Install and enable encryption Encryption protects health information stored on and sent by mobile devices. Data encryption keys should be updated periodically and they should be stored separately from the data. Install remote wiping Remote wiping enables deletion of data on a mobile device remotely. If the remote wipe feature is enabled, data stored on a lost or stolen mobile device can be permanently deleted. Disable file sharing applications File sharing is a software or a system that allows users to connect to each other and trade computer files. But file sharing can also enable unauthorized users to access the mobile without user knowledge.
  • 10. 10 Security Considerations to Protect Mobile Devices (2/2) Install and enable security software Security software can be installed to protect against malicious applications, viruses, spyware, and malware- based attacks. Keep your security software up to date Regular update of security software, prevent unauthorized access to health information on or through the mobile device. Protect data in transit over public Wi-Fi Public Wi-Fi networks allows unauthorized users to intercept information. Protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless over secure, encrypted connections. Delete all stored health information before discarding or reusing the mobile device Use software tools that thoroughly delete (or wipe) data stored on a mobile device before discarding or reusing the device, to protect and secure health information from unauthorized access.
  • 11. 11 Security Best Practices for Healthcare Applications (1/4) Implementing software development best practices can help mitigate most of the common vulnerabilities in the application and reduce the implementation cost of fixing the issues that would come up after the application is developed. Some of these best practices derived from OWASP Mobile Top 10 are broadly categorized as: Category Implementation Best Practices Session Management Session management is the technique used by developers to make the stateless HTTP protocol support session as state.  Implement an idle or inactivity timeout preferably after 15-20 minutes of inactivity on all sessions  Enforce session timeout management and expiration at server-side  Immediately invalidate session on logout. In addition, discard/terminate the session token on server side once logged out of the session  Generate random and complex session IDs/ Auth tokens. Session IDs must not be related to any personal information of the user or device (like the device ID)  Send session IDs over secure channels (for example HTTPS), to prevent adversary from hijacking the session
  • 12. 12 Category Implementation Best Practices Data at Rest Data at Rest generally refers to data stored in persistent storage. Mobile devices are often subject to specific security protocols to protect Data at Rest from unauthorized access when lost or stolen.  Avoid storing sensitive data on device, and if stored, always encrypt the data using strong encryption algorithms which are FIPS 140-2 compliant - such as AES, RSA and SHA-256  Use strong encryption so that if access controls such as usernames and passwords fail, encrypted data is not compromised  Periodically update data encryption keys and store them separately from the data  Remove unnecessary application and system documentation that can reveal sensitive information to attackers Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  SSL Certificate Pinning: Certificate pinning means keeping a keystore (Certificate extract) on the mobile device. This keystore is generated out of the SSL certificate hosted on the server. By using this technique, the app can guarantee that it is getting connected to the correct server. One disadvantage is that if the certificate on server changes, you need to update the keystore in mobile app accordingly  Implement network security solutions like firewalls and network access control to secure the networks used to transmit data against malware attacks or intrusions  Enable user prompting, blocking, or automatic encryption for sensitive data in transit  Maintain cached data only for a session Security Best Practices for Healthcare Applications (2/4)
  • 13. 13 Category Implementation Best Practices Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  Use server authentication as an anti-spoofing measure. Although server authentication is optional in the SSL/TLS protocols, it is always recommended to be implemented. Otherwise, an attacker might spoof the server, affecting the users and damaging organization’s reputation in the process  Never send passwords over a network connection in clear text form.  Prevent the interception of highly sensitive values (e.g., login IDs, passwords, PINs, account numbers, etc.) via a compromised SSL/TLS connection, with additional encryption (e.g., VPN) in transit  Use the set-cookies headers like Secure and HTTPOnly settings. Setting the HTTPOnly flag on a cookie prevents attacks such as cross-site scripting (XSS), because the cookie cannot be accessed via the client side scripts  Do not use loopback when using sensitive data. Use proper cache-control headers to ensure data is not cached when requesting resources Code Obfuscation Mobile applications contain compiled code which, when extracted and decompiled can enable the attacker to read the complete source code  Obfuscation is the strategy to make code harder to understand or read, generally for privacy or security purposes  Use obfuscator tools or online libraries to convert straight forward code to an imperceptible format, so that an attacker wouldn't be able to understand the logic behind the code. For example, variable names would be renamed from patientNameString to shsggehehheh Security Best Practices for Healthcare Applications (3/4)
  • 14. 14 Category Implementation Best Practices Audit Logs Audit logs provide documentary evidence of the events that affect the application at any specific time or event. It is necessary for an application to maintain logs to trace back to an event in case of an incident or error  Document the IP addresses, timestamp and information of crucial events of the application and other information depending on the business requirement in the Audit logs  Maintain the Audit logs locally in the device memory and periodically sync with the Log server  Audit logs contain sensitive information as compared to other generic Transaction logs, therefore implement proper authorization checks before providing access to these logs Hard Coded Sensitive Information Developers often leave sensitive information such as security tokens or encryption keys or proprietary algorithms, hardcoded in the application code  Do not store passwords, connection strings or other sensitive information in clear text or in any non-cryptographically secure manner on the client side. This includes embedding in insecure formats like ms-viewstate, Adobe Flash or compiled code  Always remember to use encryption and never save passwords or SSN directly in app or server. It should be encrypted with hashes and should not be recognized by anyone unless it is in the decrypted format  Remove comments in user accessible production code that may reveal backend system or other sensitive information Security Best Practices for Healthcare Applications (4/4)
  • 15. 15 Secure HIPAA Implementation Cycle PHASE 1  Identify entry points of the PHI information  Identify locations of ePHI information storage  Identify ePHI in transit PHASE 2  Identify vulnerabilities in components, design, implementation using security testing  Identify threats  Identify risks (vulnerabilities + threats) and rate the impact PHASE 3  Review the systems and applications based on HIPAA technical and administrative safeguards  Identify non-compliance based on Risk Assessment report and HIPAA review PHASE 4  Identify appropriate controls to mitigate top risks  Implement the security measures to reduce or eliminate the risk  Mitigate high and medium risks PHASE 5  Test the controls implemented to mitigate risks  Document the process of HIPAA risk analysis  Repeat the process annually  Conduct mobile device privacy and security awareness and training for providers and professionals Risk Assessment / Threat Analysis HIPAA Compliance Review Implement Controls Test, Train and Repeat Define Scope [PHI Data Flow]
  • 16. 16 HIPAA Regulation Safeguards for Mobile Devices (1/2) Implementation Specification and Requirement for Administrative and Physical Safeguards Administrative Safe Guards: Information Access Management - 164.308(a)  Access Authorization 164.308(a)(4) : Implement policies and procedures for granting access to ePHI, for workstations, transactions, programs, processes, or other mechanisms  Protection from Malicious Software 164.308(a)(5): Implement procedures for guarding against, detecting, and reporting malicious software  Log-in Monitoring 164.308(a)(5): Implement procedures for monitoring and reporting log-in attempts and discrepancies  Password Management 164.308(a)(5)(ii)(D): Implement procedures for creating, changing, and safeguarding appropriate passwords  Data Backup Plan 164.308(a)(7): Establish and (implement as needed) procedures to create and maintain retrievable, exact copies of ePHI during unexpected negative events Physical Safeguards HIPAA Regulation: 164.310  Media Disposal and Disposition or Reuse 164.310(d)(2)(i),(ii) : The practice has policies and procedures for removing ePHI from hardware or electronic media on which it is stored prior to disposal or re-use
  • 17. 17 HIPAA Regulation Safeguards for Mobile Devices (2/2) Implementation Specification and Requirement for Technical Safeguards Technical Safeguards: HIPAA Regulation: 164.312  Unique User Identification 164.312(a)(2)(i): Assign a unique name and/or number for identifying and tracking user identity  Automatic Logoff 164.312(a)(2)(iii): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity  Encryption and Decryption 164.312(a)(2)(iv) & Encryption 164.312(e)(2)(ii) : Implement an appropriate mechanism to encrypt and decrypt ePHI  Audit Controls 164.312(b): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Confidentiality 164.312(c)(1): Web-based email account such as (but not limited to) yahoo and hotmail are not allowed to be used for transmitting any type of ePHI  Mechanism to Authenticate Electronic PHI 164.312(c)(2): Implement electronic mechanisms to corroborate that ePHI not been altered or destroyed in an unauthorized manner  Person or Entity Authentication 164.312(d): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Integrity Controls 164.312(e)(2)(i): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of
  • 18. 18  http://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/  https://www.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health- information-when-using-mobile-device  https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage- mobile-devices-used-health-care-pro  http://www.aapcps.com/services/documents/compliance-checklist-hipaa-security-and-hitech- sample.pdf  https://www.owasp.org/  https://www.sans.org/  http://www.hipaasurvivalguide.com/hipaa-regulations/part-164.php  https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html  http://blog.securitymetrics.com/  https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in- healthcare.html  https://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of- healthcare-data-1 References
  • 19. 19 Thank You Authors: Sonal Raskar Technical Lead Grade I thoughtleaders@citiustech.com About CitiusTech 2,700+ Healthcare IT professionals worldwide 1,200+ Healthcare software engineers 700+ HL7 certified professionals 30%+ CAGR over last 5 years 80+ Healthcare customers  Healthcare technology companies  Hospitals, IDNs & medical groups  Payers and health plans  ACO, MCO, HIE, HIX, NHIN and RHIO  Pharma & Life Sciences companies