With the massive adoption and proliferation of Android devices across the globe, a diminishing number of medical professionals per capita, and a long term goal of providing Star Trek-esque medical aid, there’s a big opportunity for Android to play a role in revolutionising the healthcare industry.
As Australia is rolling out its fledgling eHealth system, countries around the world are either preparing to roll out their own systems or desperately trying to catch up to speed to accommodate increased demand – facing many political, resourcing, privacy, and security hurdles as they do so.
This talk aims to provide awareness of common issues, mitigations, and methodologies particular to the healthcare domain and Android and to inspire attendees to take advantage of the many opportunities present there.
2. About me
● lead Android dev on Australia’s
first (public) eHealth app
project
● redesigned and developing
Premature Baby Journal for
Android
● inspired to help people via
healthcare
4. Healing Healthcare
● paper-based legacy systems
● procedures that aren’t ideal, limited
effectiveness
● slow moving industry
● awesome new technologies
● massive mobile adoption rates
= an industry right for disruption!
24. Overhelping | clash of
interests
●
●
●
●
Sharing too much info
Non-medical wording in EMR
losing that personal touch
Adoption rates? ROI?
25. Future?
● the reach of mobile
● we’ll all be more dependant with age
● “reHealth” / eHealth 3.0
○ tighter control of data (locking)
○ AI systems to aid quality data input
○ federate records internationally
27. So what could go wrong?
● fail to satisfy = fail to help
● compromise patient privacy
● cause ripple effect in value-chain
28.
29.
30. Privacy matters
● Medical Records = subset of sensitive
information
● Privacy legislation...
● Data breach
○ bad press, brand damage
○ massive fines
○ costs in cleanup
31. extract from Australia’s Privacy Act 1988
health information means:
(a) information or an opinion about:
(i) the health or a disability (at any time) of an individual; or
(ii) an individual’s expressed wishes about the future provision of health
services to him or her; or
(iii) a health service provided, or to be provided, to an individual;
that is also personal information; or
(b) other personal information collected to provide, or in providing, a health
service; or
(c) other personal information about an individual collected in connection with the
donation, or intended donation, by the individual of his or her
body parts, organs or body substances; or
(d) genetic information about an individual in a form that is, or could be, predictive
of the health of the individual or a genetic relative of the individual.
32. extract from Australia’s Privacy Act 1988
sensitive information means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record;
that is also personal information; or
health information about an individual; or
(b)
(c) genetic information about an individual that is not otherwise health
information.
33. Identify risks
● security & privacy
○ Know your data
○ OWASP Top Ten Mobile/Web/Cloud
● compliance
○ Accessibility
○ HIPPA
○ hygeine, health & safety
● environmental constraints
34. OWASP Top Ten Mobile Risks
M1: Insecure Data Storage
M2: Weak Server Side Controls
M3: Insufficient Transport Layer Protection
M4: Client Side Injection
M5: Poor Authorisation and Authentication
M6: Improper Session Handling
M7: Security Decisions Via Untrusted Inputs
M8: Side Channel Data Leakage
M9: Broken Cryptography
M10: Sensitive Information Disclosure
35. Environmental constraints
● hospitals: poor wifi
○ store now, sync later
○ elegantly deal with stale data
● radio signal interference
● sound interference &
priority
● healthcare: sterility
○ disease spreading
36.
37. Mitigate risks
● encrypt all sensitive information!
○ drop-in solutions, e.g. SQLcipher
● Proguard
● lockup keystores & passwords
○ be ready for an audit
● verify controls
○ define & test NFRs
39. Design like you care
●
●
●
●
●
Android Design Guidelines
custom, stylised iconography
sociability
truly responsive design
know your users
40.
41. Design for everyone
●
●
●
●
●
Accessibility; Internationalisation
Colour blind
Power users vs. lightweights
battery; bandwidth costs
please don’t lock in
portrait orientation...
○ but do it if TalkBack
is on!
45. Data input
● validation and feedback
○ Android-formidable-validation
○ Crouton (say NO to Toast)
● “submitting”
○ Done & Discard
○ Contextual Action Bar
(CAB)
46. Thanks to
●
●
●
●
Awesome Android Devs
Paul Hamilton @ CSC Australia
Stuart Moncrieff @ JDS Australia
Chris Vukin @ Team(evermed)
● http://www.stockpicturesforeveryone.com/
Ende