SlideShare a Scribd company logo

Securing Mobile Healthcare Application

CitiusTech
CitiusTech

This document discusses securing healthcare mobile applications in compliance with HIPAA regulations. It covers topics like common mobile security threats, weaknesses in mobile apps, best practices for securing apps, and HIPAA technical, administrative and physical safeguards for mobile devices. The document is intended to introduce measures to develop secure healthcare apps that protect electronic protected health information on mobile platforms.

Healthcare
1 of 19
This document is confidential and contains proprietary information, including trade secrets of CitiusTech. Neither the document nor any of the information contained in it may be reproduced or disclosed to any unauthorized person under any circumstances without the express written permission of CitiusTech. CitiusTech Thought Leadership Securing Healthcare Mobile Apps in Compliance with HIPAA 30 September 2017 | Author: Sonal Raskar, Technical Lead Grade I, CitiusTech
2 Agenda  Securing Healthcare Mobile Apps in Compliance with HIPAA  Cyber Security and Data Breaches in healthcare  Top Mobile Security Threats  Potential Weaknesses in Mobile Applications  HIPAA – Regulatory Compliance Review  Security considerations to protect mobile devices  Security considerations to protect mobile devices  Security Best Practices for healthcare Applications  Secure HIPAA Implementation Cycle  HIPAA Regulation Safeguards for Mobile Devices  References
3 Securing Healthcare Mobile Apps in Compliance with HIPAA  Mobile health has gathered tremendous pace in the recent years. The extensive use of mobile technology in various clinical areas has changed many aspects of clinical practice. o There has been a rapid growth in development of medical software applications for mobile platforms o Many mobile applications enable healthcare providers to track prescription drugs, view patient information and manage their schedules  Mobile health has made healthcare data security and confidentiality more challenging, as sensitive protected health information is utilized by the healthcare mobile applications,  If adequate security controls are not implemented, devices become vulnerable to compromise and expose the electronic Protected healthcare Information (ePHI) stored on them  One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device  This document introduces the measures to secure healthcare applications in compliance with HIPAA
4 Cyber Security and Data Breaches in Healthcare The volume, frequency, impact and cost of data breaches in healthcare industry has been constantly high since last few years. The healthcare data breach database maintained by the Office Of Civil Rights (OCR), highlights that the top 10 healthcare data breaches for the year 2016 were the results of hacking or health IT related incident which thereby emphasize the need of better technical safeguards in healthcare industries. 79% have experienced multiple breaches over two years 45% have experienced five or more breaches in the past two years Only 4.2% breaches were “secure breaches” where encryption rendered the stolen data useless 89% 11% Data Breach over past 2 years [2015-16] Data Breach Data Secure 28% 15% 12% 12% 11% 9% 13% Data Breach by Industry Healthcare Government Retail Finance Technology Education Other 59% of the organizations don’t think their security budget is sufficient to curtail or minimize data breach 89% of the healthcare organizations experienced data breaches over past two years
5 Top Mobile Security Threats Implementing security best practices against cyber threats will provide reasonable assurance that the mobile application is secured from the cyber attacks. 28% 26% 9% 7% 4% 0% 5% 10% 15% 20% 25% 30% Cyber Attacks Employee Negligence and Malicious Insiders Mobile Applications Insecurity of IoT Devices DDoS attacks on Network Top Security Threats in Healthcare Criminal attacks are the main cause of data breaches. 50% of healthcare organizations report the root cause of the breach was a criminal attack. Top Cyber Attack Concerns in Healthcare Denial of Service [48%] Ransomware [44%] Malware [41%] Phishing [32%] Rogue Software [11%] Password Attacks [8%]
6 Potential Weaknesses in Mobile Applications Data Flow Can you establish an audit trail for data? Is data in transit protected? Who has access to it? Data Storage How is data stored on the device? Is it encrypted? Cloud solutions can be a weak link for data security. Data Leakage Is data leaking to log files, or out through notifications? Authentication When and where are users challenged to authenticate? How are users authorized? Is it possible to track password and IDs in the system? Server-Side Controls Are there server side validations present on the input fields? Are all potential client-side routes into the application being validated? Session Management Is the user session being invalidated after idle timeout and after user logout, to prevent unauthorized access to the application? There are many potential weak spots in mobile apps. Understanding them can help developers to build a robust app and protect the user data
7 HIPAA – Regulatory Compliance Review (1/2)  HIPAA Security Rule sets US National Standards to ensure protection of ePHI that is created, modified or maintained by the covered entities  Required specifications are mandatory, whereas the addressable specifications can be skipped if not relevant to the organization, after stating and documenting a valid reason  The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures are put in place to protect ePHI  The Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI  The Technical Safeguards focus on the technology that protects PHI and controls access to it HIPAA REGULATION
8 HIPAA – Regulatory Compliance Review (2/2) •Administrative Safeguards •Physical Safeguards •Technical Safeguards •Organizational Requirements •Uses and Disclosures §164.508, §164.510, and §164.512 • Password Security • Account Lockout Policy Authentication Security • System Administrator identity • Device Login Procedures • Auto Log offs Identity Access Management • Access Control Lists • Emergency Access Control Access Control • Encryption of Data at Rest • Encryption of Data in Transit Encryption • Audit Logs and Retention • Remote Access Logs • Log Review Process Audit Controls §164.314 and §164.316 § 164.312 §164.310 §164.308
9 Security Considerations to Protect Mobile Devices (1/2) User authentication Authentication is the process of verifying the identity of a user, process, or device. Mobile devices can be configured to require passwords, personal identification number, or passcodes to gain access to it. Install and enable encryption Encryption protects health information stored on and sent by mobile devices. Data encryption keys should be updated periodically and they should be stored separately from the data. Install remote wiping Remote wiping enables deletion of data on a mobile device remotely. If the remote wipe feature is enabled, data stored on a lost or stolen mobile device can be permanently deleted. Disable file sharing applications File sharing is a software or a system that allows users to connect to each other and trade computer files. But file sharing can also enable unauthorized users to access the mobile without user knowledge.
10 Security Considerations to Protect Mobile Devices (2/2) Install and enable security software Security software can be installed to protect against malicious applications, viruses, spyware, and malware- based attacks. Keep your security software up to date Regular update of security software, prevent unauthorized access to health information on or through the mobile device. Protect data in transit over public Wi-Fi Public Wi-Fi networks allows unauthorized users to intercept information. Protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless over secure, encrypted connections. Delete all stored health information before discarding or reusing the mobile device Use software tools that thoroughly delete (or wipe) data stored on a mobile device before discarding or reusing the device, to protect and secure health information from unauthorized access.
11 Security Best Practices for Healthcare Applications (1/4) Implementing software development best practices can help mitigate most of the common vulnerabilities in the application and reduce the implementation cost of fixing the issues that would come up after the application is developed. Some of these best practices derived from OWASP Mobile Top 10 are broadly categorized as: Category Implementation Best Practices Session Management Session management is the technique used by developers to make the stateless HTTP protocol support session as state.  Implement an idle or inactivity timeout preferably after 15-20 minutes of inactivity on all sessions  Enforce session timeout management and expiration at server-side  Immediately invalidate session on logout. In addition, discard/terminate the session token on server side once logged out of the session  Generate random and complex session IDs/ Auth tokens. Session IDs must not be related to any personal information of the user or device (like the device ID)  Send session IDs over secure channels (for example HTTPS), to prevent adversary from hijacking the session
12 Category Implementation Best Practices Data at Rest Data at Rest generally refers to data stored in persistent storage. Mobile devices are often subject to specific security protocols to protect Data at Rest from unauthorized access when lost or stolen.  Avoid storing sensitive data on device, and if stored, always encrypt the data using strong encryption algorithms which are FIPS 140-2 compliant - such as AES, RSA and SHA-256  Use strong encryption so that if access controls such as usernames and passwords fail, encrypted data is not compromised  Periodically update data encryption keys and store them separately from the data  Remove unnecessary application and system documentation that can reveal sensitive information to attackers Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  SSL Certificate Pinning: Certificate pinning means keeping a keystore (Certificate extract) on the mobile device. This keystore is generated out of the SSL certificate hosted on the server. By using this technique, the app can guarantee that it is getting connected to the correct server. One disadvantage is that if the certificate on server changes, you need to update the keystore in mobile app accordingly  Implement network security solutions like firewalls and network access control to secure the networks used to transmit data against malware attacks or intrusions  Enable user prompting, blocking, or automatic encryption for sensitive data in transit  Maintain cached data only for a session Security Best Practices for Healthcare Applications (2/4)
13 Category Implementation Best Practices Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  Use server authentication as an anti-spoofing measure. Although server authentication is optional in the SSL/TLS protocols, it is always recommended to be implemented. Otherwise, an attacker might spoof the server, affecting the users and damaging organization’s reputation in the process  Never send passwords over a network connection in clear text form.  Prevent the interception of highly sensitive values (e.g., login IDs, passwords, PINs, account numbers, etc.) via a compromised SSL/TLS connection, with additional encryption (e.g., VPN) in transit  Use the set-cookies headers like Secure and HTTPOnly settings. Setting the HTTPOnly flag on a cookie prevents attacks such as cross-site scripting (XSS), because the cookie cannot be accessed via the client side scripts  Do not use loopback when using sensitive data. Use proper cache-control headers to ensure data is not cached when requesting resources Code Obfuscation Mobile applications contain compiled code which, when extracted and decompiled can enable the attacker to read the complete source code  Obfuscation is the strategy to make code harder to understand or read, generally for privacy or security purposes  Use obfuscator tools or online libraries to convert straight forward code to an imperceptible format, so that an attacker wouldn't be able to understand the logic behind the code. For example, variable names would be renamed from patientNameString to shsggehehheh Security Best Practices for Healthcare Applications (3/4)
14 Category Implementation Best Practices Audit Logs Audit logs provide documentary evidence of the events that affect the application at any specific time or event. It is necessary for an application to maintain logs to trace back to an event in case of an incident or error  Document the IP addresses, timestamp and information of crucial events of the application and other information depending on the business requirement in the Audit logs  Maintain the Audit logs locally in the device memory and periodically sync with the Log server  Audit logs contain sensitive information as compared to other generic Transaction logs, therefore implement proper authorization checks before providing access to these logs Hard Coded Sensitive Information Developers often leave sensitive information such as security tokens or encryption keys or proprietary algorithms, hardcoded in the application code  Do not store passwords, connection strings or other sensitive information in clear text or in any non-cryptographically secure manner on the client side. This includes embedding in insecure formats like ms-viewstate, Adobe Flash or compiled code  Always remember to use encryption and never save passwords or SSN directly in app or server. It should be encrypted with hashes and should not be recognized by anyone unless it is in the decrypted format  Remove comments in user accessible production code that may reveal backend system or other sensitive information Security Best Practices for Healthcare Applications (4/4)
15 Secure HIPAA Implementation Cycle PHASE 1  Identify entry points of the PHI information  Identify locations of ePHI information storage  Identify ePHI in transit PHASE 2  Identify vulnerabilities in components, design, implementation using security testing  Identify threats  Identify risks (vulnerabilities + threats) and rate the impact PHASE 3  Review the systems and applications based on HIPAA technical and administrative safeguards  Identify non-compliance based on Risk Assessment report and HIPAA review PHASE 4  Identify appropriate controls to mitigate top risks  Implement the security measures to reduce or eliminate the risk  Mitigate high and medium risks PHASE 5  Test the controls implemented to mitigate risks  Document the process of HIPAA risk analysis  Repeat the process annually  Conduct mobile device privacy and security awareness and training for providers and professionals Risk Assessment / Threat Analysis HIPAA Compliance Review Implement Controls Test, Train and Repeat Define Scope [PHI Data Flow]
16 HIPAA Regulation Safeguards for Mobile Devices (1/2) Implementation Specification and Requirement for Administrative and Physical Safeguards Administrative Safe Guards: Information Access Management - 164.308(a)  Access Authorization 164.308(a)(4) : Implement policies and procedures for granting access to ePHI, for workstations, transactions, programs, processes, or other mechanisms  Protection from Malicious Software 164.308(a)(5): Implement procedures for guarding against, detecting, and reporting malicious software  Log-in Monitoring 164.308(a)(5): Implement procedures for monitoring and reporting log-in attempts and discrepancies  Password Management 164.308(a)(5)(ii)(D): Implement procedures for creating, changing, and safeguarding appropriate passwords  Data Backup Plan 164.308(a)(7): Establish and (implement as needed) procedures to create and maintain retrievable, exact copies of ePHI during unexpected negative events Physical Safeguards HIPAA Regulation: 164.310  Media Disposal and Disposition or Reuse 164.310(d)(2)(i),(ii) : The practice has policies and procedures for removing ePHI from hardware or electronic media on which it is stored prior to disposal or re-use
17 HIPAA Regulation Safeguards for Mobile Devices (2/2) Implementation Specification and Requirement for Technical Safeguards Technical Safeguards: HIPAA Regulation: 164.312  Unique User Identification 164.312(a)(2)(i): Assign a unique name and/or number for identifying and tracking user identity  Automatic Logoff 164.312(a)(2)(iii): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity  Encryption and Decryption 164.312(a)(2)(iv) & Encryption 164.312(e)(2)(ii) : Implement an appropriate mechanism to encrypt and decrypt ePHI  Audit Controls 164.312(b): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Confidentiality 164.312(c)(1): Web-based email account such as (but not limited to) yahoo and hotmail are not allowed to be used for transmitting any type of ePHI  Mechanism to Authenticate Electronic PHI 164.312(c)(2): Implement electronic mechanisms to corroborate that ePHI not been altered or destroyed in an unauthorized manner  Person or Entity Authentication 164.312(d): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Integrity Controls 164.312(e)(2)(i): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of
18  http://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/  https://www.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health- information-when-using-mobile-device  https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage- mobile-devices-used-health-care-pro  http://www.aapcps.com/services/documents/compliance-checklist-hipaa-security-and-hitech- sample.pdf  https://www.owasp.org/  https://www.sans.org/  http://www.hipaasurvivalguide.com/hipaa-regulations/part-164.php  https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html  http://blog.securitymetrics.com/  https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in- healthcare.html  https://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of- healthcare-data-1 References
19 Thank You Authors: Sonal Raskar Technical Lead Grade I thoughtleaders@citiustech.com About CitiusTech 2,700+ Healthcare IT professionals worldwide 1,200+ Healthcare software engineers 700+ HL7 certified professionals 30%+ CAGR over last 5 years 80+ Healthcare customers  Healthcare technology companies  Hospitals, IDNs & medical groups  Payers and health plans  ACO, MCO, HIE, HIX, NHIN and RHIO  Pharma & Life Sciences companies

Recommended

Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
harithavijay94
 
Data Mining: Future Trends and Applications
Data Mining: Future Trends and ApplicationsData Mining: Future Trends and Applications
Data Mining: Future Trends and Applications
IJMER
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance
TrustArc
 
Data Mining in telecommunication industry
Data Mining in telecommunication industryData Mining in telecommunication industry
Data Mining in telecommunication industry
pragya ratan
 
Data mining in retail industry
Data mining in retail industryData mining in retail industry
Data mining in retail industry
MonicaRaveshanker
 
Chap1
Chap1Chap1
Chap1
Mehedi Sagor
 
Notes on gsm
Notes on gsmNotes on gsm
Notes on gsm
uttam927
 
Fundamentals of data mining and its applications
Fundamentals of data mining and its applicationsFundamentals of data mining and its applications
Fundamentals of data mining and its applicationsSubrat Swain
 

Recommended

Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
harithavijay94
 
Data Mining: Future Trends and Applications
Data Mining: Future Trends and ApplicationsData Mining: Future Trends and Applications
Data Mining: Future Trends and Applications
IJMER
 
2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance2019 04-17 10 steps to ccpa compliance
2019 04-17 10 steps to ccpa compliance
TrustArc
 
Data Mining in telecommunication industry
Data Mining in telecommunication industryData Mining in telecommunication industry
Data Mining in telecommunication industry
pragya ratan
 
Data mining in retail industry
Data mining in retail industryData mining in retail industry
Data mining in retail industry
MonicaRaveshanker
 
Chap1
Chap1Chap1
Chap1
Mehedi Sagor
 
Notes on gsm
Notes on gsmNotes on gsm
Notes on gsm
uttam927
 
Fundamentals of data mining and its applications
Fundamentals of data mining and its applicationsFundamentals of data mining and its applications
Fundamentals of data mining and its applicationsSubrat Swain
 
Telemedicine guidelines
Telemedicine guidelinesTelemedicine guidelines
Telemedicine guidelines
Maan Singh
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Data mining
Data miningData mining
Data mining
Akannsha Totewar
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
Jatin Kochhar
 
Data mining notes
Data mining notesData mining notes
Data mining notesAVC College of Engineering
 
1intro 應用案例 中山大學
1intro 應用案例 中山大學1intro 應用案例 中山大學
1intro 應用案例 中山大學
Eve Guo
 
Importance of Big data for your Business
Importance of Big data for your BusinessImportance of Big data for your Business
Importance of Big data for your Business
azuyo.com
 
Data mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniquesData mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniquesSaif Ullah
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data Management Strategies
Data Management StrategiesData Management Strategies
Data Management Strategies
Micheal Axelsen
 
Six pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineSix pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicine
irvinbalagosa
 
Hierarchical clustering algo for wsn
Hierarchical clustering algo for wsnHierarchical clustering algo for wsn
Hierarchical clustering algo for wsn
Samruddhi Gaikwad
 
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONSBUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
George Krasadakis
 
Introduction to data analytics
Introduction to data analyticsIntroduction to data analytics
Introduction to data analytics
SSaudia
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
Data analytics
Data analyticsData analytics
Data analytics
Tilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Information & it's quality
Information & it's qualityInformation & it's quality
Information & it's quality
Jaipal Dhobale
 
Business Intelligence
Business IntelligenceBusiness Intelligence
Business Intelligence
Sukirti Garg
 
Big Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data AnalyticsBig Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data Analytics
Systems Limited
 
building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
PixelQA
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 

More Related Content

What's hot

Telemedicine guidelines
Telemedicine guidelinesTelemedicine guidelines
Telemedicine guidelines
Maan Singh
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Data mining
Data miningData mining
Data mining
Akannsha Totewar
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
Jatin Kochhar
 
1intro 應用案例 中山大學
1intro 應用案例 中山大學1intro 應用案例 中山大學
1intro 應用案例 中山大學
Eve Guo
 
Importance of Big data for your Business
Importance of Big data for your BusinessImportance of Big data for your Business
Importance of Big data for your Business
azuyo.com
 
Data mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniquesData mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniquesSaif Ullah
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data Management Strategies
Data Management StrategiesData Management Strategies
Data Management Strategies
Micheal Axelsen
 
Six pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineSix pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicine
irvinbalagosa
 
Hierarchical clustering algo for wsn
Hierarchical clustering algo for wsnHierarchical clustering algo for wsn
Hierarchical clustering algo for wsn
Samruddhi Gaikwad
 
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONSBUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
George Krasadakis
 
Introduction to data analytics
Introduction to data analyticsIntroduction to data analytics
Introduction to data analytics
SSaudia
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Information & it's quality
Information & it's qualityInformation & it's quality
Information & it's quality
Jaipal Dhobale
 
Business Intelligence
Business IntelligenceBusiness Intelligence
Business Intelligence
Sukirti Garg
 
Big Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data AnalyticsBig Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data Analytics
Systems Limited
 

What's hot (20)

Telemedicine guidelines
Telemedicine guidelinesTelemedicine guidelines
Telemedicine guidelines
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
Data mining
Data miningData mining
Data mining
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
 
Data mining notes
Data mining notesData mining notes
Data mining notes
 
1intro 應用案例 中山大學
1intro 應用案例 中山大學1intro 應用案例 中山大學
1intro 應用案例 中山大學
 
Importance of Big data for your Business
Importance of Big data for your BusinessImportance of Big data for your Business
Importance of Big data for your Business
 
Data mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniquesData mining (lecture 1 & 2) conecpts and techniques
Data mining (lecture 1 & 2) conecpts and techniques
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data Management Strategies
Data Management StrategiesData Management Strategies
Data Management Strategies
 
Six pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineSix pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicine
 
Hierarchical clustering algo for wsn
Hierarchical clustering algo for wsnHierarchical clustering algo for wsn
Hierarchical clustering algo for wsn
 
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONSBUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
BUSINESS INTELLIGENCE OVERVIEW & APPLICATIONS
 
Introduction to data analytics
Introduction to data analyticsIntroduction to data analytics
Introduction to data analytics
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Data analytics
Data analyticsData analytics
Data analytics
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Information & it's quality
Information & it's qualityInformation & it's quality
Information & it's quality
 
Business Intelligence
Business IntelligenceBusiness Intelligence
Business Intelligence
 
Big Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data AnalyticsBig Data, Business Intelligence and Data Analytics
Big Data, Business Intelligence and Data Analytics
 

Similar to Securing Mobile Healthcare Application

building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
PixelQA
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
MyAppGurus
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
Sharing Slides Training
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
sharing notes123
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
Sujata Raskar
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
Arti Parab Academics
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Sierraware
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
Valdez Ladd MBA, CISSP, CISA,
 
Implementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control PlanImplementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control Plan
Angie Willis
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
LarisaAlbanians
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
asiyahanif9977
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
asiyahanif9977
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Data security
Data securityData security
Data security
AbdulBasit938
 

Similar to Securing Mobile Healthcare Application (20)

building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 
Implementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control PlanImplementing Physical Security As An Access Control Plan
Implementing Physical Security As An Access Control Plan
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Data security
Data securityData security
Data security
 

More from CitiusTech

Member Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health PlansMember Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health Plans
CitiusTech
 
Evolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in HealthcareEvolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in Healthcare
CitiusTech
 
Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations
CitiusTech
 
Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)
CitiusTech
 
CMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An AnalysisCMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An Analysis
CitiusTech
 
Accelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOpsAccelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOps
CitiusTech
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life Sciences
CitiusTech
 
Leveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk PatientsLeveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk Patients
CitiusTech
 
FHIR Adoption Framework for Payers
FHIR Adoption Framework for PayersFHIR Adoption Framework for Payers
FHIR Adoption Framework for Payers
CitiusTech
 
Payer-Provider Engagement
Payer-Provider Engagement Payer-Provider Engagement
Payer-Provider Engagement
CitiusTech
 
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
CitiusTech
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation Testing
CitiusTech
 
Progressive Web Apps in Healthcare
Progressive Web Apps in HealthcareProgressive Web Apps in Healthcare
Progressive Web Apps in Healthcare
CitiusTech
 
RPA in Healthcare
RPA in HealthcareRPA in Healthcare
RPA in Healthcare
CitiusTech
 
6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP
CitiusTech
 
Opioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and FutureOpioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and Future
CitiusTech
 
Rising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes ResearchRising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes Research
CitiusTech
 
ICD 11: Impact on Payer Market
ICD 11: Impact on Payer MarketICD 11: Impact on Payer Market
ICD 11: Impact on Payer Market
CitiusTech
 
Testing Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on HadoopTesting Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on Hadoop
CitiusTech
 
Driving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data AnalyticsDriving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data Analytics
CitiusTech
 

More from CitiusTech (20)

Member Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health PlansMember Engagement Using Sentiment Analysis for Health Plans
Member Engagement Using Sentiment Analysis for Health Plans
 
Evolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in HealthcareEvolving Role of Digital Biomarkers in Healthcare
Evolving Role of Digital Biomarkers in Healthcare
 
Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations Virtual Care: Key Challenges & Opportunities for Payer Organizations
Virtual Care: Key Challenges & Opportunities for Payer Organizations
 
Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)Provider-led Health Plans (Payviders)
Provider-led Health Plans (Payviders)
 
CMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An AnalysisCMS Medicare Advantage 2021 Star Ratings: An Analysis
CMS Medicare Advantage 2021 Star Ratings: An Analysis
 
Accelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOpsAccelerate Healthcare Technology Modernization with Containerization and DevOps
Accelerate Healthcare Technology Modernization with Containerization and DevOps
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life Sciences
 
Leveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk PatientsLeveraging Analytics to Identify High Risk Patients
Leveraging Analytics to Identify High Risk Patients
 
FHIR Adoption Framework for Payers
FHIR Adoption Framework for PayersFHIR Adoption Framework for Payers
FHIR Adoption Framework for Payers
 
Payer-Provider Engagement
Payer-Provider Engagement Payer-Provider Engagement
Payer-Provider Engagement
 
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
COVID19: Impact & Mitigation Strategies for Payer Quality Improvement 2021
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation Testing
 
Progressive Web Apps in Healthcare
Progressive Web Apps in HealthcareProgressive Web Apps in Healthcare
Progressive Web Apps in Healthcare
 
RPA in Healthcare
RPA in HealthcareRPA in Healthcare
RPA in Healthcare
 
6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP6 Epilepsy Use Cases for NLP
6 Epilepsy Use Cases for NLP
 
Opioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and FutureOpioid Epidemic - Causes, Impact and Future
Opioid Epidemic - Causes, Impact and Future
 
Rising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes ResearchRising Importance of Health Economics & Outcomes Research
Rising Importance of Health Economics & Outcomes Research
 
ICD 11: Impact on Payer Market
ICD 11: Impact on Payer MarketICD 11: Impact on Payer Market
ICD 11: Impact on Payer Market
 
Testing Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on HadoopTesting Strategies for Data Lake Hosted on Hadoop
Testing Strategies for Data Lake Hosted on Hadoop
 
Driving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data AnalyticsDriving Home Health Efficiency through Data Analytics
Driving Home Health Efficiency through Data Analytics
 

Recently uploaded

Navigating Women's Health: Understanding Prenatal Care and Beyond
Navigating Women's Health: Understanding Prenatal Care and BeyondNavigating Women's Health: Understanding Prenatal Care and Beyond
Navigating Women's Health: Understanding Prenatal Care and Beyond
Aboud Health Group
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
ranishasharma67
 
Overcome Your Phobias with Hypnotherapy.pptx
Overcome Your Phobias with Hypnotherapy.pptxOvercome Your Phobias with Hypnotherapy.pptx
Overcome Your Phobias with Hypnotherapy.pptx
renewlifehypnosis
 
the IUA Administrative Board and General Assembly meeting
the IUA Administrative Board and General Assembly meetingthe IUA Administrative Board and General Assembly meeting
the IUA Administrative Board and General Assembly meeting
ssuser787e5c1
 
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
ILC- UK
 
QA Paediatric dentistry department, Hospital Melaka 2020
QA Paediatric dentistry department, Hospital Melaka 2020QA Paediatric dentistry department, Hospital Melaka 2020
QA Paediatric dentistry department, Hospital Melaka 2020
Azreen Aj
 
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
Dr. David Greene Arizona
 
Introduction to Forensic Pathology course
Introduction to Forensic Pathology courseIntroduction to Forensic Pathology course
Introduction to Forensic Pathology course
fprxsqvnz5
 
Immunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentationImmunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentation
BeshedaWedajo
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with TelemedicineNavigating Healthcare with Telemedicine
Navigating Healthcare with Telemedicine
Iris Thiele Isip-Tan
 
Anatomy and Physiology Chapter-16_Digestive-System.pptx
Anatomy and Physiology Chapter-16_Digestive-System.pptxAnatomy and Physiology Chapter-16_Digestive-System.pptx
Anatomy and Physiology Chapter-16_Digestive-System.pptx
shanicedivinagracia2
 
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICEJaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
ranishasharma67
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
TheDocs
 
Secret Tantric VIP Erotic Massage London
Secret Tantric VIP Erotic Massage LondonSecret Tantric VIP Erotic Massage London
Secret Tantric VIP Erotic Massage London
Secret Tantric - VIP Erotic Massage London
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
Sachin Sharma
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
Rommel Luis III Israel
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
Ameena Kadar
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
ranishasharma67
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
rajkumar669520
 
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdfDemystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
SasikiranMarri
 

Recently uploaded (20)

Navigating Women's Health: Understanding Prenatal Care and Beyond
Navigating Women's Health: Understanding Prenatal Care and BeyondNavigating Women's Health: Understanding Prenatal Care and Beyond
Navigating Women's Health: Understanding Prenatal Care and Beyond
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
 
Overcome Your Phobias with Hypnotherapy.pptx
Overcome Your Phobias with Hypnotherapy.pptxOvercome Your Phobias with Hypnotherapy.pptx
Overcome Your Phobias with Hypnotherapy.pptx
 
the IUA Administrative Board and General Assembly meeting
the IUA Administrative Board and General Assembly meetingthe IUA Administrative Board and General Assembly meeting
the IUA Administrative Board and General Assembly meeting
 
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
 
QA Paediatric dentistry department, Hospital Melaka 2020
QA Paediatric dentistry department, Hospital Melaka 2020QA Paediatric dentistry department, Hospital Melaka 2020
QA Paediatric dentistry department, Hospital Melaka 2020
 
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...
 
Introduction to Forensic Pathology course
Introduction to Forensic Pathology courseIntroduction to Forensic Pathology course
Introduction to Forensic Pathology course
 
Immunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentationImmunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentation
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with TelemedicineNavigating Healthcare with Telemedicine
Navigating Healthcare with Telemedicine
 
Anatomy and Physiology Chapter-16_Digestive-System.pptx
Anatomy and Physiology Chapter-16_Digestive-System.pptxAnatomy and Physiology Chapter-16_Digestive-System.pptx
Anatomy and Physiology Chapter-16_Digestive-System.pptx
 
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICEJaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
Jaipur ❤cALL gIRLS 89O1183002 ❤ℂall Girls IN JaiPuR ESCORT SERVICE
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
 
Secret Tantric VIP Erotic Massage London
Secret Tantric VIP Erotic Massage LondonSecret Tantric VIP Erotic Massage London
Secret Tantric VIP Erotic Massage London
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdfDemystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
 

Securing Mobile Healthcare Application

  • 1. This document is confidential and contains proprietary information, including trade secrets of CitiusTech. Neither the document nor any of the information contained in it may be reproduced or disclosed to any unauthorized person under any circumstances without the express written permission of CitiusTech. CitiusTech Thought Leadership Securing Healthcare Mobile Apps in Compliance with HIPAA 30 September 2017 | Author: Sonal Raskar, Technical Lead Grade I, CitiusTech
  • 2. 2 Agenda  Securing Healthcare Mobile Apps in Compliance with HIPAA  Cyber Security and Data Breaches in healthcare  Top Mobile Security Threats  Potential Weaknesses in Mobile Applications  HIPAA – Regulatory Compliance Review  Security considerations to protect mobile devices  Security considerations to protect mobile devices  Security Best Practices for healthcare Applications  Secure HIPAA Implementation Cycle  HIPAA Regulation Safeguards for Mobile Devices  References
  • 3. 3 Securing Healthcare Mobile Apps in Compliance with HIPAA  Mobile health has gathered tremendous pace in the recent years. The extensive use of mobile technology in various clinical areas has changed many aspects of clinical practice. o There has been a rapid growth in development of medical software applications for mobile platforms o Many mobile applications enable healthcare providers to track prescription drugs, view patient information and manage their schedules  Mobile health has made healthcare data security and confidentiality more challenging, as sensitive protected health information is utilized by the healthcare mobile applications,  If adequate security controls are not implemented, devices become vulnerable to compromise and expose the electronic Protected healthcare Information (ePHI) stored on them  One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device  This document introduces the measures to secure healthcare applications in compliance with HIPAA
  • 4. 4 Cyber Security and Data Breaches in Healthcare The volume, frequency, impact and cost of data breaches in healthcare industry has been constantly high since last few years. The healthcare data breach database maintained by the Office Of Civil Rights (OCR), highlights that the top 10 healthcare data breaches for the year 2016 were the results of hacking or health IT related incident which thereby emphasize the need of better technical safeguards in healthcare industries. 79% have experienced multiple breaches over two years 45% have experienced five or more breaches in the past two years Only 4.2% breaches were “secure breaches” where encryption rendered the stolen data useless 89% 11% Data Breach over past 2 years [2015-16] Data Breach Data Secure 28% 15% 12% 12% 11% 9% 13% Data Breach by Industry Healthcare Government Retail Finance Technology Education Other 59% of the organizations don’t think their security budget is sufficient to curtail or minimize data breach 89% of the healthcare organizations experienced data breaches over past two years
  • 5. 5 Top Mobile Security Threats Implementing security best practices against cyber threats will provide reasonable assurance that the mobile application is secured from the cyber attacks. 28% 26% 9% 7% 4% 0% 5% 10% 15% 20% 25% 30% Cyber Attacks Employee Negligence and Malicious Insiders Mobile Applications Insecurity of IoT Devices DDoS attacks on Network Top Security Threats in Healthcare Criminal attacks are the main cause of data breaches. 50% of healthcare organizations report the root cause of the breach was a criminal attack. Top Cyber Attack Concerns in Healthcare Denial of Service [48%] Ransomware [44%] Malware [41%] Phishing [32%] Rogue Software [11%] Password Attacks [8%]
  • 6. 6 Potential Weaknesses in Mobile Applications Data Flow Can you establish an audit trail for data? Is data in transit protected? Who has access to it? Data Storage How is data stored on the device? Is it encrypted? Cloud solutions can be a weak link for data security. Data Leakage Is data leaking to log files, or out through notifications? Authentication When and where are users challenged to authenticate? How are users authorized? Is it possible to track password and IDs in the system? Server-Side Controls Are there server side validations present on the input fields? Are all potential client-side routes into the application being validated? Session Management Is the user session being invalidated after idle timeout and after user logout, to prevent unauthorized access to the application? There are many potential weak spots in mobile apps. Understanding them can help developers to build a robust app and protect the user data
  • 7. 7 HIPAA – Regulatory Compliance Review (1/2)  HIPAA Security Rule sets US National Standards to ensure protection of ePHI that is created, modified or maintained by the covered entities  Required specifications are mandatory, whereas the addressable specifications can be skipped if not relevant to the organization, after stating and documenting a valid reason  The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures are put in place to protect ePHI  The Physical Safeguards are a set of rules and guidelines that focus on the physical access to PHI  The Technical Safeguards focus on the technology that protects PHI and controls access to it HIPAA REGULATION
  • 8. 8 HIPAA – Regulatory Compliance Review (2/2) •Administrative Safeguards •Physical Safeguards •Technical Safeguards •Organizational Requirements •Uses and Disclosures §164.508, §164.510, and §164.512 • Password Security • Account Lockout Policy Authentication Security • System Administrator identity • Device Login Procedures • Auto Log offs Identity Access Management • Access Control Lists • Emergency Access Control Access Control • Encryption of Data at Rest • Encryption of Data in Transit Encryption • Audit Logs and Retention • Remote Access Logs • Log Review Process Audit Controls §164.314 and §164.316 § 164.312 §164.310 §164.308
  • 9. 9 Security Considerations to Protect Mobile Devices (1/2) User authentication Authentication is the process of verifying the identity of a user, process, or device. Mobile devices can be configured to require passwords, personal identification number, or passcodes to gain access to it. Install and enable encryption Encryption protects health information stored on and sent by mobile devices. Data encryption keys should be updated periodically and they should be stored separately from the data. Install remote wiping Remote wiping enables deletion of data on a mobile device remotely. If the remote wipe feature is enabled, data stored on a lost or stolen mobile device can be permanently deleted. Disable file sharing applications File sharing is a software or a system that allows users to connect to each other and trade computer files. But file sharing can also enable unauthorized users to access the mobile without user knowledge.
  • 10. 10 Security Considerations to Protect Mobile Devices (2/2) Install and enable security software Security software can be installed to protect against malicious applications, viruses, spyware, and malware- based attacks. Keep your security software up to date Regular update of security software, prevent unauthorized access to health information on or through the mobile device. Protect data in transit over public Wi-Fi Public Wi-Fi networks allows unauthorized users to intercept information. Protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless over secure, encrypted connections. Delete all stored health information before discarding or reusing the mobile device Use software tools that thoroughly delete (or wipe) data stored on a mobile device before discarding or reusing the device, to protect and secure health information from unauthorized access.
  • 11. 11 Security Best Practices for Healthcare Applications (1/4) Implementing software development best practices can help mitigate most of the common vulnerabilities in the application and reduce the implementation cost of fixing the issues that would come up after the application is developed. Some of these best practices derived from OWASP Mobile Top 10 are broadly categorized as: Category Implementation Best Practices Session Management Session management is the technique used by developers to make the stateless HTTP protocol support session as state.  Implement an idle or inactivity timeout preferably after 15-20 minutes of inactivity on all sessions  Enforce session timeout management and expiration at server-side  Immediately invalidate session on logout. In addition, discard/terminate the session token on server side once logged out of the session  Generate random and complex session IDs/ Auth tokens. Session IDs must not be related to any personal information of the user or device (like the device ID)  Send session IDs over secure channels (for example HTTPS), to prevent adversary from hijacking the session
  • 12. 12 Category Implementation Best Practices Data at Rest Data at Rest generally refers to data stored in persistent storage. Mobile devices are often subject to specific security protocols to protect Data at Rest from unauthorized access when lost or stolen.  Avoid storing sensitive data on device, and if stored, always encrypt the data using strong encryption algorithms which are FIPS 140-2 compliant - such as AES, RSA and SHA-256  Use strong encryption so that if access controls such as usernames and passwords fail, encrypted data is not compromised  Periodically update data encryption keys and store them separately from the data  Remove unnecessary application and system documentation that can reveal sensitive information to attackers Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  SSL Certificate Pinning: Certificate pinning means keeping a keystore (Certificate extract) on the mobile device. This keystore is generated out of the SSL certificate hosted on the server. By using this technique, the app can guarantee that it is getting connected to the correct server. One disadvantage is that if the certificate on server changes, you need to update the keystore in mobile app accordingly  Implement network security solutions like firewalls and network access control to secure the networks used to transmit data against malware attacks or intrusions  Enable user prompting, blocking, or automatic encryption for sensitive data in transit  Maintain cached data only for a session Security Best Practices for Healthcare Applications (2/4)
  • 13. 13 Category Implementation Best Practices Data in Transit Data in transit or data in motion is the data moving from one location to another across the internet or through private networks.  Use server authentication as an anti-spoofing measure. Although server authentication is optional in the SSL/TLS protocols, it is always recommended to be implemented. Otherwise, an attacker might spoof the server, affecting the users and damaging organization’s reputation in the process  Never send passwords over a network connection in clear text form.  Prevent the interception of highly sensitive values (e.g., login IDs, passwords, PINs, account numbers, etc.) via a compromised SSL/TLS connection, with additional encryption (e.g., VPN) in transit  Use the set-cookies headers like Secure and HTTPOnly settings. Setting the HTTPOnly flag on a cookie prevents attacks such as cross-site scripting (XSS), because the cookie cannot be accessed via the client side scripts  Do not use loopback when using sensitive data. Use proper cache-control headers to ensure data is not cached when requesting resources Code Obfuscation Mobile applications contain compiled code which, when extracted and decompiled can enable the attacker to read the complete source code  Obfuscation is the strategy to make code harder to understand or read, generally for privacy or security purposes  Use obfuscator tools or online libraries to convert straight forward code to an imperceptible format, so that an attacker wouldn't be able to understand the logic behind the code. For example, variable names would be renamed from patientNameString to shsggehehheh Security Best Practices for Healthcare Applications (3/4)
  • 14. 14 Category Implementation Best Practices Audit Logs Audit logs provide documentary evidence of the events that affect the application at any specific time or event. It is necessary for an application to maintain logs to trace back to an event in case of an incident or error  Document the IP addresses, timestamp and information of crucial events of the application and other information depending on the business requirement in the Audit logs  Maintain the Audit logs locally in the device memory and periodically sync with the Log server  Audit logs contain sensitive information as compared to other generic Transaction logs, therefore implement proper authorization checks before providing access to these logs Hard Coded Sensitive Information Developers often leave sensitive information such as security tokens or encryption keys or proprietary algorithms, hardcoded in the application code  Do not store passwords, connection strings or other sensitive information in clear text or in any non-cryptographically secure manner on the client side. This includes embedding in insecure formats like ms-viewstate, Adobe Flash or compiled code  Always remember to use encryption and never save passwords or SSN directly in app or server. It should be encrypted with hashes and should not be recognized by anyone unless it is in the decrypted format  Remove comments in user accessible production code that may reveal backend system or other sensitive information Security Best Practices for Healthcare Applications (4/4)
  • 15. 15 Secure HIPAA Implementation Cycle PHASE 1  Identify entry points of the PHI information  Identify locations of ePHI information storage  Identify ePHI in transit PHASE 2  Identify vulnerabilities in components, design, implementation using security testing  Identify threats  Identify risks (vulnerabilities + threats) and rate the impact PHASE 3  Review the systems and applications based on HIPAA technical and administrative safeguards  Identify non-compliance based on Risk Assessment report and HIPAA review PHASE 4  Identify appropriate controls to mitigate top risks  Implement the security measures to reduce or eliminate the risk  Mitigate high and medium risks PHASE 5  Test the controls implemented to mitigate risks  Document the process of HIPAA risk analysis  Repeat the process annually  Conduct mobile device privacy and security awareness and training for providers and professionals Risk Assessment / Threat Analysis HIPAA Compliance Review Implement Controls Test, Train and Repeat Define Scope [PHI Data Flow]
  • 16. 16 HIPAA Regulation Safeguards for Mobile Devices (1/2) Implementation Specification and Requirement for Administrative and Physical Safeguards Administrative Safe Guards: Information Access Management - 164.308(a)  Access Authorization 164.308(a)(4) : Implement policies and procedures for granting access to ePHI, for workstations, transactions, programs, processes, or other mechanisms  Protection from Malicious Software 164.308(a)(5): Implement procedures for guarding against, detecting, and reporting malicious software  Log-in Monitoring 164.308(a)(5): Implement procedures for monitoring and reporting log-in attempts and discrepancies  Password Management 164.308(a)(5)(ii)(D): Implement procedures for creating, changing, and safeguarding appropriate passwords  Data Backup Plan 164.308(a)(7): Establish and (implement as needed) procedures to create and maintain retrievable, exact copies of ePHI during unexpected negative events Physical Safeguards HIPAA Regulation: 164.310  Media Disposal and Disposition or Reuse 164.310(d)(2)(i),(ii) : The practice has policies and procedures for removing ePHI from hardware or electronic media on which it is stored prior to disposal or re-use
  • 17. 17 HIPAA Regulation Safeguards for Mobile Devices (2/2) Implementation Specification and Requirement for Technical Safeguards Technical Safeguards: HIPAA Regulation: 164.312  Unique User Identification 164.312(a)(2)(i): Assign a unique name and/or number for identifying and tracking user identity  Automatic Logoff 164.312(a)(2)(iii): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity  Encryption and Decryption 164.312(a)(2)(iv) & Encryption 164.312(e)(2)(ii) : Implement an appropriate mechanism to encrypt and decrypt ePHI  Audit Controls 164.312(b): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Confidentiality 164.312(c)(1): Web-based email account such as (but not limited to) yahoo and hotmail are not allowed to be used for transmitting any type of ePHI  Mechanism to Authenticate Electronic PHI 164.312(c)(2): Implement electronic mechanisms to corroborate that ePHI not been altered or destroyed in an unauthorized manner  Person or Entity Authentication 164.312(d): This standard does not have corresponding implementation specifications. However, compliance with the standard itself is required  Integrity Controls 164.312(e)(2)(i): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of
  • 18. 18  http://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/  https://www.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health- information-when-using-mobile-device  https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage- mobile-devices-used-health-care-pro  http://www.aapcps.com/services/documents/compliance-checklist-hipaa-security-and-hitech- sample.pdf  https://www.owasp.org/  https://www.sans.org/  http://www.hipaasurvivalguide.com/hipaa-regulations/part-164.php  https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html  http://blog.securitymetrics.com/  https://info.veracode.com/whitepaper-state-of-web-and-mobile-application-security-in- healthcare.html  https://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of- healthcare-data-1 References
  • 19. 19 Thank You Authors: Sonal Raskar Technical Lead Grade I thoughtleaders@citiustech.com About CitiusTech 2,700+ Healthcare IT professionals worldwide 1,200+ Healthcare software engineers 700+ HL7 certified professionals 30%+ CAGR over last 5 years 80+ Healthcare customers  Healthcare technology companies  Hospitals, IDNs & medical groups  Payers and health plans  ACO, MCO, HIE, HIX, NHIN and RHIO  Pharma & Life Sciences companies