Experts say security must unleash, not hobble, mHealth

At the 2015 mHealth Summit, Intel will lead a panel discussion of mobile health users and security experts. HIMSS Media sat down with Intel’s David Houlding, Dell’s Jorge Peña and Microsoft’s Gareth Hall to preview some of the panel’s topics.

HM: Mobile health is sometimes depicted as suffering “death by pilot projects.” What’s prevented mHealth from becoming mainstream in the enterprise?

David Houlding: We’ve learned that processes need to change. It’s not just acquiring the right hardware or software. Take, for example, patient monitoring. One of the biggest hurdles has been reimbursement. Policies and processes haven’t kept up with technological change.

Gareth Hall: It’s just the complexity of the healthcare business. If you are a utility, a meter-reading workflow is pretty straightforward. The world of healthcare isn’t so simple — and it is getting even more complicated.

HM: And that’s especially true for mobile security?

Jorge Peña: Healthcare is, as Gareth said, a very complex landscape. Part of the challenge is that you have to have a larger, already-secure infrastructure — networks, servers, switches, etc. When you deploy a mobile device, you can really expose the whole system. The opportunity is to streamline and make very complex systems more simple and secure.

HM: Dell, Intel and Microsoft are taking a new, integrated view to enhanced mHealth security. What does the concept of a bundled security solution look like?

Hall: With Windows 10, devices can be engineered to take full advantage of Windows Hello and Windows Passport — they depend on specific hardware, like Intel’s RealSense Camera. Hello can use facial recognition (or other biometric markers like fingerprint or use scans) to identify the user, and then Passport takes the biometric signature and uses it for applications. There’s no need to re-authenticate (in each application) with keyed-in credentials.

Peña: Again, we have to continue to look at this holistically. It’s not just integrated security for today’s tablets or phones; there is more to enterprise security than defending perimeters. However, we understand the exposure they present, so our customers use Dell’s Data Protection, and Endpoint Security Suite as part of a comprehensive solution set protecting multiple device types with advanced authentication, encryption and threat protection, while leveraging interconnected solutions that span the enterprise. From the endpoint to the data center to the cloud, Dell solutions mitigate risk and reduce complexity so healthcare can move forward. The reason why we will have to build out the Internet of Things with the entire system in mind — all those pieces need to get integrated into the stack!

HM: I suppose wearables present a non-trivial and novel challenge to the integrity of an IT environment…

Houlding: The Internet of Things and wearables present new vectors and new risks. They are empowering the end-user. Not just the healthcare provider, but the healthcare patient. More and more data will be provided by the patients themselves — that’s a lot of rope, and we don’t want them to trip on it.

HM: Post-mHealth Summit, what advice would you give organizations to prepare for this inundation of mHealth data in terms of data security and privacy?

Houlding: The Intel Data Breach Security Maturity Model, which we’ve just introduced, is akin to the HIMSS EMRAM maturity model. With it, a CIO can assess: “Where am I in my breach security? Where am I with respect to my colleagues?” It can be used to rapidly assess current breach preparedness and what can be improved to get to the next level. And it’s mapped to solutions – if I need X, Y, Z security safeguards to improve my maturity and posture, what software-hardware bundles are available to expedite the implementations of these? It is a good place for organizations to start or improve their breach-security preparations.

To register for the panel session, hosted by Intel, Dell and Microsoft, visit