Handheld Devices in Healthcare Applications

Wireless Handheld Device Overview Page 4

The Dilemma of PDA Security Page 5

The Implications of HIPPA on PDAs Page 7

Keeping Your PDA Data Safe Page 8

Security Issues in the Healthcare Industry Page 10

Security Policies for PDAs Page 14

Handheld Devices and Healthcare Applications

Wireless handheld devices and their applications were built for cool functions, not security. They lack the processing power for strong encryption, memory management and solid password security. When they were just electronic organizers, it didn’t matter. Now, they’re an open door to company networks and that matters a lot.

Your healthcare provider, for example, has purchased a state-of-the-art wireless handheld application that lets administrators, physicians and medical staff access records, order lab tests and prescribe medications. It works great. Costs for recordkeeping are lowered, patients receive improved customer service, and fewer errors are made. But what happens when a doctor l

HIPAA is the Health Insurance Portability and Accountability Act. President Clinton signed this federal mandate into law during 1996. The main goals of HIPAA are 1) guarantee health insurance coverage of workers during job transitions 2) protect privacy of patient records 3) promote national, uniform security standards for the secure electronic transmission of health information. Complex HIPAA regulations govern various aspects of the healthcare industry. Numerous standards bodies and national agencies are involved in the development of HIPAA rules.

One potential issue is the transition from the encryption utilized for the wireless transaction to the encryption utilized over the Internet. This 'conversion' that occurs at the Palm.net data center is a potential security issue. New technology is being released to further increase the security of wireless transactions by allowing organizations to establish their own wireless VPNs. The use of a wireless VPN will allow PDA users to connect securely from remote locations just as remote users with laptops connect today.

As indicated, data security begins with basic password protection built in, which functions primarily to lock access to the unit and initially to hide records. A low-cost initial step would be to simply require that passwords be six to eight characters, include special characters, and be case sensitive. This can be enforced with strong IT policies/procedures in place. In addition, vendors are quickly capitalizing on this "new niche" in the hand-held market by providing enhanced password protection. These protections range from pressing a specific combination of buttons, biometrics, using a stylus to write a unique character on the screen, and tapping a unique ID on the ATM style keypad. Another solution is portable fingerprint readers and authentication devices.

As the popularity of these devices skyrockets, their functionality continues to evolve. Many PDAs are now Internet-capable, offering users the ability to conduct transactions and access data anywhere, at anytime.

As hand-held devices become more popular, virus writers and other hackers have begun to take advantage of the lack of built-in security. Unfortunately, the damage that can occur is not limited to the user’s hand-held device. When a user syncs with a desktop, they can unwittingly transfer a virus or worm into a corporate network. According to Dennis Fisher with eWeek, "In the past six months, two Palm OS viruses-one more of an annoyance than anything else-have hit the handheld community." Also from Dennis Fisher, "Experts say viruses and hacks written for Palm OS, which is open by design to encourage third-party application development, are just the beginning of security issues facing handheld users."

Security Issues in the Healthcare Industry

Some topics in this essay:
PDAs Organizations, Introduction Wireless, PDA Appropriate, PDA Imagine, PDAs Internet-capable, Bell South's, Healthcare Industry, HIPAA Deploy, PDA PDA, ID ATM, security policies, security issues, stored pda, data stored, handheld devices, patient data, pda security, patient identifiable data, patient information, user id, healthcare industry, data stored pda, • patient identifiable, user id password, issues healthcare industry,