Mobile access to patient data or Protected Health Information (PHI) is of paramount importance. While the backend is already digitized using EMR (Electronic Medical Record) systems, the last mile is mostly manual using pen and paper or other offline means of data management. Modern health care requires that the care team has immediate access to patient information.
PHI is part of the HIPAA Privacy rule and protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. This requires that mobile and web applications enabling this access are ultra-secure and handle the information accordingly.
Unvired recently implemented a Patient Information System on mobile with a backend database to store the PHI data securely. The key aspects were:
1. Data at rest is encrypted on the iOS devices. Additional data protection is enabled with security mechanisms such as password/PIN to prevent unauthorized access.
2. Data in transit is transmitted via secure HTTPS/SSL.
3. Data stored in the backend database is encrypted at rest. Connections to the database are protected via encrypted SSL connections.
4. The web application allows online access and all data is invalidated/cleared on session termination.
The Unvired Digital Enterprise Platform (UDEP) enabled this offline/online access to the patient information from both Mobile devices and web browsers. While UDEP satisfies the security and encryption requirements of HIPAA, Unvired partnered with Aptible (http://aptible.com) to additionally enable a secure environment in the AWS cloud. Aptible provides a platform on AWS to securely deploy applications and satisfy the regulatory requirements. UDEP was deployed in Docker containers on the Aptible landscape to enable this secure access. All the docker containers are isolated in an Amazon VPC with restricted access. Additional logs and audit trails in Aptible ensure that every access to the landscape is recorded. All data transmitted and received via the platform is logged and audited by the UDEP. Once data is safely delivered to the device, the data is cleared on the UDEP and no PHI information is cached.
The combination of the secure UDEP platform with the Aptible landscape provides a secure and cost-effective platform for customers to deploy mobile and web applications to handle PHI in a secure and compliant manner. Over the next few weeks there will be a series of follow up blogs delving into more detail on each of the above aspects, do join us for the journey.
Contact us to know more about how Unvired can enable a robust health care solution for your institution.