Please see below for a response directly from Peter Waegemann regarding the "Application of Mobile and Wireless Health: Best Practices for a Connected Health Environment" session which him and Claudia Tessier of the mHealth Iniatiative will be delivering on May 18 during SearchHealthIT.com's "New Wave of Health IT Virtual Seminar."
Peter says: "Securing data will be addressed briefly. To reply to your question specifically: The more control the org has, the more confidence it can have in the security of data but not all orgs can have the same degree of control, eg:
-Allow only supplied/approved devices to be used
-Limit apps to only approved apps
-Require authentication of device and user
-Limit access to PHI
-Develop policies and procedures, identify consequences/sanctions
-Consider security companies such as Airmagnet to manage security
-Work with CIO and bioengineers, legal counsel, HIM, risk management QA, etc
Have logs, audit trails
A vendor may state it is secure, but how does an organization really verify the transmission security of the data?
As with any vendor declaration require evidence, confirm, talk with users, test, retest, require documentation, incorporate in contract including liability for not meeting claims. Exercise due diligence and meet your own and industry standards."