IBM/Apple Alliance: Healthcare Impact

Privacy and Security for Mobile Could Get a Boost
IBM/Apple Alliance: Healthcare Impact

An alliance announced earlier this week by IBM and Apple has the potential to help transform the iPhone and iPad from favorite personal devices used by clinicians to enterprise-sanctioned, secure mobile platforms used in the delivery of patient care. But that won't happen unless the vendors deliver on their promises for enhanced security features and scalability to meet the need of large enterprises.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

On July 15, the two vendors announced a deal in which IBM will sell Apple iPhone smart phones and iPad tablet computers loaded with IBM apps for the healthcare, insurance, retail, banking, travel and telecommunications sectors.

The meatiest part of the alliance, which can potentially bring the biggest boost to Apple's products in business enterprises, including healthcare entities, is IBM's plans to develop apps optimized for the iOS 8 operating system. IBM will also offer cloud services optimized for iOS, including device management, security, analytics and mobile integration.

Time Will Tell

While the IBM/Apple alliance could potentially make healthcare entities take a more serious look at embracing Apple's mobile devices as enterprise platforms for care delivery, for now, some healthcare IT leaders are taking a wait-see approach.

"The IBM deal further emphasizes that iPads/iPhones bring business value and are an increasingly important part of the enterprise ecosystem," says John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center. "Although details of additional security enhancements have not been yet discussed, I presume that IBM will be willing to sign business associate agreements [in compliance of HIPAA Omnibus] and guarantee the privacy of protected healthcare information in their cloud."

Beth Israel Deaconess supports a mix of thousands of devices, including corporate-owned laptop and desktop computers and personally owned tablets and smartphones, including 2,000 iPads and 4,000 iPhones, Halamka says.

"Clinicians buy Apple products themselves because such devices bring them real utility," Halamka says.

Christopher Paidhrin, security administration manager in the information security technology division of PeaceHealth, a healthcare delivery system in the Pacific Northwest, is also watching the new alliance of Apple and IBM with cautious optimism.

"The healthcare potential of the Apple and IBM partnership is promising, but uncertain," he says. Healthcare information technology [providers] have struggled to adopt mobile technologies; many of them adding layers of user and IT support complexity while not directly integrating with existing services and clinical applications. The transparency of the healthcare sector apps - and security controls - will be the key success indicators."

A Boost for Patients?

Information security and privacy specialist Rebecca Herold, a partner at consulting firm the Compliance Helper and CEO of The Privacy Professor, says the alliance could be a potential boost for patients as well as clinicians and healthcare organizations.

"Patients are increasingly wanting access to their associated patient information. They also want to communicate with their doctors and clinics in the ways in which they communicate with their friends and family; via text messages, P2P chats, e-mail, etc.," she notes. "If IBM can implement strong encryption, effective and as transparent as possible authentication, data access logging, device tracking and remote data wipe into the devices used by healthcare staff, it would enable better, more secure doctor-patient communications."

Among other features on Herold's "wish list" include built-in malware protection, firewalls and data loss protection and intrusion prevention/detection capabilities.

While the fruits of the IBM/Apple alliance could make more healthcare entities consider issuing corporate-owned Apple mobile devices to clinicians as a key component of their health IT strategies, that move wouldn't necessarily eliminate or lessen the need for formal BYOD policies and programs, Herold notes.

"There will always be a need for BYOD policies and procedures; healthcare workers - and all types of workers for that matter - will continue to have their own gadgets and computers that they want to use - especially as new types of computers and gadgets within the Internet of Things continue to emerge and become more widely used," she says.

"Consider the possibilities for wearables within healthcare settings. Google Glass is already being used by surgeons to show others how they are doing procedures. Such wearables will also be soon used - if they aren't already - for basic in-office procedures and even check-ups," she notes.

In fact, Halamka's organization is now testing Google Glass, which Halamka describes as "like an iPhone you wear on your face" (see John Halamka on Security Priorities).

Future Developments

Looking ahead, Herold is hopeful security and privacy advancements might come to the healthcare sector through the IBM and Apple partnership.

"Both companies can now integrate strong security controls, as well as get new privacy controls, into their new devices, and in their next generations of existing devices," she says. "The possibilities for built-in logging of access to PHI, and of establishing better authentication methods that are more work-friendly for healthcare environments, is great. Hopefully IBM and Apple will invest time and effort into addressing the long-time security and privacy problems experienced within patient settings."

For example, Herold says that many of the doctors and support staff she's spoken with in the last 20 years "continue to loath their old-fashioned passwords," and complain about corporate mandates to periodically change them.

"It would be great to see these two tech giants create an authentication method that would be more happily embraced by healthcare workers," she says. That could include biometrics, for example, she says.

Scale and Security

IBM's alliance with Apple will help address issues that have been hurdles for Apple's mobile platform in big enterprises, including healthcare, IBM officials say.

"A challenge [for mobile] has been security and scale, and IBM knows how to do that. ...We'll be bringing that to iOS 8, creating additional applications to take advantage of Apple's elegance, allowing it to be integrated into healthcare and other industries," says Dan Pelino, general manager of IBM public sector business, which includes healthcare and life sciences, as well as government and education.

While Apple's products are often a popular BYOD choice for workers across many industries, including healthcare, the partnership between IBM and Apple "help bring a new level of security and scalability to the devices in the enterprise, with thousands of applications," including those from third parties, Pelino says.

Apple revealed in June that it is teaming up with electronic health records vendor Epic and the Mayo Clinic in the development of health applications for iOS 8. The alliance between Epic and Apple brings Epic's popular My Chart EHR and patient portal to the iOS 8 platform, Pelino notes. IBM's contribution is "helping with integration at the OS level for security and scale," he says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.