Kaiser Permanente Goes Mobile

Smart Phone PHR Access: The Security Steps
Kaiser Permanente Goes Mobile

Members of Kaiser Permanente managed care plans now can use a smart phone app to gain secure access to personal health records. The organization is using virtually the same security precautions for mobile PHR access as it has used for PC-based access since 2005.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

Kaiser Permanente is a PHR trailblazer; some 3.8 million of its nearly 9 million members already are registered for the My Health Manager PHR. The managed care organization recently announced the PHR is now accessible, via a mobile-optimized website, to users of smart phones running the Android operating system. The free new app is available at the Android Market. An additional iPhone app will be released in the coming months. Until then, iPhone users can download a shortcut icon to link them to the new mobile-friendly PHR portal.

"Our extensive experience with PC platforms eased the transition onto mobile devices, dealing with issues of secure data transfer, information encryption user authentication and similar problems," says Kevin DePeugh, Kaiser Permanente's executive director, assessment and response services.

But DePeugh acknowledges that mobile devices present unique security concerns. "A main concern in the portability of smart phones, including the ease of misplacing one," he says. "To that end, My Health Manager services cannot remain in a perpetual signed-on state. Users must re-authenticate their identity after a period of inactivity."

Personal Health Record Content

Kaiser's personal health record is tethered to its comprehensive electronic health record. The PHR gives patients access to a subset of the information in the EHR, including allergies, medications, lab test results, medical problem lists and past visit summaries. Patients also can use the PHR portal to request prescription refills, send an e-mail to a physician and make appointments.

Unlike some other PHRs, Kaiser's is offered in a read-only format, and patients cannot download the information nor add to it. Kaiser expects to add download capabilities later this year, DePeugh says.

Security Features

Other security features for access to PHRs, whether accessed via a smart phone or a PC, include:

  • Secure Connection. Patients access their PHR using a secure, encrypted connection based on HTTPS, or Hypertext Transfer Protocol Secure.
  • Authentication. To sign up for PHR access, users must establish an online identity. "The system requires an applicant to know specific information about their coverage and requires answering a series of personally-generated challenge questions or having a password mailed to an address of record," DePeugh says. Then patients must enter a user ID and password to gain access. Passwords must meet complexity requirements. Plus, if account credentials are not entered correctly five times in a row, an account is locked and cannot be re-used until a user's identity is re-established.
  • Data Remains on Server. Personal health information remains on Kaiser Permanente's secure servers.
  • In explaining the need for mobile access to PHRs, Kaiser Permanente noted in its announcement that 40 percent of American adults access the Internet via their mobile phones, according to The Pew Internet Project. "There has been an explosion in the growth of mobile devices, and users are looking for new and improved ways to manage their lives online," says George Halverson, Kaiser Permanente's chairman and CEO. "It's time to make health information easily accessible from mobile devices."


    About the Author

    Howard Anderson

    Howard Anderson

    News Editor, ISMG

    Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




    Around the Network

    Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.