Security and ethical issues of mobile device technology
-
Upload
erik-r-ranschaert-md-phd -
Category
Healthcare
-
view
91 -
download
0
Transcript of Security and ethical issues of mobile device technology
![Page 1: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/1.jpg)
Security and ethical issues of mobile device technology
Erik Ranschaert, MD, PhDVice-president EUSOMII
![Page 2: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/2.jpg)
Disclosure• No conflicts of interest
2© E R Ranschaert, ECR 2017
![Page 3: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/3.jpg)
3
Introduction• After this lecture you should know about:
1. The secure use of mobile devices in medicine and radiology
2. The ethical issues involved in using mobile devices for medical purposes
© E R Ranschaert, ECR 2017
![Page 4: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/4.jpg)
HCPs and Mobile Devices• Healthcare Professionals are
globally rapidly adapting to mobile technology.
• Smartphones and tablets are regarded as “the most popular technological development for providers since the invention of the stethoscope”.
© E R Ranschaert, ECR 2017 4
Source: “The road to telehealth 2.0 is mobile”, http://www.telenor.com/media/in-focus/the-socio-economic-impact-of-mhealth
![Page 5: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/5.jpg)
© E R Ranschaert, ECR 2017 5
HCPs Mobile Technology Policies
2015 HIMSS Mobile Technology Survey
• 2015 HIMSS Mobile Technology Survey– Only 57 % of HCPs’ organizations
has a mobile technology policy.– Mobile device security is indicated
as a key component of current and future mobile technology policies.
![Page 6: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/6.jpg)
6
Mobile Operating Systems• 5 out of 6 new phones are
running Android• 1 in 7 are running iOS• Mobile devices contain
valuable personal information• Smartphones become
increasingly attractive to criminals*
© E R Ranschaert, ECR 2017
*Symantic Internet Security Threat Report 2016
![Page 7: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/7.jpg)
What’s in it for radiologists?
© E R Ranschaert, ECR 2017 7http://www.acr.org/Advocacy/Informatics/IT-Reference-Guide
• Radiology is on the leading front of the medical field’s adoption of mobile technologies
• Primary purpose of mobile devices is to trade the traditional desktop displays for a more compact display, to be used only occasionally while on the go.
![Page 8: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/8.jpg)
8
Mobile devices in radiologyDevices• Smartphones and tablets
– High res graphical displays: 1920 x 1080 pixels
– Pixel sizes smaller than what human retina can resolve
– Displays can surpass resolution of many PACS monitors
• Hardware and dedicated radiology reviewing apps allow radiologists to incorporate them into their workflow
Operating Systems• Apple iOS
– Runs only on hardware designed by Apple
• Google Android (≈ Linux) Some features of open source SW, no full access to code
• Many common (security) features
© E R Ranschaert, ECR 2017
![Page 9: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/9.jpg)
9
Security risks• Mobile devices = vulnerable to
loss/theft • Patient-related data might be
stored on device• Public cloud apps (social media
etc.) for storing & sharing of medical data – These apps/platforms are NOT
designed for MEDICAL purposes– Patient privacy is not sufficiently
protected
© E R Ranschaert, ECR 2017McEntee et al: 5 April 2012; Proc. of SPIE Vol. 8318 DOI: 10.1117/12.913754
![Page 10: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/10.jpg)
10
RANSOM Survey
• RANSOM survey• March - May 2015• 516 radiologists
© E R Ranschaert, ECR 2017
J Digit Imaging. 2016 Aug;29(4):443-9. doi: 10.1007/s10278-016-9865-1.Radiologists' Usage of Social Media: Results of the RANSOM Survey.Ranschaert ER1, Van Ooijen PM2, McGinty GB3, Parizel PM4.
![Page 11: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/11.jpg)
11
Major concerns in survey
© E R Ranschaert, ECR 2017
![Page 12: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/12.jpg)
12
Security issues1. Device-based – passcode access, encryption, remote wiping, viruses,
malware2. Software-based – wireless security, application availability, enterprise security
Security measures to protect patient information are of critical importance.
© E R Ranschaert, ECR 2017
![Page 13: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/13.jpg)
13
Device-based securityAccess to the device• Multiple security options• 4-digit code • HIPAA and other best-practice guidelines
require more complex passcodes:– More digits/symbols– Configurable tracing pattern– Biometric access
• Stolen devices: remote tracking, reset passcodes, data erasure etc.
Local Encryption• Data stored on electronic HD (flash RAM)• Physical access possible• Content mostly not protected• iOS + Android support encryption of data• Stored personal health information should
be encrypted• Encryption also protects data from
malware or viruses• Apps should run in “virtual sandbox”
© E R Ranschaert, ECR 2017EDPS Guidelines: https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Supervision/Guidelines/15-12-17_Mobile_devices_EN.pdf
![Page 14: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/14.jpg)
14
Sandboxing• Sandbox is security mechanism
for separating running programs
• Uses “scratch space” on disk and memory
• To execute untested/untrusted programs without risking harm to host device or OS
• Other apps can’t steal info
© E R Ranschaert, ECR 2017
![Page 15: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/15.jpg)
15
Software-based securityApple iOS
• Stringent control over app store and OS => less threats than Android
• Not immune for malware• Non-jailbroken device is
much more difficult to compromise
Google Android• Much more mobile malware
than iOS– Larger market share– Greater openness of Android,
multiple distribution methods of apps
• Increase in volume of attacks– 230% increase (2015)– More “stealthy”
*Symantic Internet Security Threat Report 2016© E R Ranschaert, ECR 2017
![Page 16: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/16.jpg)
© E R Ranschaert, ECR 2017 16
Enterprise IT-security
• The BYOD concept brings unique security challenges for institutional IT depts.
• Most hospitals tolerate these devices, provided that they adhere to institutional security policies.
BYODBring Your Own Device
• The existing security features in iOS and Android should be implemented
• Institutional security policies for mobile devices should be enforced• Third-party mobile device management tools for monitoring and
detection of malicious behavior of apps should be used.
Mobile device management
![Page 17: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/17.jpg)
E. R. Ranschaert, EUSOMII Valencia, 2016
Messaging Apps
![Page 18: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/18.jpg)
WhatsApp from radiologist• “I got this picture of an angiogram at 11 PM
from another radiologist. The patient was in coma, almost dead.”
• “He wanted to know what this structure on the angiogram is. I’m specialised in cerebral stroke and could see that it was a thrombosis of the basilar artery with a rare anatomic variant.”
• “I could explain the colleague how to deal with this abnormality so the patient could be treated quickly. The patient woke up after treatment and could go home.”
E. R. Ranschaert, EUSOMII Valencia, 2016
Croonen H. Veilig whatsappen een must voor dokters. Med Contact 2015(48):2312-5.
![Page 19: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/19.jpg)
19
News 24 Feb. 2016 • Dutch DPA : “WhatsApp does
not meet the standards for sharing medical data.”
• The individual doctor and/or institution may receive a fine for breaching protection of personal data
• Medical doctors should find alternative solutions
© E R Ranschaert, ECR 2017http://linkis.com/medischcontact.nl/oRWkJ
![Page 20: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/20.jpg)
20
Dedicated apps
© E R Ranschaert, ECR 2017
Secure and dedicated alternatives are being tested in Dutch hospitals
Secure file transferState of the art encryptionSecure authentication
![Page 21: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/21.jpg)
21
Figure 1: patient privacy• Patients' faces are automatically
obscured • Users must manually block
identifying marks (e.g. tattoos).• Each picture is reviewed by
moderators before storage in data base
© E R Ranschaert, ECR 2017
![Page 22: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/22.jpg)
22
Ethical concerns1. Security and Privacy are ETHICAL issues2. Main ethical concern = hacking of mobile
devices 3. Patient-centred principle: do not harm patients4. Ethical guidance can prevent all risks.5. Guidelines need to be re(de)fined
© E R Ranschaert, ECR 2017
![Page 23: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/23.jpg)
23
Golden Rule“If you would like to discuss a patient case
via social media, then the patient should thereby remain
anonymous or the patient must have given explicit
consent.”© E R Ranschaert, ECR 2017
Hooghiemstra TF, Nouwt S. Een juridische blik op trends in e-Health. Ned Tijdschr Geneeskd 2014;158:A8423.
![Page 24: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/24.jpg)
What should radiologists use?• “It’s the responsibility
of the radiologist to securely and effectively utilize mobile technology in the best interests of patient care.”
© E R Ranschaert, ECR 2017 24http://www.acr.org/Advocacy/Informatics/IT-Reference-Guide
![Page 25: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/25.jpg)
© E R Ranschaert, ECR 2017 25
How secure are radiology data?
![Page 26: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/26.jpg)
26
Security study of DICOM servers• 2744 Unprotected DICOM servers• 719 Completely open to communication with patient data• Downloading of pt data was theoretically possible and easy• Geographic differences in lack of DICOM server security:
– Iran: 34/40 (85%)– Thailand: 10/14 (71%)– Spain: 11/23 (48%)– Argentina: 6/13 (46%)– Russia: 8/18 (44%)– Germany: 9/22 (41%)– USA: 346/1335 (26%)
Stites, M., & Pianykh, O. S. (2016). How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide. American Journal of Roentgenology, 206(4), 797–804. http://doi.org/10.2214/AJR.15.15283
![Page 27: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/27.jpg)
© E R Ranschaert, ECR 2017 27
European legislation
•Protection of natural
persons with regard to processing of personal
data by competent authorities for purposes
of prevention, investigation, detection,
prosecution of criminal offences or execution of
criminal penalties, and on free movement of such
data
• The protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data
• Guarantees the processing of personal data and the protection of privacy in the electronic communications sector
• Protection of natural persons with regard to the processing of personal data and on the free movement of such data
Regulation 2016/679
GDPR25 May 2018
ePrivacy Regulation(Proposal jan.’17)
25 May 2018
Directive 2016/680May 2018
Regulation 45/2001
![Page 28: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/28.jpg)
© E R Ranschaert, ECR 2017 28
General Data Protection Regulation • Move to 1 single regulation for EU, replaces
patchwork of national laws (May 2018)• GDPR facilitates free flow of patient data within EU.• It ensures that personal data can only be gathered
under strict conditions and for legitimate purposes. • Data controllers have to respect rights of data subject.• Cloud provider (data processor) must protect
information on behalf of data controller.
Data subject
Data controller
Data processor
![Page 29: Security and ethical issues of mobile device technology](https://reader035.fdocuments.us/reader035/viewer/2022062900/58ce90e61a28ab8c3b8b5725/html5/thumbnails/29.jpg)
29
Conclusions• It’s the responsibility of the radiologist to securely and effectively
utilize mobile technology in the best interests of patient care.• Guidelines and additional training of radiologists are needed to
support the use of mobile devices and to protect the patient’s privacy & security.
• Effective implementation of security settings within the enterprise setting can maximize the benefit of mobile devices to patients.
• The existing EU privacy legislation should be implemented and respected.
© E R Ranschaert, ECR 2017DOI: http://dx.doi.org/10.1148/rg.2015140039