Integrating the Healthcare Enterprise, a standards-development organization, is calling for an API, encryption, and use of imaging and interoperability protocols to enable secure access to health data on mobile devices.
An application programming interface
(API) and encryption are essential for ensuring secure access to health documents on
mobile devices, according to guidelines published by Integrating the Healthcare
Supported by the Health Information
Management and Systems Society (HIMSS) and Radiological Society of North
America (RSNA), IHE promotes universal accessibility for electronic health
records (EHRs) and tests health care IT products.
It has unveiled a set of guidelines
for health providers, vendors and health information exchanges (HIEs) on how to
make health documents on mobile devices interoperable. Through July 5, IHE will
accept public comments on the document.
IHE pushes for better implementation
of IT systems in health care. As a standards-development organization, it also
advocates the use of standards such as Digital Imaging and Communications in
Medicine (DICOM) and Health Level Seven International (HL7), a protocol on the
interoperability of documents.
Published June 5 and announced June
18, the "Mobile Access to Health Documents
guide is geared toward management of home health monitoring devices, patient
kiosks in hospitals and personal health records that consumers use, according
Vendors that make electronic
measurement devices that draw patient medical histories from an EHR or HIE
should also follow the guidelines, the organization reported.
The MHD document calls for an API
that enables authorized access to health data, according to IHE. This data
exchange would also be dependent on queries of health metadata that conform to
the Representational State Transfer (REST) Web design model.
IHE's report discusses the role of
Cross-Enterprise Document Sharing (XDS) in document exchange.
"It is intended to be closely
tied, and complementary to, the IHE Cross-Enterprise Document Sharing [or XDS]
profile, which is the foundational standard for information exchange for almost
all HIEs in operation," Jim St. Clair senior director for interoperability
and standards at HIMSS, told eWEEK
in an email.
"The XDS profile is
specifically designed to support the needs of Cross-Enterprise security,
privacy [and] interoperability," the report stated. "[It] includes
characteristics to support this level of policy and operational needs."
IHE's mobile health guidelines
simplify data exchange for single policy domain use, according to the document.
In addition, IHE's report also
addresses how to make the information exchange seamless. For this to happen,
the data transaction must be simple to conform to the constraints of the mobile
device, said St. Clair. The data must also support encryption as well as device
and user authentication, he said.
Ordinary use of HTTP and REST are
usually suitable for less sensitive data than for health, according to the IHE.
To deal with these security concerns, the IHE recommends a risk assessment for
the design of health apps on mobile devices.
To secure the interoperable sharing
of health data on mobile devices, the IHE recommends the use of Transport Layer
Security (TLS) to encrypt data over the Internet.
Technical limitations hamper
information exchange on mobile devices, according to the IHE document.
"While mobile devices are
growing increasingly sophisticated, they still have certain technical
constraints in their ability to exchange information securely, yet as 'richly'
as with larger systems," said St. Clair. "This profile helps
implementers address those constraints and maintain security and simplify the