Mobile Devices in Health Care
MMI 407
Spring 2012
Prof. Karin Lindgren
Barbary Baer
1
Introduction
The purpose of this paper is to explore the use mobile devices in health care (mHealth), particularly
for the purpose of monitoring and transmitting patients’ clinical data to their health care provider or to their
EMR from outside of a clinical setting. Such devices can consist of sensors which retrieve patient data
and then transmit the information via smart phone or some other device, or they can be a smart phone
into which the patient enters information which will get transmitted. Healthcare has shifted from little or no
patient involvement in health care to increasing encouragement for patients to become involved. The
social trends and legal developments cited in this paper are cited with the use of mobile devices in mind.
History
Structure of healthcare delivery
Until recently, and to a great extent currently, most medicine was fee-for-service, in person with a
solo practitioner, with some telephoning, faxing, and sending of health information via US mail from the
provider to the patient and to other physicians/care providers/pharmacies. Care was not well coordinated,
and the physicians caring for a patient often, if not usually, neither knew what the others were doing nor
what medications were prescribed. Tests were ordered redundantly, since there was no shared medical
record, and reimbursement rewarded extra tests and treatments, and did not reward electronic medical
records or communication. There was a disincentive to providing efficient, effective care, as that meant
that providers would receive less payment (e.g. shorter hospital stays)(1). Patients with chronic diseases
had to come in fairly often to get status updates, e.g. Hb1AC for diabetics and blood pressure readings
for hypertensives. When computers were introduced into health care, they were used mostly for
insurance billing, and in many physicians’ offices, this is still the case. (In hospitals, however, many
computerized devices such as MRIs, CAT scans, EKG machines with built-in interpretation capabilities,
patient monitors, and many more became essential.) Furthermore, patients were not encouraged to be
active in their care; decision-making was left primarily to the physician.
2
Effectiveness and Quality
Recent studies showed that fewer than half of patients with mental health or substance abuse
problems, diabetes, and asthma were getting effective care (1). Even with the advent of evidence-based
medicine, it is unknown if this has changed. Access to health care for many was (and is) problematic, the
reasons varying from geographic inaccessibility in rural areas to failures of service delivery to the
economically disadvantaged to language barriers for immigrants. As a result, health status has varied
considerably between socio-economic and ethnic groups. (1) Ability to pay has been another block to
effective health care, with many patients avoiding care until they so sick that they are forced to go to the
emergency department, one of the most expensive forms of health care. Even if patients are on
Medicare, many important illnesses may not be covered. In California, for instance, eye care and dental
care have not always been covered. This will be discussed further in the next section.
Following the Institute of Medicine’s 1999 publication of To Err is Human: Building a Safer Health
System, in which it was estimated that between 44,000 and 98,000 Americans die yearly because of
errors, the Institute published in 2001 the report Crossing the Quality Chasm, in which it defined six aims
in healthcare: that it be safe, effective, patient-centered, timely, efficient, and equitable. (2) The
healthcare portion of the American Recovery and Reinvestment Act of 2009 and the Affordable Health
Care for America Act were passed at least in part to fulfill some of those aims.
Cost
Health care expenses have been skyrocketing, so that health care expenses as a share of the gross
national product rose from 7.2% in 1970 to 17.9% in 2010. Currently, 50% of the health care cost is used
to treat 5% of the population. (3) Another figure: with 140 million Americans suffering from chronic
diseases, 75% of medical costs go to treating them. (4) A Kaiser Health Tracking Poll found that the huge
health care costs, even with insurance, have caused 50% of Americans to cut back on medical care, with
33% relying instead on home remedies and over-the-counter drugs, rather than seeing a doctor; 31%
skipping dental care or checkups; 25% not filling prescription; 17% cutting pills in half or skipping doses of
medicine; 21% skipping medical tests or treatments; and 11% having problems obtaining mental health
care. Seventeen percent said they had experienced serious financial problems as a result of medical bills;
11% used up all or most of their savings; 11% had been contacted by a collection agency; and 7% were
3
not able to pay for necessities such as food, heat, or housing. Forty percent of Americans are “very
worried” about having to pay more for health care or health insurance.(3)
Approximately half of health care expenditures go for hospital care (31%) and ambulatory care (20%),
while the rest is divided up into prescription drugs (10%); home health care (3%); nursing care facilities
(6%); other personal health care, including dental care and durable medical equipment (15%); and other
health spending, including administration, net cost of private health insurance, public health activity,
research, and structures and equipment (16%).(3) In 2007, medical bills contributed to half of all
bankruptcies. (5)
The five medical conditions that cost Americans the most in out-of-pocket expenses are heart
disease, cancer, trauma, mental conditions, and lung disease. Cancer is the most expensive, followed by
heart disease, but lung disease is the most common. (1)
Access to health insurance at the moment is still problematic for those who cannot get it through
work. Often pre-existing conditions hamper access to insurance; for others, cost is a huge barrier. Access
to Medicaid is only available for the very poor, and then it often does not cover many essential services.
States have discretion over what Medicaid will cover.
The Affordable Care Act was passed in 2010 to remove some of these barriers, but much of it is yet
to go into effect. The pre-existing condition barrier has been removed (5), but cost is still a factor, and
even with insurance, many people are forced to pay exorbitant amounts for care. In fact, for some
procedures, it is several times cheaper to pay out of pocket than to pay the billed amount not paid by
insurance. (6) At the moment, the Affordable Care Act is before the Supreme Court, and it is unknown
which parts, if any, will be repealed. If health insurance exchanges are a casualty of the Supreme Court
decision, many will continue to go without insurance. If not, it is anticipated that there will be a deluge of
patients previously without insurance on an already taxed healthcare system.
Legal
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed at least in part
to ensure that privacy regarding patient medical records was maintained properly. (7) Before its passage,
no generally accepted set of security standards or general requirements for protecting health information
existed.(8) Each state and organization had different rules, and there was no consistency between federal
4
and state rules. There was a lot of confusion about which rules applied: those of the state where an
organization was doing business, or those in which the organization was based. Even federal rules were
uncoordinated. (9), and there were many cases where patient data was used for commercial purposes.
(10) The Privacy Rule, which went into effect on April 14, 2003 (11), established the first set of federal
standards protecting certain health information. A major goal was to assure that patients’ health
information would be protected while allowing health information to flow freely enough to “provide and
promote high quality health care and to protect the public’s health and well being” (12). The purpose of
the Security Rule, which went into effect on April 14, 2005 (11), was to “establish a national set of security
standards for protecting certain health information that is held or transferred in electronic form”. It
operationalized for electronic data transmission (not paper-based or oral transmission) the protections put
into place by the Privacy Rule. (8) At the time that HIPAA was passed, electronic data transmission was
increasing rapidly, and it became apparent that privacy and security needed to be codified. A major goal
was to protect the privacy of medical information while allowing covered entities to adopt new
technologies to improve the quality and efficiency of patient care.(8).
The current state
Currently, only 27% of patients are able to reach their primary care physician by phone, schedule
appointments within a reasonable time, ask questions, or obtain care after hours. Fifty percent of patients
do not understand what their physician told them during the visit because it was too short. Coordination
between primary care physicians, hospitals, and specialists is often lacking.(13)
The ratio of healthcare staff to Americans is now 40% lower than what is considered ideal, and this
ratio is anticipated to decrease; health-staffing needs are projected to triple over the next 25 years.(14)
The passage of the Health Information Technology for Economic and Clinical Health Act (HITECH
Act), part of the American Recovery and Reinvestment Act of 2009, focused on closing some of the
loopholes in HIPAA and provided incentives for the adoption of healthcare IT not only on a population
level, but also on a provider level. It triggered a massive explosion in healthcare information technology
spending. Because the incentives will culminate in penalties for non-adopters who have Medicare and
5
Medicaid patients, most hospitals and large medical groups have been racing to meet the requirements.
Many of these requirements are embodied in the Meaningful Use stages.
Meaningful Use
Meaningful Use Stage 1, issued on July 13, 2010, represented “the first step in an incremental
approach to adopting standards, implementation specifications, and certification criteria to enhance the
interoperability, functionality, utility, and security of health IT and to support its meaningful use.”(15) The
criteria for meaningful use focused on “electronically capturing health information in a coded format, using
that information to track key clinical conditions, communicating that information for care coordination
purposes, and initiating the reporting of clinical quality measures and public health information.” (16)
Among providers, most of the work has been focused on acquiring and making functional EHRs.
Meaningful Use Stage 2 expands upon Stage 1 “in the areas of disease management, clinical
decision support, medication management support for patient access to their health information,
transitions in care, quality measurement and research, and bi-directional communication with public
health agencies.” (16)
The focus of Meaningful Use Stage 3 will be on “achieving improvements in quality, safety and
efficiency, focusing on decision support for national high priority conditions, patient access to self
management tools, access to comprehensive patient data, and improving population health outcomes.”
(16)
In other words, Stages 1 and 2 focus on building the infrastructure, while Stage 3 focuses more on
outcomes. Among other things, there is a lot of encouragement of patient involvement.
Accountable Care Organizations (ACOs)
The purpose of ACOs is to improve patient outcomes at a reduced cost by coordinating care,
avoiding duplication, and avoiding errors. Providers assume the costs of care that exceeds what is
deemed appropriate; they keep the payments if the cost is below that level. Some important features of
ACOs consist of several shifts away from traditional care: from treating patients when they get sick to
keeping patients healthy; from making maximum use of resources to applying appropriate levels of care;
from treating all patients the same to customizing care; from avoiding the sickest, chronically ill patients to
6
providing special chronic care services; from not engaging patients in their own care to encouraging
engagement and frequent communication. (17) Electronic medical records and communication are
essential to making ACOs work.
Medical Homes
Medical homes emphasize access to a personal physician who directs a medical team responsible for
the patient’s care coordinated across the health system. Emphasis is on quality and safety as well as
access to care. Taking into account the value that clinicians add, payment can reimburse time spent on
the phone or with emails to patients. Similar to ACOs, medical homes emphasize the use of electronic
medical records and patient participation in health care. They also emphasize tracking: of care, of tests,
referrals, and check performance and improvement. Medical homes are most suited for those with chronic
conditions. (13)
Health Information Exchanges (HIEs)
The development of HIEs is becoming widespread. Their purpose is to improve healthcare delivery
and information sharing among facilities, health information organizations, and government agencies. (18)
The information they can gather will have many benefits, among them, rich databases for research.
Genomics
It will be easy to get a patient’s genome from the moment of birth by using the blood in the heel stick.
This could be stored with the patient’s record or in a central repository for use in predicting disease, and
response to various medications and treatments. Proactive treatments before a disease even appears
would be a huge boon to the patient’s healthcare (4), and would save costs.
The statistic number needed to treat (NNT) is the number of patients that need to be treated with a
given intervention before any benefit is realized. For instance, in patients with a major heart attack, aspirin
must be given to 42 patients immediately after the event in order to prevent one death. (19) Such figures
exist for many illnesses and conditions, but for many it is known that patients with certain genetic
mutations respond better to certain treatments than to others. (4) If this information is known prior to
treatment, treatment could become more personalized, giving the correct, effective treatment the first
time, rather than trying several before finding the right one.
7
Telemedicine
Already, telemedicine is not common. EKGs have long been interpreted and overread by far-away
cardiologists; Xrays and other images are often interpreted by radiologists who are not on site. Physicians
can see their patients in the hospital via robots, and even perform robotic surgery from far away. Now it is
becoming more common for companies to create devices which are used outside of a healthcare facility.
The devices can be brought to the patients (or the patient can go to the devices), and patients can then
have a high-quality video consult with physicians.(14) As wireless communication becomes increasingly
prevalent, the next step is mobile health.
Mobile health (mHealth), smart phones and other wireless patient data
transmission
The use of mobile phones has exploded to the point where as of February, 2012, 46% of American
adults were smart phone users, up from 33% just the previous May, and 41% American adults used cell
phones that were not smart phones. The increased use of smart phones crossed income, age, and ethnic
groups, though senior citizens, African-Americans, and Latinos had smaller increases. Only 13% of adults
over 65 owned smart phones, up from 11% the previous year. The smaller increase among AfricanAmericans and Latinos was perhaps due to their already high adoption rate, which is now 49% for each
group. Smart phone use increased with household income, with an adoption rate of 34% (up from 22%)
for those with household income of less than $30,000, to 46% (up from 40%) for those with household
income between $30,000 and $49,999, 49% (up from 38%) for those with household incomes of $50,000
to $74,999, to a high of 68% (up from 59%) for those whose household incomes exceeded $75,000.
Similar trends were observed with educational level, with a 25% usage rate for those with less than high
school to a 60% usage rate for those who had completed college. Those living in cities had the highest
usage rates (50%), whereas rural residents had a low usage rate of 34%. Suburbanites’ usage was close
to that of city-dwellers, with a usage of 46%. (20)
Smart phones have a huge potential to be an adjunct to patient care. Indeed, 66% of Americans
would welcome a smart phone to monitor their conditions. (21) Already, numerous apps track such things
as calories consumed and exercise done. Physicians use apps such as DXplain for clinical decision
support, and there are apps that can identify pills. The capacity of smartphones for continuous monitoring
8
is untapped, but is being developed. If patients with various diseases could use these apps as part of
their standard care, not only would their health be better monitored, but also they would have to make
fewer doctor’s office visits and costs would be reduced. If various readings crossed certain thresholds,
alerts could notify the caregiver to contact the patient and determine whether an office visit is necessary.
In addition, medication compliance could be observed, and if a patient is skipping doses, alerts would
also notify the caregiver to educate the patient on the importance of compliance, or steps could be taken
to ensure that the patient can afford to take the medication. Not only will these save money, they provide
a better picture of the patient’s general state, since office visits are mere snapshots.
Sleep monitors can track a patient’s sleep cycles, determine how much time a patient was actually
sleeping, awake, and how much time was spent in each cycle. By avoiding trips to the hospital for sleep
disorder clinics, a lot of money is saved. Patients can monitor their sleep given various activities, be it
exercise before bed, or drinking caffeine or alcohol. It can function as a biofeedback loop, educating
patients on which activities promote the best sleep. All of this information can then be sent via smart
phone to a venue of the patient’s choice.(4)
Smart phone apps already exist to remind diabetics to check their glucose and then to give them
feedback, and they result in better glucose control. There are also (very expensive) embedded sensors
available to do continuous monitoring, but they are not sophisticated or cheap enough for general use.
Insulin pumps do not work as a closed loop; patients still have to check their glucose and then set the
pump. Efforts are being made now to measure glucose without finger-sticks, such as through special
contact lenses and blood markers. Though the FDA is wary about the accuracy of these tests and the
possibility of patients responding with the wrong insulin dose, the tests should become more accurate. If
the results can be sent to smart phones and then to EHRs or PHRs, the continuous information will give
clinicians much better pictures of patients’ glucose level: when is it high, when is it low, and corrective
action can be taken. The HbA1c measurement is only an overall measurement, and does not give a
detailed picture of the patients’ rising and falling glucose levels. When this works out, patients will have to
make fewer lab visits, and yet still be carefully monitored.(4)
Smart phones can also be used to replace Holter monitors in some cases. They can be used to take
single-lead ECGs, either through sensors attached to the smart phone, or from the smart phone directly.
9
If a patient is feeling certain symptoms, an ECG can be sent directly via the smart phone for
interpretation, and advice given immediately, without human intervention. (4)
Fetal contractions and patients’ vital signs, including blood pressure can be monitored continuously
and transmitted via smart phone. Patients can monitor themselves; if they feel palpitations or flutters, they
can check for arrhythmias; if they are upset, they can check their blood pressure. Providers can get a
much more detailed picture of the patients’ blood pressure changes. And patients can self-monitor,
seeing the effects of various activities and diet on their blood pressure. Again, patients and providers can
get immediate information without an office visit. Another potential benefit is that if certain measurements
indicate danger, paramedics can automatically be called. (4)
Sensors to indicate an oncoming asthma attack or an area with high pollen counts that might cause
an asthma attack could also warn the patient and transmit the information to the patient’s health record.
Again, this detailed information can only improve treatment. (4)
Sensors can also detect and transmit medication compliance. For instance, the lack of medication
compliance in patients with congestive heart failure is a major reason for hospital readmissions, at a rate
for patients over 65 of 27% within 30 days and 50% within 6 months.(4) More than 125,000 Americans
die yearly from medication non-compliance (22), and a 2009 study showed that medication nonadherence costs the US healthcare system $290 billion annually.(23) Pills or bottle caps, as well as
embedded sensors in pills can transmit compliance information (4), and potentially include whether or not
the patient took the medication, and then whether or not it was metabolized.(24) If a patient is becoming
non-compliant, a healthcare worker could contact the patient and help him/her get back on track.
Another use of smart phones is to monitor patients with depression. The smart phone could detect
physical activity and skin conductance to monitor emotional state.(4)
Smart phones functioning as breath, blood, urine, saliva, sweat analyzers can determine whether or
not a patient has malaria or STDs, can monitor electrolytes and blood counts, can determine whether a
cough is from pneumonia or heart failure. A smart phone can analyze a photo of a skin lesion and
determine whether or not it is malignant.(4)
10
Below is a table showing conditions that are amenable to wireless monitoring that are being worked
on at one company, West Wireless Health Institute:
(25)
This table shows anticipated savings:
(26)
11
Benefits
Clearly such devices have enormous benefits. They can cut costs, provide immediate feedback on
important medical questions, provide monitoring, and reduce physician office and lab visits. More detailed
information on patients will clearly be useful and more conducive to health. They fit right into the needs of
ACOs (improving outcomes at a reduced cost) and Medical Homes (increasing patient participation in
health care, tracking performance and improvement), and satisfy several of the outcomes goals of
Meaningful Use Stage 3 (improving safety and efficiency, giving patients access to self-management
tools, increasing the amount of patient data, and improving population health outcomes).
The amount of data sent my mobile devices, combined with genomic information, will prove to be a
rich resource in HIEs. It will become easier to develop treatment customized to patients’ genomes,
instead of wasting patients’ time, threatening their safety, and wasting money by prescribing treatments
that benefit patients with other genomes. The number needed to treat should go down considerably.
Aggregating the information in multiple ways can only give researchers new insights into treatment
effectiveness. Public health may also be improved by the ability to spot local trends.
As electronic devices become more sophisticated, they will be used more and more. It is estimated
that by 2014, healthcare providers could save between $2 billion and $6 billion worldwide annually from
the use of mobile technology.(21)
Privacy, Confidentiality, Security
Avanchi et al. discuss the differences between privacy, confidentiality, security. Privacy involves the
amount of control patients have over the acquisition, uses, or disclosures of their information;
confidentiality refers to the obligations of those who have access to the information to respect the privacy
of the patients; and security refers to physical, technological, and administrative safeguards used to
protect indentifiable information from unwarranted access or disclosure. (27)
Privacy concerns
Some of the privacy issues and desired outcomes are:

Patients may not want others to know that they are being monitored; the monitoring device, if at
all possible, should not be observable by others
12

No one should be able to intercept smart phone transmissions; the transmissions should be
encrypted.

Patients should be able to determine how much information is being transmitted and where.
Depending on where the information is going and for what purposes, different amounts and kinds
of information would be preferable to transmit. A physician would find it useful to have all of the
details; an insurance company may need only aggregated data; emergency personnel might
need location, but few details; researchers might need a different set of information.

Protected health information stored on the phone should be erasable remotely in case the phone
gets lost.

The information should only be accessible by those who have the proper credentials, i.e. security
key or password. Someone borrowing the phone should not have access to health data without
the patient’s permission.

The health information should be protected from smart phone hacking.

The health information should be protected from the eyes of law enforcement. If the smart phone
of a crime suspect contains a long history of location information along with vital signs, law
enforcement might want access.

Device vendors, who are not covered entities, and not bound by laws regarding protected health
information, should neither be able to store data without the patient’s knowledge, nor use it for
their own purposes.(27)
Security and technical concerns
Attacks on mobile devices are forecast to increase greatly over the next few years, and mobile
subscribers, unaware of the potential for attack, often fail to take basic security precautions when
accessing data. Furthermore, mobile devices are not PCs, and have different security issues. Safeguards
for PCs are often not readily available for mobile devices. (28)
There is no end-to-end security solution for mobile devices. Though mobile device management
services protect data on the devices, they do not always provide end-to-end encryption for text
messages, which could then be intercepted. Vendors that provide secure encrypted text messaging are
13
not responsible for data stored on the device. Mobile devices could pick up a virus or malware that not
only would override the device’s security and expose the patient’s data, but could also transmit the virus
to other devices over unsecured networks.(28)
Transmissions must get through firewalls with strong virus protection and into the correct patient’s
EHR. Speed is of the essence, and bottlenecks would not be tolerated. The huge amount of new data
would have to be processed quickly into manageable, useful information. There would need to be a way
to check that the healthcare data being transmitted belongs to the patient whose chart it will be added to.
Possibly smart phones used for remote care would need to be dedicated to that, so that other apps
don’t use them, introducing the possibility of viruses. The phones would have to be functional only for the
patient for whom they are intended so that other people don’t borrow them for their own uses.
The Department of Homeland Security notes that many existing medical devices were designed with
embedded operating systems, protecting them from most cyber attacks, but that now, with commercial
operating systems, devices can become susceptible to malware and or viruses. Another issue is that
some implanted devices could be vulnerable to Denial of Service (DOS) attacks. They point out that once
a device has been hacked, the hacker has total control: the device can be vandalized, reprogrammed,
and medical information can be stolen. (29)
Safety concerns
All such devices would have to be approved by the FDA and undergo rigorous testing. For many
conditions they would have to be at least as accurate as current tests, and if they are not, then they would
have to be used and understood as such. The possibility of numerous false negatives and positives would
not be tolerable. Calibration when necessary would need to be easily done, and without extensive patient
involvement. Smart phone batteries would have to be improved so that they would not be out of power at
critical moments. Patients and providers would need to trust them. Devices that transmit data could not
be shared, as the wrong data could go to the wrong patient’s EMR. Every time a patient starts using the
device, the patient would have to be authenticated.
14
Social concerns
These devices must be available for everyone who needs them. All patients who need them must
have access, and the cost should be borne by patients’ healthcare insurance or other healthcare plan. If
the smart phone gets lost, it must be easy to find.
Many of those with chronic conditions, especially senior citizens, will have a difficult time using the
devices. It may be better for these patients to come in for office visits or for aides to come and help them.
Care must be taken that the technology does not provide false security. Mobile devices don’t
completely replace office visits, but merely make routine visits less necessary. Diabetics, for instance,
should still see their providers to check for foot problems or neuropathy. A general patient assessment
involving touch must still be performed periodically.
One major reason for medication non-compliance is cost. Patients cut pills or skip doses not because
they are forgetful, but because they need to save money. Medications must be affordable enough that
cost is not a reason for non-compliance. The reason for medication non-compliance must be investigated
before providing a reminder system that does not get at the root cause of the non-compliance. One
company, hoping to save money, cut health insurance coverage by raising co-pays, only to discover later
that their costs went up because so many employees coped by cutting their needed medications, only to
end up needing more medical care.
That some patients need the face-to-face contact with providers cannot be ignored. New problems or
questions might come up that the patient feels more comfortable discussing in person. This can make a
huge difference in outcome.
Ethical concerns
How good are the apps? If they are not quite as good as the ones in office, how good is good
enough? For instance, a single lead EKG is good for rhythm monitoring, but not for a full view of the
heart’s electrical functioning, in which other conditions. It must be clear what the apps are for and what
they are not for.
Will there be a push to discourage patients from seeing doctors? One important result of office visits
is that the physician can assess the patient visually and through touch. Observations of the patient’s gait,
mien, and general appearance are important pieces of information. Doing auscultation similarly provides
15
the physician with important information. Patients may feel free to express a concern only after some time
with the provider.
Thus, mobile devices should serve as important adjuncts to routine care, but should not replace
periodic office visits. They should not provide false security to the patient because the patient is not clear
on exactly what they can and cannot do.
Legal concerns
Privacy, security, and safety are the main legal concerns. With the enormous amount of new data
coming in from a virtually unlimited number of devices, security has to be extremely strict while allowing
the data to get in.
Most of the concerns in HITECH have to do with covered entities transmitting data to each other or to
patients, but not from patients to covered entities, (28) and do not cover transactions occurring outside of
a clinical setting.(27)
Current laws and regulations will have to be modified to cover mobile health devices as well, and the
FDA will have to start regulating them. The FCC, which has already set aside some frequencies for
mobile devices in hospitals(30), may need to do the same for mobile devices outside of hospitals.
Payment
Payment issues for remote monitoring sessions have not been worked out, and are a barrier to the
use of mobile devices.(24) Most telehealth, including home monitoring, is not reimbursed by Medicare,
(31), nor is it clearcut by other payers. The Centers for Medicare and Medicaid Services, along with state
health commmissions, will have to take the lead.(32) The FCC has pointed out that the right data will
help to make outcomes-based reimbursement possible(33). This is supported, for example, by trials
showing that home health monitoring reduced readmissions for 50% of patients with congestive heart
failure, and 69% of patients whose home monitoring resulted in a decrease in high blood pressure.(31)
16
Future State
Privacy principles
Avanchi et al lay out some privacy principles, in large part informed by the writings of several
organizations: the Office of the National Coordinator for Health Information Technology (ONC), the Health
Privacy Project, the Markle Foundation, the Certification Commission for Healthcare Information
Technology (CCHIT). These are very similar to the Fair Information Practice Principles (FIPPs) issued by
the Department of Homeland Security(34):

Openness and transparency: Healthcare information policies, procedures, and technologies
should be open and transparent to the patients using the system. Patients should be aware of
what information was collected, why, where it resides, who has access and can use it, and how
access is provided.

Individual participation, access, consent, and control: patients should be able to control the
privacy of their healthcare information, and should be able to determine what data is collected,
how it is being used, and who is using it.

Purpose specification and data limitations: Those who collect, store, and use the healthcare data
must specify why, and from then on, access the data only for those purposes. If the purpose
changes, the patient must be informed. The data collected should be the minimum needed to
carry out the purpose.

Data quality and integrity: patient information must be complete, accurate, relevant to the
purpose, and up-to-date; patients should be able to correct errors in their records; the data cannot
be destroyed in an unauthorized manner.

Security safeguards and controls: The infrastructure upon which the health information system is
built must provide appropriate physical, technical, and administrative mechanisms to keep the
patient data confidential and prevent unauthorized use, access, or disclosure of the data, at the
same time allowing access to the users.

Accountability, oversight, and remedies: Providers, payers, and employers must be held
accountable to adhere to the privacy principles defined above, and monitoring must be in place to
17
ensure that they do. If there is any deviation, patients must be informed, remedies must exist to
address the breach and steps taken to prevent a reoccurrence.

Patient access to data: Patients should have easy access to their own data.

Anonymity of presence: Medical sensing devices should not be observable by others nearby.(27)
Security
Because so many components are involved, Avanchi et al. assert that there needs to be a “supportive
ecosystem” – a regulatory, logistical, and technical foundation to support all of the processes involved in
mHealth. The following roles would be involved:

Policymakers to establish laws, regulations, and standards regarding privacy protection

Certification bodies to verify whether particular products and services meet the policies and
standards.

Manufacturers to produce the products

Distribution and management services, not only to distribute the devices, but also to manage
them remotely: to provide secure software updates and to delete information remotely if a device
gets lost

Key-management infrastructure to support key distribution and encryption systems(27)
One company already provides the following security measures:

Automated two-factor authentication

End-to-end encryption

One-time passwords

Encrypted security and privacy data in each message

Delivery and read confirmation for sent and received messages

PIN protection, auto-lock, auto data wipe

Device/user blocking capabilities

Client authenticity and message integrity verification prior to routing messages

Secure address book

Provider and patient web portals (28)
18
Homeland Security advocates that “the design concepts for medical device immunity from cyber
attack must include all phases of the medical device lifecycle including inception, design, manufacturing,
the deployment environment, maintenance, and finally support.” (29)
Future use
I envision that mobile health via sensors will dramatically increase and that more and more data will
be transmitted from the patients to their EMRs. Either sensors will begin transmitting directly, for instance,
each one being a mini-cell phone, or they will be mediated by the smart phone. Patients will be better
monitored, and get immediate feedback of what behaviors or activities trigger what results, and thus will
be training themselves on healthier behavior. Safety will increase, as certain events (e.g. heart attack) will
be picked up by the sensor before they happen. Continuous blood glucose monitoring will be in a
feedback loop with an insulin pump, so that the pump can emit the right amount of insulin at all times. A
detailed profile of patients’ glucose measurements by time of day will give a better indication of the
patients’ state than an overall, HbA1c done every three months. By monitoring calories in/burned,
patients may be able to self-treat obesity better. Possibly watching glucose spikes, and what foods
triggered them will help. Sensors will be able to do ever more blood analyses, and some diseases will be
able to be picked up before the scheduled routine check-up. Routine care will be more thorough, but less
time consuming, as algorithms on the EMR side can analyze the data and alert physicians only if a
problem is detected. With patients’ permission, much of this data will be used for research, encouraging
the development of better treatments. This will lower costs, as mobile health devices will help patient live
healthier lives, and preventing or postponing serious disease, as well as lessening the number of routine
office visits.
Legal
HIPAA and ARRA laws have to be amended to cover mobile health devices so that privacy is
ensured, so that certification requirements can be established and met, so that device vendors can
neither view nor use the information. Mobile health devices should become part of the ecosystem
proposed by Obama last year.
19
Not only should privacy laws be extended to mobile devices and transmissions to and from them, but
also specific technical standards should be enacted to ensure that privacy standards can be met. These
involve types of authentication, encryption, communication bandwidths. Some of them are already being
used, but standards should be codified. The FCC should be involved, along with NIST.
Mobile apps that monitor patient data sent to the EMR should be regulated by the FDA. The FDA has
already published a draft guidance for mobile apps, in which it contends that, “In general, if a mobile app
is intended for use in performing a medical device function it is a medical device, regardless of the
platform on which it is run. For example, mobile apps intended to run on smart phones to analyze glucose
meter readings would be considered similar to software running on a desktop computer, which is
regulated under 21 CFR 862.1345 ("glucose test system").” (35)
Perhaps the devices should be prescribed, so that those available by prescription are the ones
closely regulated, to differentiate them from others in the marketplace.
Payment
In addition, insurance companies, Medicare, and Medicaid should all cover mobile health devices.
Since they lower costs, it is to their advantage. Since Medicaid is state-regulated, it may not be possible
to require Medicaid to provide these devices, but certainly use of the devices when appropriate could
constitute meaningful use. They should find their way into ACOs and medical homes as well.
20
Works Cited
1. Kovner, Anthony, Knickman, James and Jonas, Stephen. Jonas and Kovner's Healthcare
Delivery in the United States. New York : Springer Publishing Compay, 2008.
2. Institute of Medicine. Crossing the Quality Chasm: A New Health System for the 21st Century.
Washington, D.C. : Institute of Medicine, 2001.
3. Kaiser Family Foundation. Health Care Costs: A Primer. [Online] Kaiser Family Foundation, May
9, 2012. [Cited: May 26, 2012.] http://www.kff.org/insurance/upload/7670-03.pdf.
4. Topol, Eric J. Part 2: Capturing the Data. The Creative Destruction of Medicine: How the Digital
Revolution will Create Better Healthcare. New York : Basic Books, 2012, pp. 63-74.
5. healthreform.gov. Fact Sheet: The Affordable Care Act’s New Patient’s Bill of Rights. [Online]
June 22, 2010. [Cited: May 27, 2012.] http://healthreform.gov/newsroom/new_patients_bill_of_rights.html.
6. Terhune, C. Many hospitals, doctors offer cash discount for medical bills. Los Angeles Times.
[Online] May 27, 2012. [Cited: May 27, 2012.] http://www.latimes.com/business/la-fi-medical-prices20120527,0,4627745.story.
7. HIPAA Violations. HIPAA Privacy Security. HIPAA Violations. [Online] March 28, 2012. [Cited:
May 19, 2012.] http://www.hipaaviolations.com/hipaa-privacy-security-2/.
8. HHS.gov. Summary of the HIPAA Security Rule. HHS.gov. [Online] [Cited: May 19, 2012.]
http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html.
9. Wysor, Gina. History of HIPAA. All-Things-Medical-Billing. [Online] 2011. [Cited: 05 19, 2012.]
http://www.all-things-medical-billing.com/history-of-hipaa.html.
10. HIPAA Violations. What Are The Important Facts About HIPAA Violations . HIPAA Violations.
[Online] May 4, 2012. [Cited: May 19, 2012.] http://www.hipaaviolations.com/what-are-the-important-factsabout-hipaa-violations/.
11. Davis, N and Lemery, C. Perspectives on Managing Regulations: HIPAA . AHIMA.org. [Online]
2004. [Cited: May 19, 2012.]
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok3_005562.hcsp?dDocName=bok3_00
5562.
21
12. HHS.gov. Summary of the HIPAA Privacy Rule. HHS.gov. [Online] [Cited: May 20, 2012.]
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html.
13. Health Affairs. Patient-Centered Medical Homes. [Online] September 14, 2010. [Cited: May 27,
2012.] http://www.healthaffairs.org/healthpolicybriefs/brief.php?brief_id=25.
14. Svoboda, E. Cisco's Virtual Doctor Will See You Now: Cisco's new health-networking systems
could transform health care. [Online] April 20, 2011. [Cited: May 28, 2012.]
http://www.fastcompany.com/magazine/155/the-virtual-doctor-will-see-you-now.html.
15. The Office of the National Coordinator for Health Information Technology. Standards &
Certification Criteria Final Rule. [Online] [Cited: May 27, 2012.]
http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__standards_ifr/1195.
16. cms.gov. Details for: CMS FINALIZES DEFINITION OF MEANINGFUL USE OF CERTIFIED
ELECTRONIC HEALTH RECORDS (EHR) TECHNOLOGY. [Online] July 16, 2010. [Cited: 27 2012,
May.]
http://www.cms.gov/apps/media/press/factsheet.asp?Counter=3794&intNumPerPage=10&checkDate=&c
heckKey=&srchType=1&numDays=3500&srchOpt=0&srchData=&keywordType=All&chkNewsType=6&int
Page=&showAll=&pYear=&year=&desc=&cboOrder=date.
17. Lindgren, K. WEEK 8 LEARNING GUIDE: Alternative Care Delivery Models...The Usual and the
Unique Legal & Ethical Issues. [Online] May 2012. [Cited: May 27, 2012.]
https://courses.northwestern.edu/bbcswebdav/courses/2012SP_MED_INF_407DL_SEC55/Week%208%20%20LEARNING%20GUIDE%20%20%20%20Alternative%20Care%20Deliver
y%20Models%20%20%20LINDGREN%20%20Word%20%20%20March%202012.pdf.
18. Rouse, M. health information exchange (HIE). [Online] May 2010. [Cited: June 3, 2012.]
http://searchhealthit.techtarget.com/definition/Health-information-exchange-HIE.
19. the NNT. Aspirin Given Immediately for a Major Heart Attack (STEMI). [Online] 2010. [Cited: May
28, 2012.] http://www.thennt.com/aspirin-for-major-heart-attack/.
20. Smith, A. 46% of American adults are smartphone owners: Smartphone users now outnumber
users of more basic mobile phones within the national adult population. [Online] March 1, 2012. [Cited:
22
May 27, 2012.]
http://pewinternet.org/~/media//Files/Reports/2012/Smartphone%20ownership%202012.pdf.
21. Happtique. mRx. [Online] 2011. [Cited: May 29, 2012.] http://www.happtique.com/mrx/.
22. MARKEST: Markets around the World. Medication Reminders ... A Life Saver. [Online] May 29,
2012. [Cited: May 29, 2012.] http://markestglobal.com/data/con524232025a/xlo511376708.
23. New England Healthcare Institute. NEHI Research Shows Patient Medication Nonadherence
Costs Health Care System $290 Billion Annually. [Online] August 11, 2008. [Cited: May 29, 2012.]
http://www.nehi.net/news/press_releases/110/nehi_research_shows_patient_medication_nonadherence_
costs_health_care_system_290_billion_annually.
24. Center for Technology and Aging. mHealth Technologies: Applications to Benefit Older Adults.
[Online] March 2011. [Cited: May 29, 2012.]
http://www.techandaging.org/mHealth_Position_Paper_Discussion_Draft.pdf.
25. West Wireless Health Institute. Focus Areas. [Online] 2010. [Cited: May 27, 2012.]
http://www.westwirelesshealth.org/index.php/wireless-health/focus-areas.
26. West Wireless Institute. Cost Efficiency. [Online] 2012. [Cited: May 29, 2012.]
http://www.westwirelesshealth.org/index.php/wireless-health/cost-efficiency.
27. Avanchi, S, Baxi, A and Kotz, D. Privacy in mobile technology for personal health care. [Online]
2012. [Cited: June 1, 2012.] http://www.cs.dartmouth.edu/~dfk/papers/avancha-survey.pdf.
28. Cronin, M. Mobile Health and Security. [Online] February 21, 2011. [Cited: May 30, 2012.]
http://www.diversinet.com/downloads/whitepaper/Mobile_Health_Feb25.pdf.
29. Department of Homeland Security. Attack Surface: Healthcare and Public Health Sector.
[Online] May 4, 2012. [Cited: May 25, 2012.] www.infosecisland.com/download/index/id/89.html.
30. McCann, E. FCC gives green light to wireless medical devices . [Online] May 25, 2012. [Cited:
June 1, 2012.] http://www.mhimss.org/news/fcc-gives-green-light-wireless-medical-devices.
31. Versel, N. Telehealth Reimbursement Will Grow, Health Leaders Say. [Online] January 19, 2012.
[Cited: June 3, 2012.] http://www.informationweek.com/news/healthcare/mobile-wireless/232500108.
32. Goldstein, P. Despite opportunity, wireless hesitates on mobile health. [Online] [Cited: June 03,
2012.] http://www.fiercewireless.com/special-reports/despite-opportunity-wireless-hesitates-mobile-health.
23
33. Federal Communications Commission. National Broadband Plan Connecting America Chapter 10: Health Care. [Online] [Cited: June 3, 2012.] http://www.broadband.gov/plan/10healthcare/#s10-4.
34. Department of Homeland Security. The Fair Information Practice Principles at Work. [Online]
June 2011. [Cited: June 3, 2012.]
http://www.dhs.gov/xlibrary/assets/privacy/dhsprivacy_fippsfactsheet.pdf.
35. Administration, Food and Drug. Draft Guidance for Industry and Food and Drug Administration
Staff - Mobile Medical Applications. [Online] July 21, 2011. [Cited: June 3, 2012.]
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm263280.htm
.
36. HHS.gov. § 164.312. gpo.gov. [Online] October 1, 2010. [Cited: May 20, 2012.]
http://www.gpo.gov/fdsys/pkg/CFR-2010-title45-vol1/pdf/CFR-2010-title45-vol1-sec164-312.pdf.
37. Alexander, A. Smartphone Usage Statistics 2012. [Online] January 24, 2012. [Cited: May 20,
2012.] http://ansonalex.com/infographics/smartphone-usage-statistics-2012-infographic/.
38. Mogg, T. US smartphone users now over 100 million, Android increases market share. [Online]
March 6, 2012. [Cited: May 27, 2012.] http://www.digitaltrends.com/mobile/us-smartphone-users-nowover-100-million-android-increases-market-share/.
24