The Value of Identity and Access Management to mHealth Innovation
Security is important to all types of mobility, but mHealth, or Mobile Health, which can be defined as the practice of medicine and public health supported by mobile devices, has special security needs as you can imagine. An article in mHealth News lays out just how important Identity and Access Management solutions can be to mHealth practitioners and patients. IAM is so important, in fact, that the authors of the article, Bill Ash and Joni Brennan called it “one of the critical foundational elements in the vision of standards-based mHealth that is coalescing globally.”
While mHealth has the potential to revolutionize medicine in areas like remote wellness monitoring, the sensitive data contained within and conveyed by mHealth apps represents a grave security risk to both patients and practitioners, not to mention a potentially severe legal risk in the event of a data breach. Therefore, any mHealth app must have “a reliable, robust and standards-based IAM solution” in order to protect the data of all involved. Ash and Brennan also lay out some core standards, which the deem “Identity and Access Management 101,” that any decent IAM solution ought to have in order to be of use to mHealth users:
Authentication – the various tools and technologies, sometimes combined, for verifying the identity of a user (i.e., is the person who he or she claims to be?);
Authorization – access control for data for user or institutional perspective, spanning enforcement of the policies and privileges that define what operations a given identity can do at a given time within a given application;
Reporting and monitoring – logging and reporting capabilities for verifying what’s been happening and overseeing user activities end-to-end across an mHealth application;
Provisioning – the processes around establishing identities, policies and privileges;
Remediation – the techniques and strategies for handling issues among the different actors across an mHealth system in the event that something questionable does happen
The article notes that techniques for authentication are seeing an explosion of new options and innovation, with examples being context recognition techniques that detect unusual behavior to the potential for password-less systems.
Another part of this cooperative system is the work being done by the IEEE Standards Association, of which Bill Ash is Strategic Technology Program Director, and the Kantara Initiative, for which Joni Brennan is Executive Director. Together, the organizations are working to establish a global open standards framework and ecosystem of organizations so that potentially game-changing innovations like mHealth can thrive without fear of being strangled at birth by security breaches.
Thus, by enabling privacy and security, IAM will allow mHealth to innovate and flourish, according to the authors.
A bold vision, and one worthy of pursuit in my opinion, but keep in mind that any security strategy that assumes there will never be a breach is going to end in tears at the very least. That is why I would like to see more IAM thinkers and users think more about what Ash and Brennan call “Remediation,” or handling issues after a breach, and potentially expand that “lesson” in IAM 101 to include how a good system can limit damage in the event of the inevitable breach. Otherwise, good food for thought on the relevance of IAM to an up and coming mobility application.
For the article on IAM and mHealth Innovation at mHealth News, click here.