Medical Apps and Identity Management

Wired.com recently ran an article discussing the impact and challenges of the mobile healthcare app market. Not only are doctors getting new apps to help them do their work, but there are hundreds of consumer medical apps available now.  In fact, just the other night, a friend gave me a very cool demo of a product called Up, from Jawbone (the maker of Jambox) which (directly from their website) “is the combination of a wristband and iPhone® app that tracks your activity and sleep and inspires you to move more, sleep better and eat smarter.”

One can easily envision the day when access to individual electronic medical records and images are available through an app, which is what the Wired.com story was suggesting. I personally, being a fairly frequent business traveler, as well as having moved several times in my adult life, would find this one-stop access to my medical records via a mobile device to be extremely useful.

However, what’s missing from this conversation is the concept of identity management (IdM) and privacy. While it’s fairly easy to envision how a controlled health information network environment can appropriately manage access to medical records, it’s a big leap to open that network up to anyone with a smart phone or iPad. This is where the burgeoning digital identity management ecosystem will make immediate impact.

When I try to access my electronic health records via my iPad, there are a number of assertions, authentications, and authorizations that will need to occur in order for the records to be released AND for the medical provider to be incompliance with HIPAA.  Technologies exist for this in both the master data management (identifying me uniquely and making sure it’s MY information that I receive) and IdM (digitally binding an identity token to me and accepting that token as a relying party for strong authentication and authorization to perform an electronic transaction) areas. The much harder work is on the supporting policy and process swim lanes to ensure the right controls and rules are in place to be enabled by the technology.

Lots of exciting work still to come over the next 5-10 years in this market!