The Wired article, "What Doctors Wish You Knew About HIPAA and Data Security," delves into the limitations and misunderstandings surrounding the Health Insurance Portability and Accountability Act (HIPAA) in safeguarding personal health data. It highlights that HIPAA primarily regulates healthcare entities but does not cover consumer-generated data or information shared outside traditional medical settings, such as through personal devices or social media. The piece underscores the importance of individual vigilance in data protection, emphasizing the use of multi-factor authentication and careful sharing of personal health information, especially in non-regulated platforms. This article serves as a crucial reminder of the evolving challenges in health data security and the shared responsibility between healthcare providers and individuals in protecting sensitive health information.

It is crucial to have a Cybersecurity Action Plan for Protecting Personal Health Data because personal health data is sensitive and valuable information. A well-designed plan helps safeguard this data from unauthorized access, cyber threats, and potential misuse, ensuring privacy and maintaining trust between individuals and healthcare providers. Additionally, protecting personal health data reduces the risk of identity theft, fraud, and financial loss while also preserving the integrity and accuracy of medical records. Implementing a cybersecurity action plan promotes compliance with relevant data protection regulations, fosters a culture of security awareness, and contributes to overall digital safety.

A new Senate bill introduced in early April 2022 (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.

Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act.

Medical devices with networking capabilities are critical technologies in patient care today. This article explains what their potential security vulnerabilities mean for the average consumer.

From the MITRE website:

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbookoutlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. Recent global cyber attacks highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations.

Using mobile devices to store, process, and transmit patient information has become increasingly popular amongst healthcare providers. When health information is compromised, organizations can face penalties and lose consumer trust, and patient care and safety may be at risk.

To address this challenge, cybersecurity experts at the NCCoE collaborated with the healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.

From the article objective: "To determine the usability and acceptability of SMS4BG among adults with poorly controlled diabetes."

mFHAST Implication: Opportunity to improve diabetes education, management, lifestyle factors (healthy eating, exercise, and stress management) and blood glucose monitoring reminders using SMS.

The Quantified Self website provides a current list of many of the self-tracking tools out there.

The FDA is informing patients and health care providers that pulse oximeters have limitations and a risk of inaccuracy that must be considered.

Our health and lifestyle data is everywhere.  This article outlines four steps that anyone can take to create a more complete, layered defense to protect personal information from attackers.

As medical devices become more networked, they may become vulnerable to cybersecurity threats. Patients should preserve their personal information, monitor their device for strange symptoms or behaviors, and receive a device check-up from their health care practitioner or the device maker, according to the US Food and Drug Administration (FDA).

From the article abstract: 

BACKGROUND:
Diabetic foot neuropathy (DFN) is one of the most important complications of diabetes mellitus; its early diagnosis and intervention can prevent foot ulcers and the need for amputation. Thermometry, measuring the temperature of the feet, is a promising emerging modality for diabetic foot ulcer prevention. However, patient compliance with at-home monitoring is concerning. Delivering messages to remind patients to perform thermometry and foot care might be helpful to guarantee regular foot monitoring. This trial was designed to compare the incidence of diabetic foot ulcers (DFUs) between participants who receive thermometry alone and those who receive thermometry as well as mHealth (SMS and voice messaging) over a year-long study period.
METHODS/DESIGN:
This is an evaluator-blinded, randomized, 12-month trial. Individuals with a diagnosis of type 2 diabetes mellitus, aged between 18-80 years, having a present dorsalis pedis pulse in both feet, are in risk group 2 or 3 using the diabetic foot risk classification system (as specified by the International Working Group on the Diabetic Foot), have an operating cell phone or a caregiver with an operating cell phone, and have the ability to provide informed consent will be eligible to participate in the study. Recruitment will be performed in diabetes outpatient clinics at two Ministry of Health tertiary hospitals in Lima, Peru.
INTERVENTIONS:
participants in both groups will receive education about foot care at the beginning of the study and they will be provided with a thermometry device (TempStat™). TempStat™ is a tool that captures a thermal image of the feet, which, depending on the temperature of the feet, shows different colors. In this study, if a participant notes a single yellow image or variance between one foot and the contralateral foot, they will be prompted to notify a nurse to evaluate their activity within the previous 2 weeks and make appropriate recommendations. In addition to thermometry, participants in the intervention arm will receive an mHealth component in the form of SMS and voice messages as reminders to use the thermometry device, and instructions to promote foot care.

From the PubMed Abstract: "Studies have shown self-monitoring can modify health behaviors, including physical activity (PA). This study tested the utility of a wearable sensor/device (Fitbit® One™; Fitbit Inc., San Francisco, CA) and short message service (SMS) text-messaging prompts to increase PA in overweight and obese adults."

mFHAST Implications: Opportunity for wearable device SMS messages to have an impact on physical activity

From the PubMed abstract: "Participants enrolled in a 2x2 factorial RCT and were assigned to one of four semi-automated, text message-based walking interventions. Experimental components included adaptive versus static steps/day goals, and immediate versus delayed reinforcement. Principles of percentile shaping and behavioral economics were used to operationalize experimental components. A Fitbit Zip measured the main outcome: participants' daily physical activity (steps and cadence) over the 4-month duration of the study. Secondary outcomes included self-reported PA, psychosocial outcomes, aerobic fitness, and cardiorespiratory risk factors assessed pre/post in a laboratory setting. Participants were recruited through email listservs and websites affiliated with the university campus, community businesses and local government, social groups, and social media advertising."

mFHAST Implications: Opportunity for text-message based reinforcement to increase effectiveness of a behavioral intervention (encouraging increased walking habits)

From the PubMed abstract: "A number of 344 women who received TIV were randomly assigned to a telephone interview group. They were telephoned seven days post-vaccination and administered a standard survey soliciting any adverse events following immunisation (AEFI) they experienced. They were matched by brand of vaccine, age group, and residence to 344 women who were sent a SMS seven days post-vaccination. The SMS solicited similar information. AEFI reported by SMS and telephone interview were compared by calculating risk ratios."

mFHAST Implications: Opportunities to use SMS for vaccination program adverse event reporting collection. 

From the article abstract: "Trivalent influenza vaccine (TIV) has been recommended for pregnant women in Australia for more than a decade and funded since 2009, yet vaccination coverage remains low. Misperceptions of the safety of TIV in pregnancy have been identified as a major contributor to low vaccination rates. Ongoing safety monitoring with dissemination of results could help improve antenatal influenza vaccine uptake."

mFHAST Implications: Opportunity for use of SMS for pregnancy related vaccination adverse event reporting