Security of Patient Data During Research and Pilot Programs

Security of patients’ data is a big concern in healthcare, mostly when the information is used for purposes of research or medical pilot programs. The ability to share medical and health data from patients with HealthCare Providers, Pharma, Payers or other Scientific Institutions have shown tremendous benefits in improving patient treatments, because it provides better insights for those involved in HealthCare about the management of several factors including medication. However, at the same time has increased security risks.
The option that patients have right now about participating in research or a pilot program sending health information remotely anytime, anywhere (through mobile phones, wireless medical devices, wearables, sensors and others), may enchance the relationship between those patients and HealthCare Institutions, Providers, Payers and Pharma. But the more remotely devices usability to send health or medical data, the more vulnerabilities in the management, visualization and storage of that data.

Those Health Entities have to be very careful when choosing and working with digital companies which provide the technical aspect. Because of digital companies are managing Health Information, they have to be in compliance with HIPAA law and have to adopt best practices handling Protected Health Information and Personal Health Information. 

Here are some guidelines provided by Wilson Jaramillo, VP of engineering and technology at esvyda Inc.: 

Several challenges have to be faced while adoption of security strategies: 

Combining strategies

Combined strategies may improve security. Those may include but are not limited to: Encryption, Hardware Security Modules (HSM), Decrypted keys during a limited user session (validation without compromising security). Strategies to detect weird behaviors of user accesing data from other devices different from those usually used by him. 

Among other strategies, the use of standards and security policies with internal control of the company may allow the correct adoption of the tools that maintain secure data, including systems that monitor the user activities, 

authentication security for patients

performance of the Operating System, and correct performance of data base, integrity of cache, load balancers, data base cluster sync and Firewall with real-time feedback of application software usage. In this aspect it is important to detect how many sessions are open by a specific user, understand their behaviors and monitor the lifetime of the sessions, thus that session that is not being used can be closed on time or a user accout can be blocked if something strange is happening. For that reason, second authentication factor allows to end use unblock their accounts securely.    

Management of roles

Another key security strategy is the correct administration of users’ roles. The correct administration of users’ roles allows the management of permissions and protects the unauthorized access to data. 


The encryption of data is also a good strategy. The implementation of AES 256 to encrypt data at rest with initilization vectores, store the decryption keys encrypted, usage of a master decryption key inside an HMS system which is independent of application software, generate a different encryption key for every patient and for every kind of data, avoiding dictionary attacks that facilitate the easy decryption beyond a database register, because the computational effort would be high. It is very important the communication of data transmitted between networks, using secure protocols and implementing strategies to avoid atatcks like the man in the middle. 

encryption - security for patients

Protecting software deployment and data base to isolate the enviroment to only be accesible to authorized people and by the authorized applications using HTTPS implementations. To encrypt data at rest, access to the end user application always over HTTPS are a useful option combined with user accounts using strong password policies.

Although all these technologies increase overload over the hardware resources when any search includes any encrypted data, the usage of Keyed-hashing for Message Authentication along with encrypted storage of hashing keys allows to index data without compromising the security of the data. 

Remotely Fault Report

The remotely fault report allows to log the “issues” that require special attention to offer a quick and effective support to users. Implement a supervisor system that keep the traceability of those issues and a project management system provides a reliable product that is able to respond quickly to new challenges like modern attacks that are looking for exploiting vulnerabilities. So, it is important to implement policies that keep the development and deployment tools updated to mitigate the effect of those vulnerabilities. 

messages and notifications - security of aplication

Smart Devices Communicated With Several Mobile Phones and Operating Systems

The use of several smart devices (classic or BLE Bluetooth) connected to different mobile phones and operating systems represent a security challenge. Although Bluetooth is a standard protocol, the different hardware device brands represent a challenge of integration to software developers to offer a stable product for the user. Medical devices with GPRS/2G/3G/4G technology have to use encrypted strategies too. In this area it is not only important to pay attention to the generated data by smart medical devices, but also to the context which includes the unique identification of every device and the integrity of the data transmitted, in order to avoid duplicated data and usage of devices that are compatible or they are not authorized by the application software. 

User Experience - Experiencia de usuario - Innovation/Innovación

Esvyda Inc.

Security of patients’ data is a big concern for esvyda Telehealth and Telemonitoring Solution, which has released a product that integrates medical and non-medical data to be shared by HealthCare Providers, Institutions, Pharmas, Payers and non-medical people involved in the care of patients. The solution helps to see, treat and follow-up patients in a holistic way and empowers patients to be proactive participants in their treatments, decreasing non-adherence to medication, hospital reamdissions and ER visits and saving costs to the health care system. We address security challenges with the implementation all of the aforementioned security strategies.

Want to know more?
Call us at (408) 905 0341 or (408) 660 8666
Email us:

Related posts


Patient-Centric Healthcare: Engagement that transforms…

22 April, 2024

In today's rapidly evolving healthcare landscape, the patient takes center stage, not as a passive recipient, but as a proactive...

Telehealth and remote patient monitoring senior patients Telesalud y Telemedicina para monitoreo remoto de pacientes adulto mayor

Telehealth: Bridging the Healthcare Accessibility…

19 July, 2023

One promising solution that surprisingly has emerged in recent years is telehealth. With its ability to connect patients and healthcare...

RPM Remote Patient Monitoring with Telehealth Monitoreo Remoto de Pacientes y Telesalud

Remote Patient Monitoring (RPM): An…

12 June, 2023

Remote patient monitoring ( RPM ) has emerged as a critical tool in the fight against COVID-19. The pandemic has...