Skip to content
Naked Security Naked Security

Apps that are a matter of life, death and data win $75,000 prizes

Two start-ups have won a US government competition to design apps that help patients manage and control their data

To say the healthcare systems are facing information security challenges would be an understatement, as personal identifying information (PII) and protected health information (PHI) being handled in an inappropriate manner or lost via a breach are daily occurrences. Therefore, when we read the words “health care” and “IT” in a sentence together far too often there is bad news which follows, here’s a bit of good news.

The US Department of Health and Human Services, which manages the Health Insurance Portability and Accountability Act (HIPAA) announced the winners of its Move Health Data Forward Challenge, two start-ups, Live and Leave Well and Docket. Each received US$50,000 for winning and US$25,000 for passing through the first two rounds, for a total of US$75,000

What is this HHS challenge?

The challenge was to “Implement an application programming interface (API) solution that enables individuals to securely and electronically authorize the movement of their health data to destinations they choose.” As the focus is the healthcare sector, and the applications would be processing both PII and PHI, integration of security and privacy processes was identified early as a prerequisite.

The contestants were directed to implement their privacy and security solutions in accordance with the OpenID Heart Working Group. Both winners implemented the guidance into their solutions. Docket’s implementation of SSL certs on their website was as expected – fully implemented. Unfortunately, such was not the case for Live and Leave Well which, apparently, has not yet implemented SSL into its website, somewhat disappointing given it is a “secure application”.

What’s in it for the patients?

Live and Leave Well focuses on preparing for the end of life. Patients create a single data store to hold the documents you might need, such as a Do Not Resuscitate directive (DNR) or medical power of attorney. Patients – or their proxy – can then share the documents when they’re needed, and, perhaps most importantly, the app ensures the nuances of each state’s laws and forms are used.

Docket aims to be a comprehensive archive of your PII and PHI that can be shared as the user chooses with  medical providers, family, lawyers, etc. The application puts the information under patient control and should remove the need to fill out mountains of forms every time a new medical provider is encountered. It also collates patient medical history and insurance information.

Docket also offers medication alerts and integration with medical devices  as well as reminders of appointments, secure patient messaging and sharing of information.

Putting the patient in control of how and with whom their medical information is provided is key. As we see, with ever increasing frequency, our providers share our information with us and each other via a myriad of methodologies, some authorized and many not, to include some that make us smack our heads on the table – Snapchat for example.

These are indeed bright spots for those of us mired in the administrative quagmire when it comes to accessing our own medical information, let alone sharing it with others. Capturing control of our own data can’t come too soon.


“…the Health Information Privacy Accessibility Act (HIPAA) ” is wrong. HIPAA stands for “Health Insurance Portability and Accountability Act”. Although it contains the privacy mandates, that wasn’t it’s sole purpose.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!