1. DavideaNY's Avatar
    I find this interesting. Following Apple documentation in the app store review guidelines (paragraph 27.3) "Apps using the Healthkit framework that stores user' health information in iCloud will be rejected"

    It looks like Apple does not trust the security of their own cloud storage system that much after the recent event.

    BlackBerry really need to leverage its strength in security and data encryption. Heck they could even use this type of things for marketing and advertising.. General public begins to more sensible to privacy and for sure when healthcare is mentiones..

    What is your take on this?

    Posted via CB10
    theRock1975 and Bluenoser63 like this.
    10-15-14 02:56 PM
  2. anon1727506's Avatar
    I find this interesting. Following Apple documentation in the app store review guidelines (paragraph 27.3) "Apps using the Healthkit framework that stores user' health information in iCloud will be rejected"

    It looks like Apple does not trust the security of their own cloud storage system that much after the recent event.

    BlackBerry really need to leverage its strength in security and data encryption. Heck they could even use this type of things for marketing and advertising.. General public begins to more sensible to privacy and for sure when healthcare is mentiones..

    What is your take on this?

    Posted via CB10
    There are LOTS of HIPAA requirements for storing Patient Data....

    As BlackBerry doesn't have an approved method or any indication they are even working on one.... don't see where their encryption or security really matter. Doesn't mean I don't think they "could" have an advantage, just that first they would need all the infrastructure required for a secure data center (Apple spent BILLIONS on their not so secure one). Then you'd have to get developers to build apps for your platform (no problem there ), and finally you'd have to get in with the Drug Companies so they could have their "pretty" sales reps give away your devices as perks.... and somehow get all those doctors to forget about the Apple Platform they have invested time and money into over the last few years.
    TGR1, schmeat and mornhavon like this.
    10-15-14 03:53 PM
  3. rthonpm's Avatar
    It makes sense not so much in terms of Apple not trusting its cloud service, but in terms of once the data is in their hands, they would be required to abide by multiple privacy laws, such as HIPAA. Furthermore, in order to even store that kind of information, Apple would have to prove its systems were compliant to those regulations. Tack on having to meet multiple regulatory hurdles for different countries and it just looks more like a good business decision.
    10-15-14 03:54 PM
  4. Cozz4ever's Avatar
    This has nothing to do with icloud security but who owns the actual data

    All I want for Christmas is a Passport
    10-15-14 04:23 PM
  5. THBW's Avatar
    Well, first things first. Apple's iCloud is indeed completely useless for the generation, transfer and storage of medically private information. That is a no brainer.

    The question of interest is whether BlackBerry is better positioned. The answer is qualified yes. Information transfer with encryption is standard for BlackBerry. If a server is placed on site and has a site specific cloud, then most of the privacy requirements are met. The issue is how to build a site specific cloud that meet the needs of an institution but is flexible enough for adaptation and commercial distribution. Right now, it is a bit of a free for all when it comes to hospitals.

    Posted via CB10
    10-15-14 10:29 PM
  6. rthonpm's Avatar
    Keep in mind also that all BlackBerry does is provide either transport or access to storage. There is no comparable service to iCloud.

    The real question is whether most of the data being compiled by these health apps really have any use beyond what we've already had through apps like Endomondo or any variety of calorie counters. After all, Apple is a consumer based company so their target for something like Health is going to be the average consumer. Developers would be the ones to build off that framework for more sophisticated apps, but even then it only makes sense that the data be local to the device as opposed to being stored on a third-party server.

    Posted via CB10
    10-16-14 06:29 AM
  7. asherN's Avatar
    Well, first things first. Apple's iCloud is indeed completely useless for the generation, transfer and storage of medically private information. That is a no brainer.

    The question of interest is whether BlackBerry is better positioned. The answer is qualified yes. Information transfer with encryption is standard for BlackBerry. If a server is placed on site and has a site specific cloud, then most of the privacy requirements are met. The issue is how to build a site specific cloud that meet the needs of an institution but is flexible enough for adaptation and commercial distribution. Right now, it is a bit of a free for all when it comes to hospitals.

    Posted via CB10
    But we're not talking private cloud here. We're talking public. Even if BB had a product similar to iCloud, it would not surprise me if they followed Apple's decision.
    10-16-14 12:30 PM
  8. raino's Avatar
    There are LOTS of HIPAA requirements for storing Patient Data....
    True. But the apps that leverage HealthKit--wouldn't they be storing medical data somewhere? If so, what would Apple's liability be in case of a breach at this third party, given that they assist the collection of this data? And wouldn't it be just safer if Apple forced these apps to store their data in the "secure" iCloud--where Apple can manage dissemination and security?
    10-16-14 12:45 PM
  9. THBW's Avatar
    But we're not talking private cloud here. We're talking public. Even if BB had a product similar to iCloud, it would not surprise me if they followed Apple's decision.
    Apple's iCloud Is useless and I mean completely useless for the encryption, transfer and storage of medical information. There is no point in pretending. Privacy requirements are serious and they can't be met by anything Apple has to offer.

    Posted via CB10
    10-16-14 11:07 PM
  10. rthonpm's Avatar
    True. But the apps that leverage HealthKit--wouldn't they be storing medical data somewhere? If so, what would Apple's liability be in case of a breach at this third party, given that they assist the collection of this data?
    I would think that the only place the data could be stored is locally. That way it never leaves the possession of the person who owns the device... After all, the information Apple has shown the app giving people in the advertisements wouldn't be anything more than a few numbers with the app plotting them to make them look nice.

    Posted via CB10
    10-17-14 06:31 AM
  11. byex's Avatar
    http://money.cnn.com/2014/09/26/tech...lth-insurance/

    Interesting article.






    Posted via CB10
    10-17-14 08:00 AM
  12. asherN's Avatar
    Apple's iCloud Is useless and I mean completely useless for the encryption, transfer and storage of medical information. There is no point in pretending. Privacy requirements are serious and they can't be met by anything Apple has to offer.

    Posted via CB10
    Correct. And Apple is not pretending otherwise, hence their decision. BB does not have an equivalent, and I strongly suspect that if they did, they would take a similar stance to Apple. Bringing your datacentre into HIPAA compliance is no small task.
    10-17-14 11:07 AM
  13. asherN's Avatar
    True. But the apps that leverage HealthKit--wouldn't they be storing medical data somewhere? If so, what would Apple's liability be in case of a breach at this third party, given that they assist the collection of this data? And wouldn't it be just safer if Apple forced these apps to store their data in the "secure" iCloud--where Apple can manage dissemination and security?
    Yes. Either on the device, or on servers under the direct control of the entity.

    Apple just provides access to purchase and download the app. There is no HIPAA compliance on that.
    10-17-14 11:09 AM
  14. raino's Avatar
    Yes. Either on the device, or on servers under the direct control of the entity.

    Apple just provides access to purchase and download the app. There is no HIPAA compliance on that.
    Device would be okay (although things could get quite crowded with music, pictures, video, and now this app data on a 32GB device...) but the third party app's server is what I'm talking about: are there no consequences for Apple in case of the third party's servers getting breached when a) Apple allowed the app, and b) Apple facilitates the data collection through the HealthKit API (i.e. Apple is involved?)
    Ment likes this.
    10-17-14 12:42 PM
  15. asherN's Avatar
    Device would be okay (although things could get quite crowded with music, pictures, video, and now this app data on a 32GB device...) but the third party app's server is what I'm talking about: are there no consequences for Apple in case of the third party's servers getting breached when a) Apple allowed the app, and b) Apple facilitates the data collection through the HealthKit API (i.e. Apple is involved?)
    There is no liability. The original issue was storing on Apple's non-HIPAA compliant iCloud. Apple could have been liable for that data.

    In the case of 3rd party, where do you see liability? They provided an API that facilitates data transfer between accessories and apps. It's a tool. Apple is not involved.
    10-17-14 02:25 PM
  16. Ment's Avatar
    Device would be okay (although things could get quite crowded with music, pictures, video, and now this app data on a 32GB device...) but the third party app's server is what I'm talking about: are there no consequences for Apple in case of the third party's servers getting breached when a) Apple allowed the app, and b) Apple facilitates the data collection through the HealthKit API (i.e. Apple is involved?)
    Apple would have to grossly negligent as in ignoring security bug reports or not having reasonable industry standard safeguards. I dont recall a software provider ever being fined as most of the time its the implementation part or lack thereof that causes breaches. An example of which being New York-Presbyterian Hospital and Columbia University getting a $4.8M hit because they had no security/risk management plan of securing data from access offsite.
    raino likes this.
    10-17-14 03:37 PM

Similar Threads

  1. Snap apps will not update or install after 10.3
    By partizan666 in forum BlackBerry Z10
    Replies: 14
    Last Post: 01-20-15, 04:41 PM
  2. Latest facebook update not working
    By shoaibista in forum Ask a Question
    Replies: 4
    Last Post: 10-19-14, 04:23 PM
  3. If I wipe everything on my device how do I re-install?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 10-15-14, 04:41 PM
  4. Does the Flashlight with Compass by Berobo pose a security risk?
    By CrackBerry Question in forum Ask a Question
    Replies: 6
    Last Post: 10-15-14, 04:26 PM
  5. Why isn't my BlackBerry Z10 turning on?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 10-15-14, 02:51 PM
LINK TO POST COPIED TO CLIPBOARD