APRIL 15, 2012 WARNING TO PFUSERS REGARDING CLOUD SERVICES
drreflex
Unless you are using an interface that you know is HIPAA compliant, that you have appropriate HIPAA documentation to use, and the service is operated by a reputable company, by going outside of PF to obtain direct Flash access to PF on your mobile devices you are taking risks that you do not want to take.
When using a cloud based application to access Practice Fusion you need to recall that PF is not running on your local device. In this case, PF is running on a virtual computer on a cloud server. Images of your PF screens including personal and patient data are likely being stored on the cloud server. Since most of these applications were written to bring games and video content to Flash-noncompliant devices it is not likely that they are HIPAA compliant. Interfaces optimized for gaming are not likely to contain a lot of data encryption since encryption will tends to slow down game play and reduces battery life. Without adequate encryption, PF screen data, typed entries, and passwords transferred between your mobile device and the cloud server may be unencrypted and fully discoverable. Images of your PF screens on the cloud server are open to data mining. A disreputable site may actively try to capture passwords and private information as it passes to and from the site.
If Practice Fusion is not going issue a strong to warning against using these cloud based services until you know that both you and they are HIPAA compliant, then I will warn you.
Darwin R. Boor, MD
