

Drchrono website redesign out today - d8niel
https://drchrono.com/

======
kategleason
great work.

------
derpmaster
I hope to god my doctor's office isn't using iOS to secure my medical data.
Elcomsoft has a product out to bypass iOS encryption

These guys are releasing free software why the hell aren't they coding for
android. Make your own stripped down android builds that are heavily focused
on SECURITY then just port over all the medical billing tablet software. No
telecom installed operating system should be trusted with holding confidential
medical information when backdoors like carrierIQ were discovered.

Get android source for nexus tablets. Strip them down, include SEandroid
modifications. Encrypt the device, write a small firewall program for it with
notification should something go wrong (like bluetooth being turned on) and
include other freely available foss that encrypts files and pics should
somebody want to transfer them off the device securely.

It's much cheaper than any ipad or iphone too. What's the point of free
software to 'change humanity' when you're making some guy in Nigeria get an
iphone which probably costs 6x what it does here. Cheap Samsung older phones
and Nexus tablets are everywhere in the world, you could buy them off
wholesale from carriers who discontinued them, flash the android build with
the software and ship it around the world or just provide the image for free
and let doctor's flash their own devices. Tip: the new nexus tablets coming
out will be $99-150

[http://hothardware.com/News/Rumor-Next-Nexus-7-Price-
Could-B...](http://hothardware.com/News/Rumor-Next-Nexus-7-Price-Could-Be-
Under-150-With-99-Price-Tag-Possible/)

~~~
rdl
1) You realize the Elcomsoft attacks were largely mitigated for iPad 2, iPhone
4S and later, right? If I were drchrono, I'd either require those devices (or
later), or at least require informed consent by the administrator of an office
to allow earlier devices.

I'd bet on iOS vs. stock Android for security-critical bugs at this point, but
it's kind of a wash. You could maybe audit Android better, but that would be a
serious engineering effort.

2) drchrono makes EHR. They don't make a secure tablet OS, and they don't (as
far as I know) distribute tablets/phones to the doctors. Being a
software/services business vs. a full consultancy is a big difference. Being a
HW/OS developer is a big jump beyond even consultancy.

I'd love it if someone decided to build a SE Android + HW security Android
distribution (maybe with device virtualization like from Bromium built in,
too). And centralized management per-organization (i.e. not by Google or Apple
or a carrier, but yourself). Essentially a Blackberry that didn't suck.
Unfortunately, no one is doing that, and it would essentially require being
Samsung or HTC to build the hardware, and someone like Google to build the
software. Google's Android team has repeatedly shown themselves to be at best
indifferent and more likely hostile to any real enterprise security features;
they barely have a sandbox (in contrast to Chrome and the SSL teams at Google,
and corp security, who are pretty much world-class for security).

I'm pretty sure if someone were building that, it wouldn't be drchrono,
though.

3) No one cares about $500 vs. $300 for a tablet once they've made the
decision to buy for a doctor's office, at least from my experience with
doctors. Pretty much anything <$1k is the same. This is admittedly mainly in
the US, but that's where most healthcare spending happens, and where the
"meaningful use" incentive happens ($50k to adopt an EHR/EMR).

iPad 2 would be a legitimate deployment platform, and those are cheap (you'd
really want a 10" in a medical environment), if you really care about cheap.
I'd also want an IPS display for wide viewing angle.

