I hope to god my doctor's office isn't using iOS to secure my medical data. Elcomsoft has a product out to bypass iOS encryption
These guys are releasing free software why the hell aren't they coding for android. Make your own stripped down android builds that are heavily focused on SECURITY then just port over all the medical billing tablet software. No telecom installed operating system should be trusted with holding confidential medical information when backdoors like carrierIQ were discovered.
Get android source for nexus tablets. Strip them down, include SEandroid modifications. Encrypt the device, write a small firewall program for it with notification should something go wrong (like bluetooth being turned on) and include other freely available foss that encrypts files and pics should somebody want to transfer them off the device securely.
It's much cheaper than any ipad or iphone too. What's the point of free software to 'change humanity' when you're making some guy in Nigeria get an iphone which probably costs 6x what it does here. Cheap Samsung older phones and Nexus tablets are everywhere in the world, you could buy them off wholesale from carriers who discontinued them, flash the android build with the software and ship it around the world or just provide the image for free and let doctor's flash their own devices. Tip: the new nexus tablets coming out will be $99-150
1) You realize the Elcomsoft attacks were largely mitigated for iPad 2, iPhone 4S and later, right? If I were drchrono, I'd either require those devices (or later), or at least require informed consent by the administrator of an office to allow earlier devices.
I'd bet on iOS vs. stock Android for security-critical bugs at this point, but it's kind of a wash. You could maybe audit Android better, but that would be a serious engineering effort.
2) drchrono makes EHR. They don't make a secure tablet OS, and they don't (as far as I know) distribute tablets/phones to the doctors. Being a software/services business vs. a full consultancy is a big difference. Being a HW/OS developer is a big jump beyond even consultancy.
I'd love it if someone decided to build a SE Android + HW security Android distribution (maybe with device virtualization like from Bromium built in, too). And centralized management per-organization (i.e. not by Google or Apple or a carrier, but yourself). Essentially a Blackberry that didn't suck. Unfortunately, no one is doing that, and it would essentially require being Samsung or HTC to build the hardware, and someone like Google to build the software. Google's Android team has repeatedly shown themselves to be at best indifferent and more likely hostile to any real enterprise security features; they barely have a sandbox (in contrast to Chrome and the SSL teams at Google, and corp security, who are pretty much world-class for security).
I'm pretty sure if someone were building that, it wouldn't be drchrono, though.
3) No one cares about $500 vs. $300 for a tablet once they've made the decision to buy for a doctor's office, at least from my experience with doctors. Pretty much anything <$1k is the same. This is admittedly mainly in the US, but that's where most healthcare spending happens, and where the "meaningful use" incentive happens ($50k to adopt an EHR/EMR).
iPad 2 would be a legitimate deployment platform, and those are cheap (you'd really want a 10" in a medical environment), if you really care about cheap. I'd also want an IPS display for wide viewing angle.
I don't think security is a priority for most EHRs that don't have an established procedural culture.
Part of the advantage of being a startup is being able to run around with untenable liabilities and cutting corners the 'big guys' can't cut under pain of tort.
