gekaskr - Fotolia

Manage Learn to apply best practices and optimize your operations.

Despite risks, healthcare IT professionals stick with mobile

Despite the recent breaches making headlines, experts say that healthcare IT professionals should stay full steam ahead with the adoption of mobile.

This article can also be found in the Premium Editorial Download: Pulse: Healthcare providers navigating mobile health data roadblocks:

When it comes to mobile security, the odds seem stacked against healthcare organizations. Although the mood surrounding mobile among healthcare IT professionals ranges from cautious to downright terrified, they all acknowledge that the use of mobile devices will only increase despite the risks.

Healthcare organizations often lack the tools, resources and money needed to fully protect themselves against breaches, and hackers have strong incentives to steal patients' medical records.

For example, patient records can go for $20 to $50 each on the black market, and a complete patient record -- including the patient's driver's license, health insurance information and other sensitive data -- can be worth more than $500, according to a report by the Institute for Health Technology Transformation. If a healthcare organization has a security breach and hackers swipe 1,000 complete patient records, they could potentially fetch $500,000.

"It's basically a treasure trove of information that these people want to get access to," Cletis Earle, vice president and CIO at St. Luke's Cornwall Hospital in Newburgh, N.Y., said.

In comparison, credit card information can sell for just $1 and personally identifiable information can sell for $10 to $20.

Cletis Earle, vice president and CIO, St. Luke's Cornwall HospitalCletis Earle

"It's impossible to cover it all. You can cover a lot of it and the majority of it, but there's still things coming up … that we're not aware of, and a new threat is going to occur or a new vulnerability is going to occur to the organization," Earle said. In fact, he added, "you probably are already breached."

However, experts say, in general the risks have not deterred the medical community or healthcare IT teams from adopting mobile.

This is partly due to the fact that the risk of a cyberattack has been around long before mobility came into everyday prominence. For example, the Anthem breach -- in which hackers got into a database by running a computer program under a staffer's personal identifier -- did not stem from mobile devices, Earle points out.

Kirk NahraKirk Nahra

"[Healthcare IT professionals are not] necessarily viewing mobile as anything different or harder or riskier than anything else," Kirk Nahra, an attorney at Wiley Rein LLP who specializes in privacy and information security who recently spoke about these issues at the HITRUST 2015 conference, said.

And the implications for mobile endeavors in the healthcare space-- such as telehealth, value-based care and increased patient engagement -- cannot be ignored.

"Our goal is to take care of patients that are going to be outside the four walls of the hospital. The hospital is going to be a different care continuum … Healthcare is definitely becoming more entrenched in the community and the only way of dealing with things in the community is using that mobile strategy," Earle said. "It is definitively going to be the norm."

Healthcare IT feels the pressure

With HIPAA regulations, meaningful use requirements and the knowledge that a breach is inevitable, healthcare IT teams are under a lot of pressure -- especially with five different agencies conducting audits and some healthcare organizations not passing those reviews, said Lysa Myers, a security researcher at ESET, an IT security company.

Lysa Myers, security researcher, ESETLysa Myers

Although IT teams take mobile security into consideration, the fact that there are so many other areas within a healthcare organization vulnerable to attack means that mobile is not the sole focus. Instead, healthcare IT professionals tend to look at the bigger picture.

"Yes, we are absolutely terrified," Earle said. "You may already be attacked, you may be under attack, but how and what are you putting in place as a CIO or as an IT executive [so that you can] recover from that breach and from that attack? It's pivotal to put the plans in place to say how you're going to recover."

We're going to triple down on data security.
Marc Probstvice president and CIO, Intermountain Healthcare

A number of healthcare CIOs told SearchHealthIT at HIMSS 2015 in Chicago that data security is a top priority.

"We're going to triple down on data security," Marc Probst, vice president and CIO at Intermountain Healthcare, said at HIMSS 2015."It's of paramount importance and none of the rest is really going to be useful if we can't secure and assure our patients that the data will be private."

Let us know what you think about the story; email Kristen Lee, news writer, or find her on Twitter @Kristen_Lee_34.

Next Steps

Learn more about mobile security:

Implement mobile device encryption to protect data

Experts: The benefits and obstacles of mobile in healthcare

Secure expensive patient data on mobile devices

This was last published in June 2015

Dig Deeper on Mobile health systems and devices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are the potential security risks of mobile preventing you from adopting it? Why or why not?
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close