Due to compliance regulations imposed on healthcare providers, access to electronic patient health information
can be a security nightmare when mobile devices are compromised. Devising strategies to avoid this scenario is becoming more common as clinical staff members are increasingly accessing patient information from their mobile health devices.
The IT department must find a way to provide support for data stored and collected during secure messaging, telehealth, clinical documentation, medical imaging and other processes. This data can be accessed by mobile devices, which are not even fully under IT's control. These devices can cause data breaches if they fall in the wrong hands.
A main security concern is one of these devices getting infected or hacked. Data can then be extracted directly from the device while it is in use. Rogue applications are another threat of which IT departments must be aware. The appearance of a fake antivirus app -- such as the one which received over 10,000 paid downloads -- can shake the confidence of some users when it comes to the safety of their mobile devices. Not all threats can be avoided, but IT departments can take the following steps to put their organizations in a better position to protect their data and devices.
Security tips: Securing mobile devices is not only designed to protect electronic patient data, but it is also a way to protect end users' personal data. By offering mobile device security education, IT is able to help reduce incidents caused by certain tricks and malicious apps.
Policies: Implementing official policies is critical within a BYOD environment. The IT department may not be able to fully control a user's personal devices, but BYOD policies can educate end users on what behaviors are acceptable. They should also specify what practices are not safe for devices that have access to the hospital's network.
Mobile device management (MDM): Many of the available MDM systems offer an easy method to manage, support and secure user-owned devices, corporate smartphones, tablets and other devices. Mobile device management offers functionality such as end-user setup, remote wipe, app access, audit trails, content encryption and other healthcare-focused features. IT can leverage these tools to ensure compliance with HIPAA and improve end user support.
Mobile security news and advice
AHIMA guide helps patients choose mHealth apps
Mobile health a hot topic at HIMSS
Learn how to secure a hospital wireless network
Protecting the devices and the data: Controlling data access can be managed, but securing certain data and restricting mobile access to apps can be difficult to accomplish without the appropriate tools.
Copy and paste, screen caps, emailing, data encryption and printing are a few commands that can be restricted on user devices. Doing so provides more robust control of content that is accessed. Encrypting data is a recommended method to ensure data within a lost device is inaccessible.
By combining education, software tools and system updates, IT can ensure that they have taken the appropriate steps toward protecting the mobile systems and devices that are being used to access health information. These steps are not bulletproof, and aren't guaranteed to keep mobile devices 100% protected. They do represent the best effort toward protecting patient information and staying in compliance with HIPAA rules.
About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email email@example.com or contact @SearchHealthIT on Twitter.