Posted by: RedaChouffani
data breach, Data privacy and security, HIPAA, mhealth, mHealth security, Mobile device security, mobile health, mobile HIPAA, smartphones
Unless you’ve been living under a rock, the rising adoption rate of mobile devices, specifically smartphones and tablets, has been hard to ignore.
While mobile devices are opening access to online information like never before for both patients and clinicians, these fast growing computing platforms are proving to be quite challenging for many security specialists and IT departments across the health care industry as a whole. As many of these platforms are being used to access medical data for patients, as well as other enterprise wide applications such as email, prescriptions, lab orders and the like, the risks associated with a breach in privacy grow greatly.
In the PC world, hospitals and other organizations have full control of what goes on those devices. But with the advent of BYOD (Bring Your Own Device) that many organizations have begun to adopt, it is becoming far more challenging to control what goes on each device and maintain secure access to the network. And while attacks and viruses on mobile devices are still not as widespread as the infections on PCs, there is a growing concern of malware and hacks that are now being reported, forcing many to reevaluate their security and control processes on these devices.
The following are some of the steps that should be taken to properly protect both your network and the data that is being accessed from mobile health devices:
Securing the devices through software applications: While there are several products that help protect PCs, many vendors have also begun to develop similar applications and utilities that can secure mobile platforms from infections and attacks.While they are still not fully adopted by all, they are certainly a “must have” in health care to ensure the protection of data and regulatory compliance.
Mobile device management: In order to efficiently protect and safeguard the network and infrastructure from attacks and data breaches, IT departments use several different applications and products that can monitor and manage all devices connecting to the infrastructure.But as many of the end users bring in their own devices to work, managing what is deployed on these smartphonesm and whether or not the publisher of the apps are trusted, can be quite challenging.This is where it is critical to use applications that can manage and secure all mobile devices that are being used in the organization.This will help ensure they are configured and monitored throughout their presence on the network and off the grid.
Use policies and procedures: When devices are deployed for users who have access to clinical and other sensitive data on the network, it is important to have processes and procedures that describe, in detail, a policy of what is acceptable use of the devices.In addition, there should be a process in place that can identify the steps to be taken in case of the loss or theft of the device.Examples can be notifying IT within one or two hours of the incident in order to locate or initiate remote kills procedures.
Requiring strong security and protection:There are many cases where the mobile devices allow access to their functionality without challenging the identity of the user.Recently we saw this security flaw when the iPhone shipped with SIRI and allowed access to anyone to the device even when it was locked.There are also other vulnerabilities such as hacks through Bluetooth and wireless capabilities of the devices.Thus the importance of implementing best practices for adequately protecting devices’ mobile security.It is also recommended to properly encrypt the communication between the device and network.This will help ensure that the data exchange is properly protected and secured even when a device is connected to a public network.
Mobile devices have seen an incredible adoption rate in health care that is only going to continue to grow.And with that comes the bigger challenge, which is how to adequately secure them.With these devices being target by thieves and at times simply misplaced, it can result in a legal nightmare and cause sensitive patient information to fall into the wrong hands.An example of the potential disasters associated with data breach is the $1B class action lawsuit against Sutter Health.