Mobile Devices in Healthcare Spark Security Concerns
With an estimated 237 million smartphone users in the United States today, it would seem most everyone today has one. Newer generations of smartphones and tablets are lighter, faster and have more features than previous generations. Mobile devices in healthcare provide an easy point of care coordination, enable a seamless flow of data, ensure direct management of the patient, enhance the efficiency of healthcare providers, help increase the accuracy of diagnosis, and are very convenient to use. Yet widespread use of mobile devices in healthcare raises daily questions about HIPAA, PHI, and data hack concerns. In this blog, we explore the rise of mobile device use, security concerns, and whether healthcare has risen to the challenge to ensure your data are secure.
Healthcare Apps and Device Use Rising in 2018
Mobile devices have always been portable and easy to use, but now they are also affordable. Technology has made devices cheaper, and the cost of voice and data has also reduced compared to just a few years ago. Wi-fi connectivity is transforming the manner in which healthcare information is collected and utilized by various stakeholders. In addition, the increasing availability of healthcare apps, smartphones, and tablets are driving mobile healthcare technology itself. The demand is largely from users themselves, providing instant feedback to healthcare companies.
Physicians and healthcare providers too are contributing to the popularity of mobile devices in healthcare. Smartphones and tablets can be carried easily to patient rooms to access patient information as well as search for disease-specific information and calculate medication doses or check drug interactions. And more healthcare professionals are using them, or plan to start very soon: according to a recent JAMF survey, 47% of organizations said they plan to increase hand-held technology use within the next two years.
Both iOS App Store and Android Market have several health apps which are helpful for healthcare providers. These apps capture results of blood tests, blood glucose readings, X-ray and other medical images as well as medication-related information. Medical devices within the network automatically record patient’s vital parameters and help the physician to schedule lab work, imaging studies, enter billing codes, prescribe medications and schedule follow-up visits. Doctors and care professionals can seamlessly communicate this information to other collaborating healthcare professionals by using handheld devices. But how secure is all this use of electronic data? When extensive health-related information is transmitted through mobile devices hospitals, health systems, and users need to be aware of the risks to their private health information (PHI).
Data Security Measures in Healthcare
To comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, healthcare providers must ensure that they protect patient information when sharing it. In turn, hospital administrators and information technology security consultants are rushing to provide security and comply with HIPAA. Hospitals are potential targets for cyber-attacks as they carry the healthcare records of thousands of patients. Understanding the risks inherent in using mobile devices in healthcare can help create security protocols to prevent loss of patient data, which could lead to loss of patient trust.
Verizon’s Mobile Security Index 2018 found that healthcare organizations were at risk to experience data loss due to mobile device security breach. Malware was the most common threat experienced by healthcare organizations, followed by ransomware, loss of or theft of device, and weakness in healthcare apps.
How to Prevent Security Breaches in Healthcare
Concerns for mobile security and protecting patient data privacy may now be preventing some healthcare organizations from adopting new technologies. As a result, easy data exchange, access and sharing data and providing transparency are more difficult.
Organizations can set up detailed plans that address the top elements of data security and prevent security breaches in healthcare:
- Conduct regular risk assessments
- Provide ongoing, continuous HIPAA training to employees
- Monitor electronic or paper records that are left unattended
- Encrypt both data and hardware
- Create subnetworks for guest activity
- Secure separate networks for carrying patient sensitive information
- Manage user identity strictly
- Create strict airtight policies for Bring Your Own Device (BYOD) staff
- Hold vendors and business associates responsible for upholding IT security
- Establish legal counsel that can provide remedial advice in case there is a data breach and organizations are investigated by the Office of Civil Rights or sued by patients
Mobile Device Security in Healthcare
The Department of Health and Human Resources and Office for Civil Rights (OCR) has recommended certain security measures for creating, receiving, maintaining and transmitting electronic protected health information (ePHI) via mobile devices. The suggestions include:
- Configuring and securing mobile devices before they are allowed to deal with ePHI
- Training of healthcare employees in the proper, secure use of mobile devices to access and store ePHI
- Awareness of the dangers of using unsecured Wi-Fi networks (e.g., in coffee shops and public free wifi locations)
- How to store files in the cloud securely, and secure file sharing
- Information about viruses, malware, ransomware, and innocuous apps that can access contacts, data, and images from mobile devices and transmit them to unknown entities.
Other OCR recommendations include: using Mobile Device Management (MDM) software to manage and secure mobile devices; enabling and installing automatic logoff function; installing security patches and updates regularly; using a privacy screen to prevent someone nearby from reading information on your screen; and only using a secure Wi-Fi or Virtual Private Network (VPN).
The rapid acceptance and widespread use of handheld devices have become so commonplace today that people of all generations find themselves unable to function without them. It was a natural progression that handheld devices would end up in healthcare settings, and the benefits of their use are multitude. The top priority for all healthcare workers is providing quality care. In today’s world, that also means protecting their ePHI by providing HIPAA-compliant and secure tools and resources in which to meet the demand for handheld device use and access in healthcare.