A major concern for hospitals in the wake of the mobile revolution is how to protect patient privacy. In 2003, when the security and privacy provisions of HIPAA were first enacted, this required only a secure hospital server to protect the computers within the building from an malicious activity. However, more and more physicians are bringing their own devices into hospitals for use in their practice, a practice known as BYOD (bring your own device). This represents a big problem – mobile devices represent a weak link in an otherwise strong security structure. According to a study by ESET and Harris Interactive, only 25% of smartphone users auto-lock their phones. [1] This information is particularly disconcerting because more and more doctors are using their devices to access patient information.
Accessing patient data on an unsecured server is a high-risk practice because it means that a third party could potentially view the information. Additionally, viruses and malware on a mobile device can leave any information on the device accessible to hackers. This means that not only patient information but any personal data could be viewed or stolen from an unsecured mobile phone. And of course smartphones aren’t only at risk from virtual attacks. Symantec Corporation, a computer security firm, conducted a study to see what people do when they find a phone, and the results have concerning implications for personal, mobile security.
Check out our HIPAA-compliant mobile app to boost ROI!
Symantec left 50 smartphones around cities in North America that were equipped with sophisticated tracking software and plenty of tempting files and apps.[2] The corporation was able to track everything that those who found the phone looked at, including files, pictures, and applications. According to the company, 96% of lost smartphones were accessed by their finder. And, sadly, only 50% of those who found the phone contacted the owner to return it. But the worst part of the study was that even the people who returned the devices looked at the information on the device: 6 out of every 10 finders looked at the social media and email applications.
For hospitals, though, the most concerning finding was that there was over an 80% chance that the finder would attempt to access corporate or professional information on the device – 49% of finders tried to access an app titled Remote Admin! This study is enough to keep any hospital administrator or IT specialists awake at night – without a concerted effort to boost mobile security, doctor’s smartphones represent a huge risk in terms of protecting patient confidentiality and private information. But what can hospitals do to protect their patients and their data?
Mobile Medical Solutions
Hospital IT departments are striving to improve the security of their systems, but merely strengthening the internal structure is no longer enough. Doctors should be made aware of the risks that they open themselves up to when using mobile devices. Just using the auto-lock feature included free with all mobile devices could do a lot to keep private information private. And adding the ability to remotely wipe data if the phone is lost or stolen could help tremendously as well. But these measures, while helpful, are not enough.
Doctors can save time and boost ROI by using mobile devices in their practices; the solution to this security problem is not to keep smartphones and tablets out of hospitals and clinics. Some options include the implementation of a Mobile Device Management (MDM) system which can help secure and monitor mobile devices whether they are company-owned or employee-owned. An alternative option is to issue hospital-owned devices to doctors and support staff rather than allowing BYOD (currently the most popular) practices. The most important thing for all hospitals to do is talk to their doctors about mobile security and how to keep patient data safe as the healthcare industry becomes increasingly reliant on technology.
Sources:
[1] – Technolog: read more
[2] – Symantec: read more
