Is Health Information Secure on Mobile Devices?
Since cyber thieves have discovered the mountain of gold containing personal and financial data hidden in healthcare networks, many consumers have started to be anxious about the safety of their information. It’s a valid concern, but if the chosen healthcare provider is up to date on best practices, there isn’t much about which to worry.
Mobile computing is starting to impact the way everyone interacts with information. The change is especially true for the healthcare industry. Laptops, smartphones and tablets allow for mobile computer power and storage, making it possible to tap away almost anywhere. Where a physician used to have to wait hours or days to access records, now they can be accessed and shared globally — instantly.
While the benefits are marvelous, the information itself can often be hard to manage.
Healthcare information calls for careful handling. Healthcare regulators, providers and consumers all expect a degree of care in the protection of privacy that surpasses practically every other industry.
The blending of ease of access with the high need for security presents unique challenges.
As recently as the 1990s, protected data was stored in bunker-like data centers. As more and more information has turned out to be available on portable devices, the complexity of managing it has grown. Hence, the problem.
Complexity has never been on speaking terms with security.
Storing gigabytes of data, tablets are used more often to provide on-the-run computing resources. Adoption rates are expected to be over 50 percent of clinicians in 2015 and healthcare organizations are hurrying to examine the security and compliance implications.
Are mobile devices less secure?
The surprising answer is “not necessarily.” The newest generations of tablets and smartphones come off-the-shelf with considerable security built in. Standard among the already loaded security measures is password protection, remote wipe and robust encryption.
Dr. Gafanovich, who runs a successful medical practice in NYC, says she faced more than a few cyber attacks. She adds that tablets may be more secure than the current desktop systems that frequently are the target of cyber criminals.
The basis of the problem doesn’t lie with the security capabilities of mobile computing, but rather with the human using it.
Healthcare IT specialists should be aware of accepted best practices in protecting patient information.
Best practices in healthcare when it comes to mobile management are:
Managing all devices for security settings and configurations
- Enable remote lock and wipe
- Use full device encryption
- Monitor the operating system’s integrity
- Secure email and attachments to prevent malware
- Block untrusted file-sharing apps
- Log actions and measures for routine audit
HIPAA (Health Care Access, Portability and Renewability) helps health care providers stay up-to-date when it comes to protecting patient medical, financial and personal data.
The HIPAA Privacy Rule establishes standards for providing patients access to their health information as well as placing restrictions on the use, or disclosure, of that information.
Establishing a national security standard for the confidentiality, integrity and availability of electronic health information, The HIPAA Security Rules apply to health care providers and professionals.
When reviewing HIPAA compliance, healthcare providers are encouraged to consider several questions:
- Who owns the devices
- Are personal devices, used at work, registered
- Can devices be remotely wiped
- Does policy and procedures discuss mobile devices
- Is the staff properly trained
Even if a particular healthcare provider requires their staff to use company-provided devices, physicians and nurses could still be using personal phones to take images or text about their patients.
Cyber thieves and IT security pros will continue to leapfrog each other in the race to steal and protect data. As IT security grows more secure, there will always be individuals who try to break it.
The best advice Dr. Gafanovich gives to a consumer who may be concerned about the way their healthcare provider is securing personal information is: “Trust, but verify.”
Marina Gafanovich, MD, is the founder of an annual check-up center in New York, has been recognized as the top in her field for primary care in NYC. She received her undergraduate degree from New York University. After that she received her medical degree from Sackler School of Medicine in New York City in 2002. She was a resident in Internal Medicine at North Shore University Hospital in Manhasset, NY. Her dedication to patient education and excellence gained her a position as a Hospital Care Attending Physician. Dr. Gafanovich is affiliated with New York Presbyterian Hospital.