Use Of Mobile Devices In Healthcare Carries Security Risks

Thanks to widespread use of mobile technology, health care providers can access patient information on the go. While increasing use of mobile devices in healthcare can lead to greater efficiency, it also has the potential to create security headaches for providers who must remain compliant with HIPAA regulations.

Utilizing mobile devices for storing health information presents a number of security headaches. According to a recent Health Information Trust Alliance (HITRUST) report, more than 21 million patient records were breached with 45% caused by device theft. Laptop theft constituted 25% of these breaches. The loss or theft of mobile devices exposes sensitive health information to the wrong parties. As a result, proper security methods must be implemented to prevent access to confidential patient information. Unfortunately, most mobile devices are not adequately configured to protect data access and insufficient security settings can be easily bypassed. Additionally, mobile malware which can be appended to an email or other software, can be used to access information on a device as well as collect and transmit it to ot her devices.

Consumers are understandably concerned about the safety of their medical information. A recent PwC Health Research Institute study  showed that 69% were concerned about the privacy of their records as providers utilize mobile devices for access to them. The report also revealed that only 46% of hospitals had some kind of security strategy in place for mobile device use.

To fully comply with HIPAA Privacy and Security Rules, recommends steps that providers can take to prevent data breaches from mobile devices.

  1. Before allowing and implementing mobile devices in the health care setting, know the risks and decide how the devices will be used to access and transmit information.
  2. Identify threats by conducting a risk analysis. After identifying  threats and vulnerabilities, implement mobile device safeguards. These safeguards must also be routinely evaluated to ensure they are protecting information effectively.
  3. Develop mobile device policies and procedures with attention to device management, restrictions on mobile device use, and security and configuration settings on devices.
  4. Provide ongoing training in security awareness and device privacy to providers who use mobile technology.

Although the use of mobile devices in the health care setting brings the risk of data breaches, the above guidelines can prove useful in preventing these occurrences.

Leave a Reply