Best Practices For Mobile Healthcare Security
By Reda Chouffani:
Mobile healthcare security depends on a strong top-down approach that informs employees of all possible threats — including physical theft and remote device hacks. The flexibility in care workflows, improved productivity for practitioners, and timely access to data are encouraging many providers to continue to give patients mobile access to their health records. On the flipside, opening mobile access poses significant data security risks to IT departments. When IT adopts a new bring your own device (BYOD) policy, it affords users the opportunity to use their mobile devices to gain access to health information. This challenges the IT department to keep users’ data secure and maintain HIPAA compliance — particularly when the devices in use are not owned by the hospital. Data breaches not only endanger patient’s personal information, but may also subject an organization to criminal implications and monetary fines. In order to avoid data breaches, IT must ensure the implementation of strong healthcare mobile security practices. PROTECT THE DEVICES The security of mobile devices can also be compromised by loss and theft. It’s nearly impossible to ensure a device won’t fall into the wrong hands. Healthcare organizations must take precautionary steps to protect data in the event that a device goes missing. Some methods to accomplish this include remote wiping and locking, as well as tracking the device through GPS to locate and recover it. ENCRYPT THE DATA Patient data that is accessed from mobile devices is likely stored remotely. The information is usually sent to smartphones or mobile devices from a server located in a secure facility, behind firewalls. Information that travels wirelessly and is stored within mobile devices can still pose a security risk if left unencrypted. It is a mobile healthcare security best practice to encrypt the sensitive health information while it’s being transferred, as well as while it’s at rest. This will help mitigate any leakage and offer strong data protection to ensure compliance. RESTRICT AND CONTROL ACCESS Mobile devices must follow access control processes and procedures similar to restrictions seen within the world of desktops and laptops. This means only users with appropriate authorizations can gain access to protected data on mobile devices, and only IT has adequate tools to audit and manage all users’ permissions. CONTAIN CERTAIN APPS AND DATA With most healthcare professionals using their mobile devices for a mix of personal and business use, it’s challenging for IT to implement restrictions without causing end users to feel locked out of their devices. It is critical that mHealth apps that capture patient data stay isolated and protected from other tools or apps within mobile devices to avoid putting patient data at risk. To solve this issue, many hospitals and Fortune 500 companies have implemented app and data containment. This is done by running mobile apps separately from all other apps to prevent sensitive data from being copied or penetrated. Creating this separation between personal data and healthcare data reassures IT that patient data can be protected with the right BYOD policy. USE STRONG POLICIES AND EDUCATION One of the best methods to improve the security of sensitive data within mobile devices is through user education. While users will have the best intentions at heart, implementing clear policies and procedures that define what can and can’t be done on the devices is the surest way to avoid any gray
Category: Uncategorized