Five principles to help guide the implementation of smart, secure health IT solutions
In recent years, mobile devices have clearly had an enormous impact on the healthcare industry: the ability to share data faster and respond quicker promotes a more connected healthcare system. For hospitals, the swift transfer of information is even more critical — as a few seconds can make a world of difference.
However, the growing prevalence of data breaches and compromises showcase the dire need for healthcare organizations to evaluate the security of their mobile solutions. According to Ponemon Institute's research, 94 percent of surveyed healthcare organizations had experienced a data breach within the last two years.1 Furthermore, a recent SANS-Norse Report indicated that 375 healthcare organizations in the U.S. had been compromised between a sample period of September 2012 and October 2013.2
The transfer of sensitive medical data, coupled with the rapid movement towards mobile health records and applications, puts hospitals at the forefront of these growing cyber security threats. The increased use of mobile solutions can put hospitals' IT infrastructure and patient data at severe risk. As hackers' knowledge continues to grow in sophistication, the question is no longer if a breach will happen — it is when it will happen. In light of these risks, hospital leaders and technology decision makers must ask themselves if they've considered and prepared for all possible security vulnerabilities to prevent unwarranted access to private patient information.
It is imperative that healthcare organizations, especially hospitals, enable mobile users while staying both secure and compliant, particularly to comply with government regulations like the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health. As a first step, hospitals should conduct a proactive audit of the security of their mobile solutions. There are five principles to help guide the implementation of smart, secure solutions:
- Decide whether mobile devices will be used to access, receive, transmit or store patients' health information or used as part of your organization's internal networks or systems (e.g., your electronic health records system).
- Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information your organization holds.
- Identify your organization's mobile device risk management strategy, including privacy and security safeguards.
- Develop, document and implement the organization's mobile device policies and procedures to safeguard health information.
- Conduct mobile device privacy and security awareness and training for providers and professionals.
Now is the time for hospitals to implement stricter guidelines around mobile network access. Many hospital leaders are currently being pressured by employees for freedom and familiarity of bring your own device programs. As mobile platform providers begin to infiltrate healthcare, organizations must be wary of mobile solutions that can put their mobile infrastructure at risk. It is important that BYOD demands do not overshadow the importance of having proven and tested security.
For additional information and to view a whitepaper – Enabling Mobile Users and Staying Compliant: How Healthcare Organizations Manage Both – click here.3
As Senior Director, Enterprise Product Management, at BlackBerry, Jeff Holleran is responsible for leading the team that sets the product strategy and roadmap for BlackBerry’s enterprise software offerings. Jeff has also held leadership roles in technical sales and solutions development since joining BlackBerry in November, 2001. Prior to joining BlackBerry, Jeff held senior IT positions in several large enterprise companies.
1 (2012, December). Ponemon: Third Annual Benchmark Study on Patient Privacy & Data Security. Retrieved from: http://www2.idexpertscorp.com/assets/uploads/ponemon2012/Third_Annual_Study_on_Patient_Privacy_FINAL.pdf
2 (2014, February 19). SANS-Norse Healthcare Cyberthreat 2014 Report. Retrieved from: http://www.norse-corp.com/HealthcareReport2014.html
3 (2014, May). Enabling Mobile Users and Staying Compliant: How Healthcare Organizations Manage Both. Retrieved from: http://us.blackberry.com/content/dam/blackBerry/pdf/business/english/Enabling_Mobile_Users_and_Staying_Compliant_How_Healthcare_Organizatio.pdf