5 Key Considerations for Hospitals to Ensure Mobile Device Security

Mobile devices are being used in the healthcare space in increasing numbers because the benefits of using mobile devices are many — the emergence of mobile applications allows physicians to easily connect with patients and deliver care in a more efficient way. However, security and privacy risks come with the benefits. Barry Chaiken, MD, former chair of HIMSS and chief medical officer for Imprivata, shares five key considerations for hospitals looking to adopt mobile devices.

1. Keep data in a cloud. One of the biggest concerns with mobile devices is the potential risk of a data breach. Mobile devices, like desktops and netbooks, have the ability to capture very sensitive patient health information and even store images; however, the sheer portability of a mobile device poses a greater risk for a data breach. Dr. Chaiken says hospitals should store data in what is called a cloud, a virtual data storage center that serves as a safer and more secure store site for information than external hardware.

"Hospitals should really be working so none of the data can be saved on actual mobile devices. That way, if the mobile device is lost or stolen, an individual can't log onto the device and view anyone else's personal health information," he says.

2. Get creative with passwords. Whether or not your hospital is storing information in a cloud, every bit of data on a mobile device should be protected with a password. There are many common pitfalls Dr. Chaiken comes across in password creations, including using "123456" as a password. The more unique the password, the more secure your hospital's data will be.

"Eventually, we expect authentication will become more sophisticated over time so that personal health information, even on mobile devices, will be better protected," Dr. Chaiken says.

3. Limit how devices are utilized. Here is a reality check for hospitals: Once physicians begin using mobile devices, you can never take those devices away from them, Dr. Chaiken says. However, what hospitals can and should do is limit how mobile devices are used in order to contain and control how end-users, including physicians and staff members, access and use personal health information. As a general rule of thumb, a policy should be set in place to put an order to how mobile devices are used.

"For example, a hospital may want to set up access in such a way where physicians can only use a mobile application through a cloud so that the hospital can control what information is being seen," Dr. Chaiken says. "Also, if physicians are using a browser through the mobile device, part of the policy should be to register the MAC address in case the mobile device gets lost.

4. The ultimate goal should be zero breaches. Data breaches are dangerous for numerous reasons. They are expensive to remedy, hospitals' reputations go down the drain and patients are put at risk of identity theft. For these very reasons, hospitals should do everything they can to avoid data breaches. Dr. Chaiken says this starts with great communication with the clinical staff on how to safely use mobile devices and access patient health information.

5. Keep up with trends in technology. The passage of the American Recovery and Reinvestment Act in 2009, which allows eligible healthcare providers to receive incentive payments for health IT adoption, is largely driving the rapid expansion of the health IT market. Hospital CIOs should keep abreast of the latest updates in technological advances, mobile devices and applications as well as federal regulations regarding the use of health IT.

"Patients should be able to trust their providers that their personal health information is being sufficiently protected," Dr. Chaiken says. "It's not only about being secure but also making sure unauthorized users don't access private information, whether that is achieved through authentication or privacy alert products."

Learn more about Imprivata.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars