What Are Top Healthcare Mobile Security Concerns?
This article by Elizabeth Snell originally appeared on Health IT Security on October 19, 2015, based off Insight's top five areas in healthcare mobile security that organizations need to stay mindful of, including securing endpoints and networks, and also staying aware of all compliance areas.
Healthcare mobile security is an increasingly important issue in the industry, especially with more providers implementing BYOD strategies and connecting to outside networks.
Employees need to have a comprehensive understanding of how to use mobile devices in a way that doesn’t compromise patient information, and healthcare organizations also need to ensure that they have the necessary security measures in place.
HealthITSecurity.com will break down the different areas and examine if they are top areas of concern when it comes to healthcare mobile security.
The five key factors are as follows:
- Purpose-built for healthcare
- Compliance savvy
- Accommodates unstructured data
- Secures endpoints and network
- Flexible deployment
In terms of having software specifically built for healthcare, Insight explains that it is important for providers to have this option to better sort through healthcare data, such as patient identification numbers and medical terms. This is definitely a strong point, and was further discussed in a recent article by HealthITSecurity.com contributor Bill Kleyman.
According to Kleyman, it is especially critical to find third-parties that understand the healthcare space when it comes to integrating new technologies, such as cloud computing. For example, there are now segmented environments designed to process PHI securely.
“This gives healthcare organizations the chance to offload specific workloads and extend it into the cloud,” Kleyman wrote. “The key is ensuring that your point-to-point connections are secure and that there is constant visibility between data migration. Otherwise, crafting the appropriate SLA and ensuring you have the right kind of cloud architecture for your healthcare data is not a bad way to go.”
The healthcare industry also has federal regulations that organizations must adhere to, which makes Insight’s second point also very accurate. HIPAA compliance is a top issue for healthcare, and large-scale data breaches further show why it is essential for covered entities to keep themselves current on all federal, state, and local regulations when it comes to patient data security.
As previously reported by HealthITSecurity.com, understanding HIPAA compliance can help avoid potential violations. Earlier this year, Brighton, Massachusetts-based St. Elizabeth’s Medical Center (SEMC) agreed to a HIPAA settlement of $218,400, following allegations from 2012. In that case, SEMC employees had allegedly used an internet-based document sharing application to store documents containing ePHI of nearly 500 individuals. The Office for Civil Rights (OCR) explained that this was done without having analyzed the risks associated with such a practice.
Secure messaging, endpoint security, mobile flexibility
Being able to accommodate unstructured data is also an important area for healthcare. Insight explains that “[p]roviders should consider secure content containers and secure messaging platforms that can protect sensitive data while at rest and in flight.”
This point has been proven in the industry, as secure messaging options have increased in popularity. Annapolis Internal Medicine’s Dr. Kevin Groszkowki explained in an interview with HealthITSecurity.com that the facility’s implementation of a secure messaging option was due to its need for a secure communication platform that would allow it to stay HIPAA compliant.
"The platform we chose has been great for us because it allows us to communicate as solid unit," Groszkowki said. "Our clinical support staff can instantly reach physicians and NPs and vice versa. Previously, we had been using everything from iMessage to chat programs like Yahoo chat and Google chat, but they’re not HIPAA-compliant, which severely limited what we could actually say about a patient."
Moreover, secure messaging services are being increasingly sought after by younger patients, according to a Technology Advice survey. Specifically, 35 percent of surveyed 25 to 34-year-olds reported that secure messaging services offered outside of office hours was a desired service.
The survey also found that online appointment scheduling, online bill pay functionality, and online test results are all top priorities for patients.
In terms of Insight’s fourth point, discussing secure endpoints and network security, that has also seemingly proved true. HealthITSecurity.com contributor Rob Bathurst explained in a recent article that over time, there is an increasing need for more IT systems within healthcare. This has led to “more systems being put in place without the security maturity other industries have developed to manage those rapidly expanding support systems.”
“Endpoint technologies should include malware detection and execution prevention, full hard disk encryption, and centralized asset control,” wrote Bathurst. “Network technologies will include security and event monitoring with monitoring in each network segment or area, centralized logging, firewalls controlling the separation of critical network segments, and encrypted communication links.”
Finally, flexible deployment is also an important issue for healthcare organizations. According to Insight, “[p]roviders should ensure that mobile security solutions can be deployed both for on-premise infrastructure and cloud environments.”
Mobile security concerns should not deter healthcare organizations from implementing necessary solutions. Being able to incorporate mobile options that keep information secure on and off-site are critical tools. For example, a Spok survey found that healthcare BYOD use is declining due to health data security concerns. Specifically, 81 percent of those who do not have a BYOD policy in place said that it’s primarily due to the importance of health data security.
“Looking to the future, leaders are seeking broader solutions to facilitate better transfer of information for comprehensive workflow improvements and optimal patient care throughout the hospital facility,” the survey explained. “BYOD is a small piece of a much larger puzzle that is taking time for many institutions to frame and fill in the pieces.”
Overall, there are numerous aspects of healthcare mobile security for organizations to consider. However, with more providers looking for ways to securely use tablets and smartphones, it is no longer an issue that covered entities can easily ignore. But by taking the time to consider HIPAA regulations and how different technologies could fit into a facility’s daily operations, the right healthcare mobile security options can be found.