Health Care Organizations Aren’t Protecting Mobile Devices
Dec 28, 2011 |
This article was originally published by iMedicalApps.
As recently reported, over 85% of physicians now have a smartphone, with the iPhone leading the pack. As with many things, the increased use of this technology poses some risks and challenges to security.
A report from Larry Ponemon, Ph.D., chair and founder of the Ponemon Institute, outlines his first study on patient privacy and data security, and the results are intriguing. Ponemon found that 96% of all health care organizations surveyed had experienced at least one data breach in the past two years.
While the report did not specify the percentage of breaches from mobile devices, it did mention that widespread use of mobile devices is putting patient data at risk.
The study looked at only 72 health organizations.
“Ponemon said mobile devices create a security risk in two ways. Data can reside on the device and can be accessed. Also, the device can be a way of gaining access to data that reside on electronic medical record systems at the health care organizations. Plus, many note, smartphones’ size makes them easier to lose than a laptop.”
Many health care organizations have struggled with the increase in demand of physicians who want to access their smartphones to access patient records as well as their organization’s EMR. Because of HIPAA laws, the security of patient information is tantamount and, as such, health care organizations need to do a better job of making sure the information is secure.
Lynn Vogel, Ph.D., chief information officer and vice president of University of Texas MD Anderson Cancer Center in Houston, explains that early versions of certain smartphones aren’t capable of being encrypted and secured properly, so physicians can’t use them to connect with the hospital’s data centers.
“In exchange for hospital system access, physicians must decide whether they want their personal devices subjected to the same security processes as any other hospital information technology. For example, if a phone is reported lost to MD Anderson’s IT department, it is remotely wiped of its data. Therefore whatever personal data is on the phone will be wiped along with the institutional data."
One of the easiest ways that a physician can ensure that data is secure is by using encryption software on their smartphones. Recommendations from their respective IT personnel can provide the correct encryption tools to match the organization’s systems. However, the Ponemon survey discovered that only 23% of health care organizations use mobile device encryption.
Additionally, the survey also found that almost half of the health care organizations queried do nothing to protect mobile devices, an alarming number to say the least. Reinforcing policies on data security and understanding the consequences of data breaches can go a long way in helping to ensure patient data is secure.