Mobile Devices in Healthcare: Where do you draw the line?

2.28.13 (Mobile Devices in Healthcare)In today’s fast paced world with the constant stream of information on the go from smartphones and other mobile devices, there are many unanswered questions surrounding mobile security in the healthcare industry. Doctors, nurses and hospital volunteers are all bringing their own mobile devices to work and recent data breaches have raised security concerns and highlighted the risks associated with allowing these devices to access patient information. Earlier this year, the PwC Health Research Institute identified the need for better mobile security as part of their top ten issues hospitals will face in 2013. They also found that 69% of the consumers surveyed said they were concerned about the privacy of their medical information if providers accessed the data on their mobile devices.

The PwC report also found that only 46% of hospitals had a security strategy in place to regulate the use of mobile devices and others believe that encryption standards under HIPAA for mobile devices aren’t being taken seriously. Coupled with a recent Government Health IT article stating that the shortage of security professionals is beginning to have an adverse impact on healthcare and other industries, there is a clear need for better mobile solutions. Almost every company provides special devices for certain employees to use in order to access information, or they allow limited remote access from personal computers. Accessing information has always been a security concern, with the greatest emphasis currently on personal patient information being exposed to the wrong individuals.

While IT professionals are quite capable of blocking access and keeping information secure, they face challenges in coping with the constant stream of end user requests to obtain information on the go while keeping the exchange secure. The answer to the questions that has been proposed countless times is a simple solution – limit access. This means limiting access to patient information as well as the devices used to obtain the information. Human error, whether intentional or not, is what I believe to be the root cause of a lot of the issues we face and why greater accessibility will continue to be limited. The further down your security wall goes the further up your security team must grow. There comes a point when you have to draw the line, but where exactly that is, only time will tell.