How to Offer Mobile Convenience While Keeping Health Data Secure

How to Offer Mobile Convenience While Keeping Health Data Secure

The solution isn’t to be afraid of mobile in healthcare

  • By
  • Mar 04, 2019

In every industry, companies work to figure out the best way to integrate mobile devices into both the front-end experience and in the workplace. As more and more people use phones as their primary (and sometimes only) device, becoming a mobile-first company means having a major competitive advantage.

The healthcare industry isn't distancing itself from this trend. In the past four years, the use of mobile- and tablet-based health apps has tripled — and nearly half of consumers used them in 2018. Besides this, 44 percent of people have used electronic health records in the past year to access information including prescription history, clinician notes, and laboratory data.

This mobile shift will be a boon to patient care and overall convenience in an industry that isn't always straightforward or seamless for patients.

However, while the world of mobile presents many opportunities, it also has potential pitfalls. The most pressing one is security: Something as simple as one lost laptop can compromise the data of 10,000 patients, as was the case for Raley’s supermarkets.

A data breach is bad for any company, but it can be especially catastrophic for healthcare organizations. There are strict regulations surrounding the sharing and use of patient data, but medical information is also deeply personal. A breach can cause damage to patient well-being.

The solution isn’t to be afraid of mobile in healthcare; it's to understand the risks and take the right steps toward protecting patients and keeping data secure. Preventing breaches before they happen is a necessary part of this process. The world is becoming increasingly mobile-first, and the healthcare industry needs to embrace that shift with healthy caution.

Four Steps to a More Secure Mobile Environment

Thankfully, there are some clear steps healthcare businesses can take to ensure the security of their mobile devices and provide convenience for patients. Here are four ways to start:

Teach employees about what can and can't go on mobile devices.

Ninety percent of hospitals are investing in mobile as a way to communicate within their systems. Although this could do wonders for efficiency, it also comes with its own vulnerabilities. It’s important to remember that one of the biggest threats to security will always be human error when rolling out these initiatives.

That’s why it’s important to make guidelines around dealing with data — and the risks associated with mishandling it — crystal-clear. It's crucial to ensure employees know what apps to download and have no confusion over policies surrounding the use of patient data on mobile.

With the right training, employees will be keenly aware that they need to take proper care not only of their devices, but also of the information that's on them. This should extend beyond just orientation. Hold annual reviews of your policy with each employee to ensure team members continue to comply with security best practices.

Encrypt everything.

No matter how cautious your employees are, someone will lose his phone at one point or another. As mobile devices will soon be ubiquitous throughout the healthcare system, it’s vital to protect sensitive information on these devices with strong passwords and encryption.

After all, encryption is the bare minimum any company can do with its customers’ data. When companies fail to implement it, this leaves millions of patients exposed.

This isn’t just about patient care, either — failing to encrypt your devices could result in massive fines. MD Anderson Cancer Center, for instance, was hit with a whopping $4.3 million fine for failing to encrypt its devices after having two thumb drives and a laptop stolen.

Make data accessible only through secure browsers or approved applications.

According to Malwarebytes, mobile devices are increasingly becoming the go-to target for hackers and other cybercriminals. This is in large part because we haven't taken mobile security as seriously as desktop security.

To better secure mobile devices, healthcare companies shouldn't conflate mobile access with access anywhere. Data access should be confined to specific apps or a secure browser. This will help ensure that patient information doesn’t get saved by accident and that when someone is viewing private data online, it's harder to intercept the connection. Requiring employees to use virtual private networks can also add an extra layer of security.

Keep work tasks separate from personal ones.

One dilemma for many companies is deciding whether to provide devices or offer a bring-your-own-device program. While the latter is more common nowadays and provides greater flexibility, it also opens up another potential weak spot in security. If work and personal life are both happening on one device, it’s easier for the two to become mixed up in potentially harmful ways.

If you do opt for a BYOD program, use a mobile device management tool to control how and when work apps are used on each mobile device. MDM tools offer the ability to encrypt data, monitor app usage, and remotely wipe or recover data. These tools also give you the ability to separate work use from personal use, meaning that apps and data meant for work aren’t accessible in any way through personal apps. If you’re not giving employees physically separate devices, this is the next best thing.

Another way to keep personal information from bleeding into work data is limiting who has access to company email on their mobile devices. Not everyone needs to send work emails from her phone, and keeping work email off of mobile means fewer chances for accidental exposure.

You can even go a step further and create a specific network only for personal devices. If there is a breach in this case, the damage doesn’t leak out into the rest of the system.

In many ways, mobile has the potential to create a better experience for patients and healthcare professionals. However, the convenience of mobile shouldn’t come at a cost to security. By taking the right steps, the healthcare industry can step confidently into a mobile world and rest assured that patient data is secure.

Featured

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.