How to Offer Mobile Convenience While Keeping Health Data Secure

How to Offer Mobile Convenience While Keeping Health Data Secure

The solution isn’t to be afraid of mobile in healthcare

In every industry, companies work to figure out the best way to integrate mobile devices into both the front-end experience and in the workplace. As more and more people use phones as their primary (and sometimes only) device, becoming a mobile-first company means having a major competitive advantage.

The healthcare industry isn't distancing itself from this trend. In the past four years, the use of mobile- and tablet-based health apps has tripled — and nearly half of consumers used them in 2018. Besides this, 44 percent of people have used electronic health records in the past year to access information including prescription history, clinician notes, and laboratory data.

This mobile shift will be a boon to patient care and overall convenience in an industry that isn't always straightforward or seamless for patients.

However, while the world of mobile presents many opportunities, it also has potential pitfalls. The most pressing one is security: Something as simple as one lost laptop can compromise the data of 10,000 patients, as was the case for Raley’s supermarkets.

A data breach is bad for any company, but it can be especially catastrophic for healthcare organizations. There are strict regulations surrounding the sharing and use of patient data, but medical information is also deeply personal. A breach can cause damage to patient well-being.

The solution isn’t to be afraid of mobile in healthcare; it's to understand the risks and take the right steps toward protecting patients and keeping data secure. Preventing breaches before they happen is a necessary part of this process. The world is becoming increasingly mobile-first, and the healthcare industry needs to embrace that shift with healthy caution.

Four Steps to a More Secure Mobile Environment

Thankfully, there are some clear steps healthcare businesses can take to ensure the security of their mobile devices and provide convenience for patients. Here are four ways to start:

Teach employees about what can and can't go on mobile devices.

Ninety percent of hospitals are investing in mobile as a way to communicate within their systems. Although this could do wonders for efficiency, it also comes with its own vulnerabilities. It’s important to remember that one of the biggest threats to security will always be human error when rolling out these initiatives.

That’s why it’s important to make guidelines around dealing with data — and the risks associated with mishandling it — crystal-clear. It's crucial to ensure employees know what apps to download and have no confusion over policies surrounding the use of patient data on mobile.

With the right training, employees will be keenly aware that they need to take proper care not only of their devices, but also of the information that's on them. This should extend beyond just orientation. Hold annual reviews of your policy with each employee to ensure team members continue to comply with security best practices.

Encrypt everything.

No matter how cautious your employees are, someone will lose his phone at one point or another. As mobile devices will soon be ubiquitous throughout the healthcare system, it’s vital to protect sensitive information on these devices with strong passwords and encryption.

After all, encryption is the bare minimum any company can do with its customers’ data. When companies fail to implement it, this leaves millions of patients exposed.

This isn’t just about patient care, either — failing to encrypt your devices could result in massive fines. MD Anderson Cancer Center, for instance, was hit with a whopping $4.3 million fine for failing to encrypt its devices after having two thumb drives and a laptop stolen.

Make data accessible only through secure browsers or approved applications.

According to Malwarebytes, mobile devices are increasingly becoming the go-to target for hackers and other cybercriminals. This is in large part because we haven't taken mobile security as seriously as desktop security.

To better secure mobile devices, healthcare companies shouldn't conflate mobile access with access anywhere. Data access should be confined to specific apps or a secure browser. This will help ensure that patient information doesn’t get saved by accident and that when someone is viewing private data online, it's harder to intercept the connection. Requiring employees to use virtual private networks can also add an extra layer of security.

Keep work tasks separate from personal ones.

One dilemma for many companies is deciding whether to provide devices or offer a bring-your-own-device program. While the latter is more common nowadays and provides greater flexibility, it also opens up another potential weak spot in security. If work and personal life are both happening on one device, it’s easier for the two to become mixed up in potentially harmful ways.

If you do opt for a BYOD program, use a mobile device management tool to control how and when work apps are used on each mobile device. MDM tools offer the ability to encrypt data, monitor app usage, and remotely wipe or recover data. These tools also give you the ability to separate work use from personal use, meaning that apps and data meant for work aren’t accessible in any way through personal apps. If you’re not giving employees physically separate devices, this is the next best thing.

Another way to keep personal information from bleeding into work data is limiting who has access to company email on their mobile devices. Not everyone needs to send work emails from her phone, and keeping work email off of mobile means fewer chances for accidental exposure.

You can even go a step further and create a specific network only for personal devices. If there is a breach in this case, the damage doesn’t leak out into the rest of the system.

In many ways, mobile has the potential to create a better experience for patients and healthcare professionals. However, the convenience of mobile shouldn’t come at a cost to security. By taking the right steps, the healthcare industry can step confidently into a mobile world and rest assured that patient data is secure.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3