How to Offer Mobile Convenience While Keeping Health Data Secure
The solution isn’t to be afraid of mobile in healthcare
- By Hoala Greevy
- Mar 04, 2019
In every industry, companies work to figure out the best way to integrate mobile devices into both the front-end experience and in the workplace. As more and more people use phones as their primary (and sometimes only) device, becoming a mobile-first company means having a major competitive advantage.
The healthcare industry isn't distancing itself from this trend. In the past four years, the use of mobile- and tablet-based health apps has tripled — and nearly half of consumers used them in 2018. Besides this, 44 percent of people have used electronic health records in the past year to access information including prescription history, clinician notes, and laboratory data.
This mobile shift will be a boon to patient care and overall convenience in an industry that isn't always straightforward or seamless for patients.
However, while the world of mobile presents many opportunities, it also has potential pitfalls. The most pressing one is security: Something as simple as one lost laptop can compromise the data of 10,000 patients, as was the case for Raley’s supermarkets.
A data breach is bad for any company, but it can be especially catastrophic for healthcare organizations. There are strict regulations surrounding the sharing and use of patient data, but medical information is also deeply personal. A breach can cause damage to patient well-being.
The solution isn’t to be afraid of mobile in healthcare; it's to understand the risks and take the right steps toward protecting patients and keeping data secure. Preventing breaches before they happen is a necessary part of this process. The world is becoming increasingly mobile-first, and the healthcare industry needs to embrace that shift with healthy caution.
Four Steps to a More Secure Mobile Environment
Thankfully, there are some clear steps healthcare businesses can take to ensure the security of their mobile devices and provide convenience for patients. Here are four ways to start:
Teach employees about what can and can't go on mobile devices.
Ninety percent of hospitals are investing in mobile as a way to communicate within their systems. Although this could do wonders for efficiency, it also comes with its own vulnerabilities. It’s important to remember that one of the biggest threats to security will always be human error when rolling out these initiatives.
That’s why it’s important to make guidelines around dealing with data — and the risks associated with mishandling it — crystal-clear. It's crucial to ensure employees know what apps to download and have no confusion over policies surrounding the use of patient data on mobile.
With the right training, employees will be keenly aware that they need to take proper care not only of their devices, but also of the information that's on them. This should extend beyond just orientation. Hold annual reviews of your policy with each employee to ensure team members continue to comply with security best practices.
Encrypt everything.
No matter how cautious your employees are, someone will lose his phone at one point or another. As mobile devices will soon be ubiquitous throughout the healthcare system, it’s vital to protect sensitive information on these devices with strong passwords and encryption.
After all, encryption is the bare minimum any company can do with its customers’ data. When companies fail to implement it, this leaves millions of patients exposed.
This isn’t just about patient care, either — failing to encrypt your devices could result in massive fines. MD Anderson Cancer Center, for instance, was hit with a whopping $4.3 million fine for failing to encrypt its devices after having two thumb drives and a laptop stolen.
Make data accessible only through secure browsers or approved applications.
According to Malwarebytes, mobile devices are increasingly becoming the go-to target for hackers and other cybercriminals. This is in large part because we haven't taken mobile security as seriously as desktop security.
To better secure mobile devices, healthcare companies shouldn't conflate mobile access with access anywhere. Data access should be confined to specific apps or a secure browser. This will help ensure that patient information doesn’t get saved by accident and that when someone is viewing private data online, it's harder to intercept the connection. Requiring employees to use virtual private networks can also add an extra layer of security.
Keep work tasks separate from personal ones.
One dilemma for many companies is deciding whether to provide devices or offer a bring-your-own-device program. While the latter is more common nowadays and provides greater flexibility, it also opens up another potential weak spot in security. If work and personal life are both happening on one device, it’s easier for the two to become mixed up in potentially harmful ways.
If you do opt for a BYOD program, use a mobile device management tool to control how and when work apps are used on each mobile device. MDM tools offer the ability to encrypt data, monitor app usage, and remotely wipe or recover data. These tools also give you the ability to separate work use from personal use, meaning that apps and data meant for work aren’t accessible in any way through personal apps. If you’re not giving employees physically separate devices, this is the next best thing.
Another way to keep personal information from bleeding into work data is limiting who has access to company email on their mobile devices. Not everyone needs to send work emails from her phone, and keeping work email off of mobile means fewer chances for accidental exposure.
You can even go a step further and create a specific network only for personal devices. If there is a breach in this case, the damage doesn’t leak out into the rest of the system.
In many ways, mobile has the potential to create a better experience for patients and healthcare professionals. However, the convenience of mobile shouldn’t come at a cost to security. By taking the right steps, the healthcare industry can step confidently into a mobile world and rest assured that patient data is secure.