How to Offer Mobile Convenience While Keeping Health Data Secure

How to Offer Mobile Convenience While Keeping Health Data Secure

The solution isn’t to be afraid of mobile in healthcare

In every industry, companies work to figure out the best way to integrate mobile devices into both the front-end experience and in the workplace. As more and more people use phones as their primary (and sometimes only) device, becoming a mobile-first company means having a major competitive advantage.

The healthcare industry isn't distancing itself from this trend. In the past four years, the use of mobile- and tablet-based health apps has tripled — and nearly half of consumers used them in 2018. Besides this, 44 percent of people have used electronic health records in the past year to access information including prescription history, clinician notes, and laboratory data.

This mobile shift will be a boon to patient care and overall convenience in an industry that isn't always straightforward or seamless for patients.

However, while the world of mobile presents many opportunities, it also has potential pitfalls. The most pressing one is security: Something as simple as one lost laptop can compromise the data of 10,000 patients, as was the case for Raley’s supermarkets.

A data breach is bad for any company, but it can be especially catastrophic for healthcare organizations. There are strict regulations surrounding the sharing and use of patient data, but medical information is also deeply personal. A breach can cause damage to patient well-being.

The solution isn’t to be afraid of mobile in healthcare; it's to understand the risks and take the right steps toward protecting patients and keeping data secure. Preventing breaches before they happen is a necessary part of this process. The world is becoming increasingly mobile-first, and the healthcare industry needs to embrace that shift with healthy caution.

Four Steps to a More Secure Mobile Environment

Thankfully, there are some clear steps healthcare businesses can take to ensure the security of their mobile devices and provide convenience for patients. Here are four ways to start:

Teach employees about what can and can't go on mobile devices.

Ninety percent of hospitals are investing in mobile as a way to communicate within their systems. Although this could do wonders for efficiency, it also comes with its own vulnerabilities. It’s important to remember that one of the biggest threats to security will always be human error when rolling out these initiatives.

That’s why it’s important to make guidelines around dealing with data — and the risks associated with mishandling it — crystal-clear. It's crucial to ensure employees know what apps to download and have no confusion over policies surrounding the use of patient data on mobile.

With the right training, employees will be keenly aware that they need to take proper care not only of their devices, but also of the information that's on them. This should extend beyond just orientation. Hold annual reviews of your policy with each employee to ensure team members continue to comply with security best practices.

Encrypt everything.

No matter how cautious your employees are, someone will lose his phone at one point or another. As mobile devices will soon be ubiquitous throughout the healthcare system, it’s vital to protect sensitive information on these devices with strong passwords and encryption.

After all, encryption is the bare minimum any company can do with its customers’ data. When companies fail to implement it, this leaves millions of patients exposed.

This isn’t just about patient care, either — failing to encrypt your devices could result in massive fines. MD Anderson Cancer Center, for instance, was hit with a whopping $4.3 million fine for failing to encrypt its devices after having two thumb drives and a laptop stolen.

Make data accessible only through secure browsers or approved applications.

According to Malwarebytes, mobile devices are increasingly becoming the go-to target for hackers and other cybercriminals. This is in large part because we haven't taken mobile security as seriously as desktop security.

To better secure mobile devices, healthcare companies shouldn't conflate mobile access with access anywhere. Data access should be confined to specific apps or a secure browser. This will help ensure that patient information doesn’t get saved by accident and that when someone is viewing private data online, it's harder to intercept the connection. Requiring employees to use virtual private networks can also add an extra layer of security.

Keep work tasks separate from personal ones.

One dilemma for many companies is deciding whether to provide devices or offer a bring-your-own-device program. While the latter is more common nowadays and provides greater flexibility, it also opens up another potential weak spot in security. If work and personal life are both happening on one device, it’s easier for the two to become mixed up in potentially harmful ways.

If you do opt for a BYOD program, use a mobile device management tool to control how and when work apps are used on each mobile device. MDM tools offer the ability to encrypt data, monitor app usage, and remotely wipe or recover data. These tools also give you the ability to separate work use from personal use, meaning that apps and data meant for work aren’t accessible in any way through personal apps. If you’re not giving employees physically separate devices, this is the next best thing.

Another way to keep personal information from bleeding into work data is limiting who has access to company email on their mobile devices. Not everyone needs to send work emails from her phone, and keeping work email off of mobile means fewer chances for accidental exposure.

You can even go a step further and create a specific network only for personal devices. If there is a breach in this case, the damage doesn’t leak out into the rest of the system.

In many ways, mobile has the potential to create a better experience for patients and healthcare professionals. However, the convenience of mobile shouldn’t come at a cost to security. By taking the right steps, the healthcare industry can step confidently into a mobile world and rest assured that patient data is secure.


  • Live From ISC West: Day 2 Recap

    If it’s even possible, Day 2 of ISC West in Las Vegas, Nevada, was even busier than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Venetian, because there’s more news coming out than anyone could be expected to keep track of. Our Live From sponsors—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—kept the momentum from Day 1 going with packed booths, happy hours, giveaways, product demonstrations, and more. Read Now

    • Industry Events
    • ISC West
  • Visiting Sin City

    I’m a recovering alcoholic, ten years sober this June. I almost wrote “recovered alcoholic,” because it’s a problem I’ve long since put to bed in every practical sense. But anyone who’s dealt with addiction knows that that part of your brain never goes away. You just learn to tell the difference between that insidious voice in your head and your actual internal monologue, and you get better at telling the other guy to shut up. Read Now

  • On My Way Out the Door

    To answer that one question I always get, at every booth visit, I have seen amazing product technology, solutions and above all else, the people that make it all work. Read Now

    • Industry Events
    • ISC West
  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3

  • Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft focuses on transforming traditional professional surveillance systems into cloud connected solutions via the Videoloft Cloud Adapter. 3

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3