- As more healthcare organizations implement mobile options, ensuring that they maintain HIPAA compliance is essential. However, if a recent survey is any indication, covered entities have room for improvement when it comes to their mobile security.
Over 1,800 healthcare professionals were interviewed for a recent Scrypt survey, and 56 percent reported that their organization could be doing more to educate employees on HIPAA compliance.
Furthermore, 78 percent said that they use mobile messaging at work, but 52 percent added that their organization either did not have mobile messaging policies, or they were unsure if such policies existed within their organization.
“We understand the challenges healthcare providers face when it comes to managing and exchanging PHI,” Scrypt, Inc. CEO Aleks Szymanski said in a statement. “In an industry as closely regulated as healthcare, where the margin for error is minimal. It is essential that organizations invest not only in the best HIPAA-secure technology, but also in instilling a culture of security through appropriate training and education.”
The survey also revealed that secure messaging is not always used for communications. Specifically, 70 percent of those surveyed reported that they have sent PHI using a non-secure application, such as iMessage, WhatsApp or their device’s native messaging client.
In terms of the information sent, seventeen percent of respondents said they have sent or received PHI via mobile message. Nearly one-quarter - 24 percent - included names, while 19 percent included telephone numbers, and 13 percent had email addresses.
Only one-quarter of respondents who use mobile messaging also said that they use a secure solution.
Individuals might be ignoring HIPAA compliance measures in some cases, as 80 percent of respondents stated that they consider their HIPAA knowledge to be either good or very good.
BYOD security measures should also be thoroughly reviewed by organizations, as 65 percent of respondents who use a mobile device at work said they also use the same device for personal use. Additionally, 52 percent of those surveyed added that there are no restrictions in the applications they download and use at work.
However, nearly all respondents - 96 percent - reported that they use at least one security measure to protect their device. The most commonly used method is a passcode or PIN, with 18 percent of respondents saying they use just one method.
The findings are similar to last year’s Scrypt survey, where 69 percent of respondents said they were confident with their current HIPAA policies. Seventy-six percent of those surveyed also stated that staff or human error poses the greatest threat to covered entities in terms of a HIPAA breach.
Fifty-six percent of respondents also listed hackers or data theft as the top threat, while 20 percent reported that vendor error was the greatest potential threat.
The majority of healthcare organizations - 81 percent - said that their method to protecting patient data was using HIPAA compliant software.
“Even those who are using HIPAA compliant software should be careful, because not all software providers are as secure and robust as they claim to be,” the report’s authors wrote, adding that regular internal testing on user accounts could be beneficial as well.