- One way or another, mobile devices are finding their way into healthcare organizations’ four walls and onto their networks. Each organization’s mobile needs vary based on size and available resources and many have come a long way with mobile security policies and protocols, but gaps still remain within healthcare. Based on the most recent Ponemon Patient Privacy & Data Security Study results, 40 percent of respondents said that their biggest security concern was with mobile devices. Further, more than half are not confident that the personally-owned mobile devices or BYOD are secure and only 23 percent require that anti-virus/anti-malware software resides on the mobile device prior to connection.
“We do see that one of the great sources of a data breach is the loss of devices and now there are more devices, such as tablets or smart phones, being used in the workplace,” Larry Ponemon, chairman and founder of the Ponemon Institute, told HealthITSecurity.com. So how are organizations responding to these types of concerns? Some organizations are just beginning to face the realities of BYOD and are working on policies that will make the process smooth and secure for both the organization and clinical staff members.
Jeffrey Brown, Lawrence General Hospital CIO, recently told HealthITSecurity.com that though this is a challenge for his team at Lawrence General, it’s currently working with a vendor to help secure mobile devices for BYOD purposes. Mobile policies are just as important to Brown as technology. “Organizations need to back [technology] up with strong policies and procedures and education for the staff,” he said. “You’re trying to achieve that healthy balance between introducing technology to secure your devices and make sure the correct privacy standards are in place.”
Other hospitals are already embracing the BYOD trend by having a strong password and encryption system in place. Connie Sadler, Information Security Officer for the University Medical Center of Southern Nevada, told HealthITSecurity.com in December that her organization employed ActiveSync and Outlook Exchange features as part of its BYOD program, along with password, encryption and remote wipe capabilities. “Most healthcare providers embrace a BYOD type of model, and I think we have to because most physicians don’t work directly for us and we don’t provide devices to them,” Sadler said.
Of course, no mobile security or BYOD discussion would be complete without mentioning the new-age mobile management technologies that are more connected than ever. Contributor and IT expert Bill Kleyman discussed a few of those options for providers, including Application firewalls and learning engines, Data loss prevention (DLP) products and file sharing solutions. “By inserting these intelligent security platforms into a healthcare environment, administrators are creating a roadmap to support an ever growing mobile user base,” Kleyman said. “In doing so, not only are they creating a more agile infrastructure, they are creating a more productive workforce.”
These healthcare IT security pros all seem to agree through their words and actions that mobile security programs must include solid technology but an organization needs to align mobile security products with strong policies as well.