Healthcare data security tips for mobile devices
Here are two equally important facts about the healthcare market.
- 16.9 million mobile users in the U.S. accessed health information on their device during a three-month average period ending November 2011, according to comScore. The number represents a whopping 125 percent increase from the previous year.
- The explosion of mobile devices into the healthcare market is causing real concerns about how to secure such devices so that sensitive patient health information is not compromised.
And of course, stories of stolen laptops have become all too common.
Now, experts with backgrounds in the law, technology, healthcare IT, and security and prevention of data breach have issued some recommendations on how to ensure that patient health data is not compromised. Here are a few of the tips from the complete report published by ID Experts, a data breach prevention firm whose solutions are endorsed by the American Hospital Association. So hospitals and healthcare organizations, listen up.
Install geolocation tracking software and brick the mobile device
Rick Kam, founder of ID experts, recommends installing geolocation tracking software or services for mobile devices. It is like getting an inexpensive insurance policy because once a device is stolen or lost, it can track and locate and if need be, erase all data from it.
More employees want to bring their own devices, but patient information may be stored in them. One way to secure these devices is to “brick” them. In other words, a process by which all data, not just corporate information, can be erased remotely. Jon Neiditz, partner, Nelson Mullins Riley & Scarborough, believes that employees are coming around to bricking their devices because in many cases their personal data stored on these devices are increasingly being backed up in the cloud.
Encrypt, encrypt, encrypt
Thumb drives count as mobile storage devices, so they need to be encrypted as much as mobile devices and laptops. Chris Apgar, president and CEO of Apgar and Associates, recommends that healthcare organizations should require encryption if employees will use personal mobile devices while handling sensitive information. In an ideal world, employees would respect a policy that prevented the storage of sensitive data on personal devices, but that policy is hard to enforce, Apgar believes.
Look toward financial industry for data management strategies
The healthcare industry should adopt some data protection practices from the financial industry, recommends Chad Boeckman, president, Secure Digital Solutions. This includes the tokenization of credit cards, whereby a token value replaces the credit card numbers and is used in securing electronic transactions. In the healthcare industry, this would allow people to access patient data when they needed to and only from devices and applications whose profiles have been created to have this access.