Mobile Devices and Healthcare Information Security

Healthcare has come along way in the 21st century. Today one can find out almost anything on the World Wide Web. Similarly, when it comes to monitoring one’s health there are several technology tools designed to cater to people’s needs. With the explosive growth of smart phone applications (apps), many businesses have joined the cause to deliver their services through mobile devices or any other fast speed technology device. Accessing health information through mobile device is as popular as accessing financial, entertainment, and social networking information. As a result, healthcare companies are developing mobile device applications for consumers.

Mobile devices are convenient for accessing healthcare information. However, users and health IT administrators should consider all the sensitive information that is being transmitted. The risks are unquantifiable in the event of a data leak from a compromised network. Companies have to perform a risk benefit analysis to determine if the benefits outweigh the consequences.

For example, Company XYZ, a healthcare provider company generates $3.2 Million in revenue after going live with a new healthcare mobile application. Let us say for example that company XYZ’s mobile network is compromised and personal identifiable data of patients are stolen (i.e., social security, address, medical conditions) and leaked to public. As a result, the company’s reputation is ruined and the company will be fined for negligence for not safeguarding patient's health information. Fines for data breaches are very expensive depending on the nature of the breach is between $50,000 to $250,000 and up to ten years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain, or malicious harm. Companies are taking extra steps to ensure that they are compliant with SOX (Sarbanes–Oxley Act of 2002), HIPAA (Health Insurance Portability and Accountability Act of 1996), PCI (Payment Card Industry) standards as well a number of industry best practices to prevent their systems from being compromised.

How health IT teams can reduce security risk from mobile devices

• Maintain an inventory of all company issued mobile devices.
• Provide applications directly from the app store to the mobile device.
• Understand all the features within the organization that require mobile device management.
• Track, and develop a management solution for the company’s users and public.
• Test, trouble shoot potential ways adversaries can potentially hack into the company’s network via the company’s mobile device and develop a solution to prevent those incidents.
• Create or update security policies and training for device and application use and for role-base application and data access.
• Monitor software use and device configurations to ensure compliance with industry and government regulations.
• Ensure application performance and compliance and manage solutions such as updating and monitoring configuration and remediation, and role-based user access.
• Discuss implementation solutions with upper management and discuss practical costs, from software licensing to factors that influence the total cost of ownership including hardware purchase, maintenance, system implementation, consulting fees, system administration, employee training and where necessary software upgrade costs.

To prevent a data leak, health IT security officials should educate their users on the risks associated with using mobile devices for accessing data, as well as install the best firewalls over their mobile network, deploying the latest software patches, and other top security software to prevent such compromises from happening. Although smart phone technology is an added benefit to our way of life, it can also be an area of vulnerability. Most importantly, healthcare companies need to ensure that they continuously monitor systems that house healthcare information to ensure that their patients’ data is safe.