How to prevent mobile security threats to the healthcare system
As the mobile devices numbers increase, the risk of exploiting PIH (protected health information) in the healthcare area also increases, as the Department of Homeland Security noticed.
The mobile devices represent a great risk for healthcare organizations and companies that are responsible for keeping an eye on the protected health information (PHI) according to the Federal HITECH and HIPAA regulations.
Taking into consideration that sensitive data of the patients can be processed, moved and even shared through personal devices and USB flash drives, the phenomenon of people bringing their own devices can cause chaos in a hospital. In order to give a helpful hand to the authorities that should keep an eye on the privacy matters resulting from mobile data theft, 13 experts from the healthcare IT field, data breach prevention and network security offered some tips
1. Install USB locks on computers, laptops or other devices that may contain PHI or sensitive information, to prevent unauthorized data transfer (uploads or downloads) through USB ports and thumb drives. - Christina Thielst, FACHE, vice president, Tower Consulting Group.
2. Consider geolocation tracking software or services for mobile devices. - Rick Kam, CIPP, president and co-founder, ID Experts.
3. Brick the mobile device when it is lost or stolen. - Jon A. Neiditz, partner, Nelson Mullins Riley & Scarborough.
4. Encrypt. - Chris Apgar, CISSP, president and CEO, Apgar and Associates.
5. Laptops put in “sleep” mode, as opposed to shutting them down completely, can render encryption products ineffective. - Winston Krone, managing director, Kivu Consulting.
6. Recognize that members of the workforce may use personal mobile devices to handle protected health information, even if contrary to policy. - Adam H. Greene, partner, Davis Wright Tremaine.
7. Don’t permit access to PHI by mobile devices without strong technical safeguards: encryption, data segmentation, remote data erasure and access controls, VPN software, etc. - Kelly Hagan, attorney, Schwabe, Williamson & Wyatt.
8. Educate employees about the importance of safeguarding their mobile devices. - Dr. Larry Ponemon, chairman and founder, Ponemon Institute.
9. Implement Electronic Protected Health Information (EPHI) security. - Christine Marciano, president, Cyber Data Risk Managers.
10. Healthcare organizations should work to get ahead “of the BYOD upgrade” curve by ensuring that the devices coming offline are adequately secured and checked before disposal or donation. -Richard Santalesa, senior counsel, Information Law Group.
11. Have a proactive data management strategy. - Chad Boeckman, president, Secure Digital Solutions.
12. Transparency and End User Consent Opt-In. - David Allen, CTO, Locaid Technologies.
13. The mobile web and “app” landscape is not your father’s Internet. - Pam Dixon, executive director, World Privacy Forum.