Securing mobile devices in healthcare

by David Ting

With the mobile market exploding, healthcare IT administrators are now faced with physicians and other clinicians requesting to use their personal devices, such as iPads and iPhones, to access patient information from anywhere, anytime.

With this ability, clinicians are able to make faster decisions for their patients – improving their overall workflow and patient outcomes. This seductive mobile technology, however, is not without it risks and just as it offers faster access to information; it can also open up new ways for the information to be compromised.

For many hospital IT administrators, it is difficult to reconcile the potential security threats against the convenience of mobile and roaming access.  As mobility enters the healthcare space, IT administrators face a host of security challenges from granting access to unmanaged mobile devices including:

  • How users authenticate against the hospital’s web server to gain access
  • Data caching feature on mobile devices and the dangers of residual PHI data being left
  • Communication channel security on public Wi-Fi or cellular networks
  • Potential breaches from lost or stolen mobile devices

According to a 2010 Ponemon Institute study, data breaches in U.S. hospitals create a potential economic burden of $6 billion dollars annually – forcing IT departments to focus heavily on preventing security breaches before they occur and bridge the divide between mobility and security.

Addressing the problem

With threats identified, IT administrators must look to protect all layers of the mobile computing environment – both the endpoint devices and the communication channels that connect the device back to the hospital network. Some strategies that are effective include:

  • Network access controls to ensure outsiders cannot hack into the wireless network and infiltrate devices
  • Education to help users be smarter about how they use and protect their mobile devices
  • Improved authentication to control device access. Many organizations use role-based policies to control who has access to what applications, when and on what devices

However, the most effective way to securing patient information on mobile devices is through a combined single sign-on and authentication management portal solution. These solutions can provide fast, convenient secure access to web based applications for remote and mobile users as well as offer the following benefits:

  • Enhanced clinician  productivity and satisfaction
  • Reduced password administration, translating into cost and time savings
  • Stronger password policies, ensuring protection of critical patient data
  • Better visibility into specific user access to activities across disparate applications

Hospitals have made significant strides towards providing clinicians with the access they need to patient information in order to provide better patient care. But as they continue to move through these deployments, it’s imperative that they carefully evaluate the security risks associated with mobile devices and employ solutions, such as single sign-on and authentication management that will ensure their full benefits are not clouded by security concerns.

David Ting is Founder and CTO of Imprivata.

Submit a guest post and be heard on social media’s leading physician voice.