Encryption-on-the-Go: Personal Mobile Devices and BYOD
Posted Jun 13 2012 12:00am
TechNewsWorld interviewed me not long ago for an article looking at specific issues related to personal mobile devices in healthcare environments . The article is Part 2 of a series, so I also recommend reading the first one , which addresses the general issue of mobile devices and the need for encryption.
As it relates to healthcare, here are some more specific thoughts.
BYOD is an emerging issue in healthcare as staff (physicians, employees, contractors) bring their latest and greatest devices into the workplace and ask to use them in their work. Additionally, some healthcare organizations will see equipment cost savings and allow or even encourage employees and physicians to bring in their own devices. However, safeguards must be in place to ensure that personal health information is protected.
Healthcare professionals are using tablets to access information in the workplace and while mobile, such as, when on call. Use of tablets is a new threat and is a problem if the organization has not implemented the necessary safeguards. This includes capabilities for remote device management capabilities for configuration, changing passwords and wiping them clean if lost or stolen. The security threat is huge, especially when you factor in the rising rate of malicious attacks by hackers. Health IT departments are busy places these days and mobile is competing for attention with EHRs, HIE, telemedicine and other important tools. The issue of BYOD just adds one more layer of complexity and demand for time and resources.
Accessing data via secure FTP or VPNs are options to encryption as ways of minimizing the risk of a data breach. Ideally, users will also want to minimize the amount of data stored on these devices.
The most important best practice related to mobile device and security is to conduct a risk assessment. The organization will want to use the assessment to develop a strategy and plans for implementing the necessary safeguards. Tactics can include usine of cloud based mobile device management and encrypting files, applications and transmissions. But, it will also include communicating expectations to users to promote use of apps and data from trusted sites and sources or enabling device privacy and security functionality, such as, use of passwords and automatic lock or data erase.
Mobile in healthcare is important for three main reasons.
First, for addressing desired workflows, such as, having nurses and other clinicians freed from the nursing station to increase the time they have with patients.
Second, shortages of physician specialists require that we become more efficient with use of their time and that often means connecting with them while mobile. Today’s technologies give physicians access to imaging on a mobile device that is just as good as those on a clinical workstation in their office or on a hospital unit.
Third, we need to engage with consumers and patients – who are also more mobile. For some, their only connection to the Internet is on mobile devices – and this includes some hard to reach populations.