Lowering Mobile Device Security Risks for Patients

Chances are, you’re spending more time with your smartphone or media tablet during work hours. 

According to a recent Manhattan Research study, 64 percent of physicians own smartphones and 30 percent of physicians own an iPad. Additional research shows one-third of physicians use their mobile devices to input data to their EHR while seeing patients, too.

But if you’re using your favorite wireless data to access your EHR, like it or not, you’re at a greater risk for a data breach.

“In many ways, digitizing patient information can make it more secure, but only if the proper security measures are in place,” said Jill Arena, a managing partner with consultancy Health e Practice Solutions, LLC, in a press release issued by security firm ID Experts, a provider of IT security.

The issue of data breaches isn’t a new one, but it is coming into greater focus with the increasing popularity of mobile devices.

From Sept. 22, 2009 through May 8, 2011, HHS’ Office for Civil Rights (OCR) reported that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device, exposing more than 1.9 million patients' personal health information.

So what can your practice do to protect itself?

Rick Kam, president and co-founder, ID Experts, gives a number of suggestions for protecting sensitive patient data. Among them:

• Whenever possible, don’t store sensitive data on wireless devices. If required, ensure the data is encrypted.
• Enable password protection on wireless devices, and configure the lock screen to come on after a short period of inactivity.
• Turn on the Remote Wipe feature of wireless devices.

“Many Wi-Fi networks in hospitals and doctor’s offices are not secure and, coupled with the increased mobile device usage, patient data is at risk,” said Kam, in a press release.

Healthcare technology consultant - and Practice Notes blogger - Marion Jenkins noted in a recent posting that many physicians would be surprised to learn the biggest causes of breaches isn’t teams of rogue hackers working in a someone’s basement.

In fact, a recent report from the Health Information Trust Alliance (HITRUST) shows that the biggest cause of HIPAA data breaches is theft and loss of laptops and other portable media, not hackers. “The perpetrators are most likely not after the health data,” Jenkins wrote. “They are after the devices themselves, and your staff unfortunately makes it relatively easy for them to gain access to the critical HIPAA data just came along for the ride.”

What is your practice doing to protect patient data on mobile devices? Post your reply below.