Mobile Devices Redefine Healthcare Security Management

By Geoff Webb
January 19, 2012
08:15 AM

Thomas Fuller, the 17th Century clergyman and author, wrote “Travel makes a wise man better, and a fool worse.”

While his words may have been aimed at his European contemporaries, they have a great deal to teach us about the rapid adoption of mobile technology in the healthcare industry.    For while travel may indeed amplify the characteristics, good and bad, of the traveler, the change to mobile computing will almost certainly have the same effect on the way in which we deal with the problems of data security, privacy, and a compliance.

Mobile computing is beginning to change the way everyone, especially the healthcare industry, interacts with information.   From laptops to smart phones to tablets, the capability to take significant computing power and storage with us means that data is on hand and on tap almost anywhere on the planet at a moment’s notice.   Instead of waiting hours or days to access files now records, images, and analysis can be created, accessed and shared with around the globe, effectively instantly.

The benefits are immense.  The healthcare industry is, in many ways, the ultimate knowledge industry which explains both the extensive training required for its practitioners and also its heavy reliance on information technology.  Yet the information itself can often be difficult to manage.

Protected Healthcare Information requires careful handling.  Regulators and patients expect a degree of care in the privacy of healthcare information which exceeds almost any other industry.  As a result, the emerging trend towards more mobile computing presents some special challenges.

When protected data was restricted to systems locked in bunker-like data centers, the problem of keeping it secure was at least well understood – even if the execution occasionally fell short of the theory.  However as more and more data has become available on mobile devices, so the complexity of managing it has grown beyond all recognition.  And complexity has never been the friend of security.

Tablets especially, capable of storing gigabytes of data and running specialist applications, are being used more and more to provide on-the-go computing resources and with adoption rates expected to top 50% of clinicians over the next 12 months, healthcare organizations are urgently examining the security and compliance implications of so much sensitive information on the move outside of the traditional IT infrastructure.

So are mobile devices less secure?  Perhaps surprisingly the answer is ‘not necessarily.’  In fact, the newest generations of tablets and smartphones already arrive with some considerable security capabilities built in.  Standard among these are good password protection, remote wipe, and powerful encryption.

Indeed, some experts argue that tablets may be more secure than the current desktop systems which are so often the target of attackers.  The problem, in fact, lies not with the inherent security capabilities of mobile computing, but rather with their management.

For while these devices are capable of keeping information on them secure, the challenge is to ensure that the security tools are turned on, correctly configured, and appropriately documented.  As a case in point, while many iPhone users will turn on the password protection capability of their phones, they often choose passwords that are common or easy to guess such as “1234” or “2580”.  

So while the mobile devices may have capability to be secure, organizations must work to:
•    Ensure the appropriate security tools are on and configured.
•    Track what information is on a device should it be lost.
•    Integrate the management of security on mobile devices into broader data security initiatives.
•    Document all the above, to ensure compliance and audit needs are met.

If some of this may seem a little daunting, the problem is likely to become a great deal worse.

For while mobile devices have opened the door to highly mobile computing, the full potential for mobile *data* will be delivered through a rather different approach to computing – the cloud.

The pressures to adopt cloud computing, both from the perspective of service flexibility and cost-reduction, mean that more and more healthcare services will eventually be delivered through <a href="/directory/cloud-computing" target="_blank" class="directory-item-link">cloud computing systems.  And the means of accessing all that on-tap and on-demand power?  You guessed it- mobile devices.

Mobile devices, cheap, portable and simple to maintain, represent the perfect platform to access cloud based services such as the new breed of cloud-storage providers, cloud-based medical and billing applications, imaging, and so on.

What this means is that healthcare organizations, along with almost every other industry and government body, will have to re-evaluate the way they think about keeping data secure.  Indeed, the only way to meet the challenge of mobile devices, mobile data, and cloud computing combined, is to adopt a highly data-centric security model.  Put simply, organizations will need to stop worrying so much about the *device* and concentrate far more on the information itself.   Especially since it is the information that is at risk; information that will be moving rapidly from system to system, from tablet to cloud and back again.

The good news is that technologies to implement this “data-centric” security, such as tokenization and encryption are well understood and undergoing an evolution as rapid as the systems and data they will be securing.

As such data security technology becomes more pervasive, so it will fully open the frontiers of mobile and cloud data, enabling healthcare providers and their patients to rapidly and securely share greater quantities of richer information safely.
 

Geoff Webb is Director of Product Marketing at CREDANT Technologies.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

FCC set to require georouting for 988 Lifeline calls, enhancing access to local services
Addressing 'techquity' at Children's National Hospital
Opening the digital front door for healthcare
Healthcare must become as digital and consumer friendly as retail and banking
South Korea's smart hospital concept: A focus on patients' need and experience
Singapore project to build voice AI for detecting early elderly depression

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards