Demanding mHealth security in the cloud
Over the past year, iPads have become standard equipment for care providers in hospitals and medical offices, making these devices nearly as ubiquitous as the stethoscopes draped around their necks. The use of mobile devices by patients for their own care has also grown just as quickly, with patient portals allowing them to schedule appointments, view lab results, ask follow-up questions they forgot to ask during appointments and more – all from their tablet or even their phone (if they squint hard enough to read it on such a small screen).
With so many care providers using mobile devices at the point of care and with so many patients using the web for aspects of their medical care, there are an awful lot of mobile devices floating around that have access to confidential patient information.
That's a recipe for disaster.
The portability of these devices and the frequency with which they are misplaced, stolen or breached is a security nightmare for healthcare organizations. Each of these incidents ends up being an embarrassing news story at best. At worst, they lead to large fines and lawsuits. Organizations have tried a number of protocols aimed at reducing human error that leads to the loss of these devices, but people are people, and they'll always forget where they set something down. The real solution is in having a technology strategy that protects the data regardless of whose hands these devices fall into, and encryption is a critical part of that solution.
The challenge lies in creating an encryption strategy that won’t add to your IT team’s already heavy workload. And that's possible. No need to add a half-dozen or more action items to your IT department’s to-do list, which no doubt is already a mile long. It’s not magic. There’s no fairy dust involved.
While proving their value, mHealth devices and applications cause stress for health IT teams because of these security issues and the HIPAA non-compliance threat they pose. This was a major topic for discussion at the recent mHealth Summit, where the dialogue centered on the attention that this security issue is now getting from government agencies and industry associations. The healthcare industry is currently working on HIPAA compliance recommendations for mobile devices, which would be enforced by the Office for Civil Rights. And the FCC has created an mHealth Task Force, composed of mobile healthcare IT industry executives, federal and academic experts.
Preliminary recommendations are not technical in nature but instead focused on collaboration and outreach. The FDA is also entering the mHealth space as an enforcing authority. As mobile devices become tools to monitor, report or suggest actions based on a patient’s health, they become subject to FDA regulation like other medical devices. That’s a lot of brainpower devoted to the issue of mobile device security, and it’s a clear sign of how urgent this issue is.