Are your mobile devices secure?

Healthcare professionals are familiar with policies within the Health Insurance Portability and Accountability Act (HIPAA) that aim to protect the confidentiality and security of individually identifiable and electronically protected health information. But as healthcare becomes an increasingly mobile field, it is imperative that providers implement sophisticated mobile computing solutions in a way that complies with stringent security regulations in order to maintain compliance and secure a patient’s identity.

Respondents to the HIMSS 2014 Annual Analytics Mobile Survey¹ indicated that mobile technologies help them improve access to patient information and view data more easily from a remote location. While mobility can aid in improving clinical efficiency and patient outcomes, broad adoption of mobile devices also comes with inherently higher levels of data security risks as compared to traditional desktop computer environments. Clinical decision leaders justifiably have a great deal to worry about – while stolen credit card information can sell for as little as $1 a profile, sensitive healthcare information can be worth hundreds of times more in the underground market.²

With so much at stake, it’s incumbent upon healthcare leaders to make security part of their mobility game plan. Here are six best practices for organizations to keep in mind as they evaluate competing mobile healthcare solutions.

1. Look for enterprise-grade devices. Mobile devices can be divided into two broad categories: enterprise-grade and consumer-grade. Consumer-grade devices are the ones many of us use each day to play video games, watch movies, or surf social media. However, because they are designed only with personal use in mind, they generally provide only the most basic levels of data security and are insufficient for sensitive health information. Enterprise-grade devices, on the other hand, are purpose-built for professional use and designed with security in mind.
2. Trust in TPM. Trusted Platform Module is a hardware-based system security feature widely available on enterprise-grade tablets and laptops. The system is a microcontroller that securely stores encryption keys, passwords, or certificates, which are then used to authenticate the device and ensure that the platform remains trustworthy. Although not a silver bullet, TPM helps provide security that can be stronger than that contained in the system BIOS, operating system, or any non-TPM application.
3. Opt for hardware-based disk encryption. Hardware encryption offers added levels of security above software-based methods. One specification to look for is the Opal standard, developed by the Trusted Computing Group, a not-for-profit organization that also developed the TPM specification. Opal drives are self-contained storage drives that are available for enterprise-grade mobile devices. They provide an extra layer of security to protect sensitive data and meet regulatory requirements. The hardware encryption not only supports the mandates of health information being indecipherable, but it also provides improved performance over many other solutions, thereby enhancing the user experience.
4. Don’t forget wireless security. IT security strategies need to address not only data secured on the device, but data in motion as well. For WiFi-enabled devices, wireless authentication and encryption each play a role in preventing unauthorized access or damage to mobile devices. Look for devices utilizing the latest authentication and encryption standards. Similarly, if devices connecting over LTE mobile broadband networks are used in your organization, look for enterprise-grade technology architected to provide a secure, reliable connection.
5. Remember, MDM matters. Mobile device management solutions are a critical part of any mobility security strategy. These solutions allow IT administrators to monitor and manage devices in real time, guard against unauthorized device access, and remotely wipe or lock devices when lost or stolen. One MDM feature you may want to consider is geofencing, which can lock down a device when it leaves a certain physical area.
6. Provide security authentication with smart cards. Smart cards help to lock down computer networks and prevent hackers from accessing critical data. A smart card is a plastic card containing an embedded computer chip that stores data. It can increase data storage capacity, provide encryption, and offer the flexibility to work with several devices so the user does not need to carry multiple cards.

The explicit costs of a healthcare data breach can be detrimental, with recent offenses costing organizations millions of dollars in HIPAA fines, but the soft costs can be even more devastating: a reduced trust from patients and a plummeting corporate reputation in the industry. A massive data breach is something no healthcare facility can afford. Selecting and implementing a reliable, durable mobile computing solution that offers advanced protection of patient data gives healthcare organizations the most secure defense as we go head first into a progressively digital world.

References

1. www.himss.org/News/NewsDetail.aspx?ItemNumber=28628
2. www.scmagazine.com/health-insurance-credentials-fetch-high-prices-in-the-online-black-market/article/303302/