Standard Mobile Devices Do Not Comply With Healthcare Security Requirements

As medical service providers increasingly use mobile phones and devices to view medical records and access patient databases, mobile data security has become a growing issue of concern in the healthcare industry.Medical records contain an abundance of personal information such as name, date of birth, Social Security number, credit-card numbers, and employer information, making these records a prime target for cybercriminals. According to a recent article, between January and May 2012, 29 healthcare security breaches had already occurred, affecting approximately 935,000 individuals.According to the Office of the National Coordinator for Health and Information Technology (ONC), off-the-shelf smartphones in today’s market typically meet 40 percent of security requirements called for by HIPPA and MU Stage 2 Standards. On the high end of the spectrum, iPhones and BlackBerrys only achieve 60 percent of the recommended criteria after manual configuration.Currently, ONC is conducting research that will assist small to medium sized health care provider organizations secure mobile devices that process health data. Mobile security for these organizations is essential, as they may not have an IT department or data security partner to manage their devices and the sensitive information that they hold. Implementing the appropriate security applications for these devices will safeguard against the loss of patient data.The ONC is also in the process of compiling a list of best practices for various mobile security scenarios. This guide, published later this year, will outline wireless pitfalls such as unsecured WiFi access, email on mobile smartphones and unsupervised “bring-your-own-device” methods. Circulating these best practices throughout a national healthcare network will assist smaller medical service providers in adopting and executing health IT.When implementing security for mobile devices, healthcare facilities should also consider how to securely dispose of wireless devices once they have reached the end-of-life. Data security breaches can occur even after a mobile device has been retired and medical service providers need to dispose of devices in a way that does not jeopardize patient data. Partnering with a certified mobile phone buyback and recycling company ensures retired healthcare devices are put through a comprehensive, multi-step mobile data deletion process that keeps confidential information secure.Developing health IT is essential to ensure mobile phones and devices in the healthcare industry remain protected. Hospitals and health providers have a responsibility to their patients to maintain the proper and secure handling of wireless devices. Additional protocols need to be established assuring out-of-the-box smartphones are protected from data breaches.The author likes