Illinois-based Riverside Healthcare uses three different vendors to help with mobile device security, keeping at top of mind that security practices might differ based on how the device is used, chief security officer Erik Devine tells HealthITSecurity.com.
Depending on whether the device is corporate-owned, personally owned or a shared device, the right MDM solution might differ. Security practices must not only apply to employed physicians, but also to non-employed physicians who come in for a short period of time. Riverside tries to work with them all to provide the mobility they need, but in a secure way, Devine says.
Patients must sign a statement acknowledging that Riverside has inside access to their devices on the enterprise side. Any personal software is not touched.
Knowing where sensitive data is at all times poses one of the biggest challenges for mobile device security, he adds.
"I think you have to really look at the data that you have and really classify the data, not from a risk rating, but ask what type of data is it? How is that data being used? Who's using it? It's a combination of that type of data that may present a different security challenge," Devine says.
Mobile device security remains one of the biggest security challenges for healthcare organizations in 2016, though efforts at the Massachusetts Institute of Technology and the National Science Foundation are aimed at shoring up patient data security and user confidentiality when it comes to mobile health tools.
Rather than focusing on compliance, Joey Johnson, chief information security officer at Tennessee-based Premise Health, urges organizations to focus on how and where information flows and who has access to it.
To learn more:
- read the article