Hospital IT director: Focus on securing patient data, not devices

The key to health information security is in data security, and not necessarily the devices in which data is stored, according to Barbara Bartley, executive director of IT operations and information security officer at Montgomery, Ala.-based Baptist Health. Bartley, in a recent interview with Health IT Security, says that too often, people get "lost" in trying to protect data by focusing on devices.

Bartley thinks that her approach can help CIOs and CISOs focus on the "most important part" of managing a large healthcare system's security framework.

In describing Baptist Health's technical safeguards, Bartley says, "The biggest security impact, in my mind as a security officer, is our end users having knowledge of the privacy and security expectations and how breaches happen. Education, monitoring and auditing are our life from a security standpoint."

All mobile devices issued to end users--such as iPads, iPhones and Androids--are physically encrypted with multi-factor authentication to reduce access to protected health information, according to Bartley. When it comes to BYOD, she says, employees must follow ground rules, which means having a remote wipe enabled.

As FierceMobileHealthcare recently reported, nearly 89 percent of U.S. healthcare workers use their personal smartphones for work purposes, according to a Cisco partner network study. When it comes to security, the study found that 41 percent of healthcare employees' personal devices are not password protected.

For 2013, Bartley says, her group is focusing on Stage 2 Meaningful Use requirements and moving toward attaining HIMSS Level 7 status. She also is helping Baptist move toward cloud and patient portals.

"Challenges present [themselves] when working with third parties, state and regional teams on portals and clouds," Bartley says. "As an organization we don't really have the comfort of understanding what their infrastructure is."

To learn more:
- read the interview

Related Articles:
BYOD practices by healthcare workers pose security risks
Many mHealth programs lack focus, direction
Smartphone use high among U.K. med students, junior docs
Mobile security a primary concern for docs