The advent of bring-you-own-device to work in the healthcare segment is spurring hospital and medical facilities to shore up device, data and systems security and it's not proving easy or quick to do, says a healthcare software development expert.
As more care providers, from nurses to surgeons, rely on mHealth devices to improve patient treatment and gain workflow efficiency, healthcare institutions must address the BYOD security scenario, writes Reda Chouffani, VP of development at Biz Technology Solutions, in a SearchHealthIT column.
"Securing every endpoint where hospital staff access medical information remains one of the top priorities for every hospital IT department," writes Chouffani. "But as more healthcare BYOD initiatives are introduced, IT needs to reassess its processes and procedures to ensure a high level of protection against data breaches. Most IT departments' existing processes to secure patient data are being threatened by the complex devices that are entering their hospital facilities."
As FierceMobileHealthcare previously reported, as of 2013 nearly 89 percent of U.S. healthcare workers were using personal smartphones for work, according to a Cisco partner network study. Yet just 41 percent of healthcare employees' personal devices were not password protected, and 53 percent of healthcare employees accessed unsecured Wi-Fi networks.
And the issue is just as worrisome a year later, according to a recent IDG Connect survey that states the global healthcare industry is not keeping pace when it comes to mobile device security, specifically unsanctioned device and application use. "When ranked according to impact on a global basis, the healthcare sector was particularly affected by data leakage monitoring issues compared to other industries," states the report, which cites the healthcare sector as the most immature industry in terms of personal mobile device security, endpoint compliance discovery and remediation.
In his column Chouffani notes the continuous influx of mHealth tools, including wireless insulin pumps and artificial pancreases, that can pose significant security risks.
"Data breaches take a back seat to security threats that affect the functionality of any of these medical devices. There are no common security tools that can be deployed to protect these new and complex products. As hospitals become more dependent on medical devices and install healthcare BYOD policies to help remotely capture and transmit health data, increased risk will be the reality," he says.
To learn more:
- read Reda Chouffani's column
BYOD practices by healthcare workers pose security risks
Mobile device security in health industry 'immature'
FTC chief urges bigger focus on mHealth data collection
Senator wants FTC rules on data selling by wearable device companies