When Dr. John Halamka talks, people listen. The CIO of Harvard Medical School and CareGroup Healthcare System--not to mention chairman of the Healthcare Information Technology Standards Panel, chairman of the New England Health Electronic Data Interchange Network (NEHEN), prolific speaker, blogger and practicing physician--sounds a warning about mobile and wireless data security in an op-ed published this week in Computerworld.
In arguing that security must go beyond simply following standards, and should be backed by a protected infrastructure and strong institutional security policies, Halamka cautions that even the best software is vulnerable if it's on an open wireless network. He notes that the HITSP workgroup on privacy and security has come up with two ideas that ought to be widely adopted: encrypt all data moving between organizations; and encrypt data "at rest" on mobile devices. "Encrypting all databases and storage systems within an organization's data center would create a burden. But ensuring that devices such as laptops and USB drives, which can be stolen, encrypt patient-identified data makes sense...," Halamka writes.
For further details:
- read Halamka's Computerworld opinion piece