Healthcare IT leaders 'must embrace' mobile while ensuring device security

In a world that is increasingly mobile, securing employees' devices--be they company issued or personal phones--has to be top of mind for hospitals and health systems, according to three IT leaders who spoke with sister publication FierceHealthIT for a cybersecurity special report.

For Barry Caplin, chief information security officer at Minneapolis-based Fairview Health Services, there is no question about allowing the use of mobile devices at his organization.

"We've got to be able to provide that, it's not even a question," he says. "Everything is mobile. Our clinicians are on their feet, working across multiple sites, and healthcare delivery is the type of business where you must instantaneously have access to data.".

But Caplin also understands the importance of tight security controls and device management platforms, while not restricting use of such important tools.

"Any healthcare security group that's not embracing mobile and making sure they are facilitating that for clinical and business operations is a failure," he says.

Employees at Susquehanna Health get phones paid for by the organization that are encrypted and layered with security software, CIO Tim Schoener tells FierceHealthIT. The Pennsylvania health system also allows workers to bring their own devices, but when they do "they have to relinquish some control over the device, and allow the IT team to add those security layers."

Integris Health in Oklahoma also embraces a secure mobile environment, according to CISO Mike Wood.

"We have a mobile device management system that enforces policy for encryption and complex passwords," he says. "We try to make sure that everything is protected, every device is covered."

In addition to touching on mobile security, Caplin, Wood and Schoener also spoke with FierceHealthIT about their organizations' security cultures, their greatest security challenges, how they are keeping employees educated and more.