Healthcare organizations seemingly lax with mobile security

A third of all healthcare professionals store patient data on portable and mobile devices such as USB drives, laptops and mobile phones, according to a 2008 survey by Credant Technologies. Another report found that 12,500 mobile devices were left in taxis, and 4,500 USB memory sticks were left in pockets of pants sent to dry cleaners during a six-month period last year. Yet, only 39 percent of healthcare organizations encrypt data on mobile devices, a 2009 HIMSS survey revealed.

Those apparent realities are rightly making privacy and security experts nervous, especially with new, more-stringent HIPAA regulations either in place or on their way. On Feb. 18, the maximum HHS civil penalty for a data breach jumped from $25,000 to $1.5 million.

"I'm always surprised at the cowboy attitude," Harry Rhodes, director of practice leadership for the American Health Information Management Association, said in an interview with American Medical News. "You've got these people who think, 'What are the odds of that happening to me?' And then when it's happening to you, it's too late to do anything."

For more information, including tips on preventing data loss:
- check out this AMNews story