HIMSS survey reveals major mHealth security, management gaps

Speakers and attendees alike at the mHealth Summit in Washington, D.C., agreed that users are galloping ahead of their hospitals' IT departments. They're using smartphones, tablets, laptops and other devices to access patient data in droves.

What they may not have known is how bad the security/management situation has become. The first annual mHIMSS Mobile Technology Survey shows that while 90 percent of physicians are using mobile devices to access patient files, fewer than 40 percent of facilities have solid mobile policies to protect those records. Overall, 164 HIMSS members responded to the survey.

Even worse: Only half of respondents who don't have a policy are developing one right now. Of those, two-thirds say it will take them at least six months to get them in place, and one-quarter say it could take up to a year.

The real security/management gap right now may be with tablets. Of facilities that had policies, only 69 percent addressed tablets, compared to 90 percent that addressed smartphones. They'll need to remedy that quickly, as 59 percent of respondents who don't offer tablets now say they plan to in the future.

The one bright spot: Respondent were pretty clear that most clinicians use their mobile devices to look up non-patient-specific information, or only view patient files, not to input or handle the actual data.

Another particularly interesting finding surrounded the facility-owned vs. bring-your-own-device debate. It looks like a majority (55 percent) of facilities are still buying and deploying hospital-owned mobile devices, but a surprising 41 percent of respondents say they're allowed to use personal devices at their facilities.

Regardless of ownership, it seems hospital CIOs are adamant about such devices not being use to store patient data. Only 28 percent of respondents say their facilities will allow them to download patient files onto their mobile units.

Overall, security remains the top hot-button issue (60 percent) for mobile tech users, according to the survey. The most common security measure is password protection (92 percent), widely viewed by security experts as a "soft" measure. Data encryption--by far most security experts' preference--is being used by only 73 percent of respondents.

Just over 52 percent of respondents said they can remotely wipe mobile devices, and a mere 10 percent have automatic data destruction capability (to disintegrate data after a prescribed period of time). One interesting note: A full 6 percent of respondents have biometric authentication on their mobile units. Considered by many to be the gold standard in IT security, it'll be interesting to see how quickly that technology grows.

After security, though, the biggest barriers to mobile device adoption weren't clinician resistance (27 percent) or problems with clinical workflow (15 percent), but rather institutional problems like lack of funding (48 percent) and lack of IT staff (39 percent).

One technical issue may trump all of those, though: Clinicians indicate that their top complaint about using mobile devices for patient-related tasks is speed. CIOs may find themselves having to turbo-charge the same networks they're working so hard to protect.

To learn more:
- read the mHIMSS survey (reg. required)
- check out Government Health IT's coverage