Mobile devices, cloud computing: What healthcare CIOs fear most

Although mobile apps that share files through the cloud are gaining in popularity in the consumer market, these apps can be unsafe in a clinical setting according to a recent study by the Ponemon Institute.

Many organizations are not taking the necessary steps to protect regulated data, such as protected health information (PHI), on mobile devices and in the cloud, finds the institute's survey. In fact, 54 percent of survey respondents have had on average five data breach incidents involving the loss or theft of a mobile device containing regulated data.

Approximately 33 percent of respondents said that they need to access PHI to do their work. Nevertheless, only 15 percent of survey participants knew of HIPAA's security requirements for regulated data on mobile devices despite 33 percent of respondents indicating that they are part of a HIPAA covered entity. In addition, approximately 40 percent of respondents weren't sure if their organization's rules on employee access and use of regulated data on mobile devices were HIPAA compliant, 12 percent said they were compliant, 31 percent were partially-compliant and 17 percent reported noncompliance.

"We've found that mobile devices and cloud computing are the two greatest sources of healthcare CIOs' fear," said Larry Ponemon, PhD, chairman and founder of the Ponemon Institute, in an interview with HealthITSecurity. "It's an environment that's ripe with potential problems and vulnerabilities. But at the same time, a lot of these devices aren't necessarily designed to be secure."

When it comes to cloud computing, according to a recent survey by technology vendor CDW, security concerns about proprietary data and applications are among the reasons the healthcare industry has been slow to adopt cloud technology. Out of eight industries, healthcare ranked seventh in terms of cloud adoption, just ahead of state and local governments.

However, in a recent contributed article published in PhysBizTech, John Sung Kim, CEO of San Francisco-based, makes the case that mHealth apps for medical provider organizations will soon evolve into app platforms whose functions can be "rented" as a cloud-based service instead of building them as "one-off" IT projects. Sung Kim, who runs a mobile healthcare 2.0 company, believes the benefit of mobile healthcare-as-a-service (mHaaS) is that it significantly decreases the costs and risks for medical provider organizations.

"All of that is great from a cost efficiency and patient control standpoint, but it's an environment that has inherent insecurity," warns Ponemon. "Disruptive technologies such as mobile or cloud increase the likelihood of malfeasance."

To learn more:
- read the HealthITSecurity article
- read the Ponemon Institute report