Like most healthcare organizations, the Department of Veterans Affairs is treading carefully when it comes to balancing the integration of mobile devices with security and privacy considerations.
Keeping up with the demand for mobile devices and new, innovative technology presents the biggest challenge for the nation’s largest integrated health system, said Don (DJ) Kachman, the VA’s director of mobile technologies and client security enterprise systems engineering, during an online chat hosted by Federal News Radio.
“As we look to use new technology, I would say the challenge will be to meet the demand, but also make sure we are keeping data secure,” he wrote.
He added that it can be difficult to leverage new devices "under policy and security that is geared towards a 'generation ago.'" The VA plans to integrate more mobile devices that meet level of assurance (LOA) 3, however, which requires multi-factor authentication and cryptography. Kachman said his goal is to credential 45,000 devices to start, with plans to bring more than 100,000 devices on board.
Healthcare organizations are struggling to strike that balance between data-sharing capabilities offered by mobile health integration and the growing cybersecurity threats that loom over the industry. Last year, the Ponemon Institute reported that healthcare organizations face one cyberattack per month—in part because of unsecured mobile devices.
The VA favors a commercial, off-the-shelf approach to its mobile strategy that allows for quicker integration. Although expanding access by allowing physicians to use their own mobile devices is promising, the system maintains a strict policy that limits usage to government-owned devices.
The VA is in the midst of deciding whether to stick with its existing EHR system or transition to a commercial product, which could impact its mobile strategy. Newly confirmed VA Secretary David Shulkin has advocated for the VA to move towards commercially tested products, but said he will make a final decision this summer.