The increased usage of mobile devices in the workplace has yielded both positive and precarious results in the current age of technology. As more and more devices join company LANs, it increases the risk for security breaches, data loss, and theft. While no two security breaches will be identical, the industries that contain personally identifiable and sensitive information stand to lose the most. Hospitals and medical staff are among the biggest targets for theft of ePHI (electronic protected health information) due to newly implemented software for electronic transmission of patient data in health records. Anyone with a computer, tablet, or smartphone can now access their medical records and histories online. It's an amenity of convenience, but it isn't without risk.
Medical staff who use their smartphones to access their company network while out of the office, or their laptop to work remotely from home, provide an opportunity for data to be seen by others. Users who connect to the Internet using a public Wifi connection are at increased risk of exposing ePHI due to weak security protocols. Mobile devices may not provide the same encryption or authentication as a network sign-on from a desktop computer or terminal. Smartphones and tablets are also easily lost or stolen which provides a direct point of entry for a data breach. They each have onboard memory and either a SIM (subscriber identification module) card or an SD (secure digital) card to provide additional storage, wherein a record of all data is stored directly on the device.
The best way to protect mobile devices in the medical industry is to always assume there is a threat and to take precautions. The medical staff runs the risk of violating the HIPAA safety rule when security directives are not followed. The rule allows communication between medical providers and patients through email while using safety protocols. Medical staff should be required to use secured company issued mobile devices to transmit ePHI, they should be trained on processes and procedures for accessing medical data away from hospital workstations, they should be required to access data through a VPN (virtual private network) which encrypts incoming and outgoing data, and they should be responsible for physical and technical safeguards of the devices. Health care administration facilities have an equally important role in this process. The physical safety of electronic devices includes keeping an inventory of all company issued smartphones and tablets, securing them in storage closets or locked drawers when not in use, using asset tags to aid in locating lost or stolen items, and using remote administrative tools to lock or disable a device that has been compromised.
Medical staff mobile device usage is a growing trend that's opening new doors for both patient care and data theft. The success of data security exists in the implementation of secure practices rather than guidelines set for mobile devices in the workplace. When these practices are followed consistently they enable health care providers to be of service in new and innovative ways.