Protecting Patient Privacy While Using Mobile Devices

Personal health information is some of the most sensitive information any organization has, and is also one of the most heavily protected. Throughout North America (and most other jurisdictions), healthcare professionals, providers, and their business associates face strict regulations regarding how to handle personal health information, and how that information may or may not be distributed. The widespread adoption of technology in healthcare environments, particularly mobile devices such as smart phones and tablets, has further complicated an already complex issue. In an environment where privacy breaches can result from hacked data, disgruntled employees and simple negligence, maintaining security while using medical mobile apps and software becomes a critical concern.

The Growth of Mobile Healthcare

Since it’s introduction, mobile use has skyrocketed, both in the general public and in healthcare environments. Despite initial concerns of cellular phones, and mobile products in general, causing disruptions in equipment, communications technology has advanced considerably over the years, and smartphones and tablets have become ubiquitous in healthcare settings. Mobile technology has irrevocably altered the healthcare landscape by creating a means of easy, direct communication between doctors, as well as providing access to medical reporting, medical tracking apps, and other useful digital medical tools.

Unfortunately, with increased usage of tablets and smartphones comes an increased risk of data breaches. And with the pace of technology being so rapid, it can sometimes be difficult to keep up. Add to that the complications that come with regulations such as HIPAA and HITECH, and the need for streamlined medical software that also helps protect against breaches of personal health information becomes obvious.

The Dangers Posed

It used to be that the only risks of privacy breaches were a result of talkative doctors oversharing patient information in inappropriate locations, or actual physical theft of files and documentation for some reason. Unfortunately, in modern times, this is simply no longer the case. Information thieves can strike through the internet from anywhere around the globe, and the proliferation of devices means more information is being displayed on more screens more often. In 2014, over a million secure data records were breached, and that number will only grow as workplaces increasingly move to a mobile environment. What’s more, smartphones and tablets are not only mobile, they’re valuable. All that powerful processing packed into tiny packages make a tempting target for thieves who can sell not only the device, but the information on it. Then there’s the simple problem of carelessness; after all, it doesn’t take a hacker to lift potentially sensitive information off the screen of an unlocked iPad. Mobile technology has transformed healthcare environments for the better, but has brought privacy risks previously unheard of along with it.

Training, training, training.

No system will ever be 100% secure against problems, but there is no excuse for preventable privacy breaches resulting from a sheer lack of education or training on the part of a staff member or employee. It’s not hard to imagine assistants or staff mistakenly leaving a tablet or smartphone unlocked in an unsecured location. Or perhaps failing to close an application or the browser window of a web app, meaning sensitive patient information is still sitting active in the device or worse, on the screen. In either event, it’s conceivable that sensitive patient information could be uncovered by unauthorized users, inadvertently creating an otherwise preventable breach. The problem is even more exacerbated in Bring Your Own Device (BYOD) environments, where you lack direct control of the device itself; train your employees to always follow mobile security best practices, including ensuring that their phones and tablets are locked and password protected when not in use, and to always log out and close applications.

Implement Rigorous Device Management.

The expansion of smartphones and tablets into healthcare means the number of devices that sensitive information might be on has multiplied as well. Where once there may have been only a handful of personal computers in a facility, now there are desktop PCs, laptop PCs, tablets, smartphones—even watches—that could conceivably hold patient information. This makes it difficult to control the flow of information, so managing that many devices effectively must be a top priority. This goes beyond making sure employees are logging out and locking their home screens. It means ensuring that data is properly encrypted, both in place and in transit (when being sent to authorized users over an internet connection), regularly updating all devices and apps (which often patch security vulnerabilities in the the devices), and being able to remotely wipe a device in the event one gets lost or stolen. Remember, your patients are trusting you not just with their health, but with keeping their most sensitive information safe. Implementing rigorous device management procedures is one of the most effective means of maintaining your patients’ trust.

Use Software that Understands the Importance of Information.

Too many medical applications, whether third party or purchased directly from application stores, fail to fully realize the implications of the information that healthcare providers and their staff regularly work with. That’s why it’s important to know that your software is meeting all the necessary standards for information and data, and that it does everything it can to help keep data safe. This includes being able to remotely wipe information from a device if necessary, removing information from the cache when the application has been closed, timing out sessions after an adequate period of time, and other automated or remote features that can help protect against accidental breaches of information in the event of lost tablets, stolen phones, or just forgetting to secure a device.

Personal health information is some of the most sensitive information in our lives, and physicians and clinicians hold both a moral duty and legal obligation to treat it with the utmost care. Breaches of personal health information can cause serious hardship on patients, many of whom are already experiencing less than ideal conditions. From simple embarrassment to life changing complications and even identity theft, the threats of improperly handled personal health information are numerous. Taking every precaution to safeguard this sensitive information should be one of the highest priorities of every healthcare professional. However, thorough education, rigorous device management, and proper software vetting can all go a long way to helping mitigate the risks associated with using mobile devices in a healthcare environment.