Home » News » Electronic Health Record | Health Information Exchange (HIE) | Mobile/ Wireless | Privacy and Security | Telehealth
Receive News
By Email

  • del.icio.us
  • Digg
  • Facebook
  • Google
  • Reddit
  • StumbleUpon
  • RSS Icon
  

8 tactics for mobile data privacy and security

July 20, 2011 | Mary Mosquera

Related Resources

With the sweeping use of mobile devices by healthcare providers, physicians and hospitals need to embrace best practices for protecting sensitive patient data, privacy experts say. For example, encrypt sensitive data when it is necessary to store on wireless devices.

Sixty-four percent of physicians own a smartphone and one third of them have an iPad, with another 28 percent planning to buy one within six months, according to research cited by ID Experts, which offers data protection and response services, in a July 20 announcement.

[MobileHealthWatch guest blog: Tips for tablet maintenance.]

Many of the current 10,000 mobile healthcare applications were designed to enable their users to access to electronic health records (EHRs). At the same time, in the past two years, the Office of Civil Rights has reported that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device and led to the exposure of the personal health information of 1.9 million patients, which started many consumers questioning the security of EHR systems and the data they house.

The Office of Civil Rights oversees health information privacy in the Health and Human Services Department and publishes on its website incidents involving the sensitive information of at least 500 individuals.

To more effectively protect patient data, Rick Kam, president of ID Experts recommended the following practices:

1. Don’t store sensitive data on wireless devices. If required, encrypt data.
2. Enable password protection on wireless devices and configure the lock screen to come on after a short period of inactivity.
3. Turn on the “remote wipe” feature of wireless devices.
4. Enable Wi-Fi network security. Do not use wired equivalent privacy (WEP). Wi-Fi protected access (WPA-1) with strong passphrases offers better security. Use WPA-2 if possible.
5. Change the default service set identifier (SSID) and administrative passwords.
6. Don’t transmit your wireless router’s SSID.
7. Only allow devices to connect by specifying their hardware media access control (MAC) address.
8. Establish a wireless intrusion prevention system.

“Many Wi-Fi networks in hospitals and doctor’s offices are not secure," Kam cautioned, "and coupled with the increased mobile device usage, patient data is at risk."

And as more and more mobile health applications emerge, including smartphone apps from federal government agencies including the VA and DoD, that risk will continue to grow.

Related Topics:

Reader Comments (1)Login to Post a Comment

SellYourCell says: Cell Phone Data Security
January 31, 2012 | 4:50PM GMT
Don't forget about end of life security. I work with SellYourCell.com, an internet site where we buy used cell phones. It is very common for people to send us cell phones full of private data that has not been erased. Even if your organization has the ability to remotely wipe data off a users phone, this capability can be lost if the user switches to a new phone prior to a security wipe. Consider using an outside service, like SellYourCell, that can buy your phones and make sure that the phone is reset to factory settings with data erased, and SIM and/or data cards removed. In addition to data security, you or your staff also benefits with a little cash.