HIMSS 2013: Securing Mobile Devices and Applications in the Age of Patient Access
January 30, 2013 1 Comment
Healthcare trends are perpetually moving in the direction of handing over more control to the patients. Much of this control lives in the form of online resources and patient portals that provide the ability to send non-urgent communications with health providers, request or cancel appointments, and view medical history.
As patient portal adoption increases, health providers are expanding access beyond desktops and software-as-a-service (SaaS) models, and relying more on mobile devices as access points. According to Pew Research, half of smartphone owners use their devices to get health information and one-fifth of smartphone users have a health-related application on their device—numbers that have increased steadily over the past two years. There are important concerns that must be addressed as mobile health usage and adoption increases. Personal health record applications make up one of the smaller segments of health apps being used and this is because it carries one of the biggest concerns with it– securing patient information.
In 2012, the Government Accountability Office released a list of the most common mobile vulnerabilities and how to combat them. Below are the four I selected as being of the most important to healthcare providers who rely on mobile devices and apps to provide patients with access to their health information. The list includes the three areas of mobile patient access that must be addressed by the healthcare providers, vendors, and even the patients—the mobile device, the network, and the back-end data storage:
Unoriginal passwords and no two-factor authentication: Unfortunately, passwords such as “password” and “123456”remain as some of the most common passwords used. To combat this, health providers and companies relying on password-protected access must educate patients on the importance of writing unique passwords. The inclusion of two-factor authentication provides an additional security layer after the password. By providing information such, “What city your father was born in?” or “What was the name of your high school?” it creates another layer between the sensitive data and the hacker.
Wireless transmissions are not always encrypted: Data encryption across wireless networks is a necessity, especially when it concerns patient data. HIPAA regulations requires stored patient data to be encrypted since network eavesdropping is a common security breach tactic among hackers.
Software on mobile devices may not be up to date: Users are at an increased security risk if they are not updating their software on a routine basis when their providers alert them to. Many of these operating system updates include enhanced security, and if users are using an older system then that means that they aren’t receiving the highest level of security protection possible.
Securing data center hardware: With Carestream’s MyVue* and Vue Motion being made available for iPad access, we, like others in the mobile healthcare application space, must host the programming and data in secure data centers. When deployed from Carestream own private cloud environments to host the data, Carestream controls the security, management, and maintenance, while optimizing the access performance.
There are two key areas of education that healthcare providers must provide to patients when encouraging them to access their data via mobile devices. The first is that the provider must be able to educate why the portal/ application is important to the patients. Secondly, the healthcare provider must also provide information containing the “Do’s” and “Don’ts” of accessing medical information online or via a mobile device. This is sensitive, personal information, and it is vital that vendors work with the healthcare providers and patients to ensure that data remains safe, secure, and reliable.
*Available March 2013
Join us in booth #2727 at HIMSS13 for to discuss health IT strategies and solutions that facilitate secure image exchange, mobile access and patient engagement. Click here to read about the products from the Carestream Vue portfolio that will be demoed at the trade show and provide a look into the integration of imaging and information management.