By April Sage, Director, Healthcare Vertical, Online Tech
Mobile device and application use in the healthcare industry is becoming ubiquitous, with 80 percent of physicians using mobile technology to deliver patient care, and over 90 percent using mobile devices in everyday operations (HIMSS Mobile Technology Survey, 2012). The mobile trend isn’t slowing down, according to Gartner: Worldwide IT spending is anticipated to surpass $3.7 trillion in 2013, with major growth drivers being cloud computing, big data and mobile technologies.
The Bring Your Own Device (BYOD) movement coupled with mobile healthcare applications brings numerous benefits to the table, including ease of use and ability for real-time collaboration between employees. It also allows for improved and remote access to patient information, meaning increased productivity and better patient care.
However, with the benefits of mobile health come concerns about security. Mobile device use opens up electronic protected health information (ePHI) to mobile malware, viruses and potential network intrusion. Statistics from the HIMSS Mobile Technology Survey show that companies may also not be ready to support the growing trend in mobile device use. Only half of enterprises and 41 percent of mid-sized firms have an employee network access policy in place. Without proper established mobile policies and staff training, the possibility of a data breach is imminent.
Please log in or register below to read the full article.
By April Sage, Director, Healthcare Vertical, Online Tech
Mobile device and application use in the healthcare industry is becoming ubiquitous, with 80 percent of physicians using mobile technology to deliver patient care, and over 90 percent using mobile devices in everyday operations (HIMSS Mobile Technology Survey, 2012). The mobile trend isn’t slowing down, according to Gartner: Worldwide IT spending is anticipated to surpass $3.7 trillion in 2013, with major growth drivers being cloud computing, big data and mobile technologies.
The Bring Your Own Device (BYOD) movement coupled with mobile healthcare applications brings numerous benefits to the table, including ease of use and ability for real-time collaboration between employees. It also allows for improved and remote access to patient information, meaning increased productivity and better patient care.
However, with the benefits of mobile health come concerns about security. Mobile device use opens up electronic protected health information (ePHI) to mobile malware, viruses and potential network intrusion. Statistics from the HIMSS Mobile Technology Survey show that companies may also not be ready to support the growing trend in mobile device use. Only half of enterprises and 41 percent of mid-sized firms have an employee network access policy in place. Without proper established mobile policies and staff training, the possibility of a data breach is imminent.
The healthcare industry has, in particular, seen a trend in recurring data breaches, with 45 percent reporting more than five incidents in the last two years (Ponemon Institute’s 2012 Benchmark Study on Patient Privacy and Data Security).
Data breaches not only put patient information at risk of misuse or exploitation, but they also put healthcare systems, physicians and other related organizations at major financial risk. The Ponemon Institute found the average economic impact of a data breach has increased by $400,000 to a total of $2.4 million since 2010, which, as their calculations show, put the healthcare industry at a total loss of $7 billion due to data breaches.
Factors that contribute to monetary loss include investigation, legal fees, federal penalties, business downtime or decreased credibility. Additionally, remediatory steps taken after a breach also contribute significantly to the costs. These include security audits; PR for reputation damage control; encryption or other security control improvements such as network monitoring, intrusion detection, and hiring new security personnel; and free credit monitoring typically offered to affected individuals.
The costly effects of a data breach make a convincing business case for investing in sufficient data security controls. How can a healthcare organization reduce the risk of a data breach while still reaping the benefits of mobile device and app use in the workplace? It’s important to note that ePHI transmitted through mobile apps and devices must be secured to the standards of the Health Insurance Portability and Accountability Act (HIPAA). One mobile security best practice is to never store ePHI on the mobile device itself; instead, keep data in HIPAA-compliant data centers and servers, and use a secure virtual private network (VPN) to access the data remotely with devices. If outsourcing your IT infrastructure, partner with a HIPAA-compliant hosting supplier that can provide evidence of its compliance.
HIPAA-compliant hosting means the data-hosting supplier has undergone an independent HIPAA audit by a third party to determine that their hosting solutions and facilities have the appropriate technical, physical and administrative security controls in place to keep ePHI secure, even when being accessed remotely with a mobile application and/or device.
Mobile health applications and devices can ensure a smoother workflow and increased productivity, but only if healthcare organizations tackle the challenge of ePHI security with the right mindset - keeping sensitive data off of the device, and enlisting a HIPAA-compliant hosting provider to reduce the risk of a costly data breach.
References:
HIMSS Mobile Technology Survey, 2012
Ponemon Institute’s 2012 Benchmark Study on Patient Privacy and Data Security
Cisco IBSG Horizons Survey, 2012
Gartner: 2013 Tech Spending to Hit $3.7 Trillion
About Online Tech
Online Tech, Michigan’s largest managed data center is becoming the largest in the Midwest, expanding into at least four new markets. The “Fort Knox’’ for data is known for complete redundancy - “backups for everything” - from multiple back-up generators and backup systems to locations straddling two power grids and even two CEOs.
Online Tech leads in secure, compliant hosting services including cloud hosting, managed dedicated servers,Michigan colocation and disaster recovery. Online Tech’s Midwest data centers assure mission critical applications are always available, comply with government & industry regulations, and continue operating after a disaster. Backed by independent HIPAA, PCI, SSAE 16, and SOC 2, Online Tech delivers the security, privacy, and availability expected from world class data center operators. For more information, call (877)740-5028, emailcontactus@onlinetech.com or visit www.onlinetech.com.
