Mobile devices pose new security risks for patients

Mobile devices are ideal for information sharing and time
savings, but they pose huge security risks to patient information.

In less than two years, from September 22, 2009 through
May 8, 2011, the U.S. Department of Health and Human Services (HHS) Office for
Civil Rights (OCR) indicates that 116 data breaches of 500 records or more were
the direct result of the loss or theft of a mobile device, exposing more than
1.9 million patients’ PHI.

A panel of five experts in the fields of healthcare IT,
security and privacy, data breach and identity theft, share their insights on
how healthcare organizations and providers can optimize mobile health (mHealth)
while protecting patients’ data.

Sixty-four percent of physicians own smartphones and 30
percent of physicians have an iPad, with another 28 percent planning to buy one
within six months, according to a recent Manhattan Research study.

10,000 mobile healthcare applications are available today
on the iPad, with a larger number of them created to provide access to
electronic health records. Additionally, one-third of physicians use their
mobile devices to input to EHR while seeing patients, while the information is

“In many ways, digitizing patient information can
make it more secure, but only if the proper security measures are in place. As
we move to introduce iPad applications that integrate with physicians’
Electronic Medical Records (EMR) products, we can edit, route and capture
signatures on patient forms without ever dropping them to paper,” said Jill
Arena, managing partner, Health e Practice Solutions.

This allows physicians and their office staff to
recapture valuable staff time, and it keeps paper forms with PHI, Social
Security numbers and other sensitive information from floating around the
clinic and potentially falling into the wrong hands,” Arena added.

“Anytime an organization extends information beyond
its walls, a risk assessment should be conducted to determine the level of
security controls, including monitoring of those controls. Mobile devices are a
great example of extending the enterprise. Organizations need to understand the
complexities of securing mobile devices, applications and the people who use
them as part of a well-rounded data security and risk management program,”
said Chad Boeckmann, president, Secure Digital Solutions.

By Team
[email protected]