How to secure patient records on mobile devices
Mobile devices have become as common as the stethoscope in patient’s rooms. Physicians routinely review patients’ electronic health records (EHR), read test results, access diagnostic tools and take patient notes, all with a few touches on their iPad or tablet, smartphone or using a flash drive. These mobile devices are ideal for information sharing and time savings, but they pose huge security risks to patient information.
Sixty-four percent of physicians own smartphones and 30 percent of physicians have an iPad, with another 28 percent planning to buy one within six months, according to a recent Manhattan Research study.
10,000 mobile healthcare applications are available today on the iPad, with a larger number of them created to provide access to electronic health records. Additionally, one-third of physicians use their mobile devices to input to EHR while seeing patients, while the information is fresh.
In less than two years, the U.S. Department of Health and Human Services Office for Civil Rights indicates that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device, exposing more than 1.9 million patients’ PHI.
“In many ways, digitizing patient information can make it more secure, but only if the proper security measures are in place,” says Jill Arena from Health e Practice Solutions.
Rick Kam, president and co-founder of ID Experts, lists eight things that organizations can do to protect sensitive patient data:
- Whenever possible, don’t store sensitive data on wireless devices. If required, ensure the data is encrypted.
- Enable password protection on wireless devices, and configure the lock screen to come on after a short period of inactivity.
- Turn on the Remote Wipe feature of wireless devices.
- Enable Wi-Fi network security. Do not use WEP, and only use WPA-1 with strong passphrases. Use WPA-2 if possible.
- Change the default SSID and administrative passwords.
- Don’t transmit your wireless router’s SSID.
- Only allow your devices to connect by specifying their hardware MAC address.
- Implement a Wireless Intrusion Prevention System.