Big data and cloud computing have had transformative impacts on the health care sector, enabling more intelligent use of massive information volumes and providing a more affordable and agile storage environment to handle modern electronic medical record systems. While these two technologies have certainly been the talk of the town in the past few years, another trend has been far more difficult to manage among most health care providers.
This, of course, is enterprise mobility, which can either be represented by BYOD, corporate owned, personally enabled (COPE) or other approaches in the modern medical organization. Device diversity, as well as the sheer volume of endpoints accessing the corporate infrastructure, continue to rise at an exponential pace, giving IT departments and executives a little more than they can chew in terms of security, access management and compliance.
With respect to Health Information Portability and Accountability Act compliance, leaders in the medical sector must ensure that they are monitoring and stringently controlling the ebb and flow of patient information and communications. HIPAA email, as well as file transfers and several other compliance-covered activities that take place in virtually every organization today, will need to be outlined in and guided by tight internal policies.
Helpful tips to reach HIPAA-compliant mobility
Alison Diana, writing for InformationWeek, recently listed a wealth of recommendations for health care leaders who are working to deploy BYOD and other mobility strategies in a compliant and secure fashion. First, though, she cited a study from Transparency Market Research that found 74 percent of health care practitioners are using their smartphones while at work and often to complete their responsibilities, which often entails accessing patient records, and 51 percent are using tablets.
Diana also noted that ABI Research released a report that found the health care industry is set to purchase 90 million wearable devices in 2014 alone that will be used for various administrative and patient-care related tasks. With this in mind, it should not be surprising that the average medical organization IT professional is being strained by the support, security and compliance requirements that abound with such a high volume and broad diversity of operating systems.
As for the best practices of securing these devices, the author stated that device and application encryption procedures should be deployed from the outset of mobility and maintained throughout the program's life cycle. Diana noted that application data, auditable log devices and actions, remote wiping capabilities and device-level passwords must also be covered in policy to ensure long-term security.
Finally, the author explained that the applications and channels used to conduct file transfer activities should be on the radar of all IT security professionals in the health care sector.
Erin McCann, writing for HealthcareITNews, recently added a few tips and tricks to help health care providers get a handle on the wild beast that is mobility. Notably, leaders in this industry must remember that the single most common cause of breach is a lost or stolen device that contains patient records or other sensitive information.
As such, McCann suggested that companies fully encrypt their data, communications, apps and devices while leveraging tools that will enable remote wiping and monitoring capabilities regardless of where a smartphone, tablet, hard drive or the like end up. On the other side of that coin, BYOD and other mobility policies should be exhaustive in terms of the health care provider's rights over personally owned devices and the data contained therein.
By covering the entirety of IT through the lens of mobility in security planning and management, medical organizations can begin to reduce their risk of breach.