In the past several years, the rapid evolution of technology in the health care sector has led to a significant level of audit increases and refinements to standing legislation, as regulators push to better protect patient information from the dangers that abound on the Internet today. One of the most important trends in this conversation continues to be enterprise mobility, which has been especially popular among medical organizations.
Physicians and other practitioners have appeared to be the biggest drivers of BYOD deployments in this space, falling in line with the general consumerization of IT trend that has impacted organizations in other sectors. However, medical organizations must ensure that they are following the guidelines of the Health Information Portability and Accountability Act, such as the use of HIPAA email software, to protect patient data in the age of mobility.
Devices, apps and data
VentureBeat recently reported that applications appear to be the central aspect of HIPAA conversations in the current BYOD arena, especially as the software being used is far more diverse and voluminous than the operating systems. In many ways, security experts have long asserted that too many firms will only secure and protect devices, which is certainly necessary but does not completely close the circle on maximum protection.
Apps, after all, are commonly used to store and share data among other types of activities, meaning that they could present danger with respect to patient protection and privacy. According to the news provider, regulators from the U.S. Department of Health and Human Services' Office of Human Rights have already spoken out about proper management of apps and security for mobile platforms and software.
"Right now, there's a big distinction between apps that were created for use by healthcare providers and apps that were intended for use by consumers," former OCR employee Adam Greene told VentureBeat. "It's certainly something that the tech companies have to be aware of, but in general HIPAA doesn't apply to consumer data. Whether or not it applies is more about who is handling the data than about the content of the data itself."
The source noted that major device and app manufacturers are working to bridge this gap between consumer-oriented utilities and those that are more directly targeted at the health care sector. In the mean time, companies will need to ensure that they are proactively handling app security and management in their BYOD programs.
BYOD is such a perfect example of what types of challenges health care firms face in the modern market because of the sheer diversity of management demands that come along with the trend. In many cases, deploying mobility strategies will represent a strong opportunity to test the mettle of a security strategy.
Decision-makers should ensure that the security policy remains comprehensive, including device, application, data, network and user protection protocols to avoid the potentially devastating consequences of a breach or failed HIPAA audit.