Security Strategy: Lifeline for Mobile Healthcare

In September 2010, a PwC Health Research Institute report noted, “Mobile health is creating new value: less expensive solutions, new ways to manage care, and better health outcomes.” I could not have said it better myself.

Mobile devices are the most personal technology that we as consumers own. We carry them around wherever we go, much like we do our wallets. As these devices improve, so does their potential to enable health and wellness. Their ability to deliver mass personalization makes mobility the new wave in the medical field. Ultimately, patients will be able to communicate with their healthcare providers by using the computing or smart mobile device of their choice.

And, as my colleague Chris Johnston wrote about previously, just about any device (including smart slippers) can be used to send information directly to healthcare providers. Mobile health will allow a new level of patient involvement in his or her healthcare. This new “Patient Portal” will allow patients an anytime, anywhere ability to request refills, check lab reports, make or change an appointment, and check on a current diagnosis. The technology also gives medical providers access to patient results—literally from all over the world.

However, in recent months, protecting information on mobile devices has been in the spotlight. Since the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, many of the major health information breaches reported to federal authorities have involved the loss or theft of unsecured mobile devices and media. Mobile devices such as Tablet PCs and smartphones are replacing desktops and wired phones. To enable effective and security enhanced information sharing, healthcare organizations must have a clear, consistent process to identify sensitive information and determine proper handling. A well thought out mobile device management security strategy provides a holistic security framework for your organization—one that addresses the organization’s people, processes and technology. A mobility security strategy must involve the organization as a whole, not merely think of mobile security as technology-oriented solution.

Security Strategy for a Fading Boundary

Mobile devices and the sensitive information contained on them must be managed and protected. The same rules and regulations the organization uses to protect medical information on its mainframe are applicable to mobile devices. Since the patient’s flow of information will be in line with his or her mobility (starting at the doctor’s office, moving through laboratories, imaging centers, and other facilities), there are several points of exposure that are vulnerable to information security breaches. As the interconnectivity between hospitals and clinics, remote physician offices and healthcare associates increases, security perimeters must expand beyond the internal network to include them.

The characteristics of healthcare are well suited to a mobile industry and there are benefits to be had by adopting mobile healthcare. But these benefits are accompanied by unique security requirements. Any HIT initiative must consider these challenges. Traditional, non-mobile EMRs require security as well. No matter the device, data protection is a critical part of a strong healthcare IT infrastructure. The ideal security solution not only reduces the risk of a security breach, it also strikes a balance between convenience and privacy.

What’s your take on mobile device security?
What will it take to create an environment where mobile devices and patient records can co-exist safely and securely?
Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu