Healthcare News & Insights

5 critical mobile security features for smartphones and tablets in health care

Doctors, nurses and other employee are bringing personal mobile devices to work at healthcare organizations. Here are five critical mobile security features IT should require before those gadgets access any sensitive data. 

In most industries, organizations are currently adopting formal BYOD (bring your own device) programs — or they’re having to deal with personal smartphones, tablets and other devices that employees are bringing into work and expecting to use.

The flood of personal devices is especially prevalent in healthcare, as doctors, nurses and others are using those portable gadgets to view and edit electronic health records (EHRs), conduct research on drugs, conditions and treatments, and for basic communication tools.

One recent survey found that 72% of doctors are currently using a mobile device for work — and 91% want access to mobile EHRs.

While mobile devices can help providers improve the care they offer patients, many security experts warn the increased use of those gadgets could mean an increase in breaches of sensitive patient information.

In fact, a recent study of healthcare data breaches by the Ponemon Institute found that a lost or stolen portable computing device was one of the primary causes behind just under half (46%) of the breaches healthcare organizations suffered in 2012.

Even if a healthcare employee only uses a smartphone for email, for example, those messages may contain sensitive data or information that can be used to obtain that data. And as more doctors use smartphone and tablets for EHRs, the risk is even greater.

Health IT departments aren’t likely to keep mobile devices out of the office, but there are some actions that can be taken to prevent data breaches.

The first step is to require all devices to be approved before they’re given access to the organization’s network or any sensitive data. Here are some critical security features all personal devices should be equipped with before that approval is granted:

  1. Basic security features — There are some basic security features experts recommend all mobile device users enable regardless of what they’re doing on their smartphone or tablet. That includes password protection, data encryption, remote wipe capabilities and mobile antivirus software.
  2. MDM software — Of course, the tricky part of requiring those security configurations is making sure they’re actually used. Healthcare providers can use mobile device management (MDM) software to enforce those policies, as well as push software updates, track devices and complete other tasks.
  3. Mobile VPN — Most organizations require employees to use a virtual private network (VPN) when they access systems from outside the office using a computer — however, they often forego that requirement when a mobile device is being used.
  4. App restrictions — Mobile malware often finds its way onto smartphones and tablets via apps that the user is tricked into installing. Sometimes those malicious apps can even be found in a platform’s official app store — for example, one estimate says that 25% of all the apps in the Google Play store may present security risks. Organizations should protect their by keeping control over what apps users install, by using app blacklisting or whitelisting or setting up custom enterprise app stores.
  5. Disabled features — Some organizations may want to disable certain tablet and smartphone features that could be used to leak sensitive data — including, for example, USB ports, cameras and SD card slots. MDM software can also be used to shut off those tools so people don’t intentionally or unintentionally use them in a way that leads to a data breach.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.