- mHealth app security is still the top concern among healthcare providers, according to a new survey. And the numbers indicate it’s still a major problem.
Slightly less than half of the healthcare providers surveyed by device management company Jamf say they don’t have full control over the apps installed on their network, and 27 percent say they’re not fully confident in their mobile device management platform.
The study points to a recurring theme in healthcare: Providers are moving so quickly to embrace an mHealth platform that they’re not spending enough time and effort on privacy and security (the Jamf survey found that only 22 percent of the IT budget is spent on security). In fact, previous studies have found that health systems spend far more money on developing apps than they do on securing them, even as they know the risks.
“Mobile apps are often used by organizations to help keep customers ‘sticky,’ yet in the rush to bring new apps to market, organizations tend to overlook critical security measures that are proving crucial to consumer loyalty,” Patrick Kehoe, former CMO of Arxan Technologies, said in March, when that company’s survey found that 90 percent of healthcare executives feel their apps are “adequately secure,” while 86 percent of the most popular mHealth apps used by providers aren’t safe.
“Our research … demonstrates that mobile app security is an important element in customer retention,” he said. “Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organizations differentiate from the competition and to achieve customer loyalty based on trust.”
According to the Jamf survey of some 550 IT decision makers in the U.S., U.K., Australia, France and Germany, 83 percent said their organization now provides smartphone or tablets to caregivers, while 45 percent said mobile devices are made available to non-clinical staff as well. About a third also provide mobile devices to patients, and that percentage is expected to jump up to almost 40 percent within two years.
So mobile devices are prevalent in healthcare, but they’re also a challenge to secure. Almost 85 percent of those surveyed cite security as the top challenge, while 77 percent cite data privacy and roughly half cite inappropriate employee use.
This becomes a big issue when one factors in the relatively lax security standards of the apps. In a 2015 study published in the Journal of the American Medical Informatics Association, researchers found that privacy policies among two-thirds of mHealth apps focused on a developer homepage instead of the app itself and covered topics unrelated to the application. And this August, a study by the Future of Privacy Forum uncovered weaknesses in health and wellness apps’ security protocols.
According to the survey, 56 percent say they have full control over what is being downloaded on those mHealth devices, while another 29 percent say they “somewhat have control” and 11 percent say they don’t have any control over downloads. Meanwhile, about one-quarter of those surveyed say they don’t have full visibility over the apps used on those devices.