Mobile healthcare, telemedicine, telehealth, BYOD

Policy News

Mobile Health Security Vital for Patient Record Access

By Vera Gruessner

- Mobile health security is essential for ensuring that patient data remains safe, protected, and private from cyber-attacks and data breaches. As the healthcare industry continues to invest in health IT systems and greater amounts of documentation for every patient, the need for keeping the large stores of data secure and HIPAA-compliant grows more important each day.

Mobile Device Privacy and Security

With more health records being stored on mobile devices, the need for mobile health security is imperative among doctors, nurses, and other medical professionals. The National Institute of Standards and Technology (NIST) recently released a report called Securing Electronic Health Records on Mobile Devices shows healthcare organizations how to implement effective mobile health security systems that will prevent the differing segments of patient data from being accessed without full rights to the information, according to the Corporate Counsel.

“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic health care records is outpacing the privacy and security protections on those devices,” a summary about the report stated.

“Cybersecurity experts at the NCCoE collaborated with health care industry and technology vendors to develop an example solution to show health care providers how they can secure electronic health records on mobile devices.” recently reported on industry guidelines about strengthening mobile health security published by the Vitality Institute, the Microsoft Corporation, and the University of California, San Diego. In order to enhance mobile health security standards across the nation, these guidelines covered six steps that medical organizations should follow. Some of these steps include boosting privacy of patient data, defining medical data ownership, and using scientific proof when creating mobile health applications.

“I would say that with the advancements in technology, particularly with the increase in the use of mobile devices and the increase in employees working at home and in other nontraditional work environments, the privacy implications of getting access to protected health information have reached a critical stage,” Eric Keller, a partner in the employment law practice at Paul Hastings, told the Corporate Counsel publication.

With the use of tablets, computers, or even smart phones, doctors and nurses could provide more efficient – even better – care to their patients, which makes it understandable why mobile tools are now being used regularly in the healthcare industry. As this continues, however, mobile health security must be addressed across the healthcare continuum.

Additionally, healthcare workers who do not have adequate security protection on their mobile devices when accessing patient records could potentially be violating the Health Insurance Portability and Accountability Act (HIPAA).

Many providers today use mobile devices to store and access patient data as well as share relevant information with other experts in their field. In order to maintain patient trust in a healthcare organization, preventing cyber-attacks and data breaches through effective mobile health security protocols is key. Strong safeguards between patient health records stored electronically and mobile devices or applications must be implemented to keep medical data private and secure.

“All healthcare organizations need to fully understand their potential cybersecurity vulnerabilities, the bottom line implications of those vulnerabilities, and the lengths attackers will go to exploit them. According to our risk analysis and in the experience of many healthcare organizations, mobile devices can present vulnerabilities in a healthcare organization’s networks,” NIST’s executive summary stated. “We recommend that organizations implement a continuous risk management process as a starting point to … increase the security of electronic health records.”


Join 50,000 of your peers and get the news you need delivered to your 

inbox. Sign up for our free newsletter to keep reading our articles:

Get free access to webcasts, white papers and exclusive interviews.

Our privacy policy

no, thanks

Continue to site...