The American Medical Association’s American Medical News has noted that the number of physicians using smartphones has reached a near-saturation point and, in parallel, the number of data breaches is going up. Recent reports by Manhattan Research have found more than 81 percent of physicians use a smartphone, up from 72 percent in 2010. Also on the rise have been data breaches which, according to research released in December by Ponemon Institute, have risen 32 percent in the past year. Ponemon found that 96 percent of all healthcare organisations surveyed said they had experienced at least one data breach in the past two years.
The report, while not specifying the percentage of breaches from mobile devices, has stated that the widespread use of mobile devices is putting patient data at risk.
According to Ponemon, mobile devices create security risk in two ways. Data can reside on the device and can be accessed. Also, the device can be a way of gaining access to data that reside on electronic medical record systems at the healthcare organisations. Plus, it has been observed, smartphones' size makes them easier to lose than a laptop.
Either way, someone who finds a lost device can gain valuable data if that phone is not secured.
Ponemon's study looked at only 72 health organisations. However, mobile device security is a primary concern throughout the healthcare field.
Many hospitals are aiming to bridge the gap by improving security so any mobile device a physician uses may access their EMRs safely. Analysts say there are precautions physicians can take as well.
Many hospitals had struggled initially in meeting the demand of physicians who wanted to use their mobile devices to access the hospital's EMR system. In an October member survey by the College of Healthcare Information Management Executives, 79 percent of healthcare organisations said that because of user demand, they approved mobile devices that could be used in the health organisation's environment. However, that approval doesn't mean every device has secure access. In some cases, hospitals use mobile device management companies to provide third-party security for devices that otherwise would be considered unsecure.
Physicians can help, hospitals say, by making sure their phones are encrypted. Software is readily available that will encrypt smartphones and mobile devices. Encryption means that information is sent in non-readable form, and must be "unlocked" by a "key" on the device of the person wishing to view it. The Ponemon study found only 23 percent of healthcare organisations use mobile device encryption.
Encryption offers a safe harbour under privacy and security regulations under the Health Insurance Portability and Accountability Act for organisations and practices that have a lost device. If the device is encrypted, there are no reporting obligations, although many report the incidents anyway in the spirit of transparency.
Experts also recommend that physician practices set policies on mobile use, with attention paid to security measures, such as antivirus software and password protection.
Search for more Industry study reports
To access our daily STM news feed through your iPhone, iPad, or other smartphones, please visit www.myscoope.com for a mobile friendly reading experience.
