Healthcare providers must balance the desire for work flexibility with creating an environment secure enough to protect sensitive patient data, but many hospitals are behind on security; only 46% have a security strategy regulating the use of mobile devices.
With more hospitals permitting clinicians to access electronic health records (EHRs) on their personal devices privacy and security concerns need to be addressed. The Health Research Institute's report, Old data learns new tricks: Managing patient security and privacy on a new data-sharing playground begins to address some of these issues facing healthcare providers.
For more information about preserving patient privacy and security read more here.
For many people, mobile devices are an extension of themselves, so it’s not surprising that they have found their way into the workplace—including hospitals. Once there, they easily outshine employer-issued desktop computers or laptops, and soon clinicians have switched to their own devices instead. Recognizing the associated risks and admitting that attempts to stop the trend might be futile, many hospitals now permit employees to “bring your own device” (BYOD) to work.
Currently, 85% of hospitals support clinician use of personal devices at work.1 In 2013, expect a heightened focus on security as more employees “bring their own” and more sensitive data is made available on them.
Of the 502 breaches of protected health information reported to the Department of Health and Human Services Office of Civil Rights since September 2009, 71 involved portable electronic devices.2 Loss and theft are the top threats to the information stored on mobile devices. Viruses and other software attacks targeting smart phones and tablets rose by 273% in the first half of 2011 over the first half of 2010.3 Physicians and contractors who work in multiple hospitals might inadvertently spread viruses via their mobile devices among the hospitals they visit. And patients add another wild card: one study revealed that of the 76% of hospitals allowing visitor access to the Internet on their mobile devices, 58% lack password protection for that access, putting hospitals at risk for viruses.4
Hospitals must balance the desire for work flexibility with creating an environment secure enough to protect sensitive patient data. According to a recent PwC’s Health Research Institute survey, half of consumers agree that being able to access electronic health records (EHRs) using a mobile device would help their providers work together more effectively to coordinate their care, and one-third believe that doing so would result in a quicker response to their health questions.5 Also, 61% of consumers are willing to communicate with a clinician via email, and 91% who have done that were satisfied with the experience. Even so, consumers are not enthusiastic about physicians accessing their health information on a personal device, with nearly three-quarters saying they would be concerned about privacy.
Indeed many hospitals are behind on security. Three-quarters of hospitals permit clinicians to access EHRs on their personal devices,6 but PwC’s Global Information Security Survey found that 46% have a security strategy governing the use of mobile devices.7 More than half of IT professionals say they’ve experienced employees circumventing or disengaging security features like passwords and key locks.8 Some hospitals give staff read-only access to sensitive data; others permit interaction with it to enhance work flexibility. The Department of Veterans Affairs’ program to make EHR data user-friendly on portable devices allows providers to access a limited amount of information: demographics, allergies, medications, and lab results. Soon the VA will expand access to more medical applications that require the input of patient data. The VA uses complex pass codes, locks inactive machines, tracks data, has remote wiping, and never stores patient data on the devices.9