"Leading Health IT information since 2005"
Search in HealthTechnologyReview.com
Mobile Device Security Crucial to Protecting EMR Data
The transition from paper charts to EMR software has allowed healthcare providers to make greater use of mobile electronic devices such as tablets, smartphones, and laptops. Because so many medical facilities allow providers to access secure information from personal devices that can easily be lost or stolen, it is important that security risks are identified in advance and that measures are taken to protect patients’ health information.
Will you allow employees to use personal devices?
With ever-increasing Internet access to medical resources and software containing patient data, it is only natural that providers will want to use available technologies to their full benefit. Ask yourself whether the benefits of employing personal devices outweigh any negatives. Will using them improve patient health or provider efficiencies? If the answer is no, make sure you set clear policies so that employees don’t bend the rules.
Invest in encryption software.
If you choose to permit B.Y.O.D. (bring your own device) policies, make sure that you take necessary security precautions in the event that a mobile device gets into the wrong hands. Have your healthcare IT consultants encrypt all devices that are going to be used remotely to connect to your organization’s network, including hardware such as USB drives.
Install applications that allow “remote wipe” processes.
If an employee wants to use their mobile phone or tablet to access your EMR system or data on your company’s network, make sure that your IT technicians equip the employee’s device with a “remote wipe” program. That way, if the provider’s smartphone is lost or stolen, you can easily wipe the device of all sensitive patient information and HIPAA-protected data.
Educate healthcare professionals on the importance of mobile device security.
Have your healthcare IT consultants conduct training sessions in groups to let people know about the risks of downloading apps and software from unknown sources, as well as modifying security settings. Make sure employees know that if their device is lost or stolen, they should report it immediately so that sensitive information can be erased.