8 tactics for mobile data privacy and security

By Mary Mosquera
11:32 AM
Share

With the sweeping use of mobile devices by healthcare providers, physicians and hospitals need to embrace best practices for protecting sensitive patient data, privacy experts say. For example, encrypt sensitive data when it is necessary to store on wireless devices.

Sixty-four percent of physicians own a smartphone and one third of them have an iPad, with another 28 percent planning to buy one within six months, according to research cited by ID Experts, which offers data protection and response services, in a July 20 announcement.

[MobileHealthWatch guest blog: Tips for tablet maintenance.]

Many of the current 10,000 mobile healthcare applications were designed to enable their users to access to electronic health records (EHRs). At the same time, in the past two years, the Office of Civil Rights has reported that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device and led to the exposure of the personal health information of 1.9 million patients, which started many consumers questioning the security of EHR systems and the data they house.

The Office of Civil Rights oversees health information privacy in the Health and Human Services Department and publishes on its website incidents involving the sensitive information of at least 500 individuals.

To more effectively protect patient data, Rick Kam, president of ID Experts recommended the following practices:

1. Don’t store sensitive data on wireless devices. If required, encrypt data.
2. Enable password protection on wireless devices and configure the lock screen to come on after a short period of inactivity.
3. Turn on the “remote wipe” feature of wireless devices.
4. Enable Wi-Fi network security. Do not use wired equivalent privacy (WEP). Wi-Fi protected access (WPA-1) with strong passphrases offers better security. Use WPA-2 if possible.
5. Change the default service set identifier (SSID) and administrative passwords.
6. Don’t transmit your wireless router’s SSID.
7. Only allow devices to connect by specifying their hardware media access control (MAC) address.
8. Establish a wireless intrusion prevention system.

“Many Wi-Fi networks in hospitals and doctor’s offices are not secure," Kam cautioned, "and coupled with the increased mobile device usage, patient data is at risk."

And as more and more mobile health applications emerge, including smartphone apps from federal government agencies including the VA and DoD, that risk will continue to grow.