Addressing Healthcare Mobile Security: 4 Things You Need to Know

Addressing Healthcare Mobile Security: 4 Things You Need to Know

Posted by Netgain Blog Team on Nov 29, 2014 2:08:35 PM

ID-100104076There are very big concerns about IT Security in this age of mobile healthcare technology.  In order to abide by federal regulations, healthcare personnel and facilities must safeguard patients' records and privacy.  This is especially important in view of the proliferation of mobile communication and IT devices.

HIPAA Requirements

The Health Information Portability and Accountability Act of 1996 addresses protected health information and stipulates requirements of what hospitals and doctor's offices must do.  Specifically, all covered entities must:

  1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  3. Protect against reasonably anticipated, impermissible uses or disclosures; and
  4. Ensure compliance by their workforce.

Electronic Health Records

Many physicians, clinics and hospitals have implemented electronic health records due to the incentives of the HITECH act.  This has created an increased need for data storage, backup & recovery, which must comply with HIPAA regulations for ensuring the security of patient information and critical records.  Some of these records must be saved for five years up to the lifetime of the patient.  Having this information reside on, or be accessible through mobile devices, complicates this issue even more.  It is even more important to monitor and attend to e-PHI security.

  • Compliance with HIPAA 
  • Trust of patients and families
  • Attacks on data
  • Risk of identity theft of records
  • Cost of compromised records is $250/record

WLANS in Healthcare

The use of mobile devices like smart phones, tablets and portable laptops has extended the access to e-PHI through wireless local area networks (WLANs).  This has brought it's own set of difficulties, such as:

  • WLAN Scanning and Monitoring
  • Unauthorized APs
  • Endpoint attacks
  • WLAN Malware

These are severe security issues that come with the territory.  But there are measures and security items you can implement to reduce the risk and secure the WLAN. 

  • Policies and education of the workforce 
  • Wireless Security Assessments
  • Configuration management and Patch management
  • Restrict all Access Points and devices
  • Proper authorization
  • IDS/IPS detection systems
  • Strong encryption
  • Network segmentation
  • Network access control
  • Protect all wireless medical devices

Implementing Mobile Security

There are a couple different ways to implement the needed security and be in compliance with HIPAA and HITECH.  One way is to purchase servers, firewalls, tape backups, hire & train in-house IT staff, install software on all workstations and mobile devices, and troubleshoot all issues.  Plus upgrade every few years.

Another way is to outsource IT security and eliminate all the expensive in-house hardware, security systems, maintenance costs and even workstations by using a highly secure and private data center off site. This outsourcing takes care of all the maintaining of hardware, installing and updating software, troubleshooting and many other daily IT tasks.  You will also want to ensure there is a 24 hour helpdesk with techs to work through issues. 

By using a company like Netgain, who created a better way to to healthcare IT security of records. They are revolutionizing the eHealth services IT solutions that work with the eHealth architecture created for all sizes of health organizations. 

eBook: Assessing your Healthcare IT Team - In Blog CTA

Like what you read? Click here to subscribe to our blog!

Image courtesy of: Stuart Miles/ Freedigitalphotos.net

 

Topics: HIPAA, IT security, Healthcare Mobile Security

Thanks for visiting the Netgain IT blog.  The goal of our blog is to help our readers stay current on the changing needs and requirements of IT.  

We do this by proactively bringing ideas, expertise, and solutions to your attention, which enables you to communicate the related technology, security or compliance best practices to your employees.

 


 

Subscribe to Email Updates

Check out our latest resources:

New Call-to-action

New Call-to-action

New Call-to-action

 

 

 

Recent Posts

Posts by Topic

see all