Lax Security Among Hospital Workers’ Mobile Devices, Report Finds
September 11, 2014 in News
Many hospitals have weak security policies in place for employees’ mobile devices, which could increase security risks for the facilities, according a new report by Forrester, FierceMobileHealthcare reports (Mottl, FierceMobileHealthcare, 9/8).
For the report, researchers surveyed 2,134 health IT professionals in July.
According to the Wall Street Journal‘s “CIO Journal,” clinicians use their laptops, smartphones and other devices to share electronic health records with other medical professionals (Boulton, “CIO Journal,” Wall Street Journal, 9/5).
However, just 59% of health IT professionals reported using full-disk or file-level encryption on the mobile devices they use at work.
As a result, patients’ personal information could be at risk if hospital employees’ devices are lost or stolen, according to the researchers. For example, the report noted that:
- 39% of health care-related security breaches in the last nine years occurred after a device was stolen or lost; and
- Breaches related to stolen or lost devices accounted for about 80% of all patient record breaches in the last nine years.
Chris Sherman, author of the report, said researchers expected more health IT professionals to have encrypted their devices. He said the findings indicate “that health care has a way to go before they can say that they have data protection” (FierceMobileHealthcare, 9/8).
Sherman recommended that hospitals:
- Adopt stronger encryption practices;
- Limit data access to those whose jobs require it;
- Track where data are stored at all times; and
- Virtualize employees’ desktops and applications so that data are not stored locally.
In addition, Sherman said employees need to be trained in safe computing practices, and workers who do not comply to appropriate standards should face consequences (“CIO Journal,” Wall Street Journal, 9/5).