During a recent interview with Becker's Hospital Review, Dr. Barry Chaiken, the former chair of HIMSS and now chief medical officer for Imprivata, shared five tips for hospitals still trying to formulate a security strategy for the mobile devices their physicians, nurses and other staff are increasingly using. If you're not familiar, Imprivata is a security solutions provider. While these are very high-level strategies, Chaiken's list should be heeded. Security issues are more often than not an under-discussed issue in mobile health, especially for healthcare professional users.
1. Keep all data in the cloud: "Hospitals should really be working so none of the data can be saved on actual devices," Chaiken said.
2. Use creative passwords. OK, enough said.
3. Limit how devices are utilized. "A hospital may want to set up access in such a way where physicians can only use a mobile application through a cloud so that the hospital can control what information is being seen," Chaiken said. Fair enough, however, stripping these devices down to core functionalities may dampen their appeal. I wonder to what extent hospitals are already limiting the uses of mobile devices among their physician population.
4. The ultimate goal should be zero breaches. Agreed.
5. Keep up with trends in technology. "Hospital CIOs should keep abreast of the latest updates in technological advances, mobile devices and applications..." Chaiken said. Implication? Read MobiHealthNews.
Mark Trigsted, who is an executive vice president at another security-centered company focused on mobile health, Diversinet, summed up how many feel about mobile security in a recent panel discussion: "There are two schools of thought out there: One group believes, ‘Yes, we can do anything and it’s automatically secure.’ The other is of the opinion that ‘No, we can’t do anything because it’s impossible to secure [mobile].’ So, at Diversinet, we’re trying to mitigate that."
Be sure to visit Becker's Hospital Review for the full post with more quotes from Chaiken and discussion on his key considerations for mobile device security.