There are three broad security risks facing mobile medical devices and their data:
- Accidental physical loss or destruction
- Inadvertent data disclosure
- Deliberate security breaches or data theft
While each type of loss has unique qualities, there are key techniques and technologies that guard against all three.
Physical loss is one of the most common sources of privacy violation. Mobile phones, laptop computers, and USB drives can all go missing, whether temporarily misplaced or permanently lost. The solutions below can’t prevent these kinds of loss, but they can certainly minimize any damage that results.
If no one can read the information on a lost or stolen device without authorization, losing that device is an inconvenience rather than a disaster.
File-level encryption selectively protects the files designated as critical or private but modern computers, tablets, and smartphones have processors powerful enough to make disk-level encryption a better, simpler and more thorough solution.
Best of all, most modern operating systems (such as Windows 10 and Mac OS X) include strong encryption capabilities.
2. Mobile device management
Mobile device management (MDM) solutions are a necessity for any well-managed mobile device fleet.
MDM has developed to a point far beyond Microsoft’s 1996 ActiveSync technology (that allowed companies to bring mobile devices into the corporate fold). MDM can now keep personal data separate from corporate data, enforce rules on which services can be used on mobile devices, manage encryption, and much more.
One of the more important of ‘much mores’ is applying defenses against mobile malware. This includes ‘remote wipe’ capabilities for compromised devices, and enforcing policies that prevent user behavior that is likely to make the device vulnerable. While MDM packages can be expensive to implement, the price pales in comparison to the harm that could be done to patients, not to mention the financial and reputational damage that could result from a breach.
Most healthcare professionals don’t want to break rules or put information at risk, but when on the job their focus is rightly on their patients, not on best-practice data security procedures.
Continuous training on how to manage mobile devices will help make good habits second nature. This should include caring for mobile devices, and strong protocols around sharing the data necessary for patient care. Technology tools, from proxy servers to MDM solutions that enforce good policies, will go even farther in protecting data and satisfying regulators.
Mobile devices are, of course, only one part of any healthcare organization’s IT infrastructure, but they make up a portion of that infrastructure that is increasing in size and importance.
If you’re looking for a ‘Key 0’ to make sure your storage is as safe as possible, here it is: Stop thinking that mobile devices are a small, unimportant part of your IT scheme. Put mobile first and it will pay off in reduced data loss from mobile storage devices and the professionals who use them.