Balancing security and usability in a connected mobile ecosystem

Dan Borgasano
Jul 08, 2019

With the Internet of medical things (IoMT) and caregiver mobility on the rise, connected devices and device security is top of mind with today’s IT and security professionals.

A variety of medical devices are being connected to hospital networks at an increasing rate, both in high and low acuity settings. Recently, an online survey of healthcare executives, all CHIME members was conduct by Imprivata. This study revealed that approximately 80% of healthcare organizations allow sharing of patient monitoring data into the EHR, and 75% allow direct data sharing from personal mobile devices.

While connected medical and mobile devices can offer workflow benefits to clinicians - such as helping to streamline documentation of vital signs into the EHR - there is potential risk if access to these devices is compromised, including threats to cybersecurity, patient safety, and data integrity.

Additional highlights from the survey include:

  • A small minority - less than 10% of organizations -  do not require any access controls to network connected devices, while the vast majority - 90%  -  provide access control for at least some subset of connected devices in their organizations.
  • Personal mobile devices require the most access controls, with 87% of organizations requiring some form of access controls for mobile devices, such as Mobile Device Monitoring (MDM), Network Access Controls (NAC) and Single Sign-On (SSO).
  • Surprisingly, for devices used to transmit clinical data, only about 40% of organizations require access controls, despite the fact that almost 70% feel that cybersecurity is the biggest risk they face!

Some of the reasons cited as barriers to implementing access controls for connected devices in healthcare include lack of support for native access controls, clinician pushback, and unclear device management and policies. A similar survey conducted by Imprivata confirmed that more than half of providers said authorizing applications on mobile devices is frustrating.

Due to the serious potential risks involved, IT and security professionals are taking access controls very seriously. 88% are requiring locking of devices, however they may not be taking proactive steps on the front end to ensure that the right user is accessing the right clinical applications.

So how can you balance security with usability with the proliferation of mobile connected devices? Whether your mobile device strategy is BYOD, hospital supplied, or a hybrid strategy, Imprivata has medical and mobile device access solutions that will support your ecosystem of connected devices and help you to reduce your security risk while maintaining ease of use. This reduces frustration for clinicians, enabling them to focus more on patient care.