The problems with relying on passive mobile device security

May 13, 2020

A recent survey shed some light on a security trend that leaves healthcare organizations vulnerable to attacks: nearly half of respondents said that they rely on passive mobile device security measures -- things like education and policy. Used as complementary tools, policies and education can, of course, be useful, but are not techniques that put healthcare IT teams on the offensive.

That same survey did contain some good news, though. Nearly half of participants included clinical workflow evaluations as a key component of their mobile strategies, and the number one reason for making mobile strategy updates was to meet end user needs. This speaks to the importance of clinical buy-in when building a mobile device strategy that is streamlined and secure.

The risks of mobile in healthcare

With the use of mobile devices in care delivery on the rise, the reality is that physicians and nurses are checking email, receiving lab results, and performing myriad other tasks on phones and tablets. Moreover, the risks associated with the use of smartphones to create and store medical information include privacy breaches, insecure data storage, and physician or institution liability for failure to obtain patient consent. The following common scenarios can compromise protected health information (PHI) and lead to HIPAA violations.

  • A lost or stolen mobile device
  • Inadvertently downloading viruses or other malware
  • Breach of data at rest or during transmission
  • Unintentional disclosure to unauthorized users
  • Using an unsecure Wi-Fi network

Mobile device security policy challenges

Mobile policy development and enforcement involves a complex interplay of multiple stakeholders, but too often, this is not taken into consideration. A hospital could have the most robust mobile policy in place, but clinician compliance can be an issue, putting the institution at risk of HIPAA violations and litigation. It is paramount to engage end users      using mobile devices to help develop policies that support, rather than thwart their clinical workflows. After establishing these policies, all users should receive training on the proper and secure use of their devices. And selecting robust, yet easy-to-use mobile management solutions can help ensure compliance. Key considerations include:

  • Automatic lock / logoff functionality
  • Strong authentication to unlock mobile devices
  • Regular security patches and updates
  • Data encryption
  • Anti-virus / anti-malware software
  • Remote wipe capabilities

Imprivata Mobile Device Access improves security and safeguards PHI

Imprivata Mobile Device Access is healthcare’s only mobile authentication solution that enables fast, secure access to clinical mobile devices and applications. Imprivata Mobile Device Access delivers the same fast and familiar authentication workflows to mobile devices that clinicians currently experience on workstations, empowering organizations to securely unlock the full potential of mobility in healthcare. Clinical staff tap their proximity badge to unlock a mobile device, and then single sign-on (SSO) into their applications, eliminating the need for remembering cumbersome usernames and passwords. This solution integrates with Imprivata OneSign® , allowing hospitals to set authentication policies for all workflows from a single platform.

 

Featured resources

Imprivata Mobile Device Access: Read more about how this robust mobile solution improves clinician efficiency, compliance, and security.

 

An overview of Imprivata Mobile Device Access: Watch a short video to see how this solution greatly improves security, while making it far easier for clinicians than manual password entry.