mHealth: Security Considerations

According to Mobile Advertising Forecasts 2016 75% of all global internet use in 2017 will be conducted on a mobile device, an increase of 35% in just five years.  By the end of 2018, mobile devices will account for over 1 out of every 4 U.S. e-retail dollars.  The trend is toward mobile, and healthcare is no exception. mHealth: Security enforcement is essential

From telemedicine, to symptom monitoring sensors, to point-of-care applications, healthcare is becoming more and more digitized. mHealth, the term used for mobile healthcare, is experiencing notable growth with almost 100,000 mobile healthcare applications introduced in 2016 alone (Research 2 Guidance) and a projected growth rate of over 33% by 2020, a total market of $59.15 billion USD (MarketsandMarkets).

Alongside the significant rise in mHealth application use is an increasing concern around security.  While healthcare organizations and application developers alike have tightened their focus on mobile security and the protection of ePHI, the latest edition of MobileIron’s Mobile Risk and Security Review reveals there is still work to be done.  In the review, healthcare organizations reported the following:

  • 53% reported missing devices in 2016
  • 17% had compromised devices
  • 82% have 10 or more third party applications installed
  • 64% enforce policies that are in place
  • 12% enforce operating system updates

The mounting evidence of mHealth vulnerabilities and non-compliance with security policies has led to action from healthcare organizations.

What can healthcare organizations do to minimize risk and protect and secure health information?

  1. Review the “Five steps organizations can take to manage mobile devices used by health care providers and professionals” at gov/mobiledevices
  2. Enforce Operating System (OS) updates: Vendors are consistently developing patches to address security gaps and vulnerabilities in their software. Operating systems must be updated regularly so that the most updated security protections are in place.
  3. Develop an Application Policy: Outline approved and banned applications and deliver on-going education and communication on the risks of using unauthorized apps.
  4. Require Encryption:  Encryption protects data at rest and in transit.  Enable encryption on mobile devices (if applicable, some devices have this built in).  Require encryption on any approved application that transmits protected health information.
  5. Issue a Configuration Policy: Outline configuration requirements for mobile users including user authentication and inactivity lockouts.
  6. Assess if a Mobile Device Management solution is right for you: Enforcement of security policies is difficult in a Bring Your Own Device (BYOD) environment.  MDM software allows for central control of devices ensuring security and protection of patient information.

Recent Insights

Newsletter Sign-Up