Why Healthcare must Adapt Information Security to Mobile

Written by

In 1996, the Health Insurance Portability and Accountability Act, or HIPAA, was enacted in order to combat the rise in healthcare-related security attacks - studies uncovered that 80% of executives at healthcare providers and insurers have been hit by a cyber-attack, while the healthcare industry in general is 200% more likely to suffer from an attack than other sectors.

This is because protected health information (PHI), which includes social security numbers, dates of birth and medical record information is worth far more on the black market than other forms of personal information. Clearly, these numbers are concerning. Thus, in an attempt to decrease the amount of future security breaches, HIPAA requires that healthcare providers and organizations implement compliance regulations so that PHI remains confidential and secure.

In most hospitals, executives abiding by HIPAA forbid their staff from using SMS to communicate with each other because they can’t be sure that the PHI their staff sends and receives is encrypted and safe from malicious third-parties. In accordance with this logic, then, the next best solution is to rely solely on outdated, seemingly risk-free technologies like pagers and fax machines.

Inefficiency in Hospitals

This is highly inefficient, as after all, there’s a reason why we’ve innovated past pagers and fax machines. If healthcare professionals are looking for a second opinion regarding PHI, it would be much easier for them to communicate via mobile devices instead of having to page their colleagues, wait for them to show up, explain the situation to them, and proceed from there.

In a survey conducted by Ponemon Institute, it was revealed that 51% of healthcare professionals agree, believing that HIPAA compliance requirements are a barrier to providing effective patient care, while 59% cited that they’re a barrier to modernizing the healthcare industry.

Specifically, HIPAA “reduces time available for patient care,” “makes access to electronic patient information difficult,” and “restricts the use of electronic communications.”

In the survey, healthcare professionals estimated that 45% of their workdays are spent with patients, while 55% is spent communicating with other clinicians: that is an absurd imbalance, and doctors, not to mention patients, deserve better. Plus, in relying on outdated technologies, healthcare professionals find that patient discharge is delayed by 50 minutes, because clinicians are waiting for their colleagues to return with proper information and paperwork.

In total, the report found that this lengthy discharge process coupled with decreased productivity due to outdated technologies costs hospitals in the US upwards of $8B per year.

Moving Forward

It’s clear then that there is a need for speed in terms of gathering and sharing information among hospital staff. In facilitating communications, such as making it easier to seek out second opinions and conduct clinical discussions, not only will hospitals save billions of dollars in wasted inefficiencies, but their doctors will also be able to spend more time with patients, improve their general care giving, solve problems, diagnose quicker, and discharge patients in a timely manner.

This isn’t to say that HIPAA should be eliminated -- it’s necessary to maintaining the security of healthcare organizations across the US. Rather, healthcare organizations must work within the existing parameters and adapt their communication methods accordingly. For example, instead of banning mobile devices and only focusing on regulating their data servers, as most hospitals do, healthcare organizations ought to find ways to secure mobile devices and data-in-transit.

In other words, the key is to bring additional technologies in the picture that facilitate the use of more modern communication systems, like email inbox scanners and secure communications platforms, for example. If you’re thinking that this is more expensive, you’re right -- but still, in the end, it’s still less expensive than losing $8B a year due to inefficiency.

What’s hot on Infosecurity Magazine?