HITInfrastructure

Security News

HIMSS Analytics Highlights Health IT Mobile Security Concerns

HIMSS report highlights the uses and security concerns of healthcare mobile device usage.

Source: Thinkstock

By Elizabeth O'Dowd

- HIMSS Analytics released its 2017 Essentials Brief: Mobile Study, covering the use of mobile technology in hospitals. The market research report specifically focuses on the use of tablets and smartphones in U.S. hospitals.

The continued growth in popularity of mobile devices for both clinicians and patients calls for continued health IT infrastructure innovation to improve the quality of care and workflow efficiencies, report authors stated.

The report called for improved data and solution integration and communication capabilities with non-clinical staff as several of the top functionalities healthcare organizations need to upgrade over the next several years. However, security was named the number one mobile challenge facing healthcare mobile deployment.

“Healthcare organizations saw an unprecedented number of attacks on their networks in 2016 with little to suggest these attacks would diminish in 2017,” report authors explained. “Improvements in mobile device security should be developed in lock step with other areas across the healthcare IT spectrum to stimulate adoption and provide clinicians the necessary tools to improve the quality of care delivered.”

HIMSS surveyed over 100 C-level, IT professionals, and clinicians for the report. Researchers found that 79 percent of clinicians use tablets to access patient information, while nearly all clinicians – 94 percent – use desktops to access the data. Smartphones were used significantly less, but nearly half of respondents reported using a smartphone to access clinical data.

The study showed that tablets have seen a significant increase in usage over smartphones, which is likely due to the bigger screen. The larger touchscreen allows clinicians to be more organized while getting the same mobility benefits as a smartphone.

Seventy-six percent of report respondents replied that they use mobile devices mostly to access applications to retrieve clinical information, while 70 percent reported they use it to access EHRs. Two-thirds of those surveyed – 66 percent – said they use mobile devices to access non-clinical information, such as educational resources.

Other clinician mobile uses include system wide communication, consultations with other clinical staff, SMS texting, and image viewing.

Respondents found that while they value mobile access to clinical and non-clinical data, EHR access could still use some improvement. The report stated that users would like the ability to access a mobile version of their EHR with the ability to document, write orders, and communicate with other clinicians. 

Security was the top concern brought up by survey respondents, especially when it came to bring-your-own-device (BYOD) polices.

Healthcare BYOD solutions require very strict security policies, which often involve installing some kind of endpoint protection on the user’s personal device.

Many users are hesitant to accept BYOD policies because they don’t want monitoring software stored on their devices. However, users also do not want to carry two devices. This has caused vendors to develop new ways of securing clinical data on BYOD devices, while keeping personal data separate from IT administrators.

One strategy that has emerged over the past year is virtual mobile infrastructure (VMI).

VMI is poised to take the place of traditional EMM solutions by using virtualization to route mobile OSs to mobile devices. 

Virtual desktop infrastructure (VDI) uses the same technology to route desktop OSs to mobile devices. Routing desktop OSs to mobile devices can sometimes cause functionality issues when apps designed for desktops don’t translate well onto mobile devices. VMI relies on container technology and virtual gateways to give users access to an entirely separate device within their device.

“VMI comes out on the coattails of the MDM industry trying to bring a new approach, to have this blackberry-like contained experience for work data, but keeping the personal side of your iPhone or Android device purely to yourself,” Avast Mobile Enterprise Vice President Sinan Eren, told HITinfrastructure.com in an earlier interview. “This keeps IT happy, while at the same time protecting your privacy and liberty.”

Eren explained how VMI is more secure by design, isolating OS environments so users can access their enterprise mobile environment located in the datacenter using their personal devices.

As healthcare organizations continue to move towards mobile solutions, more advanced ways of securing the devices will emerge to protect clinical data.