For all that IT departments can do to enforce mobile policies; often the actions of individuals are what ultimately determine security. Recent analysis of security at DOTmed reveals that, within hospitals and other medical environments, nurses benefit greatly from mobile devices, but they also take on a lot of responsibility when using them.
Mobile devices allow medical staff members to respond to patients quickly and more efficiently because they can offer medical records and other relevant patient information at the swipe of a finger. Yet, with that power comes a mountain of regulation; the Health Insurance Portability and Accountability Act (HIPAA) specifically comes into question when patient data floats around hospitals so freely.
Not only is it possible for staff members to misplace their smartphones and tablets or reveal information from their screens outright, they may also run into HIPAA compliance issues simply by obtaining patient data from a wireless network or transmitting data to a remote printer.
First, IT staff must make sure that data within hospitals' networks is encrypted. Hospitals are busy places; nurses and doctors are not the only people within their walls that use mobile devices. Anyone who intends to intercept patient data may be able to do just that. And if data is intercepted, IT staff can at least make it unreadable by encrypting the contents.
Following necessary encryption, doctors and nurses must make sure that they use their own phones and tablets to connect to the network properly. If they intend to print sensitive information, they must also make sure that they have access to their printers of choice. Any printed documents left in a printer tray for an extended period of time can become a prime target for individuals willing to unlawfully grab such documents.
DOTmed suggests that encryption is especially important in wireless networks that transmit data across long distances. If hospitals send out a long-range wireless signals—the signals could reach into their parking lots—hackers could easily intercept the data from their parking lots. Similarly, it suggests that medical officials may need to select from long lists of network printers when they decide to complete print jobs. IT can help matters by clearly labeling such printers, and medical staff can take an extra second to scan to ensure they print to their intended devices.
Edited by
Maurice Nagle
