About Thawte

• Contact Us
• Worldwide Sites
• Why Thawte

Recently, a number of security breaches have occurred at different healthcare organizations, each of which involved the theft of an unencrypted mobile device.

HealthData Management contributor Brian Evans reported that four laptops lacking encryption protection were stolen from Advocate Health Care, exposing the sensitive personal information of over 4 million patients. A similar event happened at Concentra Health Services when an unencrypted laptop was taken. QCA Health Plan also reported the theft of an unencrypted laptop from an employee's car, which contained the personal medical files of 148 individuals.

These instances are not only embarrassing for the organization which are affected by them, but they also show noncompliance with HIPAA, which calls for the establishment of a secure environment for the storage and transmission of sensitive records. Furthermore, these events demonstrate a concerning trend of the healthcare sector's struggle with encryption technology and other mobile device protection techniques.

Lack of encryption
Evans noted that the industry's ongoing battle to secure its employee mobile devices is somewhat surprising considering encryption now comes standard on many types of handheld hardware, including iPhones, BlackBerry, Android and other gadgets.

"The objective of encryption is to provide confidentiality protection for information," Evans wrote. "Since encryption is now provided either out-of-the-box or through add-on products, this no- or low-cost solution can significantly reduce the likelihood of breaches from occurring on mobile devices."

A number of factors could be causing this widespread lack of encryption, including a focus on other mission-critical priorities and inadequate staff leadership. Evans noted that encryption and the deployment of other security measures falls to administrators and managers. These individuals should be sure to keep a record of all the mobile devices allowed access to sensitive healthcare information and ensure that they have encryption technology installed.

Mobile security tips for healthcare organizations
However, healthcare groups security efforts should not end with the implementation of encryption. While this safeguarding approach is step in the right direction, it should be deployed as part of multi-layered mobile security plan.

Smartphone and tablet users that have access to patient files should utilize the built-in security measures that come standard on their devices, including activating screen locks, advised Becker's Hospital CIO contributor Kathleen Roney. Ensuring that the screen lock is activated will present the first line of defense of a device is lost or stolen.

Administrators should also put an authentication system on each program or database accessed by a mobile device. Such a strategy will require that all users log in with their individual authentication credentials and can provide better oversight of resources for managers. In this way, supervisors know who is attempting to connect with sensitive content. Rick Kam, CIPP president and co-founder, also suggested adding geolocation software to devices which allows for the location and tracking of hardware to prevent loss or theft.

Decision-makers can also consider implementing mobile management software on employees' devices which will allow them to remotely wipe the hardware of any and all personal files if lost or stolen. Jon A. Neiditz, a partner at Nelson Mullins Riley and Scarborough LLP, called this function "bricking" the device, noting that wiping the entire device instead of just certain silos has become a more acceptable technique among healthcare providers and their staff.

"The reason that bricking the entire device is more acceptable, in their view, is that personal data is now more frequently backed up in cloud storage, so the bricking of the entire device does not result in data loss, and protects the employee as well as the company," IT Business Edge stated.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950