Mobile health (mHealth) applications have revolutionized the healthcare industry. But in today’s smart healthcare ecosystem, concerns about security are paramount.
With the number of mobile devices used in the healthcare enterprises growing every day, maintaining compliance and security has become an enormous challenge.
Even if you build a robust infrastructure, there’s always going to be room for human error. I mean think about it, how many times have you texted information to the wrong person by accident?
We’re all guilty of it at one time or another, so it’s really not a stretch to think that doctors and healthcare professionals could do the same.
Further, over the last couple of years, government entities and retailers have hogged the headlines when it comes to cyber attacks, but healthcare also had its own share of breaches. Although texting awards an efficient means of communication in a busy environment, breaches can have dire financial and legal consequences. So it’s a serious issue that needs to be tackled.
Healthcare Data Breaches and Lessons Learned
If you look into the data of reported healthcare breaches, you’ll see that security breaches are already widespread. About seven years ago, the breaches were mostly associated with physical theft of equipment and that makes sense as we hadn’t really started using mHealth apps at that point.
But in recent years, hacking and unauthorized access and disclosure have come to the forefront, but theft of devices is also recurring. Health plans are what’s targeted the most by criminals with health providers and business associates following close behind.
Key Steps to Securing mHealth Texting Apps
To secure messaging in mHealth apps, a good place to start is by assessing the policies and procedures that are in place.
- Have they sufficiently addressed security and compliance when it comes to texting PHI/EHR?
- Has your staff been trained adequately to properly follow these policies and procedures?
Another challenge is to enable security in a highly collaborative environment. There’s communication between the physician and patient, physician and nurse and so on.
Also, are you collecting information for marketing purposes? If so, what kind of data are you going to share?
As a result, there’s a lot to take into consideration when it comes to mHealth texting and security. Here are some key steps to consider:
- Decide how mHealth apps and devices will be used – access, receive, store, transmit PHI or only work internally with electronic health records (EHR)
- Establish policies where texts are deleted within a specific period of time
- Use technology where devices can be disabled remotely
- Use technology where data can be wiped remotely
- Enhance encryption and password protection
- Establish guidelines and policies where information contained in texts is limited (patient names and other identifiers)
- Develop a technological mechanism to add texted PHI to EHR
- Develop and implement a risk management strategy
- Train employees regarding policies and procedures when it comes to texting
- Establish disciplinary procedures for violation of messaging policies
But keeping PHI secure doesn’t stop there as more needs to be done to avoid security breaches. Here are some additional steps to follow:
- Real-time monitoring of server activities to flag unusual data transfers
- Encrypt laptops, mobile devices, and anywhere PHI is stored with strong passwords
- Always have an HIPAA Business Associate Agreements (BAA) with all third-party vendors
- Establish robust role-based access so only authorized appropriate users have access to PHI ensuring transparent audit trails
- Hire a third-party vendor to try and hack into your system and audit it on a regular basis
Healthcare providers and IT professionals have a lot to keep them busy as security is an ongoing issue that has to be tackled on a daily basis. There’s no one-size-fits-all solution to keeping PHI safe while staying compliant.
There’s a high cost of data breaches for both patients and providers. As a result, it will require constant monitoring and creative thinking to keep up with the evolution of technology and criminality.