Wireless Technologies Reap the
two years. Additionally, CDW’s poll found that the biggest drivers for this increase are the number of office locations (61 percent), mobile device deployment (59 percent) and EHR implementation (47 percent).
rewards of mobility A
Minimizing data loss starts with IT security. By Jonathan Karl
ccording to recent data from the CDW Data Loss Straw Poll, survey respondents estimate that the number of people accessing healthcare networks jumped by more than 50 percent during the last
The sheer number of people accessing the network isn’t a direct cause for concern. More troubling are the report’s findings that 68 percent of organizations apply less-robust security standards to employee-owned devices, but still al- low them network access. In a world where more and more people are bringing their own devices to work, consider the risk to the healthcare enterprise. According to a March Ponemon Institute study, organiza- tions that suffered a data loss in 2011 paid an average of $5.5 million per breach, or an average cost of $194 per lost record – a scary statistic for healthcare organizations with access to thousands, or even tens of thousands of patient health records. In fact, almost two-thirds of healthcare IT professionals (63 percent) in the CDW poll consider personally identifiable information, such as PHI, the most-likely target of a cyber attack on their organizations. The news isn’t all bad, however. Seventy-one percent of healthcare respondents say that, overall, their organizations’ data security policy is effective. Yet they still have reasons to worry, as the CDW poll found that 36 percent of healthcare respondents say data loss is the number one cyber-security threat their organizations face over the next year. It is nothing new that increasing mobility by adding devices to the network increases IT security risks. Yet, IT managers still have the responsibility of helping their healthcare or- ganizations minimize the risk of costly data breaches while simultaneously reaping the cost and process efficiencies as- sociated with mobile technologies.
But how do they do this? Internal IT managers are faced with internal pressures when, despite policies, they cannot enforce banning mobile devices without upsetting important stakeholders – thereby risking costly data breaches by allowing them on the network. Additionally, because many organiza- tions resist enabling mobility options for employees because
24 November 2012
of security, they miss out on the cost and process efficiencies associated with mobile computing. Through CDW Healthcare’s involvement with many network implementations at various healthcare settings, it offers simple recommendations to ease the transition to mo- bile devices, as well as how to manage the applications after implementation. Employing even the most basic of mobile de- vice management (MDM) tools can help keep patient data away from those who should
Jonathan Karl is a director with CDW Healthcare. For more on CDW Healthcare: www.rsleads.com/211ht-212
not be privy to the information. CDW recommends that an organization should always start with a basic evaluation of its current security protec- tions to determine how to best manage mobile devices. From there, develop a plan for how IT managers can communicate with physicians at their organizations. After that, healthcare organizations should: • Protect mobile devices. Implement a layered security strat- egy that combines password protection, firewalls, partial- or whole-disc encryption and anti-virus/anti-spam software.
• Enforce a remote device security policy. Hold training ses- sions for all users with remote access to an organization’s network or mobile devices. Frequently remind them of security policies and practices to ensure awareness and enforcement.
• Protect sensitive data. Sensitive data has no place on a mobile device without multi-layered encryption. Ensure that data is protected on mobile devices, or is only stored on secure servers.
Introducing mobile devices and notebooks to a network can be challenging due to their complexity and perceived risks, but it shouldn’t be daunting. And until there is a com- plete security solution that can keep pace with the onslaught of mobile devices, the goal is to implement just enough security measures to minimize the most significant risks. As the CDW poll found that data loss (among cyber-security threats) presents the greatest business risk to organizations this year, you will not want to wait. Loss of patient data, email breaches and unauthorized access to protected health information (PHI) can be costly.
HMT HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com