In the age of bring your own device (BYOD), healthcare organizations need to make content security a top priority. Here’s how your company can protect itself.
A recent survey of 250 healthcare organizations shows that the frequency of patient data breaches is increasing, and concurrent with the growth in electronic medical records, more of those problems are originating from laptops and mobile devices.
The “2012 HIMSS Analytics Report: Security of Patient Data” examined how new technologies in the hospital continue to create operational efficiencies as well as security vulnerabilities. The report was prepared by the Healthcare Information and Management Systems Society and concluded that, “As mobile devices proliferate in exam rooms and administrative areas, so do the associated vectors of potential attack. Adding to this are the risks from employee negligence and organizational policies that have not kept pace with ever-changing technology.”
Recent breaches at institutions like South Shore Hospital and Beth Israel Deaconess Medical Center have shed light on the damaging impact of data loss, from heavy fines to tarnished reputations. As the healthcare industry continues to deploy electronic medical records and utilize mobile applications like tablets and iPhones to support patient care, hospitals will need to adopt solutions that safeguard information and prevent embarrassing – and damaging – security breaches.
Accounting for the human factor
No matter how robust an organization’s security protocols are, human error remains the greatest risk of all. This risk is magnified in the age of BYOD (bring your own device). When employees open files on their personal devices, those documents are only protected to the extent of the device’s personal security settings – or lack thereof. Personal devices tend to be insecure and more open to hacking and theft than company devices. In addition, an employee could lose a device with important information and put the company at risk.
Not long ago, a thief stole a personal laptop computer from a physician’s office at Beth Israel Deaconess Medical Center (BIDMC) in Boston. The laptop had a tracking device, but it was not activated. And although BIDMC protects corporate devices, the laptop was a personal one that contained sensitive patient data. This followed on the heels of an announcement that South Shore Hospital of Weymouth, Mass., would be fined $750,000 for the loss of tapes that potentially exposed over 800,000 patient records.
However, new technologies exist that enable enterprises to simply and securely share and track video, audio and other forms of content across multiple devices, reducing risk and improving governance. This not only provides a path that supports the digitization of patient records, but also serves to deliver higher levels of encryption and greater control over who can access the content and when.
How to maintain content security
In order to avoid the fate of the hospitals above, healthcare organizations need to make content security a top priority. The HIMSS report showed 31 percent of respondents indicated that information available on a portable device was among the factors most likely to contribute to the risk of a breach, up from 20 percent in 2010 and 4 percent in 2008.
Mapping the path of content delivery, tracking content usage and having the ability to terminate content access from anywhere are all keys to content security. If these three capabilities are in place, content can remain secure no matter where it is sent across the cloud.
The first step is establishing a protocol and utilizing tools to ensure content security from inception to disposal. Your organization needs to map out the typical flow of content and then implement the use of tools that will help you maintain security throughout that flow.
Secondly, you need to have tools for tracking content usage. In many cases, the increased risk of data breaches described in the HIMSS survey can be avoided if there are tools in place to track and manage content usage. Being able to see how, when and where content is being used can help organizations stop a breach before it starts or at least control the spread of information.
Finally, termination of content access can be a line of defense between corporations and data thieves. No matter whether the threat is coming from an internal part, external part or other third-party source, terminating content access remotely and automatically can stop a data breach in progress.
Content security issues are going to become more common unless organizations embrace secure content delivery. Using a tool to map the flow of information, track its usage and terminate access if need be can save your organization millions of dollars and protect patients from the exposure of private health information.
About the author
Joe Moriarty is executive vice president of global sales and marketing, Content Raven. Learn more at www.contentraven.com.