10 mobile health best practices from the Department of Homeland Security

By: Brian Dolan | May 22, 2012        

Tags: | | | |  |

Department Homeland SecurityLast week the US Department of Homeland Security issued a policy paper that highlights the various security and privacy concerns that surround the use of mobile devices in healthcare and connected medical devices. DHS paints a rather grim picture of the current trend, including a warning against BYOD:

“If IT administrators don’t implement the correct mobile device for the right job or are slow to integrate [mobile devices] into the work place, they run the risk that employees may use their personal mobile devices to perform their duties. If a healthcare professional uses a personal device such as a smart phone, tablet or USB device to access patient information, at risk for theft or accidental loss of the device is patient information on an unencrypted or protected device that is not password protected.”

The DHS paper includes a number of high profile examples of security breaches or demo hacks of wireless-enabled implantable devices, so it serves as a fairly good primer on recent events in the realm of mobile health security. The document also includes a list of 10 “best practices” for healthcare organizations to follow when it comes to mobile technology:

1. Purchase only those networkable medical devices which have well documented and fine-grained security features available, and which the medical IT network engineers can configure safely on their networks.

2. Include in purchasing vehicles vendor support for ongoing firmware, patch, and antivirus updates where they are a suitable risk mitigation strategy.

3. Operate well maintained external facing firewalls, network monitoring techniques, intrusion detection techniques, and internal network segmentation, containing the medical devices, to the extent practical.

4. Configure access control lists (ACL) on these network segments so only positively authorized accounts can access them.

5. Establish strict policies for the connection of any networked devices, particularly wireless devices, to Health Information Network (HIN) including; laptops, tablets, USB devices, PDAs, smartphones, etc. such that no access to networked resources is provided to unsecured and/or unrecognized devices.

6. Establish policies to maintain, review, and audit network configurations as routine activities when the medical IT network is changed.

7. Use the principle of least privilege to decide which accounts need access to specific medical device segments, rather than providing access to the whole network.

8. Implement safe and effective, but legal patch and software upgrade policies for medical IT networks which contain regulated medical devices.

9. Secure communications channels, particularly wireless ones, by the use of encryption and authentication at both ends of a communication channel.

10. Have and enforce password policies to protect patient information.

The paper also includes a few mentions of mobile health security issues outside of traditional care environments: “In the future, elderly and infirm patients can be monitored by loved ones and medical professionals in their home, saving the cost and distress of institutionalization,” the DHS writes. “This process may be threatened by the inadequacy of these home networks and their maintenance. Homeowners may not use proper password protections or maintaining the most current antivirus software. By definition the elderly and infirm may not be able to determine whether these domestic networks are safe or even operational.”

More in the full paper (PDF) here.

  • Nofri Adrianto

     Oddly enough, before late Nineteenth century, few physicians were
    interested in having the quite normal headache visit call “tension-type”
    headaches. The neurologists in the Victorian times thought these
    headaches were the merchandise of too much thinking,
    shermaneditorial.biz Health

  • Nofri Adrianto

     temperature manufactured in saunas methods one’s body into considering
    it has a ‘phantom fever’ which allows the actual defense mechanisms not
    only to treatment any kind of sickness quicker however to create alone
    towards virtually any actual condition later
    Top Health Life Guide

  • Nofri Adrianto

      Eat {fresh fruits|fruits|fruits and veggies|fruit|many fruits} {instead
    of|rather than|as opposed to|as an alternative to|rather then} drinking
    {fruit juice|juice|liquid|veggie juice|juices}.
    Health Information For Your Life