Off-the-shelf smartphones meet few HIPAA, MU security requirements

By Neil Versel
June 15, 2012
12:38 pm
Share
ONC's Dr. Farzad Mostashari

ONC's Dr. Farzad Mostashari

Most mobile phones on the market today meet no more than 40 percent of security requirements -- such as those called for by HIPAA or proposed "meaningful use" Stage 2 standards -- in the out-of-the-box configurations, according to the Office of the National Coordinator for Health Information Technology.

And even after being manually configured, only iPhone and BlackBerry smartphones typically achieve about 60 percent of standards. Other brands do not fare as well, Will Phelps, an IT security specialist in ONC's Office of the Chief Privacy Officer, said, according to a report in Government Health IT.

Phelps spoke last week at the Government Health IT conference in Washington. The publication is a wholly owned subsidiary of the Healthcare Information and Management Systems Society (HIMSS), which sponsored the event.

ONC is conducting research as it prepares guidance to help small and medium-sized provider organizations secure the growing number of mobile devices that process health data. "They may not have an IT staff or third-party vendor to manage their devices for them. So we want to get them to a point where their devices are operating as securely as possible," Phelps told the gathering, according to Government Health IT.

"You have to make sure that the devices are able to apply the appropriate security controls to make sure that the patient records are protected," he advised.

For the guidance, which ONC will publish online later this year in the form of a series of best practices, the office will describe how to handle security in various use cases, according to ONC Office of the Chief Privacy Officer attorney Kathryn Marchesini. Scenarios will include logging in from a coffee shop, sending e-mail from a mobile device and responding to the "bring-your-own-device" phenomenon, she reportedly said.

The office also will disseminate its best practices through the national network of federally funded regional extension centers set up to help smaller providers adopt and use health IT.

In developing guidance, ONC plans on testing security software from various vendors for compliance with security standards, according to the Government Health IT report. Expect to see future outreach to vendors and patients as well.

Tags: 
Government Health IT, HHS ONC, HIMSS, HIPAA, meaningful use, mobile health privacy, mobile health security, Office National Coordinator

More regional news

Healthcare provider checking a small patient

Study: GPT-4 helps clinicians with physical exam guidance

By
Anthony Vecchione
December 20, 2024
Oura Ring

Oura secures $200M, boosting its valuation to $5.2B

By
Anthony Vecchione
December 20, 2024
Five business people sitting on chairs in a circle

Executives reflect on 2024's biggest surprises, part two

By
Jessica Hagen and Anthony Vecchione
December 20, 2024
Share

Top Story

Five business people sitting on chairs in a circle
Executives reflect on 2024's biggest surprises, part two

Editor's Pick

HealthTap lawsuit alleges VC firm manipulated valuation for takeover
Q&A: Hackensack Meridian Health on its AI expenditures in 2025
Surgo Health launches Youth Mental Health Tracker backed by SHOWTIME/MTV, Melinda Gates
Hinge Health joins Amazon Health Services to offer MSK care
Staffing company Aya Healthcare acquires Cross Country Healthcare for $615M
FDA issues guidance on predetermined change control plan for AI-enabled device software functions

More Stories

Healthcare provider checking a small patient
Study: GPT-4 helps clinicians with physical exam guidance
Oura Ring
Oura secures $200M, boosting its valuation to $5.2B
Person speaking to healthcare provider on a tablet
Culina Health garners $7.9M to enhance virtual nutrition platform
Healthcare professional in scrubs looking at a tablet
Executives reflect on 2024’s biggest surprises, part one
Patient consulting with healthcare professional virtually
Wisp, Nourish partner for GLP-1s nutrition counseling for women
Executives at a lecture
Scripta Insights secures $17M for health plan expansion
Business people in a meeting
Promise Bio secures $8.3M in seed investment for immune-mediated diseases
Healthcare provider with a patient and their caregiver
Suki partners with Google Cloud to enhance AI-enabled voice tool