This week, a study from the Ponemon Institute found that cloud based storage and mobile applications are the typical sources for safety concerns in clinical settings.
The study, “The Risk of Regulated Data on Mobile Devices & in the Cloud,” which surveyed 781 IT and data security practitioners, found that 33 percent of respondents said that they need to access protected health information (PHI) to do their work and yet few understood how to keep data secure. For example, 15 percent of those surveyed knew about HIPAA’s security requirements, but 33 percent of respondents indicated that they work for a HIPAA covered entity.
Additionally, 23 percent of those surveyed said that they frequently circumvent or disable required security settings on their mobile devices while 36 percent say it happens occasionally and 22 percent say it never happens.
Ponemon's study concluded that healthcare organizations need to create awareness about the importance of regulating data on mobile devices and make sure security policies include guidance on what employees should be doing to protect the regulated data. Furthermore, these organizations need to conduct a data inventory of sensitive and confidential information to understand what regulated data is and consider investing in technologies that specifically address the regulated data risk.
In an interview with HealthITSecurity.com, Dr. Larry Ponemon discussed the need to balance efficiency and productivity with security in order to make sure respondents weren't using a less secure device because it was more convenient to do so.
"We’ve found that mobile devices and cloud computing are the two greatest sources of healthcare CIOs’ fear," Ponemon said. "It’s an environment that’s ripe with potential problems and vulnerabilities. But at the same time, a lot of these devices aren’t necessarily designed to be secure. The purpose of the paper was to explain that compliance requirements really don’t address mobile devices."
While there have been limited breaches in the health sector thus far, Ponemon predicts more alarming hacks into places such as Dropbox, shifting away from mobile devices and towards cloud storage.
"Healthcare is particularly vulnerable because many organizations don’t have the resources needed to secure those technologies," Ponemon said. "The goal in healthcare generally is treating those patients, not privacy and security. You don’t see the same focus on security in healthcare that you do in the financial sector."
For additional information on the study, read more of the results here.