By Mike Riley, Healthcare Solutions Practice Leader
$4,348,000…that’s how much the University of Texas MD Anderson Cancer Center will have to pay in civil penalties for HIPAA violations related to its encryption policies.
The three data breaches occurred in 2012 and 2013, and involved the theft of an unencrypted employee laptop and the loss of two unencrypted flash drives, according to a recent article. The devices contained the electronic protected health information (ePHI) of more than 33,500 people, though evidence indicated that none of that information was ever viewed.
Think about that. The breaches involved just 3 mobile devices and the data on them was never viewed!
So if world-renowned MD Anderson, who reports that “substantial measures are in place to ensure the protection of private patient information,” can be heavily penalized for 3 unencrypted devices, how would your organization fare?
The rise of mobile devices in healthcare
Today, nearly every caregiver uses at least one and, often, multiple devices to access ePHI. In addition to the many workstations in hospitals and practices, caregivers access clinical apps and data on tablets, smartphones and, yes, even flash drives.
In fact, a recent survey of IT decision-makers indicated that more than 90 percent plan to implement or are currently implementing a mobile device initiative as a way to improve patient care, facilitate efficiencies within care teams, or both.
Yet, concerns remain for these IT leaders. Primary among them is having the time and resources just to implement and manage a mobile device initiative. There are also concerns about healthcare leaders not seeing mobile device initiatives as important, as well as challenges around cost, infrastructure integration, and security requirements.
In addition, 30 percent of these surveyed organizations lack confidence in the mobile device management solutions they have in place now, while 95 percent report that their current solution has room for improvement.
How to provide access and protect patient privacy
The challenge is to create a secure “any access” infrastructure with one-click user authentication that satisfies not only clinical and patient privacy needs, it meets the needs of resource-strapped healthcare IT departments.
A trusted partner with solid advice and business-driven IT solutions can help you evaluate and choose a solution that will best resolve your specific business challenges and deliver the strongest return on investment.
Logicalis, your healthcare IT partner
Logicalis has earned a reputation as the trusted advisor to today’s most successful healthcare organizations. But we’re not about selling you on a particular technology. What sets us apart is that we listen. Then we bring technology and services together to solve your toughest business challenges. And in the life-and-death business of healthcare, that’s pretty important.
For the last 9 years, we’ve provided a range of security services for customers with 55,000 end users in 13 countries.
We rely on our dedicated team in our ISO 27001-certified New Jersey Security Operations Center (SOC) to support customers around the world 24×7. Our SOC certifications include: CISSP, IEng, MIET, MBCS, CITP, QSTM, OSCP and many more.
These fully trained security professionals use security information and event monitoring (SIEM) and security analysis to manage deployed security devices, networks and applications. They also use contextual policies that enable caregivers to access their apps and data, regardless of the device they’re using or where they’re using it.
In other words, we’re here to support you day to day—and when a security incident is impacting business operations—for the life of your healthcare organization.
Learn more about Logicalis Healthcare solutions, and how we can improve your security posture while giving clinicians the access they need to improve patient outcomes—and patient satisfaction. Or send us an email.