Is It Safe For Your Company to Use Mobile Applications Especially in Healthcare?
Risks are especially problematic in healthcare or hospital settings with healthcare-related applications since documents are exchanged that contain PHI (Private Health Information).
Many downloadable mobile applications have a local database so data is actually stored on the mobile device. Unfortunately, this is a security issue if the device is lost or stolen. Often mobile applications do not require a user to log in each time. Also, the session is maintained for a number of days before re-authentication is required. It is up to the user to apply the necessary security for each application device or application. There is no industry standard for security in this area of logging into applications; this is set by the application, and users are often unaware of these security settings. There is no guarantee that the owner of the device will password-protect access to the device or place appropriate settings on applications. In essence, there is both security risk in security settings for accessing devices and applications.
These risks are especially problematic in healthcare or hospital settings. Oftentimes with healthcare-related applications, documents are exchanged that contain PHI (Private Health Information). Using a mobile device for email is not secure. Information is not generally encrypted unless special applications are used, which requires specialized setup and configuration. As long as physical access to the device is possible, all email can be read and documents accessed.
- How Does the Cybersecurity Information Sharing Act (CISA) Impact the Hospital and Healthcare Industry
- Presentation on Patient Safety: Achieving A New Standard for Care (Institute of Medicine Committee on Data Standards for Patient Safety November, 2003)
- The JCAHO Patient Safety Event - Taxonomy: A Standardised Terminology and Classification Schema for Near Misses and Adverse Events