Page 60 - index
P. 60
+". )+ &(" &* -" ." ." 0-&/3 -&.' #+- .
Electronic health records (EHR), digital versions of a patient’s paper medical chart, offer medical
professionals real-time access to patient records. In the past, these records were typically
accessed through desktops or laptops, but as technology progresses we’re seeing medical
professionals increasingly accessing these important documents on mobile.
There are pros and cons to accessing EHRs on mobile. Mobile EHRs provide doctors and
patients with the ability to review medical records regardless of their physical location, as long
as they have access to their mobile devices, enhancing quality and convenience of patient care
as well as patient participation in their own care. Mobile access to EHRs raises many security
questions: Does mobile leave personal patient medical information at risk because it takes
patient data outside of hospitals and doctors offices? Will mobile increase data security risk of
EHRs?
Mobile Device Risk vs. Stationary Device Risk
The risk of EHRs is relative to the context of the mobile device usage. The main difference is
that the mobility of the device, and the resulting risk of loss, misplacement or theft are mobile
security concerns not relevant on a desktop or laptop. Microsoft and Apple provide monthly
security updates to their operating systems, to fix newly uncovered security flaws because
desktops are a constant source of security issues. In fact, malware and viruses are more prolific
for desktop systems, simply because it’s a more mature ecosystem than mobile. More threats
and risks exist for desktops than for mobile, but the maturity of security controls and risk
management understanding is better suited for classic desktop deployments (since they’ve
been around for 20 years).
Due to growing popularity and the high profile nature of security issues, mobile devices are
often under public scrutiny. However, these types of issues are no different than those on the
desktop. The problem always comes down to who manages the device, what software is loaded
on it and how the device and applications access data. Users and employees are actually the
weakest link of enterprise security. They misplace devices, use weak passwords, fail to log out
of workstations, share information inappropriately and unintentionally, exposing organizations to
more risk through errant actions. They can also be bribed. Many organizations try to employ
technology controls to overcome these problems, however the issue lies within the security
policies and communication.
What’s the solution?
The security of mobile EHRs is only as strong as the application responsible for downloading
and viewing the EHR. The application may leverage services provided by the device to keep
EHR data safe. In which case, the application needs to verify the mobile device still maintains its
security integrity and can be trusted to safely house EHR data. The application needs to be a
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
