Skip to content Skip to navigation

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

October 25, 2016
by Rajiv Leventhal
| Reprints

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on Health Insurance Portability and Accountability Act (HIPAA) compliance and the rules around sharing protected health information (PHI), according to a survey from security and compliance company Scrypt, Inc.

More than three quarters (78 percent) of healthcare professionals use mobile messaging at work, yet when asked if policies existed within their organization relating to the use of mobile messaging specifically, over half (52 percent) of respondents answered ‘no’ or ‘not sure’, according to the survey’s data. And, of those who have sent PHI via mobile messaging, 70 percent confess to having done so using a non-secure application, such as iMessage, WhatsApp or their device’s native messaging client.

As such, more than half of survey respondents believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information. Despite these revelations, the vast majority (80 percent) of respondents consider their own knowledge of HIPAA compliance to be good or very good, which would suggest people have more faith in themselves, than others, or their employer.

Human error was cited as the leading cause of healthcare data breaches in 2015, which should serve to remind organizations that people are frequently the biggest vulnerability in the security equation. This considered, it is worrying that many organizations may be falling short when it comes to promoting best practices in line with HIPAA compliance and cyber security more generally, the surveyors concluded.

Other key survey findings include:

  • 65 percent of those who use a mobile device at work also use the same device for personal use.
  • More than half (52 percent) respondents say they have free reign over the applications they download and use at work.
  • Only a quarter of those who use mobile messaging at work use a secure solution.
  • One in five (17 percent) have sent or received PHI via mobile message, with names (24 percent), telephone numbers (19 percent) and email addresses (13 percent) the commonly shared identifiers.
  • 96 percent use at least one security measure to protect their device, however of those, one in five (18 percent) use one method only, most commonly passcode or PIN protection.

“We understand the challenges healthcare providers face when it comes to managing and exchanging PHI,” said Scrypt, Inc. CEO, Aleks Szymanski. “In an industry as closely regulated as healthcare, where the margin for error is minimal. It is essential that organizations invest not only in the best HIPAA-secure technology, but also in instilling a culture of security through appropriate training and education.”

Topics

News

New York Presbyterian Brooklyn Methodist Revalidated as EMRAM Stage 7

Due to its use of RFID technology to improve patient care and outcomes, New York Presbyterian Brooklyn Methodist Hospital (NYPBMH) has received acute care Stage 7 revalidation on the HIMSS Analytics Electronic Medical Record Adoption Model (EMRAM).

Dana Alexander Named 2016 HIMSS Nursing Informatics Leadership Award Winner

Dana Alexander, R.N., has been named the recipient of the 2016 HIMSS-ANI Nursing Informatics Leadership Award, a joint award sponsored by Alliance for Nursing Informatics (ANI) and HIMSS.

Agency Leadership Update: Collins Stays at NIH, Bindman Leaves AHRQ

As President-elect Donald Trump is sworn in as the United States’ 45th president at noon today, there has been an ongoing administration shuffle as agency leaders have stepped down as part of the presidential transition.

Reports: Indiana Cancer Services Agency Hacked, Won’t Pay Ransom

Earlier this month, Cancer Services of East Central Indiana- Little Red Door’s terminal server and backup drive were hacked by cybercriminal TheDarkOverlord, leading to a ransom demand that the cancer services facility will not pay, according to media reports.

Insurer to Pay $2.2M HIPAA Settlement for Disclosure of Unsecured ePHI

MAPFRE Life Insurance Company of Puerto Rico has agreed to settle potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by paying $2.2 million.

Avoidable Hospitalizations among LTC Residents Drops by 31 Percent

A data brief from the Centers for Medicare & Medicaid Services (CMS) has revealed that avoidable hospitalizations among long-term care facility residents has dropped by about 31 percent since 2010.