Health Insurance Portability and Accountability Act of 1996 has some strict guidelines formulated for healthcare organizations to store the data related to patients in the safe and secure way. But as per a recent Scrypt Survey which included 1,800 healthcare professionals as respondents from different healthcare fields, more than fifty-six percent of them reported that their organization needs to improve a lot when it comes to mobile security.
The survey results clearly indicate that as more healthcare organizations are implementing mobile options to go digital, they are ignoring the basic fact of maintaining HIPAA compliance.
On an additional note, 78% of the survey respondents said that they use mobile messaging at work, and 58% of them admitted that they were no messaging policies existing in their organization.
The study also revealed some astonishing practices in healthcare organizations. It was revealed that employees in healthcare organizations do not use a secure messaging service for communication. This was specifically admitted by 70 percent of respondents involved in the survey. They courteously admitted that they still send PHI using a nonsecure application, such as iMessage, WhatsApp, Telegram and other such commercial apps.
When the policy of sending information is concerned, more than 17% of respondents said that they have sent or received PHI via basic mobile message. The sent data includes telephone numbers, email IDs, and names.
As the survey stated that more than 65 percent of respondents use the same mobile device for work and personal use. Maybe it’s high time for organizations in Healthcare business to review their existing BYOD security measures. Also, fifty-two percent of them admitted that their company did not have any restrictions for application download and use.
The Scrypt Survey on healthcare organizations stated that most of them are using HIPAA compliant software to protect their patient data. But the technical fact is that not all software providers are as secure as they claim to be and so adding regular internal testing on user accounts will prove extremely beneficial at this juncture.
What is your thought on this sensitive issue; especially when the data security concerns are on the high rise?
Please share your thoughts through the comments section below.
