Skip to main content

Securing confidential health data with VMI

Visiting the doctor can be a dreaded event. You worry about your health, expenses, and what is the doctor about to do with that thing? With the prevalence of mobile data and applications, now our confidential data at risk is a fear as well.

The situation

The Mobile Threat Intelligence report from threat defence company Skycure found that doctors who use mobile devices to assist their day-to-day practice are exposed to network threats that will only continue to increase over time. Other research reports 80 per cent of doctors use their mobile devices to assist in their work-day practices and 28 per cent store patient data on their mobile device.

Because of end user demand, more and more health apps are being developed with HIPAA compliance in mind. The use of these apps by private practices, hospitals, and other healthcare systems alike are leading to the inevitable growth and use of mobile devices across the organisation.

The problem

With the convenience and productivity of mobility, it’s no surprise mobile devices have entered the medical field. However, as mobile brings convenience and productivity, it also brings serious security and policy threats.

The HIPAA Security Rule establishes national standards to protect electronic personal health information. Now, CIOs are looking to solve this issue by locking down the mobile device, significantly limiting ePHI and other confidential data and control. This strategy solves the compliance needs, but damages usability and productivity in the workplace.

Even with the obstacles, it seems mobile is here to stay, and continue to grow, in the healthcare field. A recent report by HIMSS found 70 per cent of clinicians use mobile devices to view patient information. With numbers being this high, the attack surface for malware to get to PHI information is massive. The opportunity for doctors to share photos and images using mobile devices can become borderline HIPAA violation. There's the additional challenge to ensure HIPAA compliance of all medical apps at all times across a large set of fragmented mobile devices. Similarly, IT has to contend with managing delivery of updates to mobile apps and mobile OS on a consistent basis.

We are living in a world where mobile not only drives communication but also drives business, adoption, and productivity, and no one wants to be restricted from the use of mobile devices. Everyone is in search of one solution: how to get the most out of mobile while remaining compliant with HIPAA’s stringent security policy.

The solution

The only solution in healthcare is to move everything of importance off the mobile device and into the secure data centre. Virtual Mobile Infrastructure (VMI) is a key technology solution that enables organisations to move data and applications from the uncontrolled environment of the physical mobile device to the highly-controlled environment of the enterprise data centre or cloud. With VMI, an organisation can implement a mobility strategy without ever having apps or data at rest on physical mobile devices, ensuring HIPAA compliance.

Emily Towell, Marketing at Hypori