Navigation Links
Mobile Devices Pose New Security Risks for Patients; Five Experts Share Insights on mHealth

PORTLAND, Ore., July 20, 2011 /PRNewswire/ -- Mobile devices have become as common as the stethoscope in patient's rooms. Physicians routinely review patients' electronic health records (EHR), read test results, access diagnostic tools and take patient notes, all with a few touches on their iPad or tablet, smartphone or using a flash drive. These mobile devices are ideal for information sharing and time savings, but they pose huge security risks to patient information.

In less than two years, from September 22, 2009 through May 8, 2011, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) indicates that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device, exposing more than 1.9 million patients' PHI. A panel of five experts in the fields of healthcare IT, security and privacy, data breach and identity theft—Jill Arena, Chad Boeckmann, Rebecca Herold, Rick Kam, and Robert Siciliano—share their insights on how healthcare organizations and providers can optimize mobile health (mHealth) while protecting patients' data.

Electronic Health Records Increase Mobile Device Usage

Sixty-four percent of physicians own smartphones and 30 percent of physicians have an iPad, with another 28 percent planning to buy one within six months, according to a recent Manhattan Research study. 10,000 mobile healthcare applications are available today on the iPad, with a larger number of them created to provide access to electronic health records. Additionally, one-third of physicians use their mobile devices to input to EHR while seeing patients, while the information is fresh.

Experts Offer Their Insights on mHealth

Jill Arena, managing partner, Health Practice Solutions, LLC, consulting and technology solutions, "In many ways, digitizing patient information can make it more secure, but only if the proper security measures are in place. As we move to introduce iPad applications that integrate with physicians' Electronic Medical Records (EMR) products, we can edit, route and capture signatures on patient forms without ever dropping them to paper. This allows physicians and their office staff to recapture valuable staff time, and it keeps paper forms with PHI, Social Security numbers and other sensitive information from floating around the clinic and potentially falling into the wrong hands."

Chad Boeckmann, president, Secure Digital Solutions, LLC, comprehensive privacy strategy, "Anytime an organization extends information beyond its walls, a risk assessment should be conducted to determine the level of security controls, including monitoring of those controls. Mobile devices are a great example of extending the enterprise. Organizations need to understand the complexities of securing mobile devices, applications and the people who use them as part of a well-rounded data security and risk management program."

Rebecca Herold, Rebecca Herold & Associates, LLC, information security, privacy and compliance tools, education and consulting, "In healthcare, doctors and nurses are increasingly using mobile computing devices and storage devices as part of their care giving activities, storing goldmines of patient information on them. Because of the combination of increased business and patient data storage and entrusting mobile workers with mobile computing devices, it is vital that an effective mobile computing device and storage media security and privacy management program is in place. Not only to meet HIPAA compliance requirements, but also to protect your patients and your hospitals and clinics. A key component is providing training and awareness to those staff using such devices. After all, doctors and nurses cannot protect information on mobile devices if they are not taught effective ways to do so. If you don't provide security knowledge to those using mobile devices, privacy breaches will occur."

Rick Kam, president and co-founder, ID Experts, comprehensive data breach solutions, "Many Wi-Fi networks in hospitals and doctor's offices are not secure and coupled with the increased mobile device usage, patient data is at risk. Here are eight things you can do to protect sensitive patient data:

  1. Whenever possible, don't store sensitive data on wireless devices. If required, ensure the data is encrypted.
  2. Enable password protection on wireless devices, and configure the lock screen to come on after a short period of inactivity.
  3. Turn on the Remote Wipe feature of wireless devices.
  4. Enable Wi-Fi network security. Do not use WEP, and only use WPA-1 with strong passphrases. Use WPA-2 if possible.
  5. Change the default SSID and administrative passwords.
  6. Don't transmit your wireless router's SSID.
  7. Only allow your devices to connect by specifying their hardware MAC address.
  8. Implement a Wireless Intrusion Prevention System."

Robert Siciliano, CEO,, personal security and identity theft expert, "Mobile isn't just a convenient new gadget or toy, it's a huge target for criminal hackers and needs to be treated accordingly."

About the Panel of Industry Experts

Jill Arena, managing partner with Health Practice Solutions, LLC, holds a Fellowship from the American College of Medical Practice Executives and has extensive experience in practice start-up and workflow improvement, including the implementation and management of the newest health information technologies. Her professional focus and passion is the intersection of physician-patient-computer. Over the past 15 years, Jill has started more than 37 new clinics, where she has introduced EMRs and implemented complete clinical IT systems.

Chad Boeckmann, president of Secure Digital Solutions, LLC, assists organizations in government, financial, healthcare and retail industries to achieve information security and compliance goals. Since 2005 Secure Digital Solutions (SDS) continually enables companies to gain confidence and trust from their clients and auditors through IT security and regulatory compliance services. Clients continually rely upon SDS to deliver customized solutions, thought leadership, a strong work ethic and exceptional client service. SDS provides value by delivering business services and solutions effectively and tailor solutions to achieve client requirements.

Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI, The Privacy Professor®, has more than two decades of information security, privacy and compliance experience. Rebecca is a partner and subject matter expert for the first cloud-based HIPAA/HITECH compliance service, Compliance Helper ( As owner and principal of Rebecca Herold & Associates, LLC, Rebecca is a widely recognized and respected information security, privacy and compliance expert and has been named multiple times as a "Best Privacy Adviser in the World" by Computerworld. She is currently working on her 15th published book.

Rick Kam, CIPP, is president and co-founder of ID Experts, and chairman of the "PHI Project," a research effort to measure financial risk and implications of data breach in healthcare. He is an expert in privacy and information security, with extensive experience leading organizations to address the growing problem of protecting PHI/PII and remediating privacy incidents and identity theft. Previously, Kam spent 20 years at IBM Corporation in sales, management, and customer relationship management consulting.

Robert Siciliano, CEO of, is committed to informing, educating, and empowering Americans to protect themselves from violence and crime in the physical and virtual worlds. For more than 20 years, Robert has been working in all aspects of security. A blogger, consultant, and speaker on a wide variety of topics including computer security, identity theft, and social networking security, Robert is often interviewed on national television, to give advice to consumers and to weigh in on security issues.

Copyright©2010 PR Newswire.
All rights reserved

Related biology news :

1. Motorola Introduces Mobile Biometric Identification for Handheld Computers
2. Promptu Unveils High Accuracy Voice-to-Text Dictation for Mobile Phones at CTIA
3. Mapping a clan of mobile selfish genes
4. Texas College Police Unit Deploys BIO-key(R) Mobile Data System
5. BIO-key(R) Mobile Data and Messaging Solutions Link Nebraska Law Enforcement Agencies
6. Mobile Communication Market Opens up for Biometrics - Precise Biometrics Awarded 1st Prize at GSMA World Mobile Congress
7. Scientists at CSHL discover mobile small RNAs that set up leaf patterning in plants
8. Scientists at CSHL discover mobile small RNAs that set up leaf patterning in plants
9. Moving gene therapy forward with mobile DNA
10. Tulsa County Sheriff Selects BIO-key(R) Mobile Data System
11. Tulsa County Sheriff Selects BIO-key(R) Mobile Data System
Post Your Comments:
(Date:1/25/2016)... , Jan. 25, 2016  Glencoe Software, the ... pharma and publication industries, will provide the data management ... Centre (NPSC). ... Phenotypic analysis measures ... whole organisms, allowing comparisons between states such as health ...
(Date:1/20/2016)... 2016   MedNet Solutions , an innovative SaaS-based ... clinical research, is pleased to announce the attainment of ... the result of the company,s laser focus on (and ... , it,s comprehensive, easy-to-use and highly affordable cloud-based technology ... Key MedNet growth achievements in 2015 include: ...
(Date:1/13/2016)... January 13, 2016 ... addition of the  "India Biometrics Authentication ... Forecast (2015-2020)"  report to their ... has announced the addition of the  ... - Estimation & Forecast (2015-2020)" ...
Breaking Biology News(10 mins):
(Date:2/8/2016)... ... 2016 , ... Franz Inc. , an early innovator ... announced the availability of AllegroGraph 6, the leading Semantic Graph Database with certification ... Program (CCPT). AllegroGraph is the first Semantic Graph Database to be certified ...
(Date:2/8/2016)... England , February 8, 2016 ... Ltd ("Atlas Genetics" or the "Company"), the ultra-rapid Point-Of-Care (POC) ... to CE Mark its Chlamydia trachomatis (CT) test to be ... of the IVD Directive (98/79/EC), the CT test is now ... --> --> The launch of the io® ...
(Date:2/5/2016)... Feb. 5, 2016  In the pharmaceutical industry the ... host of launch activities including the identification and engagement ... activity is especially high in the oncology therapeutic area ... Practices and the Role of Medical Affairs in Oncology ... on oncology therapies find better ways to utilize medical ...
(Date:2/4/2016)... ... February 04, 2016 , ... Morf ... today announced an interactive FDA compliance training course, Writing Effective ... Professional Society) accredited interactive course on Morf Playbook—now conveniently available on smartphones and ...
Breaking Biology Technology: