Security measures and workflows that are too complex for clinicians to follow are major assets to cyber criminals who want to steal data from hospitals. The following are two examples of this phenomenon.
Hospitals commonly try to protect the data within EHRs and other IT systems by requiring clinicians to change passwords periodically with highly complex combinations of upper- and lower-case letters and numbers. While this security precaution is well intentioned, these passwords typically end up being written on a piece of paper or within a text file on the computer, easily accessible to a competent cyberattacker.
Likewise, to eliminate protected health information (PHI) from being stored or breached on a clinician’s smartphone, some hospitals have banned the devices. This precaution, too, is well intentioned, but clinicians often revert to using their phones simply because it’s more efficient than the clinical communications devices offered by their hospital. To protect patient privacy, these clinicians may use inefficient workflows of only patient initials or room numbers in text messages sent from their smartphones. This shortcut may offer some privacy protections, but it is not HIPAA compliant if shared over a cellular network, it could result in the wrong care being delivered to the wrong patient, and a cyberattacker intent on stealing PHI would likely decipher the code.
A natural solution
A better option for hospitals in both regards is to implement a smartphone-based, enterprise-wide communications solution that is owned and controlled by the hospital and that operates on the hospital’s protected, secure wireless networks. With the proper clinical mobility solution in place, clinicians can maintain natural, efficient workflows that don’t prompt them to devise their own non-compliant shortcuts that could result in data being improperly stored, breached, delayed, or misunderstood.
Instilling natural, mobile-enabled workflows where data is securely captured, accessed and shared by clinicians makes it harder for cyberattackers who seek to exploit flaws in a hospital’s system. As a result, patients’ private and protected information is safer, along with the hospital’s reputation.