Skip to Content

Getting Serious About Smartphone Security

· Steve Shirley,
doctor getting serious about smartphone securityAs CIO of an acute care facility serving Pueblo, Co. and 14 surrounding counties, my focus is to maintain safe and compliant clinical communications with the most advanced technology we can implement. After 30 years in the banking industry protecting the identities of customers and their money, IT privacy and compliance is second nature to me. Healthcare, like banking, is vulnerable to security breaches and that includes the practice of medicine on mobile devices.

Generally speaking, most organizations understand that systems like servers, desktops and laptops are susceptible to security breaches if not properly protected. Yet there seems to be a perception that smartphones are somehow different. The fact is, like other computers, smartphones rely on wireless Internet access that necessitates a secure system for care team communications. The awareness of the need for security measures for Bring Your Own Device (BYOD) for physicians and their clinical teams is catching up to other industries and the IT to support regulations and privacy is a must-have in the healthcare space.

At Parkview, smartphones are the standard for clinical communications, including BYOD. We’ve implemented several programs to help us manage risk and maintain compliance:

  • Employee education: There’s been a huge effort in the last year to increase staff awareness on the importance of security. Our network security engineer regularly visits units during their daily huddles to give security tips like how to create strong passwords or how to validate that the person on the phone is authorized to receive information. We’re also putting together a security video that will be required viewing for all employees.
  • Quality vendor partnerships: We expect the highest levels of security from our vendors and it’s become a requirement that when we implement new solutions we collaborate with them to plan and design for security. We expect our vendors to have a vision and an understanding that security is as important as producing a superior solution; the two can’t be separated. PatientSafe Solutions is a great example of this. When we went into production with PatientTouch® on the iPhone for both clinical communications and workflows, we collaborated closely with all the vendors involved to design for security and a seamless implementation. Six companies including PatientSafe, Cisco and Apple all participated. In addition, we mandate and audit our vendors to ensure the security and safety of our data, as well as requiring Business Associate agreements for any vendor dialing into our system.
  • Mobile Device Management (MDM): At Parkview, we’ve implemented MDM for all of our devices. As part of that strategy, no data is stored on laptops or mobile devices, and we only deploy encrypted mobile hardware.
  • Project planning: Security is deeply rooted in our project planning. When deploying new technology, we’ve made it a priority to include a project milestone for evaluating and understanding potential security risks, and then developing a plan to mitigate them. We do this for all of our IT projects whether large or small.

Related Posts

data security PatientSafe

Don’t Touch My Data!!!

Things to consider to shore up data security and to avoid stolen PHI Does a day go by anymore that we… Read more
security and data visibility

Secure Data Visibility at the Point of Care

Q&A with Mark McMath, CIO at Methodist Le Bonheur Hospitals and health systems face daunting challenges when it comes to… Read more
health it technology

Healthcare’s Mobile Evolution: Unifying Clinical Communication and Workflows

It’s our privilege at PatientSafe to collaborate with our many hospital partners on their clinical mobility journeys. I recently had… Read more