Generally speaking, most organizations understand that systems like servers, desktops and laptops are susceptible to security breaches if not properly protected. Yet there seems to be a perception that smartphones are somehow different. The fact is, like other computers, smartphones rely on wireless Internet access that necessitates a secure system for care team communications. The awareness of the need for security measures for Bring Your Own Device (BYOD) for physicians and their clinical teams is catching up to other industries and the IT to support regulations and privacy is a must-have in the healthcare space.
At Parkview, smartphones are the standard for clinical communications, including BYOD. We’ve implemented several programs to help us manage risk and maintain compliance:
- Employee education: There’s been a huge effort in the last year to increase staff awareness on the importance of security. Our network security engineer regularly visits units during their daily huddles to give security tips like how to create strong passwords or how to validate that the person on the phone is authorized to receive information. We’re also putting together a security video that will be required viewing for all employees.
- Quality vendor partnerships: We expect the highest levels of security from our vendors and it’s become a requirement that when we implement new solutions we collaborate with them to plan and design for security. We expect our vendors to have a vision and an understanding that security is as important as producing a superior solution; the two can’t be separated. PatientSafe Solutions is a great example of this. When we went into production with PatientTouch® on the iPhone for both clinical communications and workflows, we collaborated closely with all the vendors involved to design for security and a seamless implementation. Six companies including PatientSafe, Cisco and Apple all participated. In addition, we mandate and audit our vendors to ensure the security and safety of our data, as well as requiring Business Associate agreements for any vendor dialing into our system.
- Mobile Device Management (MDM): At Parkview, we’ve implemented MDM for all of our devices. As part of that strategy, no data is stored on laptops or mobile devices, and we only deploy encrypted mobile hardware.
- Project planning: Security is deeply rooted in our project planning. When deploying new technology, we’ve made it a priority to include a project milestone for evaluating and understanding potential security risks, and then developing a plan to mitigate them. We do this for all of our IT projects whether large or small.