Privacy, Security Mistakes Physicians Make When Using Mobile Devices

February 27, 2014

More physicians are using their mobile devices such as smartphones and tablets for healthcare purposes. But not all are using them securely.

More physicians are using their mobile devices such as smartphones and tablets for healthcare purposes. But not all are using them securely.

At this year's Healthcare Information and Management Systems Society (HIMSS) Conference in Orlando, Fla., Andrea Bradshaw, general manager of mobility solutions at technology products and services firm CDW and Sadik Al-Abdulla, security practice director at the firm, spoke about the major security risks mobile devices pose.

At the end of their presentation, entitled "Securing Patient Data in a Mobilized World," one attendee asked: What are the most important things physicians can do to protect their mobile devices?

While your medical practice's IT department should handle more complex mobile security issues, such as data encryption and the ability to remotely wipe data stored on the device, there are some important things physicians can do to protect the information stored on their phones, said Al-Abdulla.

Here are two of his suggestions:

1. Don't "jailbreak." Essentially, jailbreaking is "hacking your own phone to let it run applications that either Apple or Google does not intend for it to run," said Al-Abdulla. "There is some native security built into the system so that when malicious software has been discovered in the Apple iTunes store or in Google Play, both providers have a way of removing it."

When physicians jailbreak their devices, a default password may be set on a phone, he said, pointing to the common default password "Alpine" as an example. If such a default password is set on a physician's phone, anyone who gains access to it and is aware of the password may be able to log in, he said.

Default passwords are not the only potential problems jailbreaking poses. Click here to read more.

2. Don't wait to report a lost device. When a mobile device goes missing, physicians should reach out to their IT departments immediately, said Al-Abdulla. "If you lose the phone and within an hour you call IT and IT remotely wipes that phone, the level of risk is ... dramatically lower," he said.

While it might be tempting to wait a bit to see if the device turns up, the longer you wait the more damage your practice - and your patients - could experience if the device gets into the wrong hands. “The faster you tell people, the better off the organization is," said Al-Abdulla.