Healthcare IT leaders face a security one-two punch on mobile devices and BYOD

Follow Me

July 30, 2012 5:50 PM

Credit: http://www.flickr.com/photos/kyletaylor/

Many organizations are working on ways to handle mobile data security – some have the added challenge of implementing security policies and features as part of a bring your own device (BYOD) program while others are dealing with just corporate-owned and liable devices. That's a difficult proposition for any company or agency, but some industries have unique needs and challenges.

One of those industries is healthcare. Doctors and nurses are embracing mobile technologies like Apple's iPad as well as a range of smartphone platforms. Doctors often lead the charge with mobile devices by bringing their own devices into their practices and hospitals.

As a result, many healthcare IT leaders and professionals are being hit with a one-two punch. They have the same BYOD and mobility challenges as their counterparts in other industries, but they also have the challenge of dealing with stringent regulations unique to healthcare.

One example that leaps to mind is the set of patient privacy and data security regulations known as HIPAA, which falls under the purview of the Department of Health and Human Services. While HIPAA is a challenge, it is only one of several federal regulations imposed on U.S. healthcare providers by a range of agencies.

As recently reported by MobiHealthNews, healthcare IT leaders need to consider many other regulations from federal agencies including the Drug Enforcement Agency (DEA) and the Food and Drug Administration (FDA), both of which regulate medications and prescriptions. While the FDA regulates drugs in general, the DEA regulates controlled substances including many painkillers.

It doesn't stop there. Agencies as far flung as the Federal Trade Commission and the FCC have stakes in healthcare in relation to consumer protections. Then there's the goal of meeting the meaningful use guidelines for electronic health records established in the Health Information Technology for Economic and Clinical Health (HITECH) Act – not to mention Medicare and Medicaid requirements and various state regulations.

All of this leaves healthcare CIOs and IT leaders in the lurch. Just getting a complete list of regulations, which can be moving targets, and understanding how they will impact a medical group or hospital individually and collectively can seem like a labor of Hercules. And some requirements, like those related to HITECH, are date or deadline driven.

All in all, the challenges make creating a solid list of needs and developing a plan to make the needed upgrades and purchases across the board a difficult challenge that isn't matched in most industries.

Google Has An Opportunity To Get Serious About Android Security
CITE Goes Live! Register for the CITE Conference & Expo, June 2-4, in San Francisco.

Ryan Faas is a technology journalist and author who has been writing about Apple, business and enterprise IT topics, and the mobile industry for over a decade. Read Ryan's bio