Endpoint security is something that every company needs to watch out for, especially with the number of employee devices seemingly multiplying by the day, as it seems that there are still plenty of breaches being reported each day. GovInfoSecurity columnist Marianne McGee recently wondered why encryption wasn't a more widely adopted defense mechanism, especially in a healthcare setting.
"I've found that there is much misinformation and misunderstanding about encryption throughout the populations of doctors, nurses and other healthcare providers," security consultant Rebecca Herold told GovInfoSecurity.
Even so, Henry Ford Health System and the Department of Veterans Affairs are among the organizations that are starting to use mobile device management and encryption to help make sure that information stays as safe as possible within the company.
Herold told GovInfoSecurity that bringing encryption into the fold means making sure that a good policy is in place that will allow businesses to have control of the devices being used on the company's network. Mac McMillan, CEO of CynergisTek, said Stage 2 of the HITECH Act electronic health record (EHR) incentive program will require that software be designed to encrypt medical data, so this whole issue should become less of a focus as health IT administrators move forward.
According to Herold, there are some key tips for making sure that mobile devices stay safe within a healthcare provider, including:
- Retaining only a minimal amount of protected health data on devices
- Being sure to have a clearly-written and well-enforced policy that will support effective access control
- Installing software for security across the entire company
- Upgrading management and security systems needed to help make sure no breach can occur within the company due to the mobile devices being used
Asking the right questions
Instead of simply going with what vendors say, each healthcare company needs to look inward when looking at the positives and negatives of a mobile device management and BYOD (Bring your own Device) plan. According to TechTarget, asking about how the devices will be used within the company and personally, what limitations are needed and how the network can be monitored are all important for the success and and security of a mobile plan. After this, each company needs to figure out how much their mobile program will be used and what kind of activity they will need to watch out for to stay safe.
Data Security News from SimplySecurity.com by Trend Micro.