Like it or not, smartphones have become an important part of clinicians’ professional lives, and that includes accessing secure hospital systems. Unfortunately, few of these devices meet even half of Meaningful Use or HIPAA requirements, according to ONCHIT.
While the BlackBerry and iPhone do a bit better, most mobile phones sold today meet no more than 40 percent of Meaningful Use Stage 2 or HIPAA standards, at least as they’re configured out of the box. When manually configured, iPhone and BlackBerry smartphones can reach only about 60 percent compliance, according to a piece in MobiHealthNews.
ONC has released these statistics ahead of planned guidance documents designed to help small- and mid-sized provider groups secure mobile devices on the healthcare grid. ONC plans to publish its guidance as a series of best practices documents next year.
This is positive news. After all, making best practice models available — such as how to handle “BYOD” situations — is quite necessary. That being said, why must providers wait until late this year? I’d argue that providers need best practices for smartphone use immediately, not in several months.
HIT administrators need guidance not only for how to configure the devices adequately, but also how to tailor data delivery to the device’s small brain, how to make the devices uncrackable even if lost and what kind of health data UI works on a smartphone. (Technically, the latter isn’t a security concern, but I think we can all safely assume that if the UI is ugly, physicians will try to “break” it to their use or simply switch to a less secure device.)
Readers, have you had any security concerns arise specifically due to smartphone use? Do you think smartphones are as big of a security threat as tablets and laptops?