In health care, the efficiency of a physician’s workflow can be a matter of life or death. Under certain circumstances, this statement could be quite true for the most part. Workflow is an integral part of a physician’s job however there is the concern of privacy and security. A survey conducted by QuantiaMD, with results from 3,798 physicians, states 1 in 5 doctors utilizes a tablet for work in their practice. This coupled with a report by Manhattan Research about smartphone usage among physicians increasing from 72% in 2010 to 81% in 2011 shows that mobile usage is on the rise in healthcare. These are alarming facts for mobile security since in many instances, security processes can hinder or halt work efforts so often it is overlooked.
Although physicians are governed by HIPAA compliance, more doctors are concerned with workflow than being compliant. With traditional forms of communication such as requesting a diagnosis or paperwork, a physician may have to wait an hour for a response from a colleague. If a physician utilizes text messaging, they can communicate with a colleague and receive responses rapidly. However, mobile security is not always used in healthcare because of the lack of security concerns. With so many physicians utilizing smartphones and tablets, this could mean the possibility of a data breach.
Recent research by the Ponemon Institute states that data breaches have risen by over 32% in 2011. There is no research pointing towards mobile devices being the culprit of these breaches. It could be a coincidence or maybe hackers and crackers are finding new ways of compromising data. Traditionally, hackers find weaknesses and vulnerabilities to exploit which is probably what caused the rise in data breaches. With more physicians utilizing devices without mobile security measures in place, hackers may have spotted weaknesses and exploited them to cause data breaches. Whether through interception of confidential data during transmissions or unauthorized access to servers, the concern is patient privacy.
Protecting patient privacy starts at the point of access. If only authorized users are allowed to access the confidential data, the chance of data breaches can be reduced. Two factor authentication provides government compliant security for HIPAA compliance. Two factor authentication solutions are also inexpensive while providing two layers of protection. By utilizing a one-time password sent through SMS text message, not only is an out-of-band authentication method utilized but there is no extra hardware or software needed since most users have mobile devices.
An out-of-band network provides the strongest mobile security because the chances of successfully intercepting two factors of authentication are extremely difficult. If a time limit is placed on the life of the one-time password and if a hacker were to intercept the password, chances are that they would not be able to input it fast enough to access the network before the user. With a one-time password, the password is unusable after being used once. This prevents the likelihood of a malicious user being able to fraudulently access data.
It may be easy to correlate that data breaches increased because of mobile device usage. The facts say it all. Smartphones are being used by almost every physician and with tablet applications becoming more available for healthcare, the chances for fraud increases. Advancing technology should be protected through advancing security. The two factor authentication process is advanced security that is HIPAA compliant, inexpensive and best of all requires no special software or additional hardware. This makes it able to be used by anyone with a smart phone or mobile device.
