To read Part 1 of this series, click here.
According to the HIMSS Analytics 3rd Annual Mobile Survey, the top benefit to having mobile tech in facilities is increased access to patient information, and the ability to view data from a remote location. But this means there are thousands of devices accessing a provider’s network. In order to select a proper security solution that not only meets HIPAA requirements but offers the protection for medical device end points in use, medical IT Administrators must look at a number of factors:
What is on my network? This is the first and most important step in providing a secure IT enterprise. Many IT administrators believe they know what devices are on their network. However, healthcare facilities are littered with transient devices such as personal phones and tablets, patient monitors and diagnostic tools that have unique and often antiquated operating systems. These devices may only show up on IT networks once a week or perhaps once a month. It can be a daunting task to know exactly what is connected to the IT enterprise.
- Controlling BYOD. Practitioners, nurses, and administrative staff often use their own unregulated devices, such as phones and tablets, to record data and communicate with staff and patients. Add to that the fact that many facilities offer open WiFi to their patients and guests. This creates a massive amount of end points that are not monitored and leave the IT enterprise vulnerable to malware, viruses, and advanced persistent threats. Survey findings shows that 32% of hospitals are not even using technology to enforce their BYOD policies.
- End Point Compliance. Knowing what is on the network is one thing. Keeping known devices compliant is something else entirely. Security of an IT Enterprise is only possible through awareness. Once the devices are discovered IT administrators must be certain that they remain compliant. Having the ability to confirm applications and disable those that are unauthorized, verify whether or not the devices meets established security policies, knowing if the device is compliant with the latest security patch and antivirus definitions is essential.
- Cost vs. Risk. While the Federal Government provides some mandates that direct medical IT Administrators to protect patient data, the healthcare IT network remains largely susceptible to your average hacker. It is up to each healthcare IT Administrator to protect the physical network to the degree they feel necessary to secure data and network end points. Healthcare budgets, like many vertical industries, are balanced toward production vs. protection. In the HIMSS Analytics survey, lack of funding was the most common barrier to implementing a security solution. An effective solution with low cost of ownership is necessary. And while incentive programs such as EHR Incentive Program may seem to add balance to this in favor of the healthcare facilities, the incentive received is certainly not equivalent to the cost of losing patient data.
Network administrators can’t secure what they can’t see. It is imperative that administrators have access to real-time visibility of everything on their network and be able to control what is on their network at all times. When choosing a solution that meets all of these requirements, look for one that is simple to install on your network, without the need for agents or client software.
If you’d like to talk more about end point security solutions or need help, get in touch with us!