We've heard plenty about security challenges inherent in healthcare technology solutions, especially as more medical professionals connect to these solutions remotely via mobile devices.
But healthcare IT solution providers say taking patient data digital at the point of care is arguably much more secure than the alternative -- writing information on pieces of paper that can be misplaced or mis-transcribed when entered into computers later.
"Writing it down … is less secure than entering it into a device in the first place," said Eric Henderson, senior solutions architect for healthcare at Varrow, an IT solution provider in Greensboro, N.C. "Errors happen in adding the information later. This type of security is a nontechnical thing. It is confidentiality that is being breached. Things just happen."
Ruth Skocic, founder, president and chairman of technology integrator and My LifePlan in Ravenna, Ohio, says mobile access to patient data is crucial for first responders who need real-time access to patient medical histories. My LifePlan offers a service called MyChoice that houses individual patient data centrally so that medical professionals can access it on behalf of patients, regardless of their particular healthcare organization affiliation. "Providers can get a snapshot view of the patent and the medical conditions that might affect treatment," she said.
Biometrics layer more security on healthcare IT solutions
Skocic says medical personnel can choose to secure access to MyChoice via a biometrics option. My LifePlan sells a biometric access solution that's based on fingerprint identification technology from BIO-key. "The extra layer adds more security and more automation to the process," she said.
One of the biggest challenges healthcare IT solution providers need to tackle when helping hospitals, doctors and medical clinics go mobile securely is deciding where data should be stored and how it should be backed up adequately, said Morris Stemp, owner and principal of Stemp Systems Group Inc., a solution provider in Long Island City, N.Y.
"One of the greatest benefits of electronic medical records is that doctors can access their records all the time," Stemp said. "They used to have to fax records to the hospital before a delivery. There were challenges when they were on vacation. Now it's all done remotely. It's taken for granted. But you need to have a plan in place if a breach occurs, even if it never occurs."
IT healthcare solutions require secure Net connections
One simple measure a healthcare VAR might take, for example, is to ensure that doctors or other medical professionals are required to use a secure Internet connection in order to gain access to databases. Stemp has also considered safeguards to ensure that connections are severed if someone forgets to log off.
Another best practice mentioned by every solution provider interviewed for this article: Never ever allow patient data to be stored on a mobile device -- whether that device is a smart phone, table computer, notebook computer or thin client device.
"Think of that device as a portal into the main application," said Varrow's Henderson. "Don't ever let that data reside on the device."
This approach has resulted in a growing number of desktop virtualization and thin client projects and evaluations among Varrow's healthcare accounts, said Henderson. Healthcare organizations are intrigued by access controls offered by thin computing environments, he said. Varrow recommends thin client software from VMware, Citrix and Devon IT, which makes a product called VDI Blaster.
You can link thin clients and desktops to physical security badges by using desktop virtualization software so that only personnel who are in the appropriate location or immediate vicinity can log onto the application. Healthcare organizations are also intrigued that desktop virtualization software can be used on existing and new hardware clients, Henderson said. The Apple iPad, for example, is an increasingly frequent topic of conversation among healthcare prospects, he added.