Laptops and mobile communications devices create security nightmare

April 7, 2009

Procedures to ensure patient privacy don’t do much, if patient data end up on portable electronics. This happens more commonly than might be expected, according to a survey conducted by Credant Technologies, a Dallas-based firm specializing in data protection solutions.

Procedures to ensure patient privacy don’t do  much, if patient data end up on portable electronics.  This happens more commonly than  might be expected, according to a survey  conducted by Credant Technologies, a  Dallas-based firm specializing in data protection  solutions. 

Credant’s survey of more than 1000 healthcare  professionals in the U.S. and U.K. indicates  that more than a third unwittingly put personal  information at risk. They are storing  patient records, medical images, contact  details, corporate data, and other sensitive  information on laptops, BlackBerrys, and  USB sticks that are not adequately secured.  As many as one-fifth of the staff surveyed  in the U.K. increase the risk by bringing their  own devices into work and using them to  store patient data, according to the survey. 

Even more do so in the U.S. The survey  found that a third of healthcare professionals  in the U.S. were downloading sensitive  details onto their own personal devices,  a basic breach of practice if they were not  complying with the security policy set up by  their employer. 

The use of laptops and portable communications  devices in the healthcare sector has  escalated rapidly in the last several years,  particularly in radiology, where these devices  are being used as part of extended  thin-client networks. The growth has been  driven by their relative ease of use, speed,  increased memory capacity, and affordability.  As indicated by the survey, the great  benefits of these devices are accompanied  by huge security and managerial problems  for IT departments. 

When asked how health practitioners secure  their data when using their own equipment,  many said they rely on basic security.  Some 35% of those in the U.K. said they  were using just a password. Using software  downloaded from the Internet, hackers  need about five minutes to bypass simple  passwords made up of a name, dictionary  word, or an easily remembered number, according  to Credant. 

About 6% of U.K. survey participants admitted  to storing sensitive patient details with  no security whatsoever. This was better  than in the U.S., where 18% used no security  to ensure the safety of information they  store on their devices. 

The most popular device used by U.K. medical  practitioners was a laptop, used by 62%  of respondents. USB sticks were next at 17%,  and BlackBerrys or other handheld devices  were third with 13%. The most common  type of data stored were work contacts, but  15% of respondents said they stored patient  records and medical images.