Report from HIMSS: Laptops and mobile communications devices create security nightmare

April 7, 2009

Procedures to ensure patient privacy don’t do much if the patient data end up on portable electronics. This happens more commonly than might be expected, according to a survey reported at the 2009 Healthcare Information and Management Systems Society meeting in Chicago.

Procedures to ensure patient privacy don't do much if the patient data end up on portable electronics. This happens more commonly than might be expected, according to a survey reported at the 2009 Healthcare Information and Management Systems Society meeting in Chicago.

Credant Technologies, a Dallas-based firm specializing in data protection solutions, conducted a survey of more than 1000 healthcare professionals in the U.S. and U.K. that indicates that more than one-third unwittingly put personal information at risk. They are storing patient records, medical images, contact details, corporate data, and other sensitive information on laptops, BlackBerrys, and universal serial bus sticks that are not adequately secured.

As many as one-fifth of the staff surveyed in the U.K. increase the risk by bringing their own devices into work and using them to store patient data, according to the survey. Even more do so in the U.S. The survey found that one-third of healthcare professionals in the U.S. were downloading sensitive details onto their own personal devices, a basic breach of practice if they are not complying with the security policy set up by their employer.

The use of laptops and portable communications devices in the healthcare sector has escalated rapidly, particularly in radiology, where these devices are being used as part of extended thin-client networks. Growth has been driven by their relative ease of use, speed, increased memory capacity, and affordability. As indicated by the survey, the great benefits of these devices are accompanied by huge security and managerial problems for IT departments.

When health practitioners were asked they how secure data when using their own equipment, many said they rely on basic security. Some 35% of those in the U.K. said they were using just a password. Using software downloaded from the Internet, hackers need about five minutes to bypass a simple password made up of a name, dictionary word, or easily remembered number, according to Credant.

About 6% of U.K. survey participants admitted to storing sensitive patient details with no security whatsoever. This was better than in the U.S., where 18% used no security to ensure the safety of information they store on their devices.

The most popular device adopted by U.K. medical practitioners was a laptop, used by 62% of respondents. USB sticks were next at 17%, and a BlackBerry or other handheld devices was third with 13%. The most common type of data stored were work contacts, but 15% of respondents said they stored patient records and medical images.

For more information from the Diagnostic Imaging and SearchMedica archives:

Three-D rivals at RSNA 2008 bump competition up a notchPhysicians appreciate value of decision-support systemNovel teleradiology system allows simultaneous collaboration