When following ads about new drugs, the list of possible side effects often sounds more ominous than the actual condition. One is left wondering if curing the problem is really worth the risks associated with the treatment?

Those evaluating the nascent field of mobile health (mHealth) may be having similar thoughts.

On the one hand, mHealth may be viewed as a panacea for improving patient care and lowering costs. On the other, the potential for compromised security, including violations of patient privacy through wireless data transmission, are inherent risks that could result in harmful side-effects if mHealth is administered without caution.

With Progress Comes Risk

Advances in telemedicine continue to evolve at a rampant pace for healthcare organizations, along with the proliferation of wireless devices among healthcare professionals, including smartphones, tablets, USB drives and laptops. As mobile services become more sophisticated, capable of accommodating the conversion to electronic medical records (EHRs) required by the new Health Information Technology for Economic and Clinical Health (HITECH) Act, patient information has never been more portable -- or in more peril.

Currently, close to 80% of doctors use smart phones daily, and a growing number are utilizing iPads and/or Android tablets to access healthcare information. Balancing the need to ensure security and protect privacy on mobile devices while simultaneously meeting the needs of patients, clinical staff and health care organizations is imperative, but also achievable.

While there are numerous steps that healthcare providers should take to secure mobile devices, the following best practices can help organizations meet HIPAA (Health Insurance Portability and Accountability Act) requirements, and track data across their wireless networks to prevent unauthorized access to sensitive patient information.

Best Practices for Healthy mHealth

  1. Identify all mobile devices and maintain inventory management utilizing MDM (mobile device management) software ensuring that no unauthorized devices obtain connection to the network and that all devices can be fully tracked;
  2. Add on-device password and over-the-air data encryption to enforce authentication when the device is cycled-on and to ensure that data exchange is fully protected;
  3. Enable remote device kill and data deletion, allowing administrators to clear all data and settings on lost or stolen devices;
  4. Separate personal and healthcare organization information, enabling IT to secure, control and erase enterprise data and applications without adversely impacting personal photos, music, Apps or email;
  5. Provide updated and automatic antivirus, firewall protection and remote delivery of security patch updates;
  6. Establish either a BYOD (bring your own device) or healthcare industry-owned device policy for consistency across the organization. Include guidelines and education regarding potential missteps, keeping mobile devices in compliance and limiting introduction of malware through spam and unauthorized Apps; and
  7. Allow IT to control exactly what data users can access with their mobile devices, including back-office systems, formalized user groups and blocked access to devices that don’t have a MDM software installed.

As mHealth continues to transform medical care in unprecedented ways, enhanced mobile device security will ensure that the benefits far outweigh the potentially harmful side-effects.

Editor's Note: To read more of Michael Lustig's columns: