Children's Medical Center of Dallas, the seventh largest pediatric healthcare provider in the country, was recently handed down a $3.2 million fine by the Department of Health and Human Services for multiple HIPAA violations, dating back to 2009. The violations in question include the loss of a BlackBerry device containing the records of 3,800 patients at the Fort Worth Airport in November of 2009, and the more recent the theft of a laptop containing the records of nearly 2,500 patients from the Hospital premises in April of 2013. In both of these situations the devices were unencrypted and lacked any remote lock out or data wiping capabilities. In this particular case it is believed that none of the compromised information negatively impacted the patients, however a security breach of this nature could have been entirely avoided if proper security features and policies were in place. Since the most recent violation Children's Medical Center of Dallas has addressed problems and adopted a stricter mobile device management policy, however this breach is hardly an isolated incident in the healthcare space. Advocate Health Care in Illinois was forced to pay a fine of $5.5 million fine in August of 2016 following a number of violations which included the theft of a desktop computer, and the loss of a laptop containing sensitive information, among other violations. While in the past year the University of Mississippi was also forced to pay a $2.75 million fine following the theft of a laptop containing the patient information of 10,000 individuals. In each of these situations the violation could have been entirely avoided if a mobile device security solution that encrypted sensitive data and provided remote wipe capabilities.
While in most of these cases the healthcare providers involved have implemented solutions to address these concerns, either of their own accords or as a term of their fine and settlement, these violations are still indicative of major problem facing many healthcare organizations. The security of patient data is one of the biggest concerns in healthcare industry as a whole and the mobile device is considered by many a key point of vulnerability in terms of security. Based on VDC’s own research 76 percent of healthcare providers are planning to increase their spending in the security space over the next year, while 55 percent of all healthcare institutions identify security features at the number one criteria for the selection of the devices for their enterprise mobility devices.
It has also been widely stated that nearly that three out of four of all medical practitioners utilize their mobile devices to access sensitive patient information, which represents a dramatic increase from just a few years ago. This emphasizes the need for clear and up to date security solutions and policies for healthcare based mobile devices. The cost of these breaches and HIPAA violations, in a number of cases, could have, at least partially, covered the cost of the security solutions that would have prevented them. Additionally these violations have been extensively covered by the media, and hospitals that make violations will undoubtedly see a loss in client trust and confidence. Based upon this it is easy to see how keeping a compliant and up to date with security solutions is key to ensure that healthcare providers do not suffer any unnecessary loss of reputation and financial liability.
View the 2017 Enterprise Mobility & Connected Devices Research Outline to learn more.