Q&A with Tom Srail
I’ve been working with technology companies whose business is streamlining patient and asset movement within a hospital—diagnosis machines, medical equipment and carts going from point A to point B as quickly and efficiently as possible, getting restocked, cleaned and back into use with minimal downtime. As we see in retail, manufacturing and the logistics world, the healthcare industry is using technology in process improvement to really speed up the delivery of care and, of course, improve accuracy and quality.
Some IT security professionals who work in the healthcare industry refer to BYOD as “bring your own disaster,” meaning it could be rife with risk. A good risk management approach is to follow the three tenets of security: confidentiality, integrity and availability. Each is very important to the healthcare world and maybe more so than many other industries.
Confidentiality, making sure sensitive information doesn’t get into the wrong hands or get exposed, is number one.
Integrity is making sure the information the doctor is getting on the device is correct. This means the patient’s record is correct, the data hasn’t been corrupted and the information was input and coded correctly. Software glitches, security events and equipment failure can corrupt a database or make the data unreadable.
Availability is imperative. You can’t afford a system crash that says, “Sorry please try again later.” That’s not an option when you’re in an acute care scenario and you need to pull up the patient’s record and there’s no paper-based file anymore. The system has to be up and running. That would extend to mobile devices as well and the networks that connect them back to main system.
All three of these—confidentiality, integrity and availability—need to be considered potential risks when you’re considering using mobile devices in healthcare.