Health IT Pulse

Oct 2 2012   12:56PM GMT

Government Accountability Office recommends medical device security

Alex Delvecchio Alex Delvecchio Profile: Alex Delvecchio

Tags:
FDA
gao
medical device security
mobile device management

As more personal health information flows through medical devices and over wireless networks, federal officials say more regulations are needed to ensure both device and data security.

The U.S. Government Accountability Office (GAO) in a report recommends the FDA more thoroughly regulate medical device security. However, the GAO said efforts to reduce security risks could “adversely affect device performance.” The potential for unintentional negative consequences like electromagnetic interference with wireless devices exists, in addition to intentional side effects including unauthorized device access. The FDA didn’t consider intentional information security risks like unauthorized access of a device as threats until recently, and will reevaluate their approach on how they review medical device software.

More of those devices are reporting information back to doctors, and it’s increasingly happening through mobile device applications. Users in health care environments should also take care to secure their own mobile devices, in addition to regulation from governing bodies like the FDA. A survey of physicians estimated that two-thirds of physicians will be using iPads for business by 2013. Widespread use of mobile devices in medical settings has led many organizations to adopt internal bring your own device (BYOD) policies. Regulating personal devices allows practitioners freedom of access to data, while also allowing health care organizations some control over device security.

Health care organizations can only go so far in securing their employee’s mobile devices. Some devices cannot be encrypted and companies can’t enforce their security policies on employee’s personal devices. User education has become a key aspect of overall device security due to these restrictions. Organizations are aware that mobile technologies are continuously changing, which creates the need for constant evaluation of their security policies.

Government and health care organizations need to protect data to maintain trust with patients. Nearly half (49%) of responding patients in a recent EHR security survey said they feel electronic health record (EHR) use will have a “significantly negative” or “somewhat negative” effect on health data privacy. Two-thirds (67%) of patients responded they trust their doctors’ office to maintain their health information, while only 6% indicated trust in the government with the same data.

Ideally, health care companies will increase device security and performance while maintaining patient trust. People are the most vulnerable aspect of security and privacy, says Rebecca Herold, an information privacy, security and compliance consultant. Providing staff with educational resources, such as an employee intranet page where staff can ask questions, can be a beneficial training method.

5  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Jenny Laurello
    http://t.co/b4mfoOPX http://t.co/KL5gmMyJ
    0 pointsBadges:
    report
  • Jenny Laurello
    http://t.co/b4mfoOPX http://t.co/KL5gmMyJ
    0 pointsBadges:
    report
  • Jenny Laurello
    Government Accountability Office pushing #FDA on medical device security http://t.co/b4mfoOPX #EHR #GAO
    0 pointsBadges:
    report
  • MrGGilbert
    Government Accountability Office pushing #FDA on medical device security http://t.co/b4mfoOPX #EHR #GAO
    0 pointsBadges:
    report
  • Ed Burns
    Government Accountability Office recommends medical device security http://t.co/ht52LaVv
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: