Healthcare professionals show poor practice when it comes to security

News by SC Staff

Patient records are being put at risk by healthcare professionals, due to insufficient storage.

Patient records are being put at risk by healthcare professionals, due to insufficient storage.


Following a survey of workers from the US and UK, results showed that information is stored on mobile devices such as laptops, BlackBerrys and USB sticks and not adequately secured.


Credant Technologies, who carried out the survey E-Health Insider in the UK and Outpatient Surgery Magazine's subscribers in the US, revealed that the use of portable devices in the healthcare sector has escalated due to their ease of use, speed, increased memory capacity and affordability.


In the US, a third of healthcare professionals surveyed were downloading sensitive details onto their own personal devices. Many said that they relied on basic security to secure the data, and 35 per cent of UK practitioners said they were using just a password.


Also in the UK, six per cent admitted to storing sensitive patient details with no security whatsoever, while 18 per cent used this approach in the US. Fifty-six per cent of UK healthcare professionals are using strong security to protect their devices with 35 per cent using encryption, 17 per cent two-factor authentication, three per cent biometrics and one per cent smart cards. In the US, just 23 per cent were using strong security to protect their mobile devices.


Michael Callahan, VP global marketing at Credant Technologies, said: “Anyone who owns a mobile device such as a smartphone or laptop should stop and think – can someone easily open it? If so, once they are in, could they access patient records, read my emails and then use this information to access the company network, such as the NHS hospital network? If so what damage could they do if they were to assume my identity?


“Obviously the medical profession has a responsibility to protect all our confidential records – so Credant's advice would be for all healthcare IT departments to implement a data-centric information protection solution that includes policy enforcement and centralised management and reporting.  In doing this, IT departments can significantly limit patient and other important data exposure even as it resides on personal devices.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews