Among the crystal ball gazers that manifest as each year draws to a close, predictions have already emerged that are very relevant to mHealth and BYOD.
"There will be a significant increase in malware for Android phones,” a report from IT governance, risk and compliance firm Coalfire states. “And malware will begin to affect iPhones, too.”
This holds big implications for bring-your-own-device movements at hospitals nationwide, especially seeing that some 80 percent of all Android mobile phones were unprotected from malware, according to an F-Secure report earlier this year.
"The capabilities of the smartphones far exceed the security of the data used in those devices," said Rick Dakin, chief security strategist at Coalfire.
Kevin Johnson, a self-described "ethical hacker" and chief executive officer at network security firm Secure Ideas, also cautioned against BYOD in hospitals.
"The security of these devices have been made even worse because of the applications we run on them," he said at the Healthcare IT News Privacy and Security Forum this past September.
[See also: mHealth — what's the hold up?]
Let's take an app example, he said – for instance, a note-taking application for a nurse. "Where does it store the data? Did it block the permissions down to the data so another app on that phone can't read it?" Many don't.
Another prediction particular to mobile health: Expect a huge increase in data breaches reported in 2014, all thanks to the HIPAA Final Omnibus Rule, which took effect in September and holds business associates accountable for violating certain HIPAA privacy and security rules.
Here's the thing, though: According to the report, many BAs don't know they're BAs — and that's problematic.
"Many BAs are simply ignoring the requirements, which will lead to a plethora of data breaches in 2014," Dakin wrote.
Ted Kobus, a New York-based attorney for BakerHostetler who focuses on privacy and data breaches, said business associates are very much lagging behind. They're not as prepared as they should be, he said.
"We see them asking for help with compliance issues, business associate agreements, questions about cloud computing and general compliance questions," he explained this fall.
The Omnibus Final Rule also expands the definition of a business associate to include health information organizations, e-prescribing gateways, certain PHR providers, patient safety organizations, data transmission service providers with access to PHI and contractors involved with PHI.
Coalfire's other three security predictions for 2014:
- Expect a big security breach at a cloud service provider. This "new area of concern" should be a "big concern since a single cloud provider may house sensitive information on tens, if not hundreds or thousands of individuals," the report reads.
- Migration from compliance to IT risk management will accelerate.
- Emerging threats will shift security programs from status boundary protection to more practice monitoring and response programs.
Related articles:
