307
chapter fteen
Security intelligence for healthcare
mobile electronic commerce
Joseph M. Woodside and Mariana Florea
15.1 Mobile healthcare environment
In the healthcare environment of today, individuals are increasingly con-
necting with one another using mobile devices such as tablets and smart-
phones (Camlek, 2011). Clinicians and patients demand current information
at their ngertips during all phases of healthcare delivery to save time,
reduce errors, and improve outcomes. As a result of the growth of mobile
technology in healthcare, there arises a security challenge to the admin-
istrators of the environment to ensure high levels of security and control.
The healthcare environment is a prime target for data and identity
theft due to the available content and detection capabilities. Mobile devices
can provide unwanted access to a variety of data, including contacts, texts,
calls, e-mail, calendars, internal systems, credit card information, and
clinical data. The increases in healthcare security breaches can be tied to
regulation requirements, automation increases, social media development,
and human errors. The economic burden created by these data breaches
in healthcare is estimated at $7 billion annually, with $1 million per orga-
nization annually in case of a breach. Risks of breaches are expected to
continue to grow along with mobile technology usage (IDExperts, 2012).
Contents
15.1 Mobile healthcare environment ..........................................................307
15.2 Mobile security ...................................................................................... 308
15.3 Security methods .................................................................................. 309
15.3.1 Authentication and authorization .......................................... 309
15.3.2 Prevention and resistance .........................................................310
15.3.3 Detection and response ............................................................311
15.4 Security defense .................................................................................... 312
References ........................................................................................................ 313
308 Mobile Electronic Commerce
Security is a major priority to healthcare organizations, given that
patients entrust their detailed information to the organizations. When
security monitoring systems are in place, this information is not always
up to date, generate false positives, and the results vary between ven-
dors. This chapter provides an overview of security intelligence, with
three modules of mobile security, security methods, and application of
a security defense.
15.2 Mobile security
With an increased usage of healthcare information technology such as
e- prescribing, electronic health records (EHRs), personal health records
(PHRs), social media networks, health information exchanges, and mobile
devices, the potential risk of data or information loss has increased (Keckley,
2011). Specically, with the growth in mobile technology, the results of
a 2012 study that reviewed breaches reported to the US Department of
Health and Human Services in response to Health Insurance Portability
and Accountability Act (HIPAA) mandates showed that over 60% of
breaches occurred due to mobile devices that had been lost or stolen
(Kruger and Anschutz, 2013).
One of the main issues of the use of information technology and
mobile devices in healthcare is the high risk of data loss, a security and
privacy aspect that concerns healthcare staff as well as patients. Dened
by the US Department of Health and Human Services as “an individual
right to control the acquisition, uses, or disclosures of his or her identi-
able health data,” health information privacy is an important aspect of
the patient’s experience. In healthcare, there are at least two main catego-
ries of medical records: the EHR, the record created and managed by the
care provider, and the PHR, the record created and managed directly by
the patient. The most popular PHR devices are Microsoft Health Vault
and, previously, Google Health. These products allow users to perform
multiple operations “such as deleting, editing, and sharing their pro-
tected health information (PHI) with multiple entities including family,
friends, and health care professionals,” but besides these useful fea-
tures, mobile PHR devices have their share of risk (Avancha et al., 2012).
While these methods exist and can be used to reduce the risk of infor-
mation theft, a report made in December 2012 in Ponemon’s Third Annual
Benchmark Study on Patient Privacy and Data Security revealed that “81
percent of healthcare organizations permit employees and medical staff to
use their own devices to connect to their organization’s networks or enter-
prise systems” and 54% of these people said they were not condent that
the devices they were using were secure (Kruger and Anschutz, 2013).
At the same time, 66% of the nurses declared they used their smartphones
Get Mobile Electronic Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
