How Security Doesn’t Always Mean a Trade-Off for Usability in Healthcare

A consequence of the unprecedented rate of advances in technology has brought the topic of usability of devices in the workplace to the fore. Usability used to be a 'nice to have' but with experiences and expectations heightened by the fantastic usability of personal mobile devices it has become a 'must-have'. The corporate healthcare IT environment is faced with a challenge.

Taming the BYOD culture

Either they invest in great corporate IT user experiences for employees or they'll be exposed to the dangers of the 'Bring Your Own Device' (BYOD) to work movement. And healthcare workers are amongst the first to look for workarounds such as BYOD when usability of their IT is having a negative impact on their workflow.

If organisations allow a BYOD culture to become established they face heightened security and privacy risks which can often result in data breaches. Since 2010, the Information Commissioner's Office (ICO) in the UK has fined organisations more than £6.7m for data protection breaches. Of this, the healthcare sector suffered fines of some £1.3m alone, which accounts for nearly 30% of the British public sector penalties.

These costs highlight the importance of avoiding data breaches, particularly as the UK's public sector health organisations rapidly moved towards cloud-based electronic health records under the Personalised Health and Care 2020 framework. If data security is lacking because of workarounds it may well negate the predicted cost-effective benefits of moving to electronic health records for both patient and provider.

The 2020 framework acknowledges that, "In part, some of the barriers to reaping those benefits are comparatively mundane: a lack of universal Wi-Fi access, a failure to provide computers or tablets to ward or community-based staff, and outmoded security procedures that, by frustrating health and care professionals, encourage inappropriate ‘workarounds.’”

Mitigating risk of loss or theft

Loss or theft of devices is another common cause of data breaches in healthcare. An audit of 19 UK health-related organisations by the ICO concluded that "a number of organisations visited did not have effective asset management in place for IT hardware and software; this raises the risk of the business not knowing what devices are in circulation and therefore not becoming aware if one is lost or stolen."

There are a number of options to mitigate risk in these circumstances. First, usability and security can be vastly enhanced using Multi-Factor Authentication (MFA), which when combined with Single Sign On (SSO) reduces the overall number of device logins required. Second, replacing unencrypted conventional hard drives with SSDs (Solid State Drives) + encryption lowers the risk in the event of theft or loss but also improves data access performance. And that's a win-win result for all healthcare professionals.

Effective security is like a chain, it requires the securing of all points and either removing or repairing the weak links. Intel Security Group's solutions has security covered from mobile devices, through networks to back-end servers. We're already helping healthcare organisations across the globe to embrace the rapidly changing face of technology in the healthcare sector while managing risk and improving that all-important usability.

We've produced a whitepaper on Healthcare Friendly Security which will help you strike the balance between fantastic usability and industry-leading security in your organisation. Grab your free download today.

David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts