Best Practices To Secure and Optimize Your iPadMarch 21, 2012
Securing protected health information (PHI) should be a top priority for all providers and medical organizations. As access to patient information continues to evolve and become even more accessible via mobile devices, implementing sound security measures and practices is the path to effectively mitigating PHI breaches. I will be posting an article soon titled, Five Best Practices For Medical Organizations To Protect Against PHI Breaches.
Until then, please enjoy this very insightful article highlighting best practices to secure and optimize your iPad written by Michelle McNickle, Web Content Producer and contributor to Healthcare IT News.
The iPad has become a mainstay in the industry, but with its increased use comes the increased risk of breaches. And although preventing them seems basic, Christina Thielst, vice president at Tower Strategies and author of the blog Christina’s Considerations, believes there are benefits to be had from discussing simple ways to not only protect, but also optimize your iPad.
“This is important because of the rise in data breaches, the rise in the risks, and the rapid increase in malicious attacks,” she said. “It’s why we have to talk about it rather than not worry.”
Thielst helped outline 10 simple ways to secure and optimize your iPad.
1. Use the password, auto-lock, and auto-erase functions smartly. Although they may seem routine, said Theilst, these simple functions can make all the difference if an iPad becomes lost or stolen. “So let’s say you’re a doctor and you have this iPad, and you have some confidential information on it,” she said. “The way it’s set up, you can select how many attempts you want [to put in your password] – 10, or whatever you feel comfortable with – and it would auto-erase the data on the iPad if someone tried guessing your password or tried getting into it.” Thielst added that when organizations begin rolling out their tablet or smartphone programs, they should consider connecting all the devices to the IT department. “Even if they’re allowing people to bring their own [devices] in, they need to have safeguards in place,” she said. “So if they’re stolen, they can remotely auto-wipe the device.”
2. Limit access to confidential information to that on VPN’s when in a public place or on unsecured networks, and disable the Blue Tooth function after use. Thielst prefaced her point by mentioning the number of breaches and class action lawsuits that are taking place as a result of unsecure devices. “The reason it’s becoming more of an issue is because of the rise in malicious attacks,” she said. “These are people who are actively trying to turn it into money…it could be medical identity theft or financial. There was one recent case where someone used information because his wife didn’t have healthcare coverage; she acted as this patient to receive her healthcare. It’s because of these malicious attacks that we have to be careful.” So, she said, be wary of public or unsecured networks and keeping your Blue Tooth on after using it. “You’re sending out waves, and they can use it to get into your device,” she said. “If there’s anything you’re not actively using, it’s better to shut it down.”
[See also: iPad helps docs go paperless.]
3. Permanently mark or engrave your iPad to help with identification. “This is something fairly simple,” said Thielst, but it can be helpful if an iPad is lost or stolen. “Maybe it’s accidental and it gets mixed up with someone else’s,” she said. “It’s an easy way to see it’s yours.” When it comes to including information other than your name on the iPad, Thielst said it’s whatever you feel most comfortable with. “Maybe a phone number…it depends how much you want to share, and you have to think it through. How do you want people to get a hold of you if your iPad is lost? Having your name and a number of the back is an easy way for them to return it.”
4. Consider cases with tethered locks. Tablets are great educational tools for patients, said Thielst, “but you can’t just give a patient a tablet,” she said. “Things have a habit of walking away. Even if you’re using them in a facility and it’s not with a patient but on the nursing station or something, you want to secure these things.” Thielst recommended cases that come with a tethered lock, similar to those for bicycles. “There’s a cable and there’s a lock on it, so you can physically loop it around the side rail of a bed, for example,” she said. And the same can be done in the nurses’ station. “So it doesn’t disappear,” she said. “Things, unfortunately, in hospitals, tend to disappear.”
5. Only download apps and open files from trusted sources. Although the Apple store is an obvious safe choice, Thielst said there’s nothing stopping users from visiting various sites and downloading apps as well. However, she said, “I heard recently Continua is starting to certify medical apps…they certified their first one, so if that materializes and you have this body that’s certifying medical apps, I think that’s good.” She said she approaches any type of download with caution, to minimize the risk, “rather than expecting someone else to handle it for me,” she said. “I think it goes back to your approach as a regular consumer. I could probably feel fairly comfortable I’m not going to have a problem with it, but if I start having a lot of health information on my tablet, and I’m a doctor, that’s where the risk increases.”
6. Look for apps that take advantage of the iPad’s native capability. When using the iPad for business purposes, said Jordan Stopler, CEO at publishing platform StoryDesk, look beyond its typical functions. “The iPad has a sophisticated microprocessor, location-based tracking, a keyboard, two cameras, a touch screen, and more,” he said. “These capabilities can be used to perform tasks for [the organization] that create real ROI. But it’s going to take some work and experimentation to identify opportunities beyond today’s convention of slide shows and email.”
[See also: iPad EHR gets certified…what next?.]
7. Consider GPS tracking technologies or apps to help locate a lost or stolen iPad. Thielst predicted GPS tracking apps and technologies will be popular in the upcoming months. “My guess is it’s fairly early in the process, but pretty soon, we should start hearing about some sort of app like that,” she said. “And it’ll have everything we want and is from a trusted source.” In the meantime, the “Find My iPhone option,” made available by logging into iCloud.com with your Apple ID and password, allows users to pinpoint the exact location of their iPad or iPhone, message the device, and remotely lock or wipe it.
8. Consider a mobile device management (MDM) solution for security and convenience. “Services like Apperian, AirWatch, and MobileIron can create hosted, internal app stores,” said Stopler. “This lets a company make available a curated offering specific to business needs.” And, he added, it ensures security and system integrity can’t be compromised if an iPad is lost or stolen. “With these services, the apps can be shut down remotely and the contents of the iPad (related to work) deleted.”
9. Ensure any apps downloaded are optimized for an iPad. And that includes making sure the layout and settings are adjusted for the actual screen size, said Thielst, to reduce frustration and the risk of missing important information. “If you’re a physician or a nurse and you can’t see an icon because it’s set up for a desktop computer or smartphone, you could be missing something important,” she said. “So just making sure that whatever apps you’re using, they’re developed with the iPad or tablet in mind.”
10. Carry adapters for iPad to VGA and HDMI. Once again, when it comes to business use, Stopler suggests carrying these adapters. “The intimacy of the iPad works in one-on-one presentations, but for larger audiences, it’s best to connect to a projector or monitor,” he said. “Buy several of them and hand them out liberally to your team.”