In a survey reported on the BBC News site, it is claimed that the NHS is failing to use adequate security on portable data storage devices.
I could explore this for hours with the authors.
Although there is the risk of self-interest in the survey being carried out by Pointsec, a mobile data security business, you have to acknowledge that this is how these surveys are funded. The involvement of the British Journal of Healthcare Computing should provide a steadying hand (although they need something tasty to write about).
Anyway, let's put that behind us and think about what we mean by adequate security in the context of healthcare IT. Sure, sensitive patient data is being carried around on mobile devices by doctors. If those devices fall into the wrong hands then we can do nothing but consider that to be a bad thing. It goes without saying.
However, what did we used to do? We used to carry all that sensitive information on paper in briefcases... often quite attractive, solid, leather cases. Emminently thievable. This is not a new risk.
I'm not saying that mobile security doesn't need addressing, but we should take this in context. The nature of the risk environment has certainly changed:
1. More records are stored on the mobile devices than was carried around on paper.
2. More details are stored in each record to improve clinical decision making.
3. Healthcare IT credibility is influenced by the consequences of security compromise- no one was responsible for paper!
4. Users depend on expert advice to assess and ensure security.
Tags: technology, business, mobile, IT, computing, NHS, healthcare, healthcare IT, security, PDA, Pointsec