In the course of taking care of our health, doctors, hospitals, and clinics gather and handle some of our most private information. Ideally, they would employ the best processes and deploy the most secure technology to protect our Protected Health Information (PHI). In practice, this is difficult to achieve.
For one, medical records are tempting targets for cybercriminals, offering 10 times the payout on the black market compared to stolen credit card numbers. Also, the culture of healthcare – where providing excellent patient care naturally remains the focus – means that security and privacy can be lower in priority. When you see the insides and outsides of patients, and are working through life-or-death situations, PHI may seem less important.
Healthcare technology also tends to be older, due to the cost and time involved in upgrading. And healthcare regulations and policies haven’t kept up with the cyberthreat landscape.
This leads to cases such as the UK’s National Health Service (NHS). According to an article in The Guardian newspaper earlier this month, doctors are using Snapchat to share patient x-rays and other bodily scans as a workaround to fax machines and other antiquated technology that apparently still predominate.
“The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the world’s largest purchaser of fax machines,” declared the report, written by an independent panel of experts commissioned by a Google subsidiary called DeepMind Health that helps test and introduce new technology for the NHS.
Saddled with this, it’s little wonder that some NHS clinicians are seeking newer tech alternatives, albeit non-secured ones.
“It is difficult to criticize these individuals, given that this makes their job possible,” wrote the report’s authors. “However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.”
I spoke with Inside BlackBerry’s Jason Middleton more about the culture of healthcare security from my perspective as someone who used to be on the front lines. Listen to the audio interview, and also consider joining my July 26 webinar, 4 Ways to Simplify Physicians’ Workflows.
Productive AND Secure
It doesn’t have to be a choice between old and new technology, neither of them secure. There IS a third way for healthcare institutions – and mainstream enterprises – to both modernize and streamline communication for clinicians and other healthcare workers, and also keep patient info safe and private. That’s becoming even more important as enterprises in Europe, and those that have customers and partners in Europe, prepare to comply with the official launch of the General Data Protection Regulation (GDPR) in May 2018.
As an enterprise software and services provider focused entirely on protecting the Enterprise of Things, BlackBerry provides a plethora of relevant services and solutions. Our highly-regarded Cybersecurity Services team is adept at diagnosing security weaknesses, recommending a strategy that is BlackBerry Secure, and then helping enterprises realize it. And our BlackBerry Enterprise Portfolio provides a comprehensive set of software for organizations to secure, connect and mobilize their workers.
For instance, our secure messaging service, BBM Enterprise, allows encrypted messaging and picture sharing to your contacts, providing customers with a secure way of sharing content to prevent employees looking for insecure workarounds. In addition to encryption, BBM Enterprise features include:
- Timed messages and pictures allow the sender to control for how long the recipient can view a message or picture.
- The Message Expiry policy allows an administrator to control how long sent and received messages and pictures remain visible in a chat. One of our customers, Grand River Hospital, has the view time set for 48 hours.
- When taking a picture within the BBM Enterprise app and sharing it with a contact, you can choose to not have the picture saved on the sender’s device.
- Administrators can also Disable Copy to prevent a user from copying/sharing a message, or saving/sharing a picture received in a chat.
- Our recently-launched BBM Enterprise SDK allows organizations to embed secure messaging into their apps and services. One of our partners, Oculys, is using the BBM Enterprise SDK to take patient care to a (secure) cloud.
Platforms and Partners
Our secure file-sharing platform, BlackBerry Workspaces, can also help. Doctors and nurses can still take pictures of patients with their mobile devices but, rather than saving them to the camera roll of their phone or tablet, they can securely upload the images into Workspaces, from where they can be shared securely only to the contacts and organizations you have explicitly approved. Read more about how Workspaces’ Digital Rights Management (DRM) technology works here.
BlackBerry Dynamics is our mobile application development and management platform tailored for enterprises. More than 4,000 productivity apps have been created by enterprises and third-party developers on Dynamics. Several ISV-created apps can help healthcare providers communicate more securely and more easily.
CAPTOR for BlackBerry (right) boasts the familiar user interface of popular consumer apps for capturing and sharing photos, video, audio and documents, but with the data protection and enterprise controls that enable compliance with regulations such as HIPAA and meet IT requirements. This combination satisfies all parties involved – physicians, patients, IT security managers, and regulatory auditors.
Notate. Healthcare professionals can use Notate to capture scans and patient records and securely send them to colleagues (using the software’s FIPS-certified encryption and integration with Mobile Device Management (MDM) software such as our BlackBerry UEM). The scans remain encrypted on the device and in transit, and never appear on the unprotected camera roll, or in the cloud. This allows healthcare professionals to meet government regulations to keep patient information private.
Enterprises, especially healthcare providers, need to take patient and customer privacy seriously. They also need to give their workers up-to-date tools so they don’t seek consumer-grade, insecure workarounds. Why not deploy technology that combines unbeatable productivity and top-flight security into a single package? Call it whole-body wellness for enterprises.
Don’t forget to check out my July 26th Webinar, 4 Ways to Simplify Physicians’ Workflows, as I delve deeper into these topics and answer your questions.