In the world of providing patient care, what does it mean to have a little more security on your phone?
Let’s first jump back to the HIPAA basics. Remember that we’re concerned with three factors surrounding ePHI. Now, let’s narrow the scope here and avoid a brutally lengthy series of hoop jumping to connect iPhones to [highlight]integrity[/highlight] and [highlight]availability[/highlight].
What does that leave? [highlight]Confidentiality[/highlight].
Through backend systems like Google Apps, Microsoft Exchange Server, and Office 365, organizations have long been able to centrally police security settings on mobile devices. For example, Surgical Hospital ABC can dictate that any phone wanting to sync email, calendar, and contacts must submit to some basic safeguards.
Safeguards that, For example, prevent anyone from simply picking up your phone and perusing the contained data?
The alternative to this of course, is to force the snooper (and, potentially inconveniently, the phone owner) to enter a password first.
Enter the iPhone 5s
The fingerprint reading system (TouchID) on Apple’s flagship mobile is a piece of technology that, in a very friendly way, allows your phone to require a press of your finger in order to begin use.
It’s a great little marvel but on the surface its daily positive impact to you will likely only be measured in seconds.
Why it matters
Based on nothing scientific, we estimate that TouchID has resulted in an increased percentage of Americans walking around with locked phones. It’s simply more effective than a password and is probably pushing at least 1 out of 10 people over the top into proceeding with a little additional security.
Why it doesn’t
Lets look at 100 healthcare workers using iPhones to access their organization medical record system. They tap a specific app or open a mobile browser and after a few security hoops they’re interacting with patient data. None of those hoops was or could be TouchID because Apple hasn’t enabled that yet. That’s the key here; until TouchID can be tapped into by the various vendors we all rely on to develop security around our patient data it’s going to continue playing only a minor role.
We’ll be keeping an eye out for news of a change.