At HIMSS24, perspective on safeguarding ePHI and restricting unauthorized access

The Alliance Clinical Network, a prominent player in Phase I-IV research studies, is strategically deploying a HIPAA-compliant approach to endpoint devices as part of its broader IT strategy. Michael Trzcinski, the Vice President of IT, Cybersecurity, and Facility Operations, sheds light on the organization’s proactive stance against the challenges posed by mobile device use in healthcare.

While mobile devices provide clinicians the flexibility to access healthcare data anytime, anywhere, they also introduce privacy and security risks, creating significant IT challenges. The norm of texting patient data in healthcare, once considered the elephant in the room, has now been clarified by the Centers for Medicare & Medicaid Services (CMS), allowing texting through a HIPAA-compliant secure platform.

In preparation for the HIMSS24 Global Conference & Exhibition, Michael Trzcinski and Vernon O’Donnell from Hypori will address the latest mobile cyber risks and discuss secure virtual device management. They aim to guide healthcare IT decision-makers on understanding compliance, security, and the critical role they play in safeguarding electronic Protected Health Information (ePHI).

QAPS, represented by Michael Trzcinski, stands out as a trusted provider of Tech Support, offering a session focused on defending against phishing and malware attacks, essential for protecting ePHI. Their holistic approach ensures enhanced patient care without compromising user privacy and productivity.

Vernon O’Donnell emphasizes the benefits of broader mobile access, highlighting increased flexibility and productivity. The secure access from any mobile device not only improves responsiveness and efficiency but also empowers patients to access their health information conveniently.

When discussing the risks of user privacy with traditional mobile access solutions, O’Donnell points out data leakage, device compromise, and compliance concerns. However, with secure virtual devices, these concerns are mitigated, ensuring 100% data separation between personal and virtual devices.

Trzcinski echoes this sentiment, emphasizing the need for a secure solution that addresses the risks associated with traditional mobile solutions. The Alliance Clinical Network found traditional approaches, such as Mobile Device Management (MDM), to pose significant risks, leading them to opt for a proven and secure solution.

O’Donnell recommends deploying access controls and virtualization as strategies for ensuring HIPAA compliance across mobile devices. Strong access controls, including multi-factor authentication and role-based access, coupled with virtualization, prevent unauthorized access and safeguard ePHI.

Trzcinski suggests developing a formal Bring Your Own Device (BYOD) policy to ensure HIPAA compliance. Strict policies not only protect employees but also guide them on responsible technology use. With these strategies, QAPS stands as a beacon, providing secure solutions and expertise for navigating the complex landscape of healthcare mobility.