TORONTO — Mobile technologies hold the promise of more accurate and efficient health care delivery, yet their use raises serious security concerns, attendees of the iNet Mini-Conference heard Wednesday.
“”The importance of protecting health info is extremely high. If you had the choice
of having your information on the Internet, would you choose your health information or your financial information?”” Michael McDermand, vice-president of health care solutions for Computer Associates International Inc. asked the audience. A show of hands revealed most in attendance would rather have their finances aired to the world and their ailments kept private.
McDermand said security breaches are not a unique side-effect of wireless technology use — he cited the case of country singer Tammy Wynette, whose medical records were stolen and sold to The National Enquirer by an internal Pittsburgh University Medical Centre employee —but added wireless technology brings new concerns.
He said staff accessing the network wirelessly from a nearby coffee shop could open up new access points for professional hackers, and mentioned hacker tools like WEPcrack that collect encryption packets which they can then use to break passwords in a matter of seconds. As well, McDermand said, with a handful of tools and $10 in parts, including a Pringles can and nylon lock nuts, a potential hacker can hook up a wireless antenna that reaches 10 miles.
“”I think (doctors) are aware that there are security risks, but they’re not aware to the level of the security risks,”” McDermand said. “”As you look at security directors, there are a number of those that are not aware. That’s why we have people going out to scare them.””
Dr. Stephen Lapinsky, director of the Technology Application Unit and associate director of the Intensive Care Unit at Toronto’s Mount Sinai Hospital, said he and his colleagues place a great deal of importance on security.
“”We stopped using patient information on our handhelds for that reason,”” he said, adding the devices are now used only to retrieve medical references and procedure guidelines and to manage patient lists.
Dr. Sheldon Silver, a family doctor and staff physician at The Credit Valley Hospital in Mississauga, Ont., did call McDermand’s revelations “”scary.”” Which is why he doesn’t store patient information on his handlheld, but rather uses it to download information, which can be beamed wirelessly to a printer before it is quickly erased.
He said he has been testing the efficacy of his handheld against traditional methods of information gathering— which include either waiting for the results to arrive or traveling to the hospital, both of which are time consuming — and has seen substantial time savings. Silver added that few doctors use PCs or the Internet in their offices, making handhelds even more attractive.
According to Michael Moskowitz, president and general manager of Palm Canada Inc., more than 35 per cent of Canadian doctors aged 35 to 45 have Palm devices. He said the Palms are saving the doctors about an hour a day each in physician time.
Silver also talked of giving handhelds to patients to enable them to regularly transmit physical or mood changes instantly to physicians and to nurses to facilitate information sharing.
“”Wouldn’t it be great if a nurse visiting a home, could access this wirelessly on her Palm,”” he asked. While he stressed the importance of security, he added, “”We can’t let it stop us either, can we?””
Silver said he was at the conference to listen to security tips from people like McDermand, who stressed the ability f security directors to manage the network and know where people are using devices. He added security directors should use intrusion detection devices to protect data on portal pages and handheld devices and employ enhanced virtual private network (VPN) level encryption. He also said applications should be maintained away from handheld devices.