As smartphone technology in the health care market becomes more innovative and cutting edge, its consumers have become increasingly more tech-savvy. There’s also more awareness that smartphone devices and software can be updated on an ongoing basis after purchase; however, the notion that devices should be updated is still largely under-adopted in the medical community. It’s common to hear the phrases, “I don’t like the way the new version looks,” “I don’t want to learn another new system,” or “I don’t have time for this.” These statements miss the mark on a key point in mobile software: some of the most important enhancements in updates go far beneath the visual surface and could be violating electronic health care laws.
Apple found 53 major security vulnerabilities in older iOS 6 and iOS 7 versions that the company has since patched in iOS 8, its most recent mobile operating system. Apple released iOS 8 on Sept. 17, 2014, and so far 78% of Apple mobile devices are using iOS 8. The remaining 22% of current users are still susceptible to these security vulnerabilities.
How does this affect the millions of health care professionals using their mobile devices for their work? Well for one, not keeping up-to-date software means they’ll miss out on the latest and most beneficial app features that could help with patient care and productivity. But more seriously, ‘update delinquents’ run the risk of being in violation with HIPAA Privacy and Security rules. Under HIPAA, Covered Entities are required to “implement policies and procedures to prevent, detect, contain, and correct security violations (45 CFR 164.308)” for electronic protected health information (ePHI). Furthermore, HIPAA Security and Privacy Rules require that all Covered Entities protect the ePHI that they use or disclose, and recommend, among other precautions such as encryption technology, installing and regularly updating virus-protection software on all portable or remote devices that access ePHI.
Without iOS 8, attackers could intercept user credentials and saved passwords on Safari, install unverified and malicious apps, access text messages and email attachments without authorization, or bypass the screen lock feature altogether, to name a few security vulnerabilities.
Below are five tips to protect and secure the electronic health information on your mobile device:
1. Keep your software up to date! Install security software for added protection.
2. Use a complex password or other user authentication on your home screen.
3. Install and activate remote wiping and/or remote disabling, like Find My iPhone.
4. Research mobile apps before downloading them.
5. Be cognizant of where you leave your mobile device.
Apple’s app submission rules now require that developers use the iOS 8 software kit for new and existing app updates. This means that if you’re running anything lower than iOS 8 on your Apple device after June 1, 2015, you won’t receive updates to your apps. Although Apple won’t remove any apps currently in the App Store, users running iOS 7 or lower won’t be able to download new features or “bug fix” updates. It’s a nudge in the right direction to get the remaining 25% of Apple users onto iOS 8. And for the population of medical professionals who access electronic health data from their mobile devices, including our charge capture and secure messaging users, there are no more excuses for running out-of-date versions. So, if you’re guilty of ignoring software updates or simply can’t remember the last time you updated your iPhone, it’s finally time to update your device to iOS 8 (and every other update thereafter!).