Those shopping for a system to help manage security controls and applications on smart phones, tablets and other mobile devices need to "take some time to get beyond the marketing-speak ... and really dig in to what it can do, at what scale it can do it and how reliable it is," Kirby says.
"As usual, I'm sorry to say the first thing that happens is we create security challenges and they go on for three or four years until the market catches up and meets those challenges," he adds.
In an interview following his presentation at the National HIPAA Summit in Washington, Kirby offers other advice on mobile device security, including:
- Organizations enabling employees to use personally-owned devices for work-related purposes should investigate "sandbox" applications that help segment business and personal applications on the devices.
- All mobile devices should be equipped with specialized applications to be used if the devices are lost or stolen. These applications, for example, can remotely wipe stored data, remotely lock the device or help locate the device.
- Organizations should educate staff to make the most of available security tools, especially authentication.
Kirby has more than 30 years of experience in healthcare information technology. As president of Kirby Information Management Consulting LLC, he provides consulting in information security and privacy and emerging information technology. He formerly served in several roles at Duke University Health System, including information security officer, telehealth director, and director of the Center for Information Technology Innovation. He is founder and current co-chair of the Academic Medical Center Privacy and Security Conference series. He's also the current project manager for the North Carolina TeleHealth Network, a broadband network for health implemented statewide.