Earlier this year, Good Samaritan went well beyond its laptop policies, disabling USB ports across the computers connecting to its network. It was a pre-emptive move to preclude inappropriate data transfers to easily lost devices, Christian explains. Nonetheless, the new policy was not well-received. "It caused consternation," Christian says. Christian fielded a call from a purchasing manager at the hospital who wanted to obtain thumb drives in bulk for the stock room. "I said no," Christian recalls. "These things are so convenient, people could store unencrypted personal health information on them. You can put down a thumb drive and they're gone."
Christian's staff gives alternatives to administrators clamoring for additional digital storage space. An engineering supervisor requested eight large-size thumb drives to store building schematics and piping diagrams, asserting that if he lost the drives, little would be at risk. "I told him it could be a big deal because that is not information everyone should have." Christian created a Microsoft-enabled Sharepoint site on his network for the engineering department; it serves as a semi-private location on the network where files can be stored and accessed by authorized members.
The wound care unit also objected to the closure of the USB ports. They had used the ports to download digital photos to the hospital's EHR. "They weren't conscious they were creating a potential security or breach situation because it was so convenient," Christian recalls. His crew then installed card readers for the cameras. "You have to worry about people inadvertently storing data where they shouldn't."
For more information about securing mobile devices, see July’s issue.