By following basic security practices and policies, you can make your devices HIPAA compliant and keep your data safe.
The rise of mobile devices in healthcare organizations generally means more convenience in the workplace. Mobile devices can help doctors work more quickly, process information faster, and simplify paperwork.
Unfortunately, mobile devices can present problems in data security for healthcare organizations.
If not secured properly, data can easily be stolen from mobile devices. Without proper security protocols, you could lose sensitive data from your employees’ phones and tablets.
Does that mean you should not use mobile devices? Not necessarily. You just need to take the right security precautions when introducing mobile devices into your organization.
See also: Securing Mobile Devices with Mobile Encryption
What’s so risky about using mobile devices in healthcare? Generally, mobile devices don’t have as many security protocols in place as computers, such as firewalls, encryption, or antivirus software.
Some other reasons mobile devices can be a risk include:
See also: 5 Ways Your Mobile Device Can Get Malware
Just like your computer has basic security practices, your mobile devices should have these same practices.
Here are some practices to consider:
These practices can keep your mobile devices from getting infected by malware and prevent possible breaches as long as your employees are trained on these subjects from your policies and procedures.
See also: SecurityMetrics HIPAA Guide
HIPAA requires healthcare entities to encrypt electronic protected health information (PHI). All PHI that’s sorted or transmitted in systems and work devices must be encrypted. This includes mobile devices as well.
If you backup your mobile device on your hard drive, make sure the backups are encrypted as well.
Keep in mind that most mobile encryption services aren’t as secure as other devices because most mobile devices aren’t equipped with the most secure encryption. Mobile technology is only as secure as a device’s passcode.
See also: Medical Data Encryption: Keeping Your PHI Secure
A four-digit pass code can be easily cracked with the right tools. Choosing a pass code with at least 8 characters and having the device lock out after a number of attempts will help you make breaking into your phone a little trickier.
See also: How to Do Passwords Right: Password Management Best Practices
The ideal passcode has eight characters or more, contains alphanumeric and special characters, and doesn’t contain dictionary words (e.g., Ilovefootball1 is no good).
See also: Healthcare's Password Security is Embarrassing
Older operating systems and app versions tend to have errors that make them vulnerable to possible data attacks. Just like computers, mobile devices need to be patched often to eliminate vulnerabilities.
It’s important to update each app installed on devices. It only takes one faulty app to introduce malware to your device, putting your data at risk.
Fortunately, updating mobile device software is fairly simple and doesn’t take much time.
Even the best security policies aren’t that helpful if your employees aren’t following them. It’s important to train your employees in your mobile security policies. Some things to help employees remember are:
It’s up to you to make sure your mobile devices aren’t responsible for a data breach. By following basic security practices and policies, you can make your devices HIPAA compliant and keep your data safe.
Want to know more about securing your organization’s mobile devices? Read our white paper 5 Tips for HIPAA Compliant Mobile Devices.
.svg)
