HIPAA
Compliance Tips for Mobile Data Security
Nearly
4 out of 5 healthcare providers use a mobile device for professional purposes.
These numbers continue to rise as healthcare organizations place an increased
focus on efficiency and productivity. (1) Although mobile devices are incredibly
efficient and convenient, they also harbor measurable risks for data breach and
the exposure of protected health information (PHI).
Mobile
devices are often more susceptible to theft because they lack the appropriate security
controls. In fact, mobile device malware infections have surged 96% from 2015
to 2016. (2) To avoid hefty penalties
and the risk of a data breach, healthcare organizations must develop and
implement mobile device procedures and policies that will protect the patient’s
health information.
Below are five recommendations from HHS
(The Department of Health and Human Services) that organizations can take to
help manage mobile devices in the healthcare setting (4):
- Understand the risks before allowing the
use of mobile devices-
Decide whether healthcare providers or medical staff will be permitted to use
mobile devices to access, receive, transmit, or store patients’ health
information or if they will be used as part of the organization’s internal
network or systems, such as an electronic health record system.
- Conduct a risk analysis to identify
threats and vulnerabilities- Consider the risks to your organization when permitting the
use of mobile devices to transmit health information. Solo providers may conduct
the risk analysis on their practice, however, those working for a large
provider, the organization may conduct it.
- Identify a mobile device risk management
strategy, including privacy and security safeguards- A risk management strategy will
help healthcare organizations develop and implement mobile device safeguards to
reduce risks identified in the risk analysis. Include the evaluation and
regular maintenance of the mobile device safeguards put in place.
- Develop, document, and implement mobile
device policies and procedures to safeguard health information. Some topics to consider when
developing mobile device policies and procedures are:
- Mobile
device management
- Using
your own device
- Restrictions
on mobile device use
- Security
or configuration settings for mobile devices
- Conduct mobile device privacy and
security awareness and ongoing training/education for providers and
professionals (4)
References:
- https://www.informationweek.com/mobile/80--of-doctors-use-mobile-devices-at-work/d/d-id/1100880?
- https://pages.nokia.com/8859.Threat.Intelligence.Report.html
- https://www.hipaajournal.com/mobile-data-security-and-hipaa-compliance/
- https://www.healthit.gov/sites/default/files/fact-sheet-managing-mobile-devices-in-your-health-care-organization.pdf