11-14-13 | Blog Post
The Dept. of Health & Human Services has a HIPAA security guide outlining their recommendations for securing ePHI (electronic protected health information) on mobile devices, including remote access. The HHS covers ePHI in a variety of instances ranging from accessing, storing and transmitting data.
Their format presents a potential risk, then the technical, administrative or physical security recommendation to prevent said risk. Below I’ve summarized their guide to highlight some of the top pointers along with some additional technical info:
Accessing ePHI
Risk: Password or user login info was lost or stolen, resulting in either unauthorized access or viewing/modification of ePHI.
How to Mitigate:
Risk: Systems infected by an external device with the intent to gain remote access to systems housing ePHI.
How to Mitigate:
Storing ePHI
Risk: Laptop or other portable device is lost or stolen, allowing unauthorized access or modification to ePHI.
How to Mitigate:
Risk: Using an external device to access corporate data, resulting in the loss of critical ePHI on the remote device.
How to Mitigate:
Transmitting ePHI
Risk: Data intercepted and stolen, or modified during transmission.
How to Mitigate:
Related Articles:
HIPAA Encryption: Protecting Patient Data on Tablets & Smartphones
A guest blog from HITECHAnswers.net lists security tips from HHS.gov to help ensure that patient data is secure in a BYOD (Bring Your Own Device) environment that includes the use of personal devices such as iPhones and iPads in the … Continue reading →
Overcoming Healthcare CIO Challenges with Secure & Scalable HIPAA Hosting
McKesson’s Understanding Your CIO article catalogues a list of statistics derived from surveys, polls and interviews of healthcare CIOs. It’s a very informative snapshot of the position’s latest responsibilities and concerns as the healthcare IT landscape rapidly evolves due to … Continue reading →
2013 Mobile Security: BYOD Resource Roundup
Here’s the best of mobile security from 2013, including articles, white papers, previously recorded webinars and more that explain mobile health IT (mHealth) data security and how to prevent compromised data in your organization. Online Tech is also headed to … Continue reading →
References:
HIPAA Security Guide for Remote Use (PDF)