Mobile devices are becoming ubiquitous in the healthcare industry – from quickly filing e-prescriptions to collecting and sending patient health information (PHI) directly to an EHR/EMR (electronic health or medical record) system, the use of smartphones, tablets and other portable devices is changing the quality of patient care for the better across the nation.
But when it comes to securing your mobile devices and meeting strict HIPAA compliance standards, physicians and other healthcare professionals may not realize the security precautions they need to take to prevent a data breach and HIPAA violation.
One example of recommended best practices can be found in Yale University’s HIPAA guide for mobile device security (intended for its covered components, such as the Schools of Medicine, Health Services, etc.) including:
Smartphone Security
This is a great start when it comes to documenting and specifying the security measures your organization needs to take, but don’t just copy and paste these policies. Every company has different needs that require a customized plan to keep PHI safe.
Also, not every device is created equal. Last year, BGR.com found a major security flaw in the security lock design of AT&T’s Samsung Galaxy S II cellphone that left it open to a simple workaround, allowing users to bypass the PIN or unlock feature. If you tap the lock button to wake it, wait for it to time out and go black, then tap the lock button again, the phone is suddenly accessible and the PIN rendered useless.
Make sure you know your device and its features, and deploy similar security measures as found above to stay compliant even on the go.
For more on IT security and best practices, read HIPAA Compliant IT Security and Best Practices. Or for more about smartphone security, read Mobile Security: How Safe is Your Data?
References:
Yale University’s HIPAA Security Updates and Reminders
Major Security Flaw Lets Anyone Bypass AT&T Samsung Galaxy S II Security
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.