5 Steps to Keep Mobile Devices Secure
Greater numbers of health care providers adopting smartphones and tablets (such as the iPad) means greater concerns about the security of patient health information stored on such devices. And, as reported by Pamela Lewis Dolan of amednews, if a portable device gets lost (or worse, stolen), you can be fairly certain that whoever finds it will try to access the information contained within it.
Dolan’s article, “How to ensure a lost mobile device won’t cause a data breach” notes that data encryption is the best tool to guard against a data breach. Under the Health Insurance Portability and Accountability Act (HIPAA), encryption is strongly encouraged, and is required unless there’s a technology limitation or some other compelling reason encryption is not possible. Under federal law, the presence of encryption is a safe harbor that would negate a health care organization’s obligation to report a data breach.
Unfortunately, encryption of mobile devices poses technical difficulties, at least in the present; however, there are additional steps you can take to secure mobile devices. Dolan offers the following:
- Pick the right device: Some devices have encryption for all or some data, while others require downloading apps to provide the service. Reading reviews at the app stores and getting advice from previous users and employees at the mobile phone companies will help find the best solutions.
- Use a passcode lock, and set the device to lock or remotely wipe the memory after several failed login attempts.
- Add a second layer of protection between the main menu of the phone and access to confidential files and apps. Many smartphone apps offer automated logins, which means that you can enter a website without having to provide a password. Enacting a required login to apps that carry sensitive information improves security.
- Before donating or selling a used device, restore the operating system to the factory settings. Without this step, you can never be sure the new owner won’t have access to data previously stored on the device.
- Talk to an attorney to help ensure that any privacy and security protections placed on your mobile devices are HIPAA-compliant.
Sidebar: The Office of the Chief Privacy Officer (OCPO) for the Office of the National Coordinator for Health Information Technology (ONC) recently launched a privacy and security mobile device project. The project builds on the existing U.S. Department of Health & Human Services (HHS) HIPAA Security Rule – Remote Use Guidance and is designed to identify privacy and security good practices for mobile devices.
Event videos and materials from the March 16 Mobile Devices Roundtable are available online.