Security standards are in effect to address the confidentiality, integrity, and availability of electronic protected health information that we use today. This is in force to satisfy the HIPAA Security Rule.

Any time a mobile device is in use that transmits protected health information the operator of the device must be aware of the HIPAA requirements. Safeguards must be in use to conform with the HIPAA Privacy Rule.  HIPAA and mobile device safeguards have become a very important topic.

It is our intention to present standards that may help you in your daily practice as you protect electronic protected health information.

Password and Authentication

One of the key features of the Security Safeguards is authentication.

Authentication allows one to verify the user identity for the device or the process that is active. Today almost all mobile devices require the use of passcodes, PINs or passwords to gain entry. Another tool that is also in great use today is two factor authentication. This gives a second layer of security in obtaining access to a device or website.

Many devices today will also use a masking device that prevents the password field from being seen. Devices also should have a configuration that causes them to be turned off after a certain period of inactivity. This helps prevent access by unauthorized individual

Security software Must be Up to Date

To protect your mobile device, it is important to do regular updates of the software. Most updates are meant to give the best security by eliminating any weaknesses that may allow unauthorized access to your device. This is very important if it contains protected health information.

Encryption is Important

Today almost every device has the capability of using encryption to protect the data which it stores. This is a tool which converts data into a secret code which can only be read if someone has the key which allows decryption of the data. If your device does not have that capability, an encryption app may be purchased and installed on the device. This can easily be added to mobile devices such as phones, laptops and flash drives.

Firewalls

Firewalls were created to block incoming or outgoing connections into your network based on criteria you have established. This is an ideal technical safeguard that will help you protect your PHI.

Remote Wiping and/or Remote Disabling

If for some reason you would ever lose your mobile device, you may be able to further protect your data using remote wiping or remote disabling. Data stored on a mobile device can be remotely wiped and thus prevent any access to your data. This can be reversed in the future if the device is found.

Antivirus Software

In this age it is mandatory that any individual use some type of antivirus software if they are in any way connected to a network or the internet. This will help protect from any malicious applications such as malware, spyware or viruses.

Control Your Device

It is of great importance you always maintain control of your device especially if it contains sensitive data or protected health information. This applies to laptops, cell phoned and portable flash drives. If you have to travel with a device do not leave it unattended in a car as it could be stolen. Keep it on your person or in a secure location.

We hope this information will be of help to you in meeting the requirements of the HIPAA Privacy Rule.

Mobile Device Safeguards

File Sharing Applications

In the last few years file sharing has become a very common practice. Most will not recognize the dangers this can lead to when protected health information or sensitive data is concerned.

File sharing often will enable unauthorized sharing of your data without your knowledge. If you want to protect your information do not use file sharing. Disable this option on your system.

Mobile Applications

When considering new mobile apps it is very important to carefully review these products before accepting them into your mobile device. These are usually purchased for a specific reason such as for better productivity within your system. Unfortunately, many apps also have functions that may be detrimental to your security. Carefully review each app for its reliability.

Discarding or Reusing Mobile Devices

It is common sense that you must delete all your sensitive data before discarding a laptop, external disc drive or a flash drive. Unfortunately, many will make this mistake. Don’t make this error. There are guidelines published by the National Institute of Standards and Technology (NIT) which you should consider.

Public Wi-Fi and a VPN

Wi-Fi can be a problem for sensitive data due to the many dangers involved in a public setting. Due to the lack of security, in these settings it is possible to be exposed to unauthorized access to your data. First, it is reasonable not to use public Wi-Fi at all, but if you must, consider using a VPN. This will establish a secure and encrypted connection that provides great security.

For more information on Safeguards.