6. Mobile Device Security and HIPAA Compliance
Mobile devices have made life a lot easier for many of us, but they’re not without their faults. In recent years, healthcare providers and other covered entities have been relying more on smartphones, tablets and other mobile devices to get their jobs done.
However, it’s important for these organizations to consider mobile device security and mitigate the risk of exposing ePHI, which compromises private data and incurs heavy penalties.
Technical Safeguards for Mobile Devices
The HIPAA Security Series Guidelines state that covered entities “must consider the use of encryption for transmitting ePHI, particularly over the internet.”
Furthermore, covered entities must “implement technical security measures to guard against unauthorized access to ePHI being transmitted over an electronic communications network.”
A great way to ensure these HIPAA guidelines are met is to implement mobile device management (MDM) policies and software. Whether employees of covered entities are using their own devices (BYOD) or company-issued devices, MDM gives IT managers the ability to manage devices on their network.
If employees use mobile devices to access, store or transmit ePHI, the devices must be encrypted, have multi-layered access controls to authenticate the user and protect ePHI, and have remote-access software.
Mobile Device Security Tips
- Device security: All mobile devices with access to ePHI should have anti-malware software, secure in-platform messaging, and device-level encryption. Apple devices (iPhone, iPad, etc.) using iOS 4 or newer have built-in encryption enabled by default. Android devices running Lollipop (5.X) or newer have built-in encryption enabled by default.
- Remote management: All mobile devices should have remote-management software that allows administrators to lock and wipe the device if it’s lost or stolen.
- Reporting: All mobile devices should have MDM software that allows administrators to monitor your organization's mobile environment in real time.
MAXtech Can Help You
Don’t let poor mobile device security put your patients’ health information at risk. MAXtech specializes in helping healthcare professionals remain HIPAA compliant. with us to see how we can help you.