• E-mail
• Print
• RSS

Staff at our facility often use PDAs. How can we prevent security breaches?

HIPAA Weekly Advisor, May 17, 2002

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: Staff at our facility often use PDAs. How can we prevent security breaches?

A: The foundation of any information security effort lies in your policies. Personal digital assistant (PDA) security is no different.

Consider the following questions and incorporate the answers into your policy:

Ownership
Will you allow PDAs that are not owned by your organization to access the network and store protected health information, and if so how will you regulate these devices?

Standardization
Should you adopt one or more devices as your standard for all departments, which can include strong security protections?

Backup
How will data from PDAs be backed up?

Audits
How will you conduct audits of PDA usage?

Synchronization
What restrictions will you place on synchronization of these devices?

Passwords
What password requirements will you place on these devices?

Encryption
What encryption methods will you require for PDAs?

Configuration
What software configuration will you allow on PDAs?

Retrieval
How will you ensure that PDAs are returned by departing employees?

Permissions
Who will be allowed to remove PDAs from the organization?

Non-network usage
How do you prevent PDAs from being connected to the Internet while linking to the organization's network?

Editor's note: Answered by Rebecca Herold, CISSP, CISA, FLMI, of New York-based ThruPoint network systems consultants and adapted from the May 2002 issue of Healthcare Information Security.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive