Include minimum standards in your mobile device policy
HIM Connection, March 21, 2006
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Mobile devices, such as laptop computers, personal digital assistants (PDAs), and tablet personal computers (PCs), offer convenience, increased efficiency, and remote access for most who use them. But along with the benefits come potential risks and problems.
Organizations that choose to use mobile devices must have policies that provide minimum standards for use, says Kevin Beaver, CISSP, independent information security consultant with Principle Logic, LLC, in Acworth, GA. Part of your policy should cover required technical safeguards, including the following:
- Power-on passwords. Passwords for powering on a device provide a good first layer of security, Beaver says.
- System passwords. Beyond having a password for turning on a device, you should require log-on passwords for operating systems such Microsoft Windows®, he says.
- Hard drive/storage device encryption. This is a must in the event of loss of theft, says Beaver.
- Antivirus/antispyware software.
- Personal firewall software. "If you don't have it, a hacker could connect right into the system and do a lot of damage-stealing or deleting information," he says.
- Network encryption. This applies more to wireless devices, Beaver says. Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP) are examples of protocols for securing wireless networks. WEP is not ideal, but it should be a minimum requirement, he says. "The latest version of WPA, WPA2, is much more secure."
Keep in mind that some devices don't support certain security technologies, Beaver adds. "This is something you need to consider before purchasing a device." Remember, security involves more than just technology.
This article was adapted from the newsletter Electronic Health Records Briefing, published by HCPro, Inc.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched