Home

  • Home
    • » e-Newsletters

Tip: Ensure security of portable computers, media with detailed policy

EHR Connection, October 6, 2008

Portable computers and electronic media containing or used to access confidential data are at greater risk of theft than nonportable items.
 
Examples of portable computers include laptops, tablets, and hand-held devices, such as PDAs, pagers/cell phones with storage and processing capability. Examples of portable media include disks, CDs, some MP3 players, USB drives, storage devices, and “thumb” drives.
 
Ensure greater security of your portable computers and electronic media by including these rules when drafting a policy governing their use: 
  • Inventory of Portable Computers. The information security department will create and maintain an inventory of portable computing devices, including both organization-owned and personally owned, used to access and/or store confidential data.
  • Authorization. Management’s written authorization is necessary before removal of confidential information from electronic media or computers and before accessing or storing confidential information on portable computers.
  • Authentication. Access to portable computers requires at least one form of authentication such as a password or fingerprint.
  • Virus Protection. Install and routinely update anti-virus software on portable devices.
  • Encryption. Install encryption software meeting organization standards and government-endorsed algorithms on portable media leaving the facility.
  • Locking. Lock portable devices (in a drawer or briefcase, for example) unless in use or on one’s person. Lock portable media when left unattended, except in a private office, and when removed from the facility. 
This tip is from The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit published by HCPro, Inc.

Most Popular