Corporate Compliance

TIP: Protect mobile devices from security risks

Compliance Monitor, October 5, 2011

With the widespread use of mobile devices, healthcare organizations must take steps to protect patient PHI. The good news is that healthcare organizations and providers can optimize their use of these devices while safeguarding PHI, consultants say.

Experts in the fields of healthcare IT, security and privacy, data breaches, and identity theft recommend the following measures:

Recognize the advantages of ePHI and implement security measures. Despite its risks, ePHI has advantages, says Jill Arena, managing partner of Health e Practice Solutions, LLC, a consulting and technology solutions company in Portland, OR.
Remember that paper records also carry risks. "As we move to introduce iPad applications that integrate with physicians' electronic medical records products, we can edit, route, and capture signatures on patient forms without ever dropping them to paper," Arena says. "This allows physicians and their office staff to recapture valuable staff time, and it keeps paper forms with PHI, Social Security numbers, and other sensitive information from floating around the clinic and potentially falling into the wrong hands."
Conduct a risk assessment of your mobile ¬devices. You've heard this before, but it's a vital step, says Chad Boeckmann, president of Secure Digital ¬Solutions, LLC, in Minnetonka, MN. “Anytime an organization extends information beyond its walls, a risk assessment should be conducted to determine the level of security controls, including monitoring of those controls,” says Boeckmann.
Implement a program that includes staff ¬training. The amount of PHI stored on mobile devices necessitates an effective program to ensure that the information remains private and secure, says Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI, principal and owner of Rebecca Herold& Associates, LLC, a consulting firm in Des Moines, IA. "Because of the combination of increased business and patient data storage and entrusting mobile ¬workers with mobile computing devices, it is vital that an effective mobile computing device and storage media security and privacy management program is in place."
Secure your Wi-Fi™ network and mobile ¬devices. Many Wi-Fi networks in hospitals and physician offices are not secure, says Rick Kam, president and cofounder of ID Experts in Portland, OR. Coupled with the increased use of mobile devices, this puts -patient data at risk, he says.
Be wary of and protect against hackers. Lost mobile devices are the cause of many breaches reported to OCR. However, these devices are also vulnerable to theft and hacking.


Editor’s note: The previous article is an adapted from the October 2011 Strategies for Health Care Compliance.

Most Popular