Health Information Management

Take steps to minimize the security risk for wireless devices

HIM-HIPAA Insider, October 4, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Healthcare organizations can protect sensitive patient ­data in a variety of ways as increasing numbers of healthcare professionals adopt mobile devices, says Rick Kam, president and cofounder of ID Experts ( in Portland, OR.

Many Wi-Fi™ networks in hospitals and other healthcare settings are not secure, he says, and this puts patient data at risk. Kam offers some suggestions for protecting your PHI:
  • Whenever possible, don't store sensitive data on wireless devices. Ensure that data is encrypted when HIPAA requires doing so. Implement data encryption on devices such as laptop computers, PDAs, or smartphones. Data encryption makes information on these devices unreadable by unauthorized persons (e.g., an individual who steals a laptop computer). Encryption also provides a safe harbor under the HITECH Act. This means the ­data is considered secure and organizations do not need to notify individuals if the device is lost or stolen.
  • Enable password protection on wireless devices, and configure the lock screen to appear after a brief period of inactivity. Devices such as the iPhone® and BlackBerry® feature a lock screen that can prevent unintended individuals from accessing information.
  • Activate the remote wipe feature of wireless devices that contain personal information. This allows owners to remotely lock a device or wipe it clean in the event it is lost or stolen.
  • Enable Wi-Fi network security. Do not use wired equivalent privacy (WEP). Wi-Fi protected access (WPA-1) offers better security, but use it only with strong passwords. Use WPA-2 if possible; it is the latest version of this security feature.
  • Change the default service set identifier (SSID) and administrative passwords. The SSID is the name that identifies a particular Wi-Fi network and that the wireless access point or router broadcasts. Other wireless-enabled devices within range of your access point can detect it. Rename the identifier to something recognizable and use a unique password to prevent unauthorized individuals from accessing your network. Use a combination of uppercase and lowercase letters, symbols, and numbers to create a password.
Editor’s note: For more advice on self-disclosure, access the article in its entirety in the September issue of Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular