As it has been summarized in a recent ADA News article, we would like to alert our clients to the technological evolution that has allowed health care professionals to access health information on their mobile devices. As this trend continues it is important for health care professionals to take measures that will protect health information when using a mobile device.
The federal government, through the office of the Chief Privacy Officer has provided information that has led to some useful tips for health care professionals. We would like to share these with our clients that are health care professionals in order to better educate them on issues they may encounter. While these tips are not exhaustive or definitive, and compliance does not necessarily make someone compliant with the Health Insurance Portability and Accountability Act Security Rule, they may help protect patient information on mobile devices:
- Lock the device so that user authentication or password is necessary to get in
- Install and enable encryption software (some mobile devices have built-in encryption capabilities or the tools can be purchased or installed)
- Install and activate remote wiping and/or disabling (Remote wiping enables you to erase data on a mobile device remotely, and remote disabling allows you to lock a mobile device if it’s lost or stolen)
- Disable and do not install or use file sharing applications. (File sharing apps allow internet users to connect to each other and access each other’s libraries of media files, and can also allow unauthorized users to access your device without your knowledge)
- Install and enable a firewall on your laptop computer (A personal firewall can protect against unauthorized connections, intercept incoming and outgoing connection attempts, as well as block or permit those attempts based on a set of rules)
- Install and enable security software, and keep it up to date (such software can protect against malicious applications, viruses, spyware, and malware based attacks, and keeping it up to date can allow you to have the latest tools to prevent unauthorized access to health information)
- Research mobile applications before downloading (verify that the app will perform only functions you approve of, and use known websites or other trusted sources that you know will provide reputable reviews of the app)
- Be careful with and keep a close eye on all of your mobile devices (Carry your device in an inner pocket instead of in your purse, and don’t leave it in plain sight)
- Use an encrypted network connection to send or receive information over Wi-Fi networks (Unencrypted Wi-Fi transmissions can be easily intercepted, especially in a public location. To use an encrypted connection, make sure your browser is connected to a URL that starts with “https://,” or make sure your application uses an encrypted connection.
- Securely delete all stored health information before discarding or reusing a mobile device (The remote erase feature mentioned above is appropriate for smartphones and tablets, however laptops are especially difficult to securely erase. Appropriate methods for securing data before discarding or reusing a device include clearing, purging, and destruction.)
As technological advances are becoming more and more frequent, it is becoming increasingly important for health care professionals to ensure the protection of their patient’s health information. To learn more about mobile security, visit www.healthit.gov/providers-professionals/how-you-can-protect-and-secure-health-information-when-using-mobile-device.
For more information, you can also contact us.