Do you use a laptop that contains patient information? Do you have a list of your patients with their telephone numbers, email addresses and appointment schedule in your smart phone? Are those devices encrypted?
The number of mobile devices we utilize to conduct our businesses has expanded beyond belief. What can we do to make sure that our patient data is not at risk if we utilize these devices to access their information? As providers of behavioral healthcare services, we have special responsibility to protect the sensitive information related to the care of our clients.
The U.S. Department of Health and Human Services is very concerned about the spread of these devices and their innate insecurity. They have developed a special section of their healthit.gov web site to focus on these privacy and security needs.
The HHS video on the topic focuses on five issues:
- Lost mobile device
- Stolen mobile device
- Downloaded virus or malware
- Shared mobile device
- Unsecured Wi-Fi network
Take a look when you get a chance and learn more about how to protect PHI when using mobile devices. And don’t forget, encryption gives you ‘safe harbor’ under HIPAA, even if you were to experience a data breach.
Does your organization have policies about using mobile devices to access PHI? How do you manage your experience with mobility? Please share your comments below.
Gary Griffiths says:
Your title hits the nail on the head, securing data is the critical requirement in this new world of mobility.
I think 3 principles that cover off most security needs are
1. secure PHI data at rest and in transit (using encryption or VPN technologies)
2. prevent PHI data leakage to non secured apps or cloud services (using containerisation or virtualisation)
3. robust authentication to access PHI data (using multi factor authentication)
Kathy says:
Thanks for your comment, Gary. I think the 3 principles you mention hit the nail on the head!