Mobile devices are laptops, tablets, and smartphones. We all have at least one. Not only are they fun to use with all their great features, but they also offer benefits such as portability, size, and convenience.
As more and more health care professionals use these devices to store and transmit Protected Health Information (PHI), there is now a need to safeguard not only the physical security of the device but also the information stored on it. According to the Department of Health and Human Services (HHS) “along with theft and loss of devices, other risks, such as the inadvertent download of viruses or other malware, are top among reasons for unintentional disclosure of patient data to unauthorized users.”
For this reason, HHS has launched a new education program with online tools to provide health care providers and staff practical tips on ways to protect their patients’ PHI when using these mobile devices. The initiative is called “Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information” and it is available at www.HealthIt.gov/mobiledevices. The program offers educational resources such as videos, easy-to-download fact sheets, and posters to promote the best ways to safeguard patient health information.
In addition to the online educational program, HHS also recommends that physicians and their medical office staff take the following steps to protect and secure information when using mobile devices:
- Install and enable encryption
- Use a password or other user authentication
- Install and activate wiping, remote disabling, or both to erase data on lost or stolen devices
- Disable and do not install or use file-sharing applications
- Install and enable a firewall to block unauthorized access
- Install and enable security software to protect against malicious applications, viruses, spyware, and malwarebased attacks
- Keep security software up to date • Research mobile applications before downloading
- Maintain physical control of mobile devices
- Use adequate security to send or receive health information over public Wi-Fi networks
- Delete all stored health information on mobile devices before discarding the devices
Safeguarding PHI is everyone’s business. Therefore, it is recommended that health care providers follow these guidelines to ensure patient privacy. The information contained in this article comes from the US Department of Health and Human Services (hhs.gov). Please see the web link above for more information from HHS.
If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.