Mobile phones, personal tablets, and high tech devices are used in our everyday lives. This also holds true in the home health care industry. Employees and organizations alike can benefit from increased productivity and efficiency from mobile device usage.
However, mobile devices pose a large risk to protecting medical information and maintaining HIPAA compliance. These devices can be used to communicate unauthorized patient information, download company data, or simply stolen by an employee or outsider. These unique risks of using mobile devices require effective best practices to guard against HIPAA violations.
Physical Protection and Encryption
A common best practice to guard against unauthorized access to patient information is the use of a password. Mobile devices can be configured to require personal identification numbers, passwords, and usernames to gain access.
This step alone can help safeguard protected health information (PHI) from theft and unapproved access. Additionally, installing a firewall on mobile devices will help stop outside connection attempts from accessing information.
Mobile devices must also protect information that is being sent and received from others. It is recommended that an encryption tool be installed on all devices. This will help protect PHI that is being transmitted and received.
Another best practice is to secure Wi-Fi networks that broadcast over a facility’s physical location. This can be done by installing encryption software and enabling a password feature to connect with the network. Public Wi-Fi networks can be accessed by anyone and are an easy access point for unwanted security intrusions.
In addition to protecting mobile device access and network connections, it is prudent to be proactive with strong security measures. There are many security programs available on the marketplace. Purchasing and installing one of these top-end security programs is simply not enough. Regularly updating the security software will go a long way towards staying ahead of potential malware and cyber-attacks on each device.
Another important best practice in preventing these types of security breaches is to create a list of pre-approved (or conversely unapproved) downloadable applications. Many mobile devices have the ability to access and download thousands of unregulated applications. Creating a policy that clearly states which applications are acceptable will reduce the risk of stolen patient information.
Proper Disposal and Deletion
Some mobile devices are reissued to new employees or simply discarded for newer versions. When this occurs, properly deleting all stored health information will ensure PHI remains protected. Taken a step further, a home health care organization can install a remote wiping and disabling software on each mobile device.
Features like these allow an organization to erase all data on the device from a remote location or simply disable the device from being turned on. Both of these tools are very beneficial in the case of a stolen or lost device.
Mobile devices provide great benefits to our everyday communication. In turn, there are some valid concerns about PHI security and HIPAA compliance when they are brought into the workplace. However, by implementing some best practices and creating clear policies for mobile device usage, each facility can reduce these risks without effecting productivity.
What mobile device best practices do you follow? Let us know your thoughts in the Comments box below.
To learn more about mobile device policies and securing health care data, be sure to download your free Information Technology Guide for Oklahoma City Home Health Care Organizations.