Steps to Safeguard Your Agency’s Mobile Devices
Posted On: March 7th, 2013
Director, McKesson Product Support
You certainly know that HIPAA standards apply to the use of mobile devices, but keeping protected health information (PHI) truly private is a monumental task for most agencies.
We can help on the software side, making sure information is properly encrypted, security patches are distributed quickly and that users change passwords frequently. But we can’t keep your users from pasting those passwords on the side of their mobile device, putting them in an obvious location or losing their devices.
To help stress the importance of mobile device security, the Department of Health and Human Services (HHS) has launched a new page on the HealthIT.gov website devoted to how to safeguard information on laptops, tablets and smartphones. The site offers practical tips and videos to help you learn more about mobile device security and what steps to take should a mobile device be lost or stolen. Other features include an FAQ section and materials such as posters, brochures, banners and presentations that are available to download for display in care locations or help with employee training.
A good overview, for example, can be found in the article in the Read and Learn section called “Five steps organizations can take to manage mobile devices used by health care providers and professionals.” Those steps are:
— Decide whether mobile devices will be used by your clinicians and aides as part of their work and whether that includes the storing or transmitting of PHI.
— Assess the potential threats and vulnerabilities of using those devices.
— Identify your home health agency’s mobile device risk management strategy, and be sure it includes privacy and security safeguards.
— Develop, document and implement your agency’s policies regarding PHI.
— Train your staff on your organization’s PHI policies, and be sure to include PHI training as part of new employee education.
The federal government is cracking down on privacy breaches, even those affecting fewer than 500 patients. An Idaho hospice was fined $50,000 over a breach that affected the PHI of 441 patients when an unencrypted laptop was stolen.
This is a serious issue for your home health agency. HHS wants you to have practical information you can use to stay in compliance, and so do we.