Learn how to make your organization’s mobile devices secure and compliant.5 Tips for HIPAA Compliant Mobile Devices.
The rise of mobile devices in healthcare organizations generally means more convenience in the workplace. Mobile devices can help doctors work more quickly, process information faster, and simplify paperwork.
Unfortunately, mobile devices can present problems in data security for healthcare organizations.If not secured properly, data can easily be stolen from mobile devices. Without proper security protocols, you could lose sensitive data from your employees’ phones and tablets.
Does that mean you should not use mobile devices? Not necessarily. You just need to take the right security precautions when introducing mobile devices into your organization.
SEE ALSO: Securing Mobile Devices with Mobile Encryption
Mobile devices risks to healthcareWhat’s so risky about using mobile devices in healthcare? Well, they generally don’t have as many security protocols in place as computers, such as firewalls, encryption, or antivirus software.
Some other reasons mobile devices can be a risk include:
- Mobile devices are easily misplaced
- Mobile devices are often easier to steal than regular desktop computers
- Passwords aren’t often used to protect access
- Many organizations don’t encrypt emails they send or receive on mobile devices
- Data could be accidentally disclosed when a mobile device is shared with friends and family
- Employees could use unsecured Wi-Fi networks
- Mobile devices could contract mobile malware
Fortunately, these risks can be addressed; it just takes a few procedures and policies. Here are some tips to securing your mobile devices.
Follow basic mobile security practicesJust like your computer has basic security practices, your mobile devices should have these same practices. Here are some practices to consider:
- Enable passcode protection
- Use role-based access
- Never connect to unsecured Wi-Fi
- Don’t jailbreak devices
- Encrypt data
- Use mobile vulnerability scanning
- Establish and train employees on mobile device policies
Implement mobile encryptionHIPAA requires healthcare entities to encrypt electronic protected health information (PHI). All PHI that’s sorted or transmitted in systems and work devices must be encrypted. This includes mobile devices as well.
If you backup your mobile device on your hard drive, make sure the backups are encrypted as well.
Keep in mind that most mobile encryption services aren’t as secure as other devices because most mobile devices aren’t equipped with the most secure encryption. Mobile technology is only as secure as a device’s passcode.
SEE ALSO: Medical Data Encryption: Keeping Your PHI Secure
Enable lengthier passcodesA four-digit passcode can be easily cracked with the right tools. Choosing a passcode with at least 8 characters and having the device lock out after a number of attempts will help you make breaking into your phone a little trickier.
SEE ALSO: How to Do Passwords Right: Password Management Best Practices
The ideal passcode has eight characters or more, contains alphanumeric and special characters, and doesn’t contain dictionary words (e.g., Ilovefootball1 is no good).
SEE ALSO: Healthcare's Password Security is Embarrassing
Do regular software and application updatesOlder operating systems and app versions tend to have errors that make them vulnerable to possible data attacks. Just like computers, mobile devices need to be patched often to eliminate vulnerabilities.
It’s important to update each app installed on devices. It only takes one faulty app to introduce malware to your device, putting your data at risk.
Fortunately, updating mobile device software is fairly simple and doesn’t take much time.
Train employees frequently on policiesEven the best security policies aren’t that helpful if your employees aren’t following them. It’s important to train your employees in your mobile security policies. Some things to help employees remember are:
- Avoid suspicious emails: phishing email scams are big gateways to malware and data breaches. Make sure your employees can recognize phishing email scams.
- Be careful with internet usage: going onto non-secure websites and using non-secure Wi-Fi could download malware into your mobile devices.
- Be careful with texting: phishing scams often target texting and phoning. Train your employees to recognize phishing texts.
It’s up to you to make sure your mobile devices aren’t responsible for a data breach. By following basic security practices and policies, you can make your devices HIPAA compliant and keep your data safe.
Want to know more about securing your organization’s mobile devices? Read our white paper 5 Tips for HIPAA Compliant Mobile Devices.