BYOD: Mobile Healthcare Policies

Bringing your own device in the healthcare industry can mean bringing multiple points of potential hacker entry and introducing several new security weaknesses. In particular, smartphones need to have specific company policies to standardize use and minimize risk.

What kind of policies could help secure the use of mobile devices?

  • Lockouts – Set devices to lock your account after a certain number of failed login attempts.
  • Reentry Time – While some see it as inconvenient, device or application lockout after a certain amount of time can keep data protected during downtime. Lockout should require reentry of your password.
  • New Passwords – Frequently change passwords, every 90 days.
  • Remote Wipe – Your device should have the capability to be wiped remotely if you lose it or it is stolen, and if you no longer work with the company. It may also be wiped in the case of a virus or breach.
  • Remote Tracking – With tracking software, a lost or stolen device can be located easily –  for iPhones, use the Find My iPhone app.
  • Encryption – Encrypt all data at rest, in transit, and backup data.
  • Updates – Security updates, patch management and using the most recent OS available should be standard to keep up with evolving threats.
  • File Sharing – When sending sensitive data such as electronic protected health information (ePHI), use a secure file transfer tool or secure file transfer protocol (SFTP).
  • Two-Factor Authentication – Login once, then login again using your mobile phone to verify yourself as the actual user when trying to connect to your company network remotely.

Seeking more resources on mobile security and mobile healthcare? Don’t miss our upcoming, free webinar on mHealth Intellectual Property 101 with Christopher A. Mitchell, Attorney with Dickinson Wright and April Sage, Director of Healthcare Vertical and Marketing at Online Tech. Watch a recording of our past webinar, Overcoming Cloud-Based Mobility Challenges in Healthcare.

Additional Reading:
mHealth: Mitigating Mobile Security Risks
With the use of mobile devices in the healthcare industry come several risks and points of entry, according to the U.S. Department of Homeland Security. These points are listed below, as reported in the National Cybersecurity and Communications Integration Center’s bulletin, Attack Surface: Healthcare and Public Health Sector…Read more.

Tactical Mobile Device Security Measures to Meet HIPAA Compliance
Mobile devices are becoming ubiquitous in the healthcare industry – from quickly filing e-prescriptions to collecting and sending patient health information (PHI) directly to an EHR/EMR (electronic health or medical record) system, the use of smartphones, tablets and other portable devices is changing the quality of patient care for the better across the nation. Read more.

Keep ePHI on Secure Networks, Not Mobile Devices, Recommends OCR
Of the 425 reported breach events to the OCR (Office of Civil Rights), two-thirds of all large breach cases involved loss or theft of information and more than half of these large breaches involved electronic devices. Read more.

References:
Bring Your Own Device: Individual Liable User Policy Considerations from University of Oregon (PDF)

facebooktwittergoogle_pluspinterestlinkedinmail
This entry was posted in HIPAA Compliance and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>