KENTUCKY REGIONAL EXTENSION CENTER

IT_security-300x150How can you ensure that patient health information is secure on mobile devices?
The first line of defense to ensure mobile devices are protected within your organization is to develop policies and procedures outlining the usage standards. The following steps should be included in your policies and procedures to safeguard health information.

• Use a password or other user authentication
Mobile devices can be configured to required passwords or other credentials to access the data. User authentication is the process of determining who the user is and whether access can be granted on the particular device.

• Install and enable encryption
Encryption protects and encodes data into a form that only authorized parties can understand.

• Install and activate remote wiping and/or remote disabling
Remote wiping is erasing the internal data on the device across a computer network. Remote disabling is locking or disabling a device across the computer network.

• Disable and do not install file sharing application
File sharing allows users to store computer files in a centralized location. File sharing can also enable unauthorized users to access you laptop without your knowledge. By disabling or not using sharing applications, you will reduce a known risk to data on your mobile device.

• Install and enable a firewall
Personal firewalls on a mobile device can protect against unauthorized connections. Firewalls intercept incoming and outgoing connection attempts and block or permit them based on a set of rules.

• Install and enable security software
Security software helps protect against malicious applications, viruses, spyware, and malware-based attacks.

• Keep your security software up to date
Updating your security software to the latest version should be a routine procedure. Cybercriminals have been known to create up to 100,000 new malware samples in one day.

• Use adequate security to send or receive health information over public Wi-Fi networks
Public Wi-Fi networks can be an easy way for unauthorized users to intercept information. You can protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless you use secure, encrypted connections.

• Delete all stored health information before discarding or reusing the mobile device.
HHS OCR only considers three methods of properly deleting files: clearing (using software or hardware products to overwrite media with non-sensitive data); purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains); and/or destroying (disintegrating, pulverizing, melting, incinerating, or shredding the media).

 

Source: HealthIT.gov