Six Ways For Healthcare Providers To Protect PHI On Mobile Devices
Mobile devices in the workplace present challenges for many businesses however, few industries have as much at stake when it comes to the value of the information and government regulation as the health care industry does. Here are six things to keep in mind when dealing with mobile devices in healthcare.
- Create an updated inventory of mobile devices. Many healthcare providers don’t keep an accurate inventory of digital devices. Both company provided devices and employees personal devices. Clinicians use an average of 6.4 mobile devices a day, with the exchange of PHI and the possible HIPAA repercussions it’s important for your IT staff to have a plan to track and manage the devices that have an impact on your practices.
- Distribute and enforce password and encryption policies. Password protection on a mobile device is the bare minimum. You don’t want to be dealing with the bare minimum when it comes to PHI. Ensuring that mobile devices are encrypted and password protected allows you to be sure that PHI will not be compromised if a device is lost or stolen.
- Adopt a remote swipe system. Should a device be lost or stolen it’s important for your techs to be able to remotely access the device and wipe any sensitive information from the device. There are multiple ways to set up this system and the important thing is to find the right plan for your practice.
- Implement a Data Loss Prevention program. Having a DLP solution is a mandatory component of your compliance with HIPAA’s Security Rule, HITECH and other mandates. This consists of ensuring that your IT and security teams have access to the exchange of PHI as well as ensuring the PHI is protected while in transit and in storage.
- Maintain separation of personal and professional data on BYODs. You need to put up boundaries between personal and professional data on an employee’s personal mobile device. This protection is vital to ensure that your IT department doesn’t have access to personal information while also allowing them to remotely with sensitive information as discussed in point #3.
- Balance employee productivity with IT control. Ensure that you find a balance between employee productivity and IT security. This can be tricky but ultimately it comes down to ensuring productive communication between all stakeholders so that everyone understands the requirements and reasoning. IT needs to ensure that security policies don’t needlessly hinder employee productivity and the device users need a clear understanding of what’s at stake so that they remain compliant with the agreed upon protocols. A clear plan and clear communication is key to ensuring that mobile devices are managed correctly.
If you have any questions about compliance and best practices for integrating mobile devices into your healthcare practice give ITPAC a call today.