How To Maintain HIPAA Compliance On Mobile Devices

Written January 30, 2018 by Meg Kramer

Smartphones and tablets offer convenience and portability, so it’s no surprise that they’re becoming more and more integrated into healthcare technology. But while these mini-computers provide big opportunities for innovation, they weren’t exactly designed with healthcare data security in mind.

That can be a serious problem. Not only are mobile devices easy to steal or misplace, they can store and share personal health information (PHI) without any passwords or encryption.

HIPAA applies to any device that transmits or stores PHI, including mobile devices like smartphones, wearable devices, and tablets. But what’s the worst thing that could happen if you don’t maintain HIPAA compliance on your office’s mobile devices?

In the first two quarters of 2015, HIPAA Journal reported that there were 34 healthcare data breaches involving mobile devices. As a result, approximately 102,000,000 health records were exposed.

How can you protect yourself from exposure? We’ve put together our top three tips to secure your practice’s data.

Avoid Using Public Wifi Networks

Have you ever logged onto a public wifi network at your local coffee shop? Sure, public wifi networks can help you save data and offer a quicker connection, but the tradeoff for that convenience is a lack of security.

If you can access the network without a password, so can anyone else. That means you could expose your patients’ PHI to malicious hackers when you connect with a mobile device that you use for work.

The good news? These risks are easily avoided. Don’t let your patients, employees, or any computer in your office connect to public wifi networks using a device that has access to PHI. And if you absolutely must use a public wifi network, use virtual private networks (VPNs).

Scan Your Employees' Devices

Do you provide the mobile devices used in your practice, or do employees use their own smartphones or tablets?

It’s important to keep track of what devices employees are using to access PHI, because any device that accesses patient information must comply with HIPAA regulations.

So, how can you protect your practice from exposure, when so many different devices may be in play?

One simple step is to ensure that all devices - whether they are office- or employee-provided - use up-to-date antivirus software. Scanning your employees’ devices before they join networks is important to check for viruses that could lead to information breaches.

Keep in mind that even when your employees leave the workplace, they may have PHI saved on their personal devices. Whether they retire, resign, or change employment for other reasons, data security should be part of your employee exit process. This should include wiping all PHI from employee-owned devices, updating their network access, and ensuring that any employer-owned devices are returned to your practice.

Create Protocols and Process

HIPAA requires you to have procedures in place if anyone needs to access PHI on the network. And that includes you, too!

To comply with HIPAA, all employees should be trained on your office’s protocols and policies. This shouldn’t just be a one-time session - ongoing, regular training will reinforce your security procedures and prevent employees from accessing information in insecure ways.

Data must be stored and protected, and if a breach occurs, audits should be allowed. This will allow you to find and patch any vulnerabilities, so your patient data will be more secure moving forward.

Mobile devices have the power to improve efficiency in healthcare, but it’s important to take the time to ensure that your PHI is as secure as possible. With these tips, you’ll be off to a great start!

Picture of Meg Kramer

Meg Kramer is a writer, editor and content consultant who specializes in health and wellness topics. You can find her at megkramer.com.