Question: Our surgeons use smart phones and tablets with Bluetooth capability, and our HIPAA compliance officer is concerned about the security of the devices. Is this a possible violation?
Codify Subscriber
Answer: Yes, access through Bluetooth is a concern for securing patient private health information.
Bluetooth is a short-range radio frequency communication. The best way to secure mobile devices with Bluetooth capabilities is to turn off or set the Bluetooth connection capabilities to “nondiscoverable,” according to the HHS Office of the National Coordinator for Health Information Technology (ONC).
“When in discoverable mode, Bluetooth-enabled mobile devices are ‘visible’ to other nearby devices, which may alert a hacker to target them,” ONC explains. But when you turn off Bluetooth or put it into nondiscoverable mode, the Bluetooth devices become invisible to other devices.
Resource: For more on Bluetooth, see the National Institute of Standards and Technology’s Guide to Bluetooth Security (SP 800-121 Rev. 1)