Question: Could you give some tips to help secure our mobile devices, meet HIPAA requirements, and help safeguard our patients’ electronic protected health information (ePHI) in our practice? Georgia Subscriber Answer: Here are five tips to help you accomplish the goal of protecting ePHI when using mobile devices. Tip 1: Outline what mobile devices will be used in your practice, and who will use them. If more than one person will be using a device (such as an office tablet to check in patients), ensure that all users have their own logins and passwords. This lets IT management review logs for outlier activity. If your staff use their own devices for work, office management needs to set “bring your own device” (BYOD) parameters from the get-go. This may encompass “centralized security management,” including “configuration requirements” and user classes specific to the devices, suggests HHS Office of the National Coordinator for Health Information Technology (ONC).
Tip 2: Using a password or other user authentication on mobile devices is always a good idea. You could utilize a password manager to help keep the passwords long, complex, and unique without requiring you to remember all of the passwords on your accounts. Tip 3: Take advantage of multifactor authentication. When you add multifactor authentication to your password protocols, you are adding another layer of protection because the other authenticators are info that only you could provide, which confirms that you are who you say you are. Tip 4: Encrypt your devices. Encrypting ePHI not only protects patients’ data, but all of the information stored and transmitted on the mobile device. Tip 5: Invest in security software and safe apps. The type of IT products your organization needs will depend on its size, complexity, and infrastructure. Software you may want to consider includes: It’s also essential to hire and work closely with IT experts to ensure you install, enable, and update your products.