Question: Our staff members now carry tablets where they record their documentation. Twice so far, a physician has left one of the devices in an examining room. How can we create a program to keep these more secure? Codify Subscriber Answer: Many eye care practices have begun converting into using tablet-based EHRs, and knowing how to keep them secure is a common issue. The HHS Office of the National Coordinator for Health Information Technology (ONC) offers the following steps to ensure your practice mobile devices stay safe and secure: 1. Determine device usage: First, decide whether you'll use mobile devices to access, receive, transmit, or store patients' PHI - and outline who'll be in charge of the management and maintenance of the devices. Also, resolve whether you'll integrate smartphone and tablet utilization as part of your practice's internal network or systems. 2. Calculate the risks: Consider the risks of using mobile devices to transmit PHI. Conduct a risk analysis to identify threats and vulnerabilities. 3. Outline a risk management plan: Using the information garnered from your risk assessment, establish a compliance strategy pertaining to your mobile devices, taking into account the HIPAA Privacy and Security Rules. This will help your office develop and implement safeguards, reducing problems previously identified in your risk analysis. Tip: Remember, your compliance planning should include frequent evaluations and regular maintenance of the mobile device safeguards you put in place. 4. Implement HIPAA-compliant policies and procedures: Design and develop mobile device policies and procedures with clear-cut documentation, keeping HIPAA in mind. Ensure that your protocols address MDM, bring your own device (BYOD) issues, and restrictions on personal use. Management of applications, security, and configuration settings for mobile devices must be maintained, too. 5. Educate employees: Provide mobile device privacy and security training for all staff members on an ongoing basis. Educate employees from the bottom to the top on what your office rules entail, on HIPAAcompliance, and what a violation means for your practice. Here are some tips to secure PHI on mobile devices, also courtesy of the ONC: Resource: For more ONC advice on managing your practice's mobile devices, visit www.healthit.gov/sites/default/files/mobile_devices_and_health_information_privacy_and_security.pdf.