Question: What are some tips we can use to help secure our mobile devices, meet HIPAA requirements, and help safeguard our patients’ electronic protected health information (ePHI) in our practice? Oregon Subscriber Answer: Tip 1: Your first step should be to outline what mobile devices will be used in your practice — and who will have control of them. Plus, if more than one person will be using a device (such as an office tablet to check in patients), ensure that all users have their own logins and passwords. This lets IT management review logs for outlier activity. If your staff use their own devices for work, office management needs to set bring your own device (BYOD) parameters from the get-go. This may encompass “centralized security management,” including “configuration requirements” and user classes specific to the devices, suggests HHS Office of the National Coordinator for Health Information Technology (ONC). Tip 2: Using a password or other user authentication on mobile devices is always a good idea. You could utilize a password manager to help keep the passwords long, complex, and unique without requiring your to remember all of the passwords on your accounts.
Tip 3: Take advantage of multifactor authentication. When you add multifactor authentication to your password protocols, you are add another layer of protection because the other authenticators are info that only you could provide, which confirms that you are who you say you are. Tip 4: Encrypt your devices. Encrypting ePHI not only protects patients’ data, but all of the information stored and transmitted on the mobile device. Tip 5: Invest in security software and safe apps. The type of IT products your organization needs will depend on its size, complexity, and infrastructure. Software you may want to consider includes: It’s also essential to hire and work closely with IT experts to ensure you install, enable, and update your products.