You’re Not HIPAA Compliant Unless Your Mobile Devices Are Properly Encrypted.
Advocate Health Care in Downers Grove, Illinois, experienced the second biggest HIPAA data breach ever when four of their unencrypted laptops were stolen. Electronic Personal Health Information (ePHI) for more than 4 million people was compromised. If these laptops had been properly encrypted, the thieves wouldn’t have been able to access the confidential information because it would have been protected.
With more healthcare practitioners and employees using mobile devices like smartphones, tablets and laptops, the risks for data breaches and HIPAA infractions are greater than ever. Mobile messaging apps aren’t HIPAA compliant. Because of this, all data on mobile devices must be encrypted using a robust algorithm such as an advanced encrypted standard.
The best way to protect your healthcare business is to schedule a Mobile Device HIPAA Audit. This will determine the state of encryption for all your mobile devices. Outsource My IT can conduct this for you. For more information contact us at: (973) 638-2722 or firstname.lastname@example.org
In addition to encryption, the following are steps to take to ensure your mobile devices are HIPAA compliant.
Ensure Remote-Wipe Capabilities
Being able to wipe a mobile device remotely avoids security problems when an employee leaves the company, or a device is lost or stolen. Arrange for a Mobile Device Management solution to be implemented. Outsource My IT can help.
Use Two-Level Security To Login To Enterprise Apps.
You should ensure each employee uses their healthcare organization login credentials to access apps. They should also use a separate PIN for access to mobile apps. Make sure that when the device is inactive, a disconnect time-out deploys. Outsource My IT can set this up for you.
Update Security Software and Applications On All Mobile Devices.
Ensure security software on all mobile devices is updated regularly. The wireless carrier or manufacturer will typically send software updates. Ensure your entire staff installs these security software updates as soon as possible. Outsource My IT can tell you more.
Only Use HIPAA-Compliant File-Sharing/Hosting Services
Cloud storage and file-sharing services, such as Evernote and Dropbox, aren’t HIPAA compliant. Don’t use these services for the transmission of ePHI. Ensure you employ HIPAA-compliant cloud file sharing. Outsource My IT can provide you this information.
What To Do?
Contact Outsource My IT at (973) 638-2722 or email@example.com. We can perform a Mobile Device HIPAA Audit and ensure the steps above are followed. This could help you avoid costly fines for HIPAA noncompliance.