THANK YOU FOR SUBSCRIBING

Healthcare providers and healthcare-related businesses are subject to all or any equivalent pressures to adopt new technologies for information management that any modern business is, including portable devices like smartphones and tablets. Using modern technologies can help improve patient care and therefore the overall patient experience while cutting costs and improving efficiencies of operation.

But healthcare-related businesses that manage personal information even have obligations to guard individually identifiable information about individuals’ health, health care, health care services, and payment for such services, referred to as “PHI,” or Protected Health Information, under the insurance Portability and Accountability Act of 1996, better referred to as HIPAA. HIPAA enforcement is on the rise, and mobile devices have shown themselves to be a major source of breaches, consistent with information published on the US Department of Health and Human Services internet site identifying large breaches affecting quite 500 individuals, known informally because of the “HIPAA Wall of Shame.” Under the HIPAA Security Rule, entities have an obligation to think about the safety of knowledge in motion and at rest and take the required steps to guard it against improper uses or disclosures. When PHI is shipped to a transportable device as a text message, as an e-mail, or using another communication method, like a browser or an app, there are two considerations.

First, is that the communication secure? can we know who are the parties that are communicating, and is that the method of communication shielded from interception or alteration? Proper authentication and authorization of both the device and therefore the user must be in situ, including requirements that the user of the portable device be identifiable and auditable. Any actual transmission of data containing any PHI must be secured by encryption to manage the risks of exposure or alteration. the sole reasonable exception would be communication with a private (a patient, not a staffer or business partner) who has exerted their rights under HIPAA and has particularly requested unciphered communications, has had the risks of doing so elucidated to them, and has accepted those risks.

Second, once the knowledge is on the device, is it shielded from improper disclosures? Typically, for mobile devices, this suggests, first of all, not maintaining the info on the device if possible, and if it does remain, encrypting or deleting the knowledge in order that if the device is lost the info can't be accessed. Providing secure access controls requiring user authentication is important to guard access.

The results of the transfer of PHI to and maintenance of PHI on mobile devices is that the devices must be managed such if they're lost or stolen, or just apt to be within the hands of an inquisitive loved one or friend, the PHI is protected. Most mobile devices, straight out of the box, aren't secured and should provide easy remote access to systems also like access to PHI persisted the device. If the mobile device has login instructions and passwords saved in plain text documents, or easily accessed messages and stored documents holding PHI, and it's not protected, it can become the source of a big breach of security that has got to be reported and may have significant repercussions for the organization.

But when properly configured, the latest mobile devices are often very secure and may provide excellent protection of PHI. Once-exotic technologies like fingerprint recognition to authenticate users and remote disabling of devices or removal of content to guard data once a tool is lost are now commonplace. the matter is that the devices must be configured properly to enable the right security, and therefore the configuration must be shielded from alteration by savvy users.

Mobile Device Management tools can provide the power to manage modern portable devices more securely, requiring encryption and passwords and enforcing electronic protected health information security policies for both senders and receivers. Patient information is often protected by encryption because it traverses the web or a mobile network, and maybe additionally protected through an autodestruct feature that deletes the PHI when a deadline is reached.

Security for mobile devices provided by MDM tools may include mobile app scanning and device security measures to actively protect against malware, unauthorized data access, and phishing while enforcing security policies. Mobile application management allows the organization’s approved apps to be cataloged, pushed and deleted in order that only approved tools are often used for handling PHI. And, finally, should the device be lost or stolen, remote data-wiping and auto-disabling must be tightly managed. But make certain to tell your users that they're liable for backing up their personal information, and if the device is lost or stolen, or if their password is forgotten and an auto-wipe is triggered, they'll lose their cherished photographs. a contemporary mobile device management tool can allow administrators, remotely, to the line and enforce risk-based policies, control mobile security via centralized controls and dashboards, and run risk analytics and compliance reports, in order that compliance is often verified.

Whether a corporation provides mobile devices to their staff or allows them to use their own device at work, the communications and apps used, and therefore the mobile device management tools wont to manage them must help enable good compliance by enabling centralized, auditable controls which will ensure protection from issues concerning the confidentiality, integrity, and availability of PHI.