Is Your Mobile Device Management Solution HIPAA Compliant?
January 14, 2013
By Susan J. Campbell
, TMCnet Contributing Editor
As a society, we have come to embrace the freedom that comes with mobile technology. We welcome the flexibility in our work location thanks to cloud-based access to applications and the network. We embrace the opportunity to enter data from the customer’s location in fields predesigned to integrate with proprietary software. The ability to access our corporate e-mail while on- the-go ensures we never miss a message from the V.P, a client or a colleague.
In the healthcare field, such mobility is crucial in the delivery of quality care for all patients. Physicians, technicians, clinicians and patients are rarely all in one place at one time, creating a need to transmit information in a timely and secure manner. It’s not uncommon for healthcare professionals to use mobile devices to transmit medical information. Without robust mobile device management, however, are these methods secured?
A recent JDSUPRA Law News report examined this very topic, critical in an age where professionals often bring their own device for use at work. Whether the smartphone or tablet is individual owned, medical school provided or managed and provisioned by the healthcare organization, HIPAA compliance is essential. This demands the creation of a proper policy and management of each device accessing the network and sharing private patient information.
To ensure the proper security of mobile devices traversing the network, consider these tips:
- Require user authentication
- Enable encryption
- Activate remote wiping and disabling
- Forbid file-share applications
- Enable firewalls
- Enable security software (keep it up to date)
- Download only researched apps
- Maintain physical control
- Implement required controls for Wi-Fi
- Delete all stored information before discarding or reusing a device
For the proper use of mobile devices in a medical environment, more than mobile device management is needed to ensure compliance and the optimal protection of information. Current policies must be developed and updated with HIPAA guidelines in mind. Consider the following five-step process for the development of a robust policy:
- Approve devices – In this step of the process, it’s critical to decide which devices should have access to the network and the transmission of information.
- Proper access – The completion of a risk assessment can help in this process to determine the level of risk a device presents in light of the potential benefits. This demands a review of what mobile devices are being used, what information is accessed and if compliance is already in place.
- Identification of the strategy –A mobile device risk management strategy is likely already in place that allows for the evaluation and implementation of the safeguards that are already used. How can it apply to the new mobile strategy?
- Develop, capture and implement – Consider the different devices, departments and users needing to access, capture and share information. How will you address BYOD, mobile device management, restricted use, information storage and more?
- Training – In order for the policy to be effective, all users must be trained according to risks, the security of devices, the protection of health information and the avoidance of mistakes
Once the right policies and procedures are in place, MobileIron’s mobile device management solution can help to ensure all devices and their operation are HIPAA compliant. The company’s solutions protect data-at-rest and data-in-motion; allow for the adoption of new technologies; ensure patient data privacy; provide for an enterprise app storefront; and lower overall IT costs. The mobile revolution is here and is transforming the healthcare industry. With the right tools in place to embrace the technology and protect information, healthcare providers are on track for new and life-saving innovations.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein