Learn how to make your organization’s mobile devices secure and compliant.
Have a HIPAA Deadline?Request a Quote
Unfortunately, mobile devices can present problems in data security for healthcare organizations.
Does that mean you should not use mobile devices? Not necessarily. You just need to take the right security precautions when introducing mobile devices into your organization.
SEE ALSO: Securing Mobile Devices with Mobile Encryption
Mobile devices risks to healthcareWhat’s so risky about using mobile devices in healthcare? Well, they generally don’t have as many security protocols in place as computers, such as firewalls, encryption, or antivirus software.
Some other reasons mobile devices can be a risk include:
- Mobile devices are easily misplaced
- Mobile devices are often easier to steal than regular desktop computers
- Passwords aren’t often used to protect access
- Many organizations don’t encrypt emails they send or receive on mobile devices
- Data could be accidentally disclosed when a mobile device is shared with friends and family
- Employees could use unsecured Wi-Fi networks
- Mobile devices could contract mobile malware
Fortunately, these risks can be addressed; it just takes a few procedures and policies. Here are some tips to securing your mobile devices.
Follow basic mobile security practicesJust like your computer has basic security practices, your mobile devices should have these same practices. Here are some practices to consider:
Implement mobile encryption
HIPAA requires healthcare entities to encrypt electronic protected health information (PHI). All PHI that’s sorted or transmitted in systems and work devices must be encrypted. This includes mobile devices as well.
If you backup your mobile device on your hard drive, make sure the backups are encrypted as well.
Keep in mind that most mobile encryption services aren’t as secure as other devices because most mobile devices aren’t equipped with the most secure encryption. Mobile technology is only as secure as a device’s passcode.
Enable lengthier passcodes
A four-digit pass code can be easily cracked with the right tools. Choosing a pass code with at least 8 characters and having the device lock out after a number of attempts will help you make breaking into your phone a little trickier.
The ideal passcode has eight characters or more, contains alphanumeric and special characters, and doesn’t contain dictionary words (e.g., Ilovefootball1 is no good).
Do regular software and application updates
Older operating systems and app versions tend to have errors that make them vulnerable to possible data attacks. Just like computers, mobile devices need to be patched often to eliminate vulnerabilities.
It’s important to update each app installed on devices. It only takes one faulty app to introduce malware to your device, putting your data at risk.
Fortunately, updating mobile device software is fairly simple and doesn’t take much time.
Train employees frequently on policies
Even the best security policies aren’t that helpful if your employees aren’t following them. It’s important to train your employees in your mobile security policies. Some things to help employees remember are:
- Avoid suspicious emails: phishing email scams are big gateways to malware and data breaches. Make sure your employees can recognize phishing email scams.
- Be careful with internet usage: going onto non-secure websites and using non-secure Wi-Fi could download malware into your mobile devices.
- Be careful with texting: phishing scams often target texting and phoning. Train your employees to recognize phishing texts.
It’s up to you to make sure your mobile devices aren’t responsible for a data breach. By following basic security practices and policies, you can make your devices HIPAA compliant and keep your data safe.
Want to know more about securing your organization’s mobile devices? Read our white paper 5 Tips for HIPAA Compliant Mobile Devices.