The U.S. Department of Health and Human Services (HHS) has launched a new education initiative and set of online tools to provide practical tips on ways to protect their protected health information when using mobile devices such as laptops, tablets, and smartphones. The Health Insurance Portability and Accountability Act (HIPAA) sets standards for the confidentiality, integrity, and availability of electronic protected health information.
The initiative is called Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information and is available at www.HealthIT.gov/mobiledevices. It offers educational resources such as videos, downloadable fact sheets and posters to promote best ways to safeguard protected health information.
Despite increasing use of using mobile technology, research has shown that only 44% of survey respondents encrypt their mobile devices. Mobile device benefits—portability, size, and convenience—present a challenge when it comes to protecting and securing health information.
Along with theft and loss of devices, other risks, such as the inadvertent download of viruses or other malware, are top among reasons for unintentional disclosure of patient data to unauthorized users.
The web site makes the following suggestions:
1. Use a password or other user authentication
Authentication is the process of verifying the identity of a user, process, or device. Mobile devices can be configured to require passwords, personal identification numbers (PINs), or passcodes to gain access to it. The password, PIN, or passcode field can be masked to prevent people from seeing it. Mobile devices can also activate their screen locking after a set period of device inactivity to prevent an unauthorized user from accessing it.
2. Install and enable encryption
Encryption protects health information stored on and sent by mobile devices. Mobile devices can have built-in encryption capabilities, or you can buy and install an encryption tool on your device.
3. Install and activate remote wiping and/or remote disabling
Remote wiping enables you to erase data on a mobile device remotely. If you enable the remote wipe feature, you can permanently delete data stored on a lost or stolen mobile device.
Remote disabling enables you to lock or completely erase data stored on a mobile device if it is lost or stolen. If the mobile device is recovered, you can unlock it.
4. Disable and do not install or use file sharing applications
File sharing is software or a system that allows Internet users to connect to each other and trade computer files. But file sharing can also enable unauthorized users to access your laptop without your knowledge. By disabling or not using file sharing applications, you reduce a known risk to data on your mobile device.
5. Install and enable a firewall
A personal firewall on a mobile device can protect against unauthorized connections. Firewalls intercept incoming and outgoing connection attempts and block or permit them based on a set of rules.
6. Install and enable security software
Security software can be installed to protect against malicious applications, viruses, spyware, and malware-based attacks.
7. Keep your security software up to date
When you regularly update your security software, you have the latest tools to prevent unauthorized access to health information on or through your mobile device.
8. Research mobile applications (apps) before downloading
A mobile app is a software program that performs one or more specific functions. Before you download and install an app on your mobile device, verify that the app will perform only functions you approve of. Use known websites or other trusted sources that you know will give reputable reviews of the app.
9. Maintain physical control
The benefits of mobile devices – portability, small size, and convenience – are also their challenges for protecting and securing health information. Mobile devices are easily lost or stolen. There is also a risk of unauthorized use and disclosure of patient health information. You can limit an unauthorized users’ access, tampering or theft of your mobile device when you physically secure the device.
10. Use adequate security to send or receive health information over public Wi-Fi networks
Public Wi-Fi networks can be an easy way for unauthorized users to intercept information. You can protect and secure health information by not sending or receiving it when connected to a public Wi-Fi network, unless you use secure, encrypted connections.
11. Delete all stored health information before discarding or reusing the mobile device
When you use software tools that thoroughly delete (or wipe) data stored on a mobile device before discarding or reusing the device, you can protect and secure health information from unauthorized access.