The use of mobile devices - including smartphones, laptops, tablets and thumb drives - is becoming more and more common in healthcare settings. As physicians utilize these devices, they must be aware of the possible risks and should take measures to combat them.
Here are some tips to keep in mind when utilizing mobile devices for healthcare:
USB locks can help prevent unauthorized data transfers including uploads or downloads. USB ports and thumb drives are available for an array of mobile devices including your laptop or tablet. These locks are an easy-to-use and low-cost solution to protect sensitive information on your devices. Additional protection can be added when the data is encrypted or other security software is installed.
Geolocation Tracking Software/Services
Lost or stolen computing or data services are one of the main causes of healthcare data breach incidents. Many healthcare organizations lack sufficient resources to prevent or detect unauthorized access, loss or theft of patient data. Utilizing geolocation tracking software or services can help combat this problem. Serving as a low-cost insurance policy against loss or theft, geolocation tracking allows the physician to immediately track, locate or wipe the mobile device of all the data on it.
One of the most important tips to prevent mobile device risks is to encrypt your data, including data on hardware such as USB drives, especially if the device is going to be used remotely. The cost to encrypt data is modest and provides insurance against breaches of sensitive healthcare information.
Avoid "Sleep Mode"
Even with encrypted data, physicians must be diligent when utilizing the "sleep mode" feature on mobile devices. Most encryption products on the market are configured so that once the password is entered the device becomes unencrypted and therefore unprotected until it is booted down. Putting the device into "sleep mode" will not cause the encryption protection to turn on again and if the device is lost or stolen while in sleep mode the data is unprotected.
It is important for physicians to educate employees about safeguarding their mobile devices. Employees should be encouraged to engage in smart behavior that includes not downloading applications or free software from unsanctioned websites, turning on security settings, encrypting data in transit and rest, and promptly reporting any lost or stolen devices that may contain sensitive information. All employees in the practice must work together to help maintain a high level of data security.
Get Ahead of the "BYOD Upgrade Curve"
Healthcare organizations must ensure that all mobile devices coming offline are secured and verified before they are donated or disposed of. BYOD (Bring Your Own Device) policies allow employees in some practices to bring personal mobile devices with them to the office. In these cases the employees own the devices and are in primary control of them. If an employee is upgrading their personal mobile device, the older version should be checked to ensure that any potentially sensitive data has been removed before it is taken offline.
Assess New Apps and Technology Before Implementing Them
Technology is changing and evolving at a rapid rate. Before physicians begin using any new mobile apps or technology they should conduct a thorough technical review and risk audit. The assessment should clarify how and when the technology will be used either by patients and/or employees. The assessment should also take into account any legal, privacy or compliance issues that need to be addressed prior to implementation.