Compliance Best Practices for Mobile Data Security in Medical Practices
Today, physicians and medical professionals are using their mobile devices more than ever before. In fact, one survey found that 90% of healthcare providers and employees are using mobile devices to engage patients in their healthcare. (3) Another study reported that 72% of providers use their mobile devices to access drug information and 44% use it to communicate with other medical staff. (2)
Although these tools provide increased efficiency, convenience, and the capability to access medical information quickly to make better-informed decisions, they are also not without risk. Mobile devices are more vulnerable to theft because they do not always have the appropriate security controls making them more susceptible to a data breach. Additionally, malware infections on mobile devices have increased 96% from 2015 to 2016. (4)
To avoid severe penalties or the risk of a data breach, medical practices, and healthcare organizations must develop and implement mobile device procedures and policies that will protect patient health information.
The Department of Health and Human Services has released five best practices to assist with managing mobile devices in your healthcare setting (1):
1. Determine whether mobile devices will be used to access or transmit health information at your practice or organization’s network, for example, an electronic health record system.
2. Consider the risks involved with utilizing mobile devices to transmit patient health information. Conduct a risk analysis to identify the threats and vulnerabilities.
3. Implement a mobile device risk management strategy, including privacy and security safeguards.
4. Implement and document your practice’s mobile device policies and procedures focusing on topics such as:
- Mobile device management
- Utilizing your personal device
- Restrictions on mobile device use
- Security or configuration settings for mobile devices
5. Conduct ongoing training for medical professionals and providers about mobile device privacy and security. (1)