KoolSpan U: Weekly Word Wednesday – HIPAA Security Rule

As physicians, nurses, and patients increasingly use mobile devices to communicate sensitive health information, it’s important to remember that there are strict protocols to adhere to when it comes to the HIPAA Security Rule. The national standards under this rule are designed to protect patients’ electronic protected health information (“ePHI”) through specific storage, maintenance and transmittance guidelines.

In order to ensure that the mobile device a healthcare provider or patient uses is HIPAA compliant, a hospital, organization or individual can enact the following policies:

• User authentication – It may seem obvious since many of our devices usually have password protection, but it is imperative that only approved personnel have access to a mobile device that contains protected health information.
• Secure Wi-Fi connections – Avoid unwanted hacking intrusions by only utilizing secure, password protected Internet connections. Public WI-FI networks at a local coffee shop or on an airplane pose a much higher risk of unwanted intrusion on a mobile device.
• Software Security – As is general practice with desktop computers, installing security software with a firewall is a necessary step.
• Encryption – While software can provide an initial firewall against attacks, hardware encryption that can be installed into a mobile device keeps vital information even safer as it converts data into a form that cannot be read without a decryption key.
• Update – Ensure that all apps and operating software are up to date as the developers use updates to fix any security holes in a program.
• Establish Guidelines – And most importantly, establish processes and procedures within your organization that are clear and actionable for all employees so that the above measures are taken with every mobile device that deals with HIPAA information.