While some physicians keep it old school, many are using their smartphones for work. In fact, accessing protected health information (PHI) from a mobile device is quite common. Storing information on such a device means you always have the information you need in the palm of your hand. But is it safe? Can hackers access your patient data? Can you get in trouble? Should smartphones and doctors even coexist?
The fear is valid. Many recent horror stories describe hackers accessing doctor and hospital data. One L.A. hospital had to pay $17,000 in ransom. The stolen information winds up on “the dark web.” Criminals then use it to steal patient identities. They can order drugs, get free medical care, even falsify tax returns.
The idea of this happening to your practice, and to your patients, is downright scary. But don’t start converting your health records back to paper documents just yet. There are things you can do to make sure remote access to your health records is secure.
Appoint a Security Specialist
You don’t need to hire extra staff to keep an eye on your data. Simply find a tech-savvy employee and put them in charge. They can help you to go over your internal policies and find any holes. Have them review security measures, so they’re as efficient as possible. This person can keep up with current technology and make all your devices as secure as possible.
[bctt tweet=”Smartphones and Doctors: Can They Get Along?” username=”remindercall”]
Have a BYOD Policy
To maintain HIPAA compliance with a mobile device, you need to rig a pretty tight ship. First, instate a “bring your own device” (BYOD) policy. Devices that access ePHI, especially those from home, must undergo encryption and security methods. Protecting your office tablets is a great first step. But you also need to secure data from devices that leave the office. Treat them the same as the machines in your practice.
Practice Basic Security
Keep all your devices locked with strong passwords. Ensure they’re all encrypted, and have automatic log out when unattended. Passwords should use lowercase and capital letters, numbers, and special characters for greatest security. A helpful way to make a secure password is to use the first letter of each word in a sentence you will remember. For example, “My three dogs are Spot, Fido, and Sparky!” becomes the passcode “M3daSFaS!”
Unfortunately, mobile devices are the first to get stolen. So it’s best to prepare. Make sure to use Find My iPhone, or Android Device Manager on all smartphones. This way you can locate a misplaced device, and wipe the data off a stolen one (yes, you can do that from afar!).
Don’t Trust All Apps
Did you know some free applications suck all the private data right out of your smartphone? For doctors, this poses obvious security risks.
There are three steps you can take to reduce the risk:
1. Avoid downloading unnecessary apps.
2. Check settings to see what device data each app is accessing.
3. Find a quality encryption app that is within your budget to keep your device safe.
Don’t Trust Email Either
We’re serious. Regular email is almost never encrypted. It’s not difficult for hackers to breach email accounts. If they succeed, you can get in some serious hot water for HIPAA violations. Only send sensitive information with a cloud-based encryption service or over a virtual private network (VPN).
It’s true that mobile phones present some security concerns. That said, there are plenty of ways smartphones and doctors can get along. Learn basic security steps and put in place a few simple strategies. Then you can continue to use your favorite mobile apps while keeping patient data safe.