However, with the increased usage of mobile devices comes the increased possibility of theft and loss of ePHI( electronic protected health information). According to the mobile security specialist Lookout, 54% of all smartphone users do not password protect their device. This data when coupled with the data from Symantec Corporation, which shows “36 percent of U.S. consumers have had a cell phone disappear on them”, makes the protection, security and recovery of the mobile devices a critically important issue for all healthcare providers.
All Covered Entities under HIPAA are well aware that HIPAA audits have begun and the possibility of being audited is very real. Non-compliance with the HIPAA security rule will result in severe penalties. Hence it is imperative that all healthcare providers pay special attention to their mobile device usage policies and procedures. Of particular importance are policies with respect to:
- Access control
- Audit control
- Integrity of ePHI
- Person or entity authentication
- Data encryption
- Data storage and transmission
- Device tracking
- Device recovery
- Remote data lockup and/or wipe out
- Device disposal
For Smart Phones and Tablets
- Find my iPhone( Mobile Me): As the name suggests this app for iOS devices allows you to find the location of your Apple device as well as be able to remote lock it and wipe the data on it.
- LookOut Mobile Security: Helps locate lost device, remote phone lock and wipe data.
- Norton Mobile Security: Protects your mobile device against loss, theft and malware. Allows you to remotely locate, lock your phone if the SIM card is removed to prevent a thief from using another card, wipe your phone if it’s lost or stolen or lets you send a text to your missing phone that sets off a “scream” alarm, so you can find it fast.
- Webroot Mobile Security for android: Protects Android devices against malware, insecure applications, and dangerous web sites. In addition it can help recover a lost phone and block unwanted communication, lock or wipe data.
- Seekdroid: Allows you to locate your lost or stolen device, remote device lock and wipe data.
- iHound: Helps protect your cell phone from damage, sound a loud alarm, wipe your data and locate your Android or iPhone.
- McAfee WaveSecure: Helps locate your device in the the event of theft or loss. Also provides remote device lock, data wipe. Also antivirus and anti-malware protection.
- Prey: Lets you track the system’s location via an online control panel. Software is installed on the laptop that also lets you capture screenshots of your laptop, take a photo using the built-in webcam, sound an alarm if it is moved or misplaced, remotely lock the computer.
- LoJack for Laptops, a subscription service that enables you to track your laptop and also to lock it to prevent access and/or remotely wipe the hard drive.
- Find My Mac, similar to Find My iPhone but for Apple laptops.
You can also significantly improve iPhone security by upgrading to iOS5 and ensuring that the Passcode Lock feature is enabled. This should provide some, though limited, data protection. For iPhone4S users with Siri enabled, ensure that the “Siri” option in the Passcode Lock menu is switched off. This ensures that no one can send texts and emails even from your locked phone by accessing Siri by just holding down the home button and dictating messages. You can also use encryption apps like Encrypt SMS or SecuMail to keep text messages and/or emails secure. For android smartphones there are numerous options for data encryption. Some of them are WhisperCore, DroidCrypt, Andisk Encryption and Text Secure( secure texting between textsecure users).
Technology by itself is not the only answer. Organizations should adopt a broad set of measures to ensure the integrity, security and availability of ePHI at all times. These additional measures include strong and clear written policies and procedures, regular employee training and awareness programs for proper HIPAA compliance, strong identity and access controls, audit controls, and regular testing and revision of compliance measures.