Many people use their mobile devices for business purposes, but it is important to consider the security implications of doing so. This is especially the case with healthcare organizations, as using their mobile devices improperly can lead to HIPAA violations. With so much to consider, tips for HIPAA compliant mobile devices are discussed below.

What Does NIST Say About Mobile Device Security?

Although mobile device security is not specifically addressed by HIPAA, the National Institute of Standards and Technology (NIST) has provided mobile guidelines for healthcare security engineers and providers.

NIST’s suggestion for mobile device security include:

  • Mobile devices should be individually authorized to add, modify, remove, and access PHI
  • Passcode protection should be enabled
  • Encrypt mobile devices
  • Mobile devices should only access a specific Wi-Fi (WPA2) created for mobile devices
  • Each mobile device needs to be registered with the organization
  • Enable certificates to help prove the authenticity of users and devices
  • Enable security policies for mobile security
  • Use role-based access

Tips for HIPAA Compliant Mobile Devices

HIPAA Compliant Mobile Devices

There are several reasons why using a mobile device to access protected health information (PHI) is not a good idea, at least without first implementing additional security and administrative safeguards. Mobile devices are more susceptible to theft or loss than computers, and they also often lack advanced security measures such as encryption, firewalls, and password protection.

Before you access PHI using a mobile device, you should look to the following tips for HIPAA compliant mobile devices.

  1. Implement a BYOD (Bring Your Own Device) policy
  2. Train employees on mobile device policies
  3. Implement advanced security measures
  4. Enable advanced password protections and device wiping

Implement a BYOD (Bring Your Own Device) Policy

Although some experts advise against implementing a BYOD policy, as it encourages employees to use personal devices for work. However, it is unrealistic to expect them not to, especially as more workers are opting to work from home permanently. Instead of pretending like employees won’t use their personal devices, you should implement a BYOD policy. This way employees are given guidelines on how to securely access company data, and are aware of the risks of using their personal devices for work purposes. 

For tips on how to implement a BYOD policy, please click here.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance