Many people use their mobile devices for business purposes, but it is important to consider the security implications of doing so. This is especially the case with healthcare organizations, as using their mobile devices improperly can lead to HIPAA violations. With so much to consider, tips for HIPAA compliant mobile devices are discussed below.
What Does NIST Say About Mobile Device Security?
Although mobile device security is not specifically addressed by HIPAA, the National Institute of Standards and Technology (NIST) has provided mobile guidelines for healthcare security engineers and providers.
NIST’s suggestion for mobile device security include:
- Mobile devices should be individually authorized to add, modify, remove, and access PHI
- Passcode protection should be enabled
- Encrypt mobile devices
- Mobile devices should only access a specific Wi-Fi (WPA2) created for mobile devices
- Each mobile device needs to be registered with the organization
- Enable certificates to help prove the authenticity of users and devices
- Enable security policies for mobile security
- Use role-based access
Tips for HIPAA Compliant Mobile Devices