Are you using mobile devices in your healthcare organization? Tablets, phones, and mobile apps can be used to increase productivity and convenience in your practice. But are you taking the needed steps to make sure your devices and apps are HIPAA compliant? Practices should implement appropriate policies and procedures to safeguard health information, including those specific to mobile devices.
What is your policy on mobile devices in healthcare?
Decide whether mobile devices can be used to access, receive, transmit, or store patients’ ePHI. Understand the risks to your practice before you decide to allow the use of mobile devices. Consider the risks when using mobile devices to transmit the health information your organization holds:
Has your practice identified all the mobile devices that are being used? How are you keeping track of them?
- Assign responsibility to have a regular review and audit of the mobile devices.
Should you let providers or other employees use their personally owned mobile devices within the practice?
- Have a policy that restricts how providers and professionals can use mobile devices in healthcare.
Does your practice have written procedures for addressing misuse of mobile devices?
- Implement procedures to wipe or disable a mobile device that is lost or stolen.
- Have written procedures that cover how mobile devices are handled should providers and/or professionals leave the practice.
Take a look at some of these resources for more information on the security of mobile devices in healthcare:
- 10 tips to protect health information on a mobile device
- Mobile devices in healthcare – privacy and security
- Best Practices – securing mobile devices in healthcare