Smartphones, tablets, laptops — devices like these can make your practice more efficient. And mobile technology allows you to get work done even when you aren’t physically in the office.
But storing and transmitting health information electronically also opens you up to additional security risks. The penalty for a breach? One HIPAA violation can result in a fine of up to $50,000. The maximum fine for several identical violations could be as much as $1.5 million in a year.
While the financial risks may tempt you to avoid using mobile devices altogether in your office, it’s not necessary to go to that extreme. Instead, learn about the potential risks and put security measures in place to keep your patients’ health information private and secure. Here’s what you can do:
Risk : Lost or stolen devices
Security Solution : Keep your devices with you or in a secure, locked location at all times. However, the easiest way to secure them and retain peace of mind is to use passwords or personal identification numbers (PINs). If a device should ever be lost or stolen, these codes will verify the user’s identity and prevent unauthorized access of stored information. Additionally, you can install an app or software that allows remote wiping or disabling of the mobile device — that is, stored data can be erased or locked remotely by the owner.
Risk : Unauthorized access and security breaches
Security Solution : Beyond passwords, you have many options for preventing unauthorized access. Most mobile devices have built-in encryption, so be sure that feature is enabled. If it’s not included, purchase and install an encryption tool to protect any health information that is stored on the device and sent electronically.
You should also use only secured networks and avoid public Wi-Fi, disable file sharing, and install firewalls that permit or block specific connection attempts. As a final step, if you know you won’t need to access a patient’s information again in the near future, commit to deleting it from your device immediately. And if you should ever choose to discard or donate the device, permanently erase all stored data before doing so.
Risk : User error (such as selecting the wrong contact or including a different patient’s confidential information)
Security Solution : It’s a simple but powerful solution — slow down, pay attention and always double-check all contacts and attachments before sending. Include only the necessary information and avoid sending large files, such as a patient database, to cut down on the possibility of errors.
Risk : Viruses, spyware and malware
Security Solution : Install security software and keep it up to date. Before downloading any mobile apps, research them on reputable sites to make sure they are safe and execute only approved functions.
If your staff also uses mobile devices within and/or outside the office, establish policies and training for accessing, storing and transmitting health information so everyone is educated on the possible risks, including those listed above, and knows what steps to take to prevent such issues.
The very nature of mobile devices — their portability and ability to transmit communications electronically — makes them vulnerable to security breaches. But with the right tools and strategies, you can tap into the convenience of smartphones, tablets and laptops and still feel confident that your patients’ health information will remain secure.