Best Practices: HIPAA and Mobile Devices – Part 1

Are your mobile devices secure when it comes to protected health information (PHI)? Here are some tips to expand your awareness in this area. These tips and more can be found on www.healthit.gov, an excellent HIPAA resource for providers!

What privacy and security safeguards should you have in place on your mobile device before communicating with a patient?
Encryption is strongly recommended. This is a method of converting an original message of regular text into encoded text, rendering a low probability of assigning meaning unless the user has the “key”. If you have encrypted your mobile devices make sure you know who in your office has access to the “key” to encryption. You? Your office manager? Is the “key” kept in a secure location?

Is encryption required by HIPAA?
No. In HIPAA language, this standard is “addressable” and not “required”. “Addressable standards” within HIPAA must be implemented if “reasonable and appropriate” to do so. The bottom line is if you choose not to encrypt your mobile devices you must have documentation ready to show a HIPAA auditor why you opted not to.

Is encrypting my mobile devices expensive?
No. Many phones and laptops have encryption capabilities (varies by device). If your phone or laptop computer does not have this capability, there are applications you can download or purchase – just be sure it is from a trusted source! We recommend checking www.healthit.gov for more information on this topic.

Note: Please consult with a security and privacy professional for advice and guidance for your specific situation.