Best Practices: HIPAA and Mobile Devices – Part 2

Are your mobile devices secure when it comes to protected health information (PHI)? Here are some tips to expand your awareness in this area. These tips and more can be found on www.healthit.gov, an excellent HIPAA resource for providers!

Can I use texting to communicate protected health information, even with another provider or professional?
It depends but generally no. Text messages are not secure because they lack encryption. Even if your device is encrypted, you still cannot be certain your text message was received by the intended recipient. If texting is an important means of communication for you there are third-party solutions available; diligence in researching their compliance is a must.

What do I need to consider when using my mobile device in public?
Public Wi-Fi is unsecured. Working from a local coffee shop, for example, to perform billing or charting would not be not a good idea. On that same note, do you let employees catch up work from home, like billing or charting? If yes, do you know the security of the PHI that may be downloaded on their personal devices? What is your company policy on employees using their own equipment to perform office work?

Do I need to be concerned about talking to my office staff via Bluetooth?
Yes. You must be sure to know your cell phone capability in this area. Many phones have a “turn off” or set the Bluetooth capabilities to “non-discoverable.” In this mode, the Bluetooth-enabled mobile device is invisible to other devices not authorized to access or monitor the data in your device.

Note: Please consult with a security and privacy professional for advice and guidance for your specific situation.