Posted by: RedaChouffani
HIPAA, MDM, Mobile, security
Many IT executives are continuously reviewing the state of their mobile device management (MDM) strategy, in response to the increasing use of mobile devices and in order to meet compliance requirements. For many who are in the initial stages of implementing a BYOD policy, there are several key considerations to focus on to ensure the security of data that is being accessed through mobile devices.
There are two main mobile device security use cases. The first case is when hospital users bring their own devices and use them to access protected health information as well as internal data. The second case is corporate devices provided and managed by the organization.
For personal devices, IT departments must engage the users and apply some of the following steps to help ensure that when data is accessed remotely there are adequate safeguards to ensure its protection.
For employees personal devices, the following steps should be considered:
- Implement applications, which would reside on mobile devices to set up a secure connection to the health system’s data and limit content access (disable copying text and other functions such as screen capture).
- Provide users with self-management tools that will allow users to perform remote erase and locate their devices when lost.
- Educate and encourage users to properly secure their devices with pass-codes, passwords and encryption when available.
- Control the number of devices enrolled under a single user.
- Ensure that data on mHealth apps installed directly on devices is encrypted or that no data is stored locally on the device such as patient information.
For corporate devices:
- Use an MDM plan that provides adequate controls to lock down the devices.
- Use MDM tools to remote wipe devices when lost or compromised.
- Use antivirus and malware protection for the devices to ensure they are not infected.
- Implement security policies for strong passwords.
- Ensure that data on mHealth apps installed directly on the devices is encrypted.
It is critical to guide users to safely access information on their mobile devices, while complying with HIPAA and other regulatory requirements. There must be a clear separation of personal data and corporate data on the devices. There are several MDM platforms that have enabled hospitals to simplify the management and security of mobile devices and ensure successful BYOD implementation.