Best Practices in Securing Mobile Healthcare Devices

Best Practices in Securing Mobile Healthcare Devices

Many physicians and practice support staff participate in bring your own device (BYOD) arrangements at work. Having a BYOD policy is both convenient for staff and cuts the cost of supplying staff with electronic hardware. However, without proper technology management BYOD can easily turn into a nightmare with regard to security, so follow these best practices to ensure your practice is safe.


Authentication and Encryption of Mobile Devices

Strong passwords and dual or two-factor authentication (2FA), which involves the entering of a password and a personal identification number (PIN), greatly aid in preventing the illicit use of mobile devices.


Encryption of mobile devices ensures that if your equipment is lost or stolen, the data cannot be read by unauthorized users. If your practice has a breach in security, you will have to prove to the Department of Health and Human Services (HHS) that your devices are encrypted and that you have an encryption plan in place; if no encryption is being used, your practice will be in violation of HIPAA compliance requirements and is liable to get a fine.


Develop a Mobile Device Policy

A written mobile device policy is also essential if you have a BYOD policy for personnel. The policy should include:


  • Who is allowed to access the practice network?
  • What medium of access is allowed? Public WiFi networks are vulnerable, while virtual private networks (VPNs) are more secure.
  • Which devices are acceptable?
  • What data can be stored on the devices?

Other elements to incorporate in a mobile device policy are appropriate use, support and costs. Hand out the policy document to all staff involved in the BYOD scheme, and have them sign it to indicate that they understand the policy and that they agree comply with it.


Keep Up to Date with New Technology


Advances in mobile device management (MDM) are continually being made, and it’s important to know what’s available. For example, MDM software lets administrators know which devices are accessing data and from where, gives the ability to wipe lost or stolen devices completely clean, and monitors data that is coming into and leaving the network. Secure containers keep personal apps separate from practice data, preventing inadvertent divulging of the electronic protected health information (ePHI) of patients.


Best Practices Training for Staff


All BYOD users need to know how to activate security features, how to identify “friendly” apps, and to have guidance and controls implemented to ensure they know where it’s safe to upload sensitive data such as ePHI to. Your practice needs establish this technical know-how in all of your employees and get them on board with mobile device security as humans are most often the weakest link in the cyber- security chain.


Partnering with a reputable IT services company smooths the way to your successful implementation of mobile device security software. Contact the team at Bay Computing for advice and information about how to secure the mobile devices used each day in your medical practice.



Comments are closed.


San Francisco Office
315 Montgomery St., 9th Fl
San Francisco, CA 94104

P 415-759-8500

Concord Office
1800 Sutter St., Ste 680
Concord, CA 94520

P 925-459-8500