Page 25 - Part 1 Navigating Electronic Media in a Healthcare Setting
P. 25
SVMIC Navigating Electronic Media in a Healthcare Setting
Many healthcare organizations choose to leverage the benefits of
mobile devices, while keeping costs to a minimum. Bring Your
Own Device (BYOD) programs are becoming more frequent in
practices and permit physicians, advanced practice practitioners
and other healthcare workers to use their own personal devices at
work. The more popular reasons practices cite in implementing a
BYOD program are the speed and convenience of modern
technology, as well as the cost-saving benefits. However, with a
large portion of medical professionals now using personal mobile
devices, there is a considerable risk of ePHI being accessed by
unauthorized personnel. Most messaging apps on mobile devices
have no login or logout requirements and, if a mobile device is lost
or stolen, there is a significant risk that messages containing ePHI
could be released into the public domain.
Any HIPAA covered entity that chooses to use mobile devices in
the workplace must implement a number of controls to protect any
patient health data that is accessed through, stored on or
transmitted by the device. At a minimum, mobile devices should be
protected by a 6-digit passcode or biometric identifier. It is
imperative that physicians and staff be aware of the security
available on their devices and implement appropriate security if
there is any chance the device contains ePHI.
Even if mobile devices are secured, there is considerable potential
for the users of those devices to violate HIPAA rules or company
policies. Without adequate controls, devices could be
compromised, and the ePHI stored on them exposed. There is also
considerable potential for Smartphones, tablets and laptops to be
targeted by cybercriminals, who view them as an easy entry point
into healthcare networks.
Page | 25
