With the advent of tablets, smartphones and the applications dedicated to streamlining healthcare, PHI (protected healthcare data) is increasingly at risk. According to the Department of Homeland Security healthcare organizations, providers and entities charged with safeguarding PHI under Federal HITECH and HIPAA are especially vulnerable.
Patient data is more moveable and is now processed and shared via personal devices and portable storage devices such as flash drives. The Bring Your Own Device (or BYOD) trend of data storage can be especially detrimental to a healthcare organization when these devices are lost or stolen. Thirteen experts representing legal, data breach prevention, technology, healthcare, IT and security were asked for their top tips to protect sensitive patient data and avoid disaster.
1. Install USB locks on computers, laptops or other devices that may contain PHI or sensitive information, to prevent unauthorized data transfer (uploads or downloads) through USB ports and thumb drives. – Christina Thielst, FACHE, vice president, Tower Consulting Group.
2. Consider geolocation tracking software or services for mobile devices. – Rick Kam, CIPP, president and co-founder, ID Experts.
3. Brick the mobile device when it is lost or stolen. – Jon A. Neiditz, partner, Nelson Mullins Riley & Scarborough.
4. Encrypt. – Chris Apgar, CISSP, president and CEO, Apgar and Associates.
5. Laptops put in “sleep” mode, as opposed to shutting them down completely, can render encryption products ineffective. – Winston Krone, managing director, Kivu Consulting.
6. Recognize that members of the workforce may use personal mobile devices to handle protected health information, even if contrary to policy. – Adam H. Greene, partner, Davis Wright Tremaine.
7. Don’t permit access to PHI by mobile devices without strong technical safeguards: encryption, data segmentation, remote data erasure and access controls, VPN software, etc. – Kelly Hagan, attorney, Schwabe, Williamson & Wyatt.
8. Educate employees about the importance of safeguarding their mobile devices. – Dr. Larry Ponemon, chairman and founder, Ponemon Institute.
9. Implement Electronic Protected Health Information (EPHI) security. – Christine Marciano, president, Cyber Data Risk Managers.
10. Healthcare organizations should work to get ahead “of the BYOD upgrade” curve by ensuring that the devices coming offline are adequately secured and checked before disposal or donation. -Richard Santalesa, senior counsel, Information Law Group.
11. Have a proactive data management strategy. – Chad Boeckman, president, Secure Digital Solutions.
12. Transparency and End User Consent Opt-In. – David Allen, CTO, Locaid Technologies.
13. The mobile web and “app” landscape is not your father’s Internet. – Pam Dixon, executive director, World Privacy Forum.
If your healthcare facility or small business would like to learn more about how to protect your company’s data in the day of BYOD DataComm Plus can help set up your data security system and advise you on how to protect your information as well as your employees from date breaches. It’s your info-you should keep it.
Source: PR Newswire, ID Experts