Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.



Similar documents
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO

HELPFUL TIPS: MOBILE DEVICE SECURITY

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

HIPAA Requirements and Mobile Apps

The BYOD of Tomorrow: BYOD 2.0. What is BYOD 1.0? What is BYOD 2.0? 3/27/2014. Cesar Picasso, MBA SOTI Inc. April 02, 2014

Data Protection Act Bring your own device (BYOD)

Managing Mobile Device Security

When HHS Calls, Will Your Plan Be HIPAA Compliant?

PREP Course # 20: HIPAA Security Presented by: Joe Baskin, Manager, Information Security

OCR UPDATE Breach Notification Rule & Business Associates (BA)

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

BYOD Policy for [AGENCY]

Best Practices Guide to Electronic Banking

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Business ebanking Fraud Prevention Best Practices

Bring Your Own Device (BYOD) and Mobile Device Management.

ONE Mail Direct for Mobile Devices

Information Technology Branch Access Control Technical Standard

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

My Docs Online HIPAA Compliance

CHIS, Inc. Privacy General Guidelines

Bring Your Own Device (BYOD) and Mobile Device Management

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Montclair State University. HIPAA Security Policy

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

State of South Carolina Policy Guidance and Training

Security Is Everyone s Concern:

ISO 27002:2013 Version Change Summary

An Independent Member of Baker Tilly International

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Why you need. McAfee. Multi Acess PARTNER SERVICES

HIPAA Security COMPLIANCE Checklist For Employers

Cyber Self Assessment

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Mangesh Sawant. Information Security Risks for Business Professionals Traveling to China

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Have you ever accessed

How To Protect Your Data From Being Stolen

General Security Best Practices

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 )

University of Cincinnati HIPAA Administrative, Physical and Technical Safeguards

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

MOBILE BANKING USER GUIDE

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Why Encryption is Essential to the Safety of Your Business

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Mobile Health Apps 101: A Primer for Consumers. myphr.com

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Information Security It s Everyone s Responsibility

Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU

PHI- Protected Health Information

Wellesley College Written Information Security Program

Mobile Device Management

The User is Evolving. July 12, 2011

Don t Let A Security Breach Put You Out of Business

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Cyber Security. John Leek Chief Strategist

Security Guidelines and Best Practices for Retail Online and Business Online

BYOD. opos WHAT IS YOUR POLICY? SUMMARY

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

HIPAA Compliance Guide

BYOD: End-to-End Security

Guidelines for smart phones, tablets and other mobile devices

White Paper. Data Security. The Top Threat Facing Enterprises Today

Internet threats: steps to security for your small business

Transcription:

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include: A lost mobile device A stolen mobile device Inadvertently downloading viruses or other malware Unintentional disclosure to unauthorized users Using an unsecured Wi-Fi network 2

Take the Steps to Protect and Secure Health Information When Using a Mobile Device The resource center http://www.healthit.gov/mobiledevices was created to help providers and professionals: Protect and secure health information when using mobile devices In a public space On site At a remote location Regardless of whether the mobile device is Personally owned, bring their own device (BYOD) Provided by an organization 3

Mobile Devices: Tips to Protect and Secure Health Information Mobile Devices: Tips to Protect and Secure Health Information Use a password or other user authentication. Keep security software up up to to date. Install and enable encryption. Install and enable encryption. Install and activate wiping and/or remote disabling. Disable and do not install file- Disable sharing and applications. do not install file- sharing applications. Install and enable a firewall. Install and enable a firewall. Install and enable security Install software. and enable security software. Research mobile applications (apps) before downloading. Maintain physical control of of your mobile mobile device. device. Use adequate security to to send or or receive health information over public public Wi-Fi networks. Wi-Fi networks. Delete all stored health information Delete before all stored health discarding or information reusing the mobile before device. discarding or reusing the mobile device. 4

Understanding and Following Organizational Policies and Procedures Health care providers and professionals are responsible for learning and understanding their health care organization s mobile device policies including: Policies and procedures on: Bring your own device (BYOD) Mobile device registration Mobile device information storage Backup information stored on mobile devices Remote wiping and/or disabling Professionals and providers should also be aware of the: Organization s privacy and security officer(s) Virtual private network (VPN) Mobile device privacy and security awareness and training 5

Five Steps Organizations Can Take to Manage Mobile Devices 1.) DECIDE Decide whether mobile devices will be used to access, receive, transmit, or store patients health information or be used as part of the organization s internal networks or systems (e.g., your EHR system). 2.) ASSESS Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information the organization holds. 3.) IDENTIFY Identify the organization s mobile device risk management strategy, including privacy and security safeguards. 4.) DEVELOP, DOCUMENT, and IMPLEMENT Develop, document, and implement the organization s mobile device policies and procedures to safeguard health information 5.) TRAIN Conduct mobile device privacy and security awareness and training for providers and professionals. 6

Mobile Devices and Health Information: What to Avoid Sharing your mobile device password or user authentication Allowing the use of your mobile device by unauthorized users Storing or sending unencrypted health information with your mobile device Ignoring mobile device security software updates Downloading applications (apps) without verifying they are from a trusted source Leaving your mobile device unattended Using an unsecured Wi-Fi network Discarding your mobile device without first deleting all stored information Ignoring your organization s mobile device policies and procedures 7

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Learn more at http://www.healthit.gov/mobiledevices 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information