The October cybersecurity newsletter from the HHS Office for Civil Rights focused on securing protected health information held on mobile devices such as cellphones, tablets and laptops.
"The use of mobile devices in the workplace can be convenient and productive, but organizations should realize the risks associated with increased usage of mobile devices — especially when mobile devices are used to create, receive, maintain or transmit electronic PHI," the newsletter reads.
Here are 12 steps OCR recommended to help providers secure PHI on mobile devices.
1. Implement policies and procedures regarding the use of mobile devices in the workplace, especially when used to create, receive, maintain or transmit PHI.
2. Consider using mobile device management software to manage and secure mobile devices.
3. Install or enable automatic lock or logoff functionality.
4. Require authentication to use or unlock mobile devices.
5. Regularly install security patches and updates.
6. Install or enable encryption, anti-virus and anti-malware software, and remote wipe capabilities.
7. Use a privacy screen to prevent people nearby from reading information on your screen.
8. Use only secure Wi-Fi connections.
9. Use a secure virtual private network, also known as a VPN.
10. Don't download third-party apps, use "whitelisting" to ensure users only install approved apps, and verify apps only have the minimum necessary permissions.
11. Securely delete all PHI stored on a mobile device before discarding or reusing the device.
12. Include training on how to securely use mobile devices during workforce training programs.
To access the full newsletter, click here.