June 14, 2012 – ID Experts, a data breach prevention and remediation firm, talked with 13 experts and got 13 tips for managing mobile device threats in health care:
- Install USB locks on computers and devices to prevent unauthorized uploads and downloads;
- Consider software that can track and locate a device or wipe (erase) its data;
- Consider “brick” software that disables a missing device;
- Train employees to shut down laptops rather than putting them in sleep mode, since sleep doesn’t activate encryption protection;
- Document in risk assessments the recognition that employees may use personal devices to handle PHI even if prohibited by policy, and reduce the risk, such as offering a secure alternative to texting;
- Don’t permit PHI access via mobile devices without strong technology safeguards;
- Educate employees on safeguarding their devices;
- Purchase cyber-liability insurance;
- Secure and check devices before disposal or donation;
- Have a proactive data management strategy such as token technology;
- Have clear and explicit user opt-in policy for collecting, storing or sharing data; and
- Conduct a thorough technical review and risk audit of new mobile technologies before implementation.
Details on each tip are available here.
This story originally appeared at Health Data Management.