Mobile devices including laptops, tablets and smartphones are a growing threat to patient information. We wrote about how many organizations fail to realize how much protected health information (PHI) is on mobile devices.
In a very insightful study called The Risk of Regulated Data on Mobile Devices & in the Cloud, the risks of mobile devices are clearly documented.
According to the findings of The Risk of Regulated Data on Mobile Devices study, many organizations are not taking the necessary steps to protect this type of data on mobile devices and in the cloud. In fact, 54 percent of respondents have had on average five data breach incidents involving the loss or theft of a mobile device containing regulated data.
The study points out that most organizations do not know the amount of PHI and other regulated data that are on mobile devices.
The key question to ask here is;
How can you protect PHI if you don’t know where it is? If you don’t know what data is on your employee’s laptops, tablets and smartphones it makes it harder to protect.
A good recommendation is to encrypt all your mobile devices. Encryption is inexpensive and easy to implement. Encryption is a safe harbor under the HIPAA Security Rule and does not require breach notification in the event of a security breach.[framed_box bgColor=”#ffd390″] Organizations need to perform a Risk Assessment to determine the likelihood of risks and what additional security measures should be put in place to protect patient information.
understand the HIPAA Risk Assessment process