At the December 2012 ONC Annual Meeting, HHS announced that a new education initiative and website at www.HealthIT.gov/mobiledevices has been launched complete with a set of online tools to provide healthcare providers and organizations practical tips on protecting health information when using mobile devices.
Some tips offered:
- Use strong passwords—Passwords should include at least 6 characters, a combination of upper and lower case letters, at least one number, and one punctuation mark. Change your password quarterly and prevent people from seeing it. Install automatic log off features on the device
- Install and enable encryption—Mobile devices can have built-in encryption capabilities or you can buy and install an encryption tool on your device
- Install and activate remote wiping and/or remote disabling—Remote wiping enables you to erase data on a mobile device remotely. If you enable the remote wipe feature permanently then data will be deleted on a lost or stolen mobile device. Remote disabling means that if a mobile device is lost or stolen and if the mobile device is recovered, you can unlock it
- Disable and do not install or use file sharing applications—File sharing is software or a system that allows internet users to connect to each other and trade computer files. However, file sharing can also enable unauthorized users to access your laptop without your knowledge. By disabling or by not using the sharing applications, you can reduce a known risk to data on your mobile device
- Install and enable a firewall—Firewalls can intercept incoming and outgoing connection attempts and block or permit them based on a set of rules
- Install and enable security software—The software can protect against malicious applications, viruses, spyware, and malware-based attacks
- Keep your security software up to date—When you regularly update your security software, you have the latest tools to prevent unauthorized access to health information
- Research apps before downloading—Before you download and install an app on your mobile device, verify that the app will perform only functions that you have approved
- Maintain physical control of your mobile devices—Mobile devices are easily lost or stolen and may enable the use of unauthorized health information. If the mobile device is stolen, be sure to report the incident and take decisive steps to deal with the loss by developing an incident reporting plan when you initially start using your mobile device
- Be careful when using adequate security to send or receive health information over public Wi-Fi networks—Don’t send or receive secure health information when connected to a public Wi-Fi network unless you use secure encrypted connections
- Delete all stored health information before discarding or reusing the mobile device—ONC has issued guidance that discusses the proper steps to take to remove health information and other sensitive data stored on your mobile device before you dispose or reuse the device
