1-Encryption.mp41) Turn on Full-Device Encryption
1) Turn on Full-Device Encryption
Using full-disk encryption is an amazing way to protect your clients and your practice from privacy breaches. Used properly, it also qualifies your device for the safe harbor in HIPAA’s Breach Notification Rule. Use it everywhere!
2) Make a user account for doing IPA business that is separate from your personal user account
2) Make a user account for doing IPA business that is separate from your personal user account
This one applies to laptop and desktop computers, and to Surface tablets. Other devices cannot make multiple user accounts. You can move on to your next step for this device!
3-Password.mp43) Make sure your password is strong
3) Make sure your password is strong
Your device’s password is also the password for its encryption. So be sure to set a strong one! Strong passwords are also a HIPAA standard.
4) Turn on or add anti-virus software
4) Turn on or add anti-virus software
Anti-virus is a minimum must for all devices. Use of software to prevent virus infections is also a HIPAA standard.
In order to get effective antivirus software for your Android, we recommend installing a security app and activating its antivirus features.
We don’t have a specific favorite app. For that reason, we recommend checking Tom’s Hardware Guide to see what they recommend installing on your Android. See their 2019 Best Android Antivirus Reviews Here. (BTW, we think it’s perfectly fine to choose the free option.)
5) Activate your firewall
5) Activate your firewall
Good news! All that’s required to meet the HIPAA requirements of a firewall for your Android phone is to install an anti-virus app.
In order to get a firewall for your Android, we recommend installing an anti-virus app and make sure it has either any feature whose purpose is to “protect from incoming connections.”
Because actual firewall apps on Android require rooting your device, we don’t recommend utilizing those applications (as rooting your phone exposes you to higher risks).
We don’t have a specific favorite app. For that reason, we recommend checking Tom’s Hardware Guide to see what they recommend installing on your Android. See their 2021 Best Android Antivirus Reviews Here. Yes, we are sending you to the antivirus reviews because security software apps generally also provide protection from incoming connections.
6-Updates.mp46) Make sure the operating system is updated
6) Make sure the operating system is updated
It is important that device software be kept up-to-date, because companies issue important security updates frequently. It is also a HIPAA standard that the system software be kept updated.
7-Lockout.mp47) Set the device to logout or lock after a short period of idle time
7) Set the device to logout or lock after a short period of idle time
HIPAA requires that devices automatically log out after you’ve left them idle for some short period of time. This prevents people from walking up to or picking up a device that you’re logged into.
8-Remote Tracking.mp48) Turn on remote tracking
8) Turn on remote tracking
Most mobile devices have software that lets you track their location. This is a very strong measure for being able to recover lost devices or, at least, discover what has happened to lost devices (knowing what happened can be very helpful with security incident investigations.) It works best with smartphones, however, because their cellular phone connections make them much better able to stay connected to the Internet as they move around.
9-Unsync Google.mp49) Make sure your Android isn’t sending client information to Google everyday
9) Make sure your Android isn’t sending client information to Google everyday
Androids like to be “helpful” by sending backups of the information on our devices up to Google. This can be a security problem though, because our personal Google accounts shouldn’t be holding client information for us.
For a deeper dive into changing syncing settings on your Android phone, check out the below links and video for help.
10-Backup.mp410) If needed, make a strategy for keeping the device backed up
10) If needed, make a strategy for keeping the device backed up
If your personal device is holding on to information about client care that isn’t also held on devices or services elsewhere, you need to keep it backed up. Maintaining backups of all PHI is a HIPAA standard.
A few examples of data that is often found on personal devices:
Text messages with clients
Emails with clients
Clinical notes about clients
Written reports
Superbills
11-Apps.mp411) Make sure the device doesn't have any disallowed software on it
11) Make sure the device doesn't have any disallowed software on it
The Bring Your Own Device policy requires you to be thoughtful and careful about how you install software. Be sure you haven’t installed apps from places outside of Google’s repositories. If someone else has installed any apps for you, you should check with them to see where they were installed from.
12-Rooted.mp412) Make sure the device’s basic security is not compromised
12) Make sure the device’s basic security is not compromised
Many people purposefully root their Android phones in order to make the device more flexible. Doing this makes the device more vulnerable to security issues, however, so rooted devices are not allowed for use in practice work under the Bring Your Own Device Policy.
Report abuse