1-Device Encryption.mp41) Turn on Full-Device Encryption
1) Turn on Full-Device Encryption
Using full-disk encryption is an amazing way to protect your clients and your practice from privacy breaches. Used properly, it also qualifies your device for the safe harbor in HIPAA’s Breach Notification Rule. Use it everywhere!
2-Create Account.mp42) Make a user account for doing IPA business that is separate from your personal user account
2) Make a user account for doing IPA business that is separate from your personal user account
3-Password.mp43) Make sure your password is strong
3) Make sure your password is strong
Your device’s password is also the password for its encryption. So be sure to set a strong one! Strong passwords are also a HIPAA standard.
4-Anti-Virus.mp44) Turn on or add anti-virus software
4) Turn on or add anti-virus software
Anti-virus is a minimum must for all devices. This does include Macintosh computers, even though Apple always says it isn’t necessary (they’re fibbing — it is necessary for Macintosh computers.) Use of software to prevent virus infections is also a HIPAA standard.
Apple is funny about antivirus for Macintoshes. They claim that it’s built-in and you don’t need to install antivirus. We don’t agree. That said, you should still follow the instructions of the video below to make sure your Mac always install security updates. That ensures that the Mac’s built-in antivirus stays up to date.
Also, we strongly recommend installing security software with antivirus for your Mac. We don’t have a specific favorite software package, but many security packages can easily cause problems for Macs. For that reason, we recommend checking Tom’s Hardware Guide to see what they recommend installing on your Macintosh. See their 2021 Best Mac Antivirus Reviews Here. (BTW, we think it’s perfectly fine to choose the free option.)
5-Firewall.mp45) Activate your firewall
5) Activate your firewall
Firewalls watch your Internet connection to make sure nothing suspicious gets through. They’re very important to keeping your devices clean and safe for managing client information. They are also an important part of complying with the HIPAA standard around preventing virus infections.
6) Make sure the operating system is updated
6) Make sure the operating system is updated
It is important that device software be kept up-to-date, because companies issue important security updates frequently. It is also a HIPAA standard that the system software be kept updated.
If your Mac’s operating system is not up to date, your computer will pop up notifications stating that an update is ready. To meet this standard, make sure to install those updates when your Mac announces them to you.
To make sure your Mac always installs its security updates, see the video above for “Turn on or add anti-virus software.”
7-Lock-out.mp47) Set the device to logout or lock after a short period of idle time
7) Set the device to logout or lock after a short period of idle time
HIPAA requires that devices automatically log out after you’ve left them idle for some short period of time. This prevents people from walking up to or picking up a device that you’re logged into.
8) Turn on remote tracking
8) Turn on remote tracking
This is not applicable to your Macintosh computer as remote tracking works best with smartphones, however, because their cellular phone connections make them much better able to stay connected to the Internet as they move around. If you are working through security instructions for other device types, you may see a video or other instructions here.
9-Information Sharing.mp49-2-Backup to Icloud.mp49) Make sure your device isn’t sending client information to Apple everyday
9) Make sure your device isn’t sending client information to Apple everyday
Apple devices, including Macintosh laptops and desktops, like to be “helpful” by sending backups of the information on our devices up to iCloud. This is a security problem, because Apple accounts shouldn’t be holding client information for us.
For a deeper dive, check out this video on how to manage iCloud syncing, including how to delete files from iCloud.
10-Backup.mp410) If needed, make a strategy for keeping the device backed up
10) If needed, make a strategy for keeping the device backed up
If your personal device is holding on to information about client care that isn’t also held on devices or services elsewhere, you need to keep it backed up. Maintaining backups of all PHI is a HIPAA standard.
A few examples of data that is often found on personal devices:
Text messages with clients
Emails with clients
Clinical notes about clients
Written reports
Superbills
If using an external hard drive, or another physical device, to back up your Mac, you’ll want to use the built-in backup software, called Time Machine.
If your backup strategy for the device includes an external hard drive, your external hard drive must also be encrypted; this can be done using the native encryption software that was used to encrypt the device itself. See here for tutorial.
11) Make sure the device doesn't have any disallowed software on it
11) Make sure the device doesn't have any disallowed software on it
The Bring Your Own Device policy requires you to be thoughtful and careful about how you install software. You must not disable any settings that prevent the computer from warning you if you are about to run an app that was installed after downloading it from a webpage.
12) Make sure the device’s basic security is not compromised
12) Make sure the device’s basic security is not compromised
This is not applicable to Macintosh computers, lucky you! If you are working through security instructions for other device types, you may see a video or other instructions here.
Report abuse