Keep Your Mobile Devices HIPAA Safe

HIPAA, privacy, security, mobile devices and HIPAA


Are your providers using mobile devices like smartphones, tablets, or laptops as part of their daily workflow? That’s great, but mobile devices and HIPAA don’t mix well without preparation, so make sure they are secure or get ready to deal with HIPAA breaches.

Five Steps to Manage Your Mobile Devices

  1. Decide on use. This means to figure out in advance whether your staff will use mobile devices for personal health information (PHI), including accessing, receiving, transmitting, and storing patient PHI. Also, decide whether you’ll use mobile devices as part of your own internal systems, like your electronic health record (EHR). This discussion should include a detailed discussion on encryption, company security regarding email, and communication with patients. Write down what you decide as policies.
  2. Evaluate risks. There are risks to using mobile devices for PHI, so do a risk analysis to identify threats and vulnerabilities. Keep it on file so you can use it to create future policies.
  3. Now, create a risk management strategy, including privacy and security safeguards. You can find more information on that in the Office of the National Coordinator (ONC)’s Guide to Privacy and Security of Electronic Health Information here. Make sure your strategy includes an evaluation and regular maintenance of the safeguards for your mobile devices.
  4. Implement policies and procedures. Take the decisions you wrote down in #1 and turn them into policies and procedures, then follow them. Make sure you include policies on topics like mobile device management, using your own device (also known as BYOD, or Bring Your Own Device), restrictions on mobile device use, and security and configuration settings for your mobile devices. Also make sure you outline your breach notification policy and disciplinary actions.
  5. Train! Provide your staff with mobile device training on how to protect privacy and security for healthcare records, and make sure your staff is continually aware of these tactics. Keep track of all training that takes place, documenting dates and what was covered, and update it regularly for all employees, not just the new ones coming on staff.

Tips to Tighten Mobile Device Security

Here are some tips from ONC on how to secure PHI on mobile devices.

  • Set strong passwords on the device.
  • Install and enable encryption. This will protect any PHI stored, sent, or received on the device. Encryption is the best way to protect PHI on mobile devices, because if the device is lost or stolen, the PHI on it is not accessible to anyone who doesn’t have the “key.”
  • Use automatic logoff, and make sure you use a unique user ID for access.
  • Enable remote wipe or remote disabling so that you can erase the data on your device if it’s lost or stolen.
  • Maintain physical control of your device at all times — keep it in your sight. If you leave your device in your car trunk or on a counter, it’s likely to be lost or stolen.
  • Install a firewall.
  • Always use a secure Wi-Fi connection.
  • Don’t download filesharing applications on your mobile device.
  • When you get rid of your mobile device, delete all stored PHI first.

Need to Implement a HIPAA Compliance Plan the Easy Way?

You know you have to do it – you have to create your HIPAA compliance plan. You also need to ensure you are compliant to avoid penalties, like fines of up to $50,000 per occurrence and/or up to one year imprisonment. But you don’t have the time or resources to do it yourself. That’s where SuperCoder steps in to make HIPAA compliance easy, cutting planning time in half. SuperCoder will soon launch the HIPAA Institute, a new one-stop site for all things HIPAA that will walk you through creating a compliance plan – putting manuals, documents, templates, and forms all at your fingertips. It’s an easy step-by-step process ready-made just for you. HIPAA Institute – coming summer 2015.

And don’t miss The Coding Institute/SuperCoder HIPAA Handbook! Packed with practical advice for safeguarding against HIPAA penalties, this handbook can help you will help you create your risk analysis and keep your practice compliant.


Susan taught health information and healthcare documentation at the community college level for more than 20 years. She has a special love for medical language and terminology. She is passionate about ensuring accurate patient healthcare documentation through education. She has a master's degree in healthcare administration, is a certified healthcare documentation specialist, and serves as immediate past president for the Association for Healthcare Documentation Integrity (AHDI).

Leave a Reply