Mobile devices, such as smartphones and tablets, have made an impact on healthcare. They are portable and allow for easy access to data such as patient charts. In addition to this, these devices allow for easy communication between staff members through a variety of apps. However, with these new capabilities, there also comes increased risk to PHI. Devices can be stolen or misplaced easily and, because of this, additional protections need to be implemented to ensure that PHI is kept safe.

If a practice issues devices, the following steps should be taken.

1. Require strong passwords and not number pins or pattern drawings
2. Ensure devices are encrypted – both Android and IOS do this now
3. Setup remote wiping of devices in the event a device is lost or stolen
4. Only encrypted messanger systems like Signal should be used for sending messages

If employees are using their own devices, this becomes a little more tricky. Since the employee owns their device, the practice will have less control. This is not an ideal situation and, generally, shouldn’t be allowed. However, in those cases, ensure that employee’s device does use a strong password and has remote wipe set.

Laptops also need to be secured due to the chances of them being stolen from a practice or lost. All laptops should have their hard drives encrypted using Microsoft’s Bitlocker encryption. This is free and ensures that  the data on a stolen laptop is useless to thieves. In cases like this, a stolen laptop doesn’t result in a HIPAA breach. If the laptop wasn’t encrypted, it would be.

Messaging on mobile devices when PHI is discussed should only be via encrypted messaging apps. Examples include Signal, Element, Threema, Briar, and iMessage.

Mobile devices are extremely useful to medical practices and if a few extra steps are taken to ensure the PHI they may contain is secured, then their use is encouraged.