How to Secure Your Personal Devices

Wooden blocks spelling BYOD, or Bring Your Own Device
Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest

Healthcare organizations of all sizes allow employees to use their personal devices, such as smartphones, to access protected health information (PHI). This is often called “bring your own device” (BYOD). Using personal devices at work is quick and convenient. However, if handled improperly, personal devices can be a security threat.

Below are some of the security issues that you must address if your organization has, or plans to have, a BYOD policy.

  • Encryption. Although it’s simple and inexpensive to encrypt devices, most BYOD devices are not encrypted, probably because they aren’t viewed as work devices. Nevertheless, personal devices should be encrypted before accessing PHI.
  • Loss or theft of a device. Most BYOD devices – such as laptops, tablets, and cellphones – are mobile and can be easily misplaced or stolen. Make sure your organization has policies in place for reporting lost or stolen devices.
  • Unauthorized access or viewing. When working on a personal device away from the office, it’s hard to keep others from seeing the screen. HIPAA requires you to limit PHI access to only those who need it to perform their job. Therefore, employees using a personal device shouldn’t access PHI in areas where someone may see the screen.
  • Public Wi-Fi. Free or public Wi-Fi is not secure and could put your PHI at risk. Tell employees to only access PHI on secure networks.

Steps to Secure Personal Devices

Mobile devices could be helpful to your team’s workflow, or they could pose a serious security threat. Take these steps to secure BYOD devices:

  1. Have the IT team inspect each device before allowing it to access PHI. They will make sure the device follows the same security protocols as the organization-owned devices.
  2. Train employees on BYOD policies and procedures before allowing them to use the device to access or send PHI.
  3. Include BYOD devices on your inventories and risk assessments.
  4. Make sure you know how to safely reuse a device once an employee is no longer using it for work.

Read more: How to Safely Manage Your Mobile Media

The HIPAAtrek platform is designed to house your organization’s policies and procedures, including BYOD policies, to help keep you HIPAA compliant. Request a demo or contact us with questions about your HIPAA compliance program.

Please share to your communities

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.