Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Security tips to combat mobile device threats to healthcare

Posted on 14 June 2012.

Mobile devices are increasingly exposing protected health information (PHI) in the healthcare space, with threat risks growing, according to the Department of Homeland Security.

Mobile devices pose significant risks for privacy incidents for healthcare organizations, providers and entities responsible for safeguarding protected health information (PHI) under Federal HITECH and HIPAA regulations.

Since patient data can be moved, processed and shared via personal cell phones and tiny USB flash drives, the Bring-Your-Own-Device phenomenon can wreak havoc on a hospital. To assist healthcare entities reduce privacy incidents resulting from mobile risks, 13 experts—representing legal, data breach prevention, technology, healthcare IT, and security—offer top tips for healthcare organizations.

1. Install USB locks on computers, laptops or other devices that may contain PHI or sensitive information, to prevent unauthorized data transfer (uploads or downloads) through USB ports and thumb drives. - Christina Thielst, FACHE, vice president, Tower Consulting Group.
2. Consider geolocation tracking software or services for mobile devices. - Rick Kam, CIPP, president and co-founder, ID Experts.

3. Brick the mobile device when it is lost or stolen. - Jon A. Neiditz, partner, Nelson Mullins Riley & Scarborough.

4. Encrypt. - Chris Apgar, CISSP, president and CEO, Apgar and Associates.

5. Laptops put in "sleep" mode, as opposed to shutting them down completely, can render encryption products ineffective. - Winston Krone, managing director, Kivu Consulting.

6. Recognize that members of the workforce may use personal mobile devices to handle protected health information, even if contrary to policy. - Adam H. Greene, partner, Davis Wright Tremaine.

7. Don't permit access to PHI by mobile devices without strong technical safeguards: encryption, data segmentation, remote data erasure and access controls, VPN software, etc. - Kelly Hagan, attorney, Schwabe, Williamson & Wyatt.

8. Educate employees about the importance of safeguarding their mobile devices. - Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

9. Implement Electronic Protected Health Information (EPHI) security. - Christine Marciano, president, Cyber Data Risk Managers.

10. Healthcare organizations should work to get ahead "of the BYOD upgrade" curve by ensuring that the devices coming offline are adequately secured and checked before disposal or donation. - Richard Santalesa, senior counsel, Information Law Group.

11. Have a proactive data management strategy. - Chad Boeckman, president, Secure Digital Solutions.

12. Transparency and End User Consent Opt-In. - David Allen, CTO, Locaid Technologies.

13. The mobile web and "app" landscape is not your father's Internet. - Pam Dixon, executive director, World Privacy Forum.