Best practices for mobile device data encryption at HIPAA covered entitites
Patient data was copied for 2,900 patients to an employee's thumb drive at BIDMC. The employee left that organization and went to a new one (UCSF). The employee loaded that data onto a laptop at the new organization to demonstrate quality improvement reporting. That laptop was stolen. Both organizations have potential HIPAA violations to worry about based on this person's actions. Some best practices:
- Policies should require that all mobile storage devices be secured
- Encrypt all mobile devices including laptops
- Educate employees on how to protect privacy
- Sanction employees who violate policies
- Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.
Categories: Healthcare Tags: Encryption, HIPAA, Mobile, Stolen laptop, USB lost
Secure SMS for Healthcare
...In launching the healthcare division, CellTrust is adapting its SecureSMS enterprise messaging system to [the healthcare industry].The product, scheduled for an early-2010 launch, encrypts messages to military specifications and requires message recipients either to install a "micro client" on their phone or to enter a PIN to unencrypt the communication. On the enterprise side, the system lets the sender know when a message has been read and archives all messages so there is an audit trail for HIPAA purposes...
Categories: Healthcare, Uncategorized Tags: CellTrust, HIPAA, Mobile, SMS