Regulatory: Securing information stored on mobile devices

Encryption, remote wiping solidifying device ownership are some of the best practices for securing highly-sensitive data on phones

Last month in this column, I addressed the new HIPAA rule, which significantly expands certain obligations for health care providers and their business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In that article, I discussed the importance of updating your (or adopting a) HIPAA Compliance Plan. In light of the new HIPAA rule, the move into the technology age and the prevalent use of mobile devices, developing policies and procedures as part of your HIPAA Compliance Plan to address the security of patient information on your iPhone, iPad, Blackberry, etc., has become increasingly important if you are (or you represent) a health care provider or business associate.

The first step is deciding whether or not you will allow the use of mobile devices within your business for accessing, receiving, transmitting or storing patient health information. In making such determination, you should thoroughly review the risks (e.g., increased risk of theft of patient information) and benefits (e.g., convenience) associated with using mobile devices for such purposes.

Contributing Author

author image

Kelli Fleming

Kelli Fleming is a partner with Burr & Forman LLP (Birmingham, Ala.). She represents health care clients, including hospitals, surgery centers, physician practices, diagnostic centers...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.