25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Practical Guidance Issued to Ensure Healthcare Mobile Devices are HIPAA

Posted By on Dec 16, 2013

The use of mobile devices has become commonplace in healthcare, with doctors now using mobile phones to communicate with members of care teams and send updates on the status of their patients. iPads and other tablets are also often used by doctors in hospitals when conducting their rounds and physicians and other healthcare professionals use laptop computers and Smartphones when visiting patients to provide homecare services.

The rapid growth of portable devices in healthcare has undoubtedly improved the care that patients receive, yet the extensive use of mobile devices increases the risk of ePHI being accessed by unauthorized personal or being stolen by cybercriminals. Mobile devices are now a major problem area and many healthcare organizations are struggling to implement procedures and policies to ensure all their devices are made HIPAA compliant.

Fortunately, healthcare organizations have been given some help in this regard, with both the Office for Civil Rights and the Office of the National Coordinator having provided guidelines and tips which healthcare professionals can follow to ensure that their devices are made secure and ePHI is properly protected.

The advice has been published on HealthIT.Gov, which lists a series of steps that can be taken to ensure that ePHI is not accidentally disclosed and security holes are effectively plugged. A series of simple measures have been provided, and while many are obvious security measures to take, these security procedures are not being followed by many healthcare organizations. The procedures and practices include the following data security measures:

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

  • Secure all mobile devices with a password – PIN numbers and passwords must be used to prevent access to mobile devices and passwords must be masked while they are typed to prevent unauthorized persons from viewing the passcodes.
  • Use data encryption software on all databases containing ePHI and employee data.
    Install software that enables a device to be remotely accessed so that data erased in case the device is lost or stolen. As a minimum safety measure mobiles and laptops must have the facility to be remotely disabled in case of loss or theft.
  • Disable file sharing – File sharing is a feature of modern operating systems which enable users to easily share data; yet this facility can be a major security hole that leaves laptops and mobile devices wide open to cybercriminals. Data can be accessed and copied without the knowledge of the user if file sharing is enabled.
  • Firewalls must be installed on all servers, but also on mobile devices. The firewall must remain active at all times.
  • Anti-virus and anti-malware software should be installed to prevent viruses and other harmful software from creating security holes. The software licenses must be monitored, updates to virus definitions should be set to automatic and regular scans should be conducted on all devices.
  • Scrutinize mobile applications before installation – When installing mobile phone apps, permission must be granted to allow the app to access certain information. It is essential that all security and privacy information is scrutinized before an app is installed to ensure it is not unwittingly given access to ePHI held on the device.
  • Physically secure all devices – Because small electronic decides can easily be lost or stolen, all staff must take care to ensure that their devices are not left unattended.
  • Secure devices using public Wi-Fi – Wi-Fi must only be used to connect to the internet if that connection has been encrypted. Public Wi-Fi can easily allow hackers and the owners of the routers to access the data on devices connected via their networks.
  • Use encryption software for text messages – Text messages can be easily intercepted and may remain on remote servers for a considerable period of time, exposing data to any individual with access to the servers. Encryption software for mobile devices is essential.
  • Securely erase all data – Even deleted files can be recovered so it is essential that all data is securely erased before a device is decommissioned, disposed, sold on or returned to a leasing company.

Following all of these basic security procedures will help to ensure mobile devices are made HIPAA compliant and the ePHI of patients is properly protected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist