mental health , characteristic of mentally healthy person .pptx
Mobile Device Security
1. Mobile Device Security
Wednesday,
August
27,
2014
Disclaimer:
Nothing
that
we
are
sharing
is
intended
as
legally
binding
or
prescrip7ve
advice.
This
presenta7on
is
a
synthesis
of
publically
available
informa7on
and
best
prac7ces.
2. HIPAA
Privacy
Rule
The
HIPAA
Privacy
Rule
establishes
na6onal
standards
to
protect
individuals’
medical
records
and
other
personal
health
informa6on
and
applies
to
health
plans,
health
care
clearinghouses,
and
those
health
care
providers
that
conduct
certain
health
care
transac6ons
electronically.
The
Rule
requires
appropriate
safeguards
to
protect
the
privacy
of
personal
health
informa6on,
and
sets
limits
and
condi6ons
on
the
uses
and
disclosures
that
may
be
made
of
such
informa6on
without
pa6ent
authoriza6on.
The
Rule
also
gives
pa6ents
rights
over
their
health
informa6on,
including
rights
to
examine
and
obtain
a
copy
of
their
health
records,
and
to
request
correc6ons.
3. HIPAA
Security
Rule
The
HIPAA
Security
Rule
establishes
na6onal
standards
to
protect
individuals’
electronic
personal
health
informa6on
that
is
created,
received,
used,
or
maintained
by
a
covered
en6ty.
The
Security
Rule
requires
appropriate
administra6ve,
physical
and
technical
safeguards
to
ensure
the
confiden6ality,
integrity,
and
security
of
electronic
protected
health
informa6on.
4. Department
of
Health
and
Human
Services
hGp://www.healthit.gov/providers-‐professionals/your-‐mobile-‐
device-‐and-‐health-‐informa6on-‐privacy-‐and-‐security
5. What
is
a
mobile
device?
• Laptop
Computer
• Smart
Phones
• USB
Thumb
Drives
• External
Hard
Drives
• Tablet
Computers
• E-‐Readers
• Others?
6. You,
Your
Organiza6on,
and
Your
Mobile
Devices
• Does
your
organiza6on
have
a
mobile
device
use
policy?
• Does
your
organiza6on
allow
you
to
use
your
personally
owned
mobile
device
for
work?
• Do
you
know
who
your
organiza6on's
Privacy
Officer
and
Security
Officer
are?
• Does
your
organiza6on
require
you
to
register
your
mobile
device
with
the
organiza6on?
• Does
your
organiza6on
have
a
Virtual
Private
Network
(VPN)
that
allows
you
to
access,
receive,
or
transmit
health
informa6on
securely
with
your
mobile
device?
• Does
your
organiza6on
have
a
policy
about
storing
health
informa6on
on
your
mobile
device?
• Does
your
organiza6on
require
you
to
backup
health
informa6on
from
your
mobile
device
to
a
secure
server?
• Does
your
organiza6on
require
you
to
enable
remote
wiping
and/or
remote
disabling
on
your
mobile
device?
• Does
your
organiza6on
offer
mobile
device
privacy
and
security
awareness
and
training?
7. What
Are
Some
Risks
to
Know
About
Before
Using
a
Mobile
Device
for
Pa6ent
Care?
• Lost
Device
• Stolen
Device
• Inadvertent
download
of
virus
or
other
malware
• Uninten6onal
disclosure
to
unauthorized
users
when
sharing
devices
with
friend/
family
• Unsecure
Wi-‐fi
8. What
Are
Some
Ac6vi6es
That
Make
Mobile
Devices
Vulnerable?
• So^ware
Downloads
• Visi6ng
Malicious
Websites
• Direct
AGack
Through
the
Communica6on
Network
• Physical
AGack
9. What
Are
Some
Common
Sources
of
Threats
to
Mobile
Devices
or
the
PHI
on
them?
• Botnet
Operators
• Cybercriminals
• Hackers
10. Other
Topics
and
Risks
to
Consider
• Device
Ownership
• BYOD
vs.
Organiza6on
Provided
• Loca6on
When
Using
Your
Mobile
Device
• Home
vs.
Hospital
vs.
Public
Places
(ie:
coffee
shop)
• Communica6ng
with
Pa6ents
• Portals
vs.
Calls
vs.
Texts
• Bluetooth
Capabili6es
• Accessing
Your
EHR
and
HIE
• VPN
Tunnels
• What
Do
I
Do
With
My
Old
Devices?
11. How
Can
You
Protect
and
Secure
ePHI
When
Using
a
Mobile
Device?
• Use
a
password
or
other
user
authen6ca6on
• Install
and
enable
encryp6on
so^ware
• Install
and
ac6vate
remote
wiping
and/or
remote
disabling
• Disable
and/or
do
not
install
or
use
file
sharing
applica6ons
• Install
and
enable
a
firewall
• Install
and
enable
security
so^ware
• Keep
your
security
so^ware
up
to
date
• Research
mobile
applica6ons
before
downloading
12. What
if
I
Suspect
a
Breach?
Breach
No9fica9on
Rule
The
HIPAA
Breach
No6fica6on
Rule,
45
CFR
§§
164.400-‐414,
requires
HIPAA
covered
en66es
and
their
business
associates
to
provide
no6fica6on
following
a
breach
of
unsecured
protected
health
informa6on.
Similar
breach
no6fica6on
provisions
implemented
and
enforced
by
the
Federal
Trade
Commission
(FTC),
apply
to
vendors
of
personal
health
records
and
their
third
party
service
providers,
pursuant
to
sec6on
13407
of
the
HITECH
Act.