Are Your Mobile Devices HIPAA Compliant?
by Donna Koger, 2.21.17
Okay, so we’ve told you about encryption on computers, but what about mobile devices like iPads, iPhones and Androids? Can you encrypt these so that PHI on them is not accessible by anyone but you? The answer is yes and it is actually quite simple in most cases.
Encryption on Apple Devices
• According to TechTarget, [Their team] “found the Apple iOS to be more secure, in part because iOS has very limited multitasking functions. It has more security features than Android or Windows at this time.”
• Turning on an iPad’s passcode feature automatically encrypts all the data stored on the device. The device will prevent access to the passcode if the wrong one is entered 10 times consecutively.
• The iPad can encrypt messages through the Advanced Settings Option under Account Information.
• The iPad’s built-in email client supports encrypted email transfers over the Secure Sockets Layer (SSL) protocol. To turn on SSL, go to the Advanced Settings option under Account Information. This will not encrypt email while it is on your iPad, but it will encrypt emails sent over the internet between your iPad and your email server.
Encryption on Android Devices
There are a few things worth noting:
• Encrypting the device can take an hour or longer.
• Your device’s battery must be at least 80% charged. Android won’t even start the process otherwise.
• Your device must be plugged in throughout the entire process. If you interfere with the process or end it before it’s finished, you will likely lose all your data.
• Go to the Settings menu to Security or however it is labeled on your device. If your device is already encrypted, it will show here.
• Some devices will also allow SD card contents to be encrypted, however, by default, Android only encrypts on-board storage.
Of course, the ultimate answer to being mobile ready is not storing PHI on a mobile device. If you must, however, to be sure your device is HIPAA compliant, implement encryption.
Find more complimentary resources in our HIPAA Resource Center.
Our Most Popular Posts:
OMG HIPAA Compliance Key
2016 HIPAA Audit Series
Disaster Backup Plan: Are You Prepared?
HIPAA Compliance in a Nutshell
HIPAA Email Guidelines
Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.