It has happened to all of us. Whether at home, at the office, or in the back seat of a taxi cab, we have all misplaced our phone at one point or another. Luckily, most of these types of incidents are harmless. But what happens in those circumstances when a phone goes missing for more than just a few hours or days? Fortunately, remote data wipe and mobile lock features built into secure mobile apps can protect the sensitive information on our phones from landing in the wrong hands.
Remote data wiping and mobile locking features allow a provider or healthcare administrator to protect locally stored data on a mobile device with a matter of a few keystrokes. In fact, it wasn’t until the iPhone and Android devices started building these features into the products that information security professionals began to take a serious look at bringing your own device policies. Of course, this makes perfect sense: the threat to an organization’s sensitive information by having it stored on personal user devices is lessened if an information security administrator still has the ability to protect said data remotely.
Nonetheless, here’s the sobering news: under the new HIPAA Omnibus regulations, if you are a healthcare provider that stores patient PHI on your mobile phone, misplacing your phone for even a brief period qualifies as a “security incident” under the law and requires a documented breach analysis to show that a data breach did not occur. This is where remote data wipe and mobile lock features show their value. Once notified of the missing device, a compliance officer who quickly authorizes “bricking” the device provides the first piece of documentable evidence that the data on the phone was not breached. Going a step further, having a secure mobile app dedicated to transmitting sensitive PHI will also be able to notify the administrator if a third party accessed the app and its contents through the app’s access logs.
Adopting a BYOD policy and complying with the more rigorous Omnibus regulations does not have to be a daunting task. Using the right combination of mobile policies and remote wipe and lock technologies will allow administrators to adequately prepare their facilities in a rapidly changing health IT world.
With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
When thinking about a healthcare emergency preparedness plan, how much does compliance matter in your disaster communications? If your organization is in the throes of a power outage from heavy storms or a cyber attack that’s left your network down, thoughts of compliance may not be top of mind.
Prior to the pandemic, telehealth visits ─ delivering patient-provider visits virtually ─ was an afterthought in the care continuum — ill-regarded and little-used beyond patients in rural areas who had few care choices. Virtual visits comprised less than 1% of all outpatient visits. Private insurers generally follow guidelines from the Centers for Medicare & Medicaid Services (CMS), which allowed telehealth in only limited circumstances and paid at 30% below in-office reimbursement rates.