Trust us, you won't want to miss a post from The Uprise Blog.

Thanks for Subscribing!

8 FAQs on Mobile Device Security to Help Secure Your EHR Software

Posted by Megan Ludzenski on Apr 1, 2015 1:29:00 PM

With the rise of technology, there is an increased use of mobile devices, both personally and in the work place. While mobile technology is a great tool for practice management and increasing practice efficiency, there are security threats that you need to be on top of when using mobile devices. Health Information Technology has answered some of the frequently asked questions surrounding the use of mobile devices in the healthcare industry. Today, we are going to share with you some of the important security questions and answers that we think will most affect your practice.

Before we get started with the FAQs, there are some important terms we want to define so you can better understand the use of mobile technology with your EHR software.

EHR software mobile securityEncryption: A method of converting an original message of regular text into encoded text.

Secure Wi-Fi Network: The use of passwords and secure encryption methods to send wireless data between a mobile device and an Internet connection point.

Remote Wipe: Remotely erasing data on a mobile device if it is lost or stolen.

Remote Disabling: Remotely locking data on a mobile device if it is lost or stolen. If the device is recovered, it may be unlocked and the data may be retrieved.

Virtual Private Network (VPN): VPNs are built on top of existing physical Internet networks to provide secure communication for information transmitted between private and public networks.

Firewall: A security tool that limits access between networks and/or systems.

Security Software: Software that protects against malicious programs like viruses, spam, and malware.

Virus: A self-replicating program that runs and spreads by modifying other programs of files.

Spam: Electronic junk mail.

Malware: A program inserted into a system in order to compromise the confidentiality, integrity, or availability of the data, applications, or operating system.

8 FAQs about Mobile Device Security That Could Affect Your EHR Software

1. "What can I do to protect my device from a security breach?"

There are several safety measures you should be taking in order to protect the mobile devices used in your practice:

  • Always use a password
  • Install and enable encryption
  • Install and use remote wiping and disabling
  • Disable file sharing applications
  • Use a firewall
  • Use security software and keep it up to date
  • Research applications before downloading them to ensure they are safe
  • Maintain physical control of your device at all times
  • Delete all stored health information before discarding or reusing a device
  • Never share your mobile device

2. "What makes my mobile device vulnerable?"

This depends on the nature of the device, but the most common aspects of vulnerability are:

  • Software and application downloads
  • Visiting malicious websites
  • Direct attacks through the communication network
  • Physical attacks (a lost or stolen device)

3. "Is it safe for me to use my personal mobile device for work?"

While there are risks involved with using a personal device in the office, you can reduce that risk by implementing a centralized security management system for any staff member who will be using their personal device for work purposes. This system should include configuration requirements, like installing remote disabling on all devices and downloading security software. Your management should have a policy in place for users. If your office doesn’t have a policy set, you can check out Health Information Technology’s Develop, Document, and Implement page for how to get a policy started.

4. "What safety procedures do I need to follow when terminating access to a mobile device?"

When an employee leaves your practice, or a particular provider is no longer associated with your practice, it is extremely important that you revoke their access to all health information that can be accessed through mobile devices. This can be done by removing their unique user ID that had previously been used to gain access, or by removing the mobile device itself from your network, and wiping the health data from the device.

5. "What if I want to use my mobile device to work remotely from my home office, or in a public location?"

There are several precautions you should take to ensure security when using your mobile device for work at home or in public:

  • Always lock your screen and keep the device secure when not using it
  • Don't let anyone watch you type in your password
  • Use a privacy screen shield
  • At home, secure your Wi-Fi network and change the default passwords
  • Use a firewall
  • Use a VPN
  • When in public, never walk away from your device

6. "Is it safe to use Bluetooth with my mobile device?"

When your Bluetooth is on, your device is discoverable and attracts hackers. It is best to keep Bluetooth turned off, but if you need to have it on, keep it set to "non-discoverable". This will keep you hidden to any unauthorized devices.

7. "Is it safe to use my mobile device to communicate with patients?"

If the communication is going to involve patient-sensitive information, it is best to avoid email and text messages from your mobile device as those can be unsecure communication methods. We recommend using a secure third-party messaging system, or patient portal to ensure that the information being communicated is kept safe. 

iStock_000010031617Small8. "What makes a password a strong password?"

A strong password is one that is easy for you to remember, but hard for anyone else to guess. We recommend having a strict password policy in place for any staff that might be using a mobile device for work purposes. A strong password should include:

  • At least six characters
  • At least one number
  • Both upper and lower case letters
  • At least one special character

It is also important to ensure you keep your password safe to prevent breaches. Some tips for protecting your password are:

  • Never share your password
  • Don't write you password down
  • Never display your password on your screen
  • Always change default passwords
  • Don't use the same password for multiple accounts
  • Never communicate your password through email, text, or instant messenger
  • Change your password regularly
  • Don't reuse your password
  • Don't share accounts

Those are the top 8 FAQs about mobile devices that we felt were important for practices to know. If you want to view the full list of facts and learn more about using your mobile device in the workpalce, visit Health Information Technology's Mobile Device Privacy and Security page.

Subsrcibe to our blog and never miss out on important industry information!

Subscribe to the Uprise Blog

Topics: Tips for ECPs, Practice Management, Industry Pulse, Office Manager

Want more optometry practice management tips? Check out our blogs.