The HIPAA Security Rule mandates covered entities to consistently safeguard the confidentiality, integrity and availability of protected health information (PHI). The duties of healthcare companies entail maintaining patients’ wellness, safeguarding their personal privacy and not endangering their identities.
To protect ePHI saved in web servers or desktop computer systems, there are administrative, physical and technical security measures to be enforced. To get the same protection for portable devices is considerably more complicated.
Healthcare companies reap a number of benefits when utilizing portable devices. The devices may be utilized to gain access to PHI just about anywhere and enhance coordination of patient treatment.
The issue in keeping ePHI in portable devices including tablets, laptop computers and smartphones is the susceptibility of the gadgets to ePHI breach. It is common for portable devices to be stolen or lost. Employing portable devices to transfer data is likewise prone to interception. Thus, portable device security is a primary issue.
Although there are security problems in using portable devices, a lot of healthcare companies still utilize or plan to utilize portable devices. So, it is anticipated that healthcare companies will expand the use of portable devices in the following two years.
Due to the escalating use of portable devices by healthcare agencies, the National Institute of Standards and Technology (NIST) and the Naitonal Cybersecurity Center of Excellence (NCCoE) have put together a new guide referred to as Securing Electronic Health Records on Mobile Devices to make certain that healthcare companies don’t break the HiPAA Security Rule.
The guide points out that healthcare companies ought to review and revise their usage of portable devices and electronic health records. In addition, healthcare companies ought to take care of such dangers by safeguarding against thieving of devices, the hacking of gadgets, connecting to unidentified networks, and interacting with portable devices as well as other systems.
The guide describes how ePHI could be made safe on mobile devices without getting a adverse effect on giving top quality care and provides easy and comprehensive advice on getting EHR on portable devices.
The guide clarifies how IT experts can put into action a security structure to boost device safety and better secure accessing, storing, or transmitting of data by using portable gadgets. The guide details how to use open-source systems and resources to add another layer of cybersecurity to make sure that ePHI is viewed and disclosed safely.
The guide presents a map of the security features and best practices of NIST standards and the HIPAA Security Rule as well as a complete architecture and functionality that tackle security controls. The guide offers thorough data on automated setup of security controls to allow easier use and looks into both in-house and outsourced actions.
The guide functions as a how-to guide for putting into action NIST’s security issue, or it could be regarded as a place to start and tailored to go well with every individual firm. Because the guide is modular, healthcare workers can select to put into action the parts to fit their own requirements.
All healthcare agencies must totally understand the likely risk on their data systems, the bottom-line significance of those threats, and the lengths that hackers will think of exploiting them. Examining risks and making choices concerning how to minimize them must be constant to take into account the compelling character of business processes and technologies, the threat of landscape, and the data itself. The guide identifies [NIST’s] method to danger assessment. It is recommended for organizations to do an ongoing risk management as using this or other solutions that will boost the protection of EHRs. It is necessary for management to carry out usual periodic risk review, as identified by the requirements of the company.
The guide (PDF) is available for downloaded here – NIST SP 1800