BYOD and HIPAA Compliance

In All, Uncategorized by Mike Abbott

hipaa pic4
There is a fast growing trend among businesses of all types the last few years, in fact, you have probably heard of BYOD at one point or another in the recent past. It stands for Bring Your Own Device, and it is one method that many companies are currently using to save money and make life simpler for their employees. BYOD programs prevent employees from having to manage multiple devices in the course of their day. Moreover, companies are saving quite a lot of money when it comes to the purchase and upkeep of expensive electronic gear for their staff.

This job isn't always easy

Because modern mobile devices are able to perform a wide variety of tasks beyond the traditional functions of texting and making phone calls, they can serve as effective tools for viewing information, managing data and facilitating communication through a variety of different avenues, especially email. In addition, most people become very comfortable with their personal device, and sometimes find it difficult to switch back and forth from one to the other – or at the very least they find that they are more proficient with their personal device. The problem that inevitably arises (especially in the world of medicine) is that allowing personal devices to access and transmit ePHI data outside of the secure enclave of the office results in a number of possible security and privacy concerns. In fact, the two most common sources of HIPAA infractions are lost or stolen devices and the transmission of ePHI over unsecured networks, neither of which is likely to take place if the electronic devices with this sort of sensitive data are never removed from the office.

There are some steps that can be taken to avoid a potential breach in security in the advent of a lost or misplaced device, which is one of the most common ways that ePHI data is compromised. Ensure that employees are using a strong password for all devices that they use to perform work, that all of their devices are encrypted. If possible ensure that there is a way to wipe the device remotely – if a device is lost, the data on it can’t be compromised if that data has been erased. Finally, ensure that your employees devices are up-to-date with software upgrades- these upgrades often contain bug fixes and security patches that will make your employees devices more secure.

hipaa pic 3

It isn’t always easy to follow all of the guidelines set forth by HIPAA, but it is certainly important that you and your employees do so. Regulators and other authorities are going after HIPAA violators. In 2014, New York-Presbyterian Hospital was forced to pay 3.3 million dollars in damages after they were found to be in violation of HIPAA standards after a data breach.

With BYOD becoming more and more difficult to stave off and keep at bay and with such extreme penalties for non-compliance, it seems like a no brainer to take advantage of the expertise of businesses that assist with HIPAA compliance on a regular basis. Having been in the industry for over 25 years, First Service Carolina has the insight and experience your medical practice needs to ensure that it is protected against these strict but important regulations.