It has happened to all of us. Whether at home, at the office, or in the back seat of a taxi cab, we have all misplaced our phone at one point or another. Luckily, most of these types of incidents are harmless. But what happens in those circumstances when a phone goes missing for more than just a few hours or days? Fortunately, remote data wipe and mobile lock features built into secure mobile apps can protect the sensitive information on our phones from landing in the wrong hands.
Remote data wiping and mobile locking features allow a provider or healthcare administrator to protect locally stored data on a mobile device with a matter of a few keystrokes. In fact, it wasn’t until the iPhone and Android devices started building these features into the products that information security professionals began to take a serious look at bringing your own device policies. Of course, this makes perfect sense: the threat to an organization’s sensitive information by having it stored on personal user devices is lessened if an information security administrator still has the ability to protect said data remotely.
Nonetheless, here’s the sobering news: under the new HIPAA Omnibus regulations, if you are a healthcare provider that stores patient PHI on your mobile phone, misplacing your phone for even a brief period qualifies as a “security incident” under the law and requires a documented breach analysis to show that a data breach did not occur. This is where remote data wipe and mobile lock features show their value. Once notified of the missing device, a compliance officer who quickly authorizes “bricking” the device provides the first piece of documentable evidence that the data on the phone was not breached. Going a step further, having a secure mobile app dedicated to transmitting sensitive PHI will also be able to notify the administrator if a third party accessed the app and its contents through the app’s access logs.
Adopting a BYOD policy and complying with the more rigorous Omnibus regulations does not have to be a daunting task. Using the right combination of mobile policies and remote wipe and lock technologies will allow administrators to adequately prepare their facilities in a rapidly changing health IT world.