The 2018 Security Metrics Guide to HIPPA Compliance is a great source of security tips and regulatory insights on how to protect patient data from attack. It provides benchmark data on what other institutions are doing.
Among the other topics covered:
HIPPA Compliance trends; HIPAA Security, Breach Notification, and Privacy Rule compliance best practices; tips from HIPAA auditors to simplify and improve your HIPAA compliance effort; guidelines to remedy major security issues and HIPAA security budget outline.
The section on mobile device security is particularly helpful. The guide notes that “mobile devices often don’t have the same security policies or workstations and servers. Because of this, mobile devices may not be protected with technology like firewalls, encryption, or antivirus software.”
In addition, providers often use their own smartphones or tablets to access patient data (Bring Your Own Device, BYOD). That makes these devices susceptible to other apps on the device. In addition, mobile devices used in outside facilities can be handled and used by others, like children of physicians.
The guides advise against BYOD policies but recognize this is impractical.
The Guide makes this point: “Protecting and securing health information while using a mobile device is a healthcare provider’s responsibility.” It advises providers to use the National Institute of Standards and Technology (NIST) mobile guidelines for healthcare security engineers and providers.