IT Support in Southern California: How Mobile Data Security Affects Healthcare Providers


The challenges of running an effective and efficient healthcare provider are not already big enough, still, one has to face the difficult task of becoming HIPAA-compliant. The task for an IT support provider in Southern California is big enough when IT is largely at the server end, but with the expanding deployment of client/desktop IT, this legislation really needed to be respected.

Of course, today, everything is mobile. Therefore, having dealt with the job of meeting HIPAA regulations in your client-server and networking infrastructure, you now have to find a way to handle the use of mobile devices, both within your organization and by your end users. The fun just never stops, right? After all, get things wrong in the mobile space, and your organization can rapidly face a tsunami of headaches ranging from bad PR to lawsuits and painful financial penalties.

HIPAA Journal recently found that more than 80% of physicians use smartphones in their work. At the same time, it also found that more than 100 million healthcare records were exposed by data breaches in the first six months of 2015 alone. The dangers are clear but given the uptake just by gatekeepers, you simply cannot say “No” to mobile devices. Fortunately, there are some basic steps you can follow to at least minimize the risks from mobile devices.

No SMS Messaging

SMS messaging networks are not secure. Therefore, no data that needs to remain secure can be transmitted using SMS. If some form of messaging is required, insist on the use of secure text messaging. Thankfully, the use of smartphones has made this much easier than it was ten years ago.

Encryption

HIPAA legislation does not demand encryption for ‘at rest’ data, but only for data ‘in motion’. However, failure to encrypt data creates a big risk. Ensure that end-to-end encryption is provided for patient data handled or held by mobile devices.

Anti-Virus Software

This should be a primary directive in your organization. Your IT support provider in Southern California should ensure all mobile devices run fully updated copies of suitable anti-virus apps.

IAC

Information Access Controls, or IAC, is another fundamental aspect of data security. Implement systems that only allow mobile devices with approved security controls to access your healthcare network. In addition, all devices must be scanned before any connection is allowed.

Access to certain data should also be restricted to only those staff and systems with an explicit need to access it. Limit or prevent downloads, except where required. Do not allow staff to mix personal and professional applications, data, and activities on their devices.

IAC, security apps, scanning, and separation of professional/personal device use can be managed centrally with the right platform. Such tools also ease the job of tracking and/or remotely wiping lost or stolen devices.

Quality Risk Assessment

Your mobile device security policy needs to be built on risk assessments. Establish a baseline with an initial assessment. Run regular assessments to ensure policies are maintained and weaknesses identified/addressed.

We have only just scratched the services in terms of how an IT support company in Southern California can protect mobile devices. This is a big and complex subject. ecasys can help you navigate this minefield. Contact us today to find out more.

Ravi JainAuthor posts

Technijian was founded in November of 2000 by Ravi Jain with the goal of providing technology support for small to midsize companies. As the company grew in size, it also expanded its services to address the growing needs of its loyal client base. From its humble beginnings as a one-man-IT-shop, Technijian now employs teams of support staff and engineers in domestic and international offices. Technijian’s US-based office provides the primary line of communication for customers, ensuring each customer enjoys the personalized service for which Technijian has become known.