11-04-13 | Blog Post
A guest blog from HITECHAnswers.net lists security tips from HHS.gov to help ensure that patient data is secure in a BYOD (Bring Your Own Device) environment that includes the use of personal devices such as iPhones and iPads in the workplace. One of HealthIT.gov’s tips includes encrypting data stored locally on your mobile device as well as data sent by your device (data at rest and in transit).
While device encryption can provide one layer of defense, if you go a layer deeper, you can ensure the entire IT stack is secured with encryption, hardening your defense against a potential breach. Protect data in transit by using a VPN (virtual private network) and SSL certificates for encrypted data sharing. A HIPAA compliant cloud infrastructure should include built-in, hardware-based encryption that encrypts data as its written to drives. Protecting data stored in a SAN (Storage Area Network) is just as important as protecting data stored on a mobile device.
HHS.gov recommends encrypting data to the NIST (National Institute of Standards and Technology) standards found in their Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices. For mobile devices, they recommend following the guidelines in FIPS PUB 140-2: Security Requirements for Cryptographic Modules.
Other mobile security tips from HHS.gov that can help you achieve a HIPAA compliant policy for BYOD in the workplace include:
For further guidance on mobile security and an example of a successful healthcare BYOD case study, read our Mobile Security white paper.
References:
Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals
FIPS PUB 140-2: Security Requirements for Cryptographic Modules
HIPAA Security for iPhones