There are a couple of steps you need to take to ensure the information on your worker's mobile devices is secure. This is especially important if you need to be HIPAA compliant.
- Password protect your device. This is the first layer of protection for any mobile device. Make sure that all apps (camera, Siri, etc) are disabled whenever you are not logged into your device.
- Disable Text/Email notifications. You don't want the text of emails or SMS text messages to pop-up on your locked screen.
- Turn on full disk-encryption. OCR will levy fines based on the assumption that all PHI on your phone is compromised unless the phone is encrypted.
- Turn off cloud back-up. You cannot use any cloud service to store PHI unless the provider executes a BAA with you.
- Disable automatically connecting to WiFi hotspots. Setting up a public WiFi network near malls, airports, hotels is a common technique for gathering information. Train your workforce to only use locked WiFi networks they know.
- Enable Tracking. This lets you recover the phone if it is merely lost and avoid having to report an incident to OCR.
- Enable Remote Wipe. This will erase all data from your phone if it is lost or stolen.
- Configure Secure Messaging. Default programs that come with the phones - Apple Mail, text SMS, iMessage, etc are not HIPAA compliant. Your business needs a suite of secure email and messaging apps.
Medical businesses need to implement operational procedures that ensure that all their worker's devices are HIPAA compliant.