This page contains a Flash digital edition of a book.
The Aberdeen Group estimates that failure to address risks in


organizations subject to HIPAA regulations can


result in unencrypted data losses at a median cost of $147,485 per lapse.


7 4 Essential Mobile


Security Best Practices Healthcare organizations can manage risks—including those posed by employee-owned smartphones and tablets—by implementing 4 mobile security best practices. 1) Risk management starts with visibility. Establish processes for enrolling and vetting every mobile device used to deliver healthcare, regardless of ownership. This can be done using a mobile device manager portal that healthcare workers visit to enroll new devices. There, users can be authenticated and mapped to permissions that determine which devices are allowed and the degree of access granted, under what conditions. Authorized devices that meet requirements can thus be automatically inventoried and provisioned for safe, productive use, establishing a foundation for monitoring to ensure continued mobile device compliance throughout their lifetimes. 2) Device access controls are the


first line of defense against breach due to loss or theft. Access control policies should reflect user, role, and risk. In some healthcare scenarios, such as tablets used for patient education, a native password may be sufficient. However, tablets with access to EHR systems or used by several workers may require two- factor mobile authentication to track and control individual use. Enforce password complexity rules and inactivity timeouts to stop unlocked devices from falling into the wrong hands—but balance usability against risk reduction.


3) To recover lost devices


or permanently erase stolen or decommissioned devices, implement a central process to find, lock, and partially or completely wipe phones and tablets. Start by defining when these commands can be initiated and their impact on personal data and privacy. For example, workers could be required to give full-wipe permission when enrolling devices that touch PHI. For compliance reporting purposes, make sure IT can prove that a device was in fact wiped. 4) For many devices used in


healthcare, data wipe is not enough. Both over-the-air and at-rest encryption is essential to avoid costly HIPAA notification requirements after incidents involving a potential data breach. To protect data at-rest, healthcare organizations should prohibit on-device storage (by using a virtual desktop infrastructure, for example) or encrypt all sensitive data at rest. This may include complementing hardware encryption with container encryption or denying devices that do not offer hardware encryption, such as Android 2.x. Finally, prevent data leakage by disabling data transfer to removable storage or synchronized desktops, and make sure that encryption reports satisfy compliance requirements.


When in Doubt,


Double Your Defenses These essential practices should


be applied to all smartphones and tablets used in healthcare environments. However, some applications and uses require fully managed, proven-trustworthy


devices that can implement stronger policies. For example, smartphones used for e-prescribing may be limited to IT-standard models, issued certificates, and outfitted with both healthcare and security applications. Examples of stronger policies include blacklist enforcement, anti-SMS phishing, and integrity checks such as jailbreak and rooting. Furthermore, enforcement often requires third- party security applications to augment native capabilities.


Continued on p. 8


The Right Treatment Starts with a Proper Diagnosis


Ensure Your Cart Fleet Is Healthy with an Assessment Without proper maintenance, carts can


break down, disrupting patient care and frustrating clinicians and staff. Infrequent service intervals lower the value of assets and decrease response times to critical services. Our Cart Fleet Assessment provides a detailed report on the state of your fleet, including:


 Multi-point inspection of your entire cart fleet providing a baseline and status on each cart type, regardless of manufacturer


 Prioritized list of carts and recommended service


 Thorough analysis of cart fleet performance characteristics, cart health rating, and recommendations for enhancements and improvements for better performance


Call your Account Manager to learn more about our healthcare-focused assessments and services today! 1.800.395.8685


CONNECTION


VOLUME 2 • ISSUE 1


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36