HIPAA message - protecting info on a mobile device

February 24, 2005

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. This HIPAA-related message is part of UNMC's continued effort to educate employees. Today's HIPAA message talks about protecting information on a mobile device from theft or misuse.

Question: How can I protect the information on my mobile device from theft or misuse?

Answer: Mobile devices include PDAs, laptops, pagers, cell phones with text pages, Blackberry devices, flash drives, USB stick, zip drives, and CDs. While these devices are efficient to use, they also can present a security risk if proper precautions are not taken to protect the information contained on them.

Physical safeguards offer protection, such as locking the device in a drawer, glove box, car trunk, or storing the device out of sight when not in use. Never leave a mobile device unattended, even for a short period of time. It takes a thief only a matter of seconds to steal valuable possessions.

Technical safeguards such as encryption and strong passwords also should be utilized when available to prevent improper access to the information stored on the mobile device. (Note: Encryption is the translation of data into a secret code. A strong password is difficult to guess by other people.)

The theft of confidential information contained on the devices could cause serious harm. Implement the simple safeguards above to reduce this risk.

For additional information see End User Device.

If you're a manager, please ensure that all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.