Viewing Sensitive Faxes on Mobile? HIPAA Compliance Matters

Mobile connectivity in the US is at an all-time high, with smartphone internet usage officially surpassing desktop internet usage, and the world of healthcare is no exception: Both patients and providers increasingly use mobile devices to send, receive, view and interact with protected health information (PHI). Being able to access PHI on-the-go allows for greater transparency and responsiveness from all parties involved. If your organization uses Concord’s HIPAA compliant cloud fax solution, you know how valuable it is to be able to view faxes that are urgent or contain health information from your phone. Rather than waiting by the paper tray for an expected fax to arrive, Concord fax users can view received documents as they arrive, anywhere and at any time.

When handled correctly, accessing health information from a mobile device is fully secure and HIPAA compliant. However, like any time that protected health information is accessed, there are precautions you can and should take to ensure you and members of your organization are always in compliance with HIPAA. If you’re a Concord cloud fax customer who views secure faxes on a mobile device, these tips will help ensure that members of your organization stay HIPAA compliant when using mobile devices.

Practice general mobile security

To best protect mobile devices and the PHI viewed on them, members of your organization should always adhere to general best practices for mobile security. Though some of these security practices might not seem directly related to HIPAA, the more steps you take to bolster security generally, the simpler HIPAA compliance becomes. Examples of basic mobile security steps to be taken include:

• Never connect to unsecured Wi-Fi to view sensitive data.
• Research and use discretion before downloading apps. Some apps may appear innocuous, but are actually infected with malware, which could lead to a serious security breach.
• Update apps and software as soon as new updates are available. Oftentimes, updates address vulnerabilities that weren’t discovered until after the release of a particular piece of software or hardware.
• Have a device password in place. Even though it seems obvious, as recently as 2015, 1 in 4 organizations did not enforce a password policy or standard. The extra layer of security that a password provides can go a long way in the event that a phone is lost or stolen.

Have best practices in place for mobile HIPAA compliance

Whether your organization is a Bring Your Own Device environment or members utilize company-issued devices, it’s still crucial to build a mobile policy into your organization’s HIPAA best practices guideline. A mobile HIPAA compliance policy should clearly outline appropriate security measures for your organization’s mobile use, and should also cover the necessary steps for mitigating a security breach in the event that a mobile device is lost or stolen. Having a set of HIPAA-specific standards for your organization to follow ensures uniformity in how mobile security is handled throughout all departments.

Educate and train staff regularly

The most important step your organization can take in promoting mobile device HIPAA compliance is to conduct regular training on the topic. While it’s important for organizations to have best practices and plans in place for a potential HIPAA-related breach, these best practices won’t do any good unless employees are fully trained and understand the dos and don’ts of HIPAA and mobile devices. Employee negligence is the leading cause of healthcare data breaches, and IT professionals consistently rate users as the weakest point in an organization’s data security. Because of this, no matter how secure your network, employee training will always be paramount to HIPAA security. As the use of mobile devices in the healthcare industry continues to grow, so do the compliance risks associated with it. In order for members of your organization to best take advantage of the many uses and benefits of mobile technology, proper training is necessary.

Learn more about how Concord Cloud Fax users send and receive HIPAA compliant faxes, viewable on a mobile device, every day.