e-mail Print Share

Tips for protecting health information on cell phones, tablets and laptop computers

June 02, 2014

As technology continues to evolve health care professionals are not just accessing health information on desktop computers, the data is mobile.

HIPAA Graphic
Here are some tips for protecting health information when using a mobile device, such as a cell phone, tablet or laptop computer. The tips are based on information provided by the federal government, through the Office of the Chief Privacy Officer. While these tips are not exhaustive or definitive, and compliance with them does not necessarily make someone compliant with the Health Insurance Portability and Accountability Act Security Rule, they may help protect patient information on mobile devices.

  • Lock the device so that a user authentication or password is necessary to get in. 
  • Install and enable encryption. Encryption protects health information stored on mobile devices. Some mobile devices have built-in encryption capabilities or the tools can be purchased and installed.
  • Install and activate remote wiping and/or disabling. Remote wiping enables you to erase data on a mobile device remotely. By enabling the remote wipe feature, you can permanently delete data stored on a lost or stolen mobile device. Remote disabling allows you to lock a mobile device if it's lost or stolen. If the mobile device is recovered, you can unlock it.
  • Disable and do not install or use file-sharing applications. File-sharing apps allow Internet users to connect to each other and access each other's libraries of media files. But they can also allow unauthorized users to access your device without your knowledge.
  • Install and enable a firewall on your laptop computer. A personal firewall on a laptop can protect against unauthorized connections. Firewalls intercept incoming and outgoing connection attempts and block or permit them based on a set of rules.
  • Install and enable security software, which can protect against malicious applications, viruses, spyware and malware-based attacks.
  • Keep your security software up to date. This can allow you to have the latest tools to prevent unauthorized access to health information.
  • Research mobile applications before downloading. Before you download and install an app on your mobile device, verify that the app will perform only functions you approve of. Use known websites or other trusted sources that you know will provide reputable reviews of the app.
  • Be careful with and keep a close eye on your device. Carry your device in an inner pocket instead of in your purse. Don't leave it in plain sight in a parked car.
  • Use an encrypted network connection to send or receive information over Wi-Fi networks. Unencyprted Wi-Fi transmissions can be easily intercepted, especially in a public location. To use an encrypted connection, make sure your browser is connected to a URL that starts with "https://," or make sure your application uses an encrypted connection.
  • Securely delete all stored health information before discarding or reusing a mobile device. Consult with someone with an understanding of the technical issues for the best way to handle this on your particular device. The remote erase feature mentioned above is appropriate for smartphones and tablets. Laptop computers are especially difficult to securely erase. Appropriate methods for securing data before discarding or resuing a device include clearing, purging and destruction.
To learn more about mobile security, visit healthit.gov/providers-professionals/how-can-you-protect-and-secure-health-information-when-using-mobile-device.