Protecting healthcare data on iOS devices

Posted: Oct 15, 2013
Share This:

As we discovered recently, more healthcare professionals than ever before are turning to smartphones for their day-to-day work. With such a rapid increase in the use of this technology, there will naturally be concerns regarding security. So how can organizations prevent data breaches and ensure that personal devices are secure in the case that one goes missing or is stolen?

It’s impossible to micro-manage the devices used by all the staff, but policies can be put in place to protect PHI. HIPAA compliance is one thing, but it would be disastrous if it was to be undermined by something such as leaving a personal phone on the bus.

As such there are a number of additional measures that can be implemented to ensure that data on mobile devices is secure. HealthIT.gov recently published suggestions as how to improve iPhone and iPad security in clinical practices.

– Disable auto-login to apps
For the sake of security, a certain amount of convenience should be expected to be sacrificed. Many apps on the iPhone remain logged into your profile when not in use, so they are ready to use instantly. Log in manually each time you access an account in order to retain security and HIPAA-compliance. This is not possible with the iPhone’s Mail app, as the auto-login feature cannot be disabled – so be sure to access email accounts via the browser instead, and log out afterwards.

– Don’t use file sharing
File sharing applications such as Dropbox can be a life saver when it comes to running an efficient business, but can also put your data at high risk. As they have not signed Business Associate Agreements to protect your PHI, avoid using the apps altogether.

– Use a more complex password
The passcode on iOS defaults to a 4-digit number. Change this to an alphanumeric password with a minimum of seven digits to maximize your security. Go to Settings / General / Passcode Lock to do this.

– Encryption
Using iOS is beneficial in itself as all iOS devices provide a dedicated AES 256-bit hardware encryption for all data stored on the device and in transmission.

– Remote track your device
Turn on “Find My iPhone/iPad/iPod” in order to activate remote tracking through iCloud. If your device is ever lost you can go to iCloud and put the device in “Lost mode”. As long as the device has signal or a wifi connection, it can be remotely located and data erased.

– Erase data
As a last resort, an Apple device can be activated so that when the wrong passcode is entered 10 times all data is erased. When coupled with the extended passcode and all the other data protection features, this ensures that in the case of the device being lost the data will be secure, hopefully preventing any potential breaches.