Step 1: Decide
Decide whether mobile devices will be used to access, receive, transmit, or store patients’ health information or used as part of your organization’s internal networks or systems (e.g., your EHR system).
Understand the risks to your organization before you decide to allow the use of mobile devices. Risks (threats and vulnerabilities) can vary based on the mobile device and its use. Some risks may be:
- A lost mobile device
- A stolen mobile device
- Inadvertently downloading viruses or other malware
- Unintentional disclosure to unauthorized users when sharing mobile devices with friends, family and/or coworkers
- Using an unsecured Wi-Fi network.
You can watch the Mobile Device Privacy and Security video series, which provides scenarios of some of the common risks you may face when using a mobile device for patient care. The videos explore mobile device risks and discuss privacy and security safeguards you can put into place to mitigate the risks.