Step 2: Assess

Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information your organization holds.

Conduct a risk analysis to identify the risks to your organization. If you are a solo provider, you may conduct this risk analysis yourself. If you work in a larger organization, the organization may conduct the risk analysis.

A risk analysis will help determine the safeguards, policies, and procedures your organization needs. It should include reviewing risks created by all mobile devices used to communicate with your internal networks or systems, regardless whether the devices are personally owned or provided by the organization.

Perform a risk analysis periodically and whenever there is a new mobile device, a lost or stolen device, or suspected compromised health information.

After conducting a risk analysis, document:

Which mobile devices are being used to communicate with your organization’s internal networks or system (e.g., the EHR system or Health Information Exchange (HIE)),
What information is accessed, received, stored, and transmitted by or with the mobile device, and
HHS OCR HIPAA Security Series Basics of Risk Analysis and Risk Management

Open Survey

Certification of Health IT

Health Information Technology Advisory Committee (HITAC)

Health Equity

HTI-1 Final Rule

Information Blocking

Interoperability

Patient Access to Health Records

Clinical Quality and Safety

Health IT and Health Information Exchange Basics

Health IT in Health Care Settings

Health IT Resources

Laws, Regulation, and Policy

ONC Funding Opportunities

ONC HITECH Programs

Privacy, Security, and HIPAA

Scientific Initiatives

Standards & Technology

Usability and Provider Burden

Step 2: Assess

Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information your organization holds.

Connect with us: