Step 5: Train

Conduct mobile device privacy and security awareness and training for providers and professionals.

Providers and professionals who use mobile devices must have privacy and security awareness and training to avoid costly mistakes that can result in loss of patient trust.

Safeguards will not protect health information unless the workforce (including management, providers, professionals, and staff) is aware of its role in following and enforcing those safeguards. Privacy and security awareness and training should be ongoing and include a discussion of the following topics:

  1. Risks (threats and vulnerabilities) when using mobile devices for work
  2. How to secure mobile devices
  3. How to protect and secure health information
  4. How to avoid mistakes when using mobile devices

Security awareness and training should be easy to use and understand and should support the policies and procedures developed and put in place in response to the risk analysis and risk management strategy.

Finally, the organization should train its workforce so that they understand the organization’s mobile device policies and procedures and how to follow them.