Access to information through the internet has become more and more in demand. This need has particularly accelerated since last year, 2020, when the COVID-19 pandemic started, with most people being homebound due to quarantine restrictions.
The use of teleconsultation is one of the modern healthcare technologies and practices that has soared due to the pandemic. Some patients and providers alike opt to do teleconsultation to avoid being in close contact with another person, thereby minimizing the risk of exposure to possible COVID-19 carriers.
With this increasing demand for convenience and online access, protected health information (PHI) is widely created, stored, transmitted, and/or received as electronic data via email and others.
Apart from mobile devices, PHI can also be found on endpoints such as memory or storage devices, USB flash drives, and online, such as in cloud storage apps (i.e., Dropbox, Google Drive), etc.
As stated in the published article, Chapter 4 Understanding Electronic Health Records, and Cybersecurity (healthit.gov):
“(sic) Every day there are new attacks aimed specifically at small to mid-size organizations because they are less likely to be fully protecting themselves. Criminals have been highly successful at penetrating these smaller organizations and carrying out their activities, while their unfortunate victims are unaware until it is too late.”
Since HIPAA was enacted in 1996, safeguarding the PHI has been the major goal. National standards were set in place to protect and promote confidentiality, integrity, and availability of PHI. This includes the importance of cybersecurity.
Cybersecurity is described by the Office of the National Coordinator (ONC) for Health Information Technology as:
“(sic)… ways to prevent, detect, and respond to attacks against or unauthorized access against a computer system and its information. Cybersecurity protects your information or any form of digital asset stored in your computer or in any digital memory device.”
Among the many risks that using mobile devices poses are;
- 1loss and/or theft of mobile devices,
- 2unknowingly downloading of a virus or malware into the mobile device,
- 3sharing of mobile devices,
- 4accessing or connecting to unsecured Wi-Fi connection.
The ONC and OCR have enumerated 13 mobile safeguards which include:
- 1Setting strong passwords and changing to new ones regularly
- 2Encryption of e-PHI
- 3Use of automatic log off on devices, website, EHR, apps, and others
- 4Require a unique user ID for each device user
- 5Enable remote wipe of data or PHI on mobile devices and others.
- 6Always lock the device when not in use.
- 7Keep the device with you at all times while working.
- 8Use of screen shield.
- 9Refrain from sharing the mobile device
- 10Register the mobile device within the organization
- 11Install firewall
- 12Use secure Wi-Fi connection
- 13Research mobile applications
Therefore, reasonable validation should be made by each organization or office to ensure that they are well-prepared before considering the use of mobile devices, transmitting and storing e-PHI be it via e-mail and other methods, with prudent consideration of cybersecurity and cyberattacks.