Mobile device policies for working outside the officeWhether you call it teleworking, remote access, or mobile access if you have any access to PHI outside of your office, you should have a HIPAA mobile access policy that applies to that activity. Any person that accesses your systems and data outside of your internal network should be trained and sign off on commitments to protect your PHI.

We’ve never specifically covered the topic of what should be included in a HIPAA mobile access policy. It is about time we did just that.

 

In this episode:

 

Expand or collapse the extended show notes

HIPAA Mobile Access Policy Considerations

There are a lot things you should consider when defining your mobile access policy.

What kinds of controls do you need to have in place on your local network for remote access before you let others in?

  • What resources will be accessible remotely?
    • Email
    • Documents
    • EHR
    • PM
    • CRM
    • Cloud Apps directly or through your connection
  • Use of open RDP SHOULD NOT BE USED ON PUBLIC IPs
  • VPN for use on public wifi
  • What devices are you going to allow to connect?
    • BYOB?
      • Family computers used by kids?
    • Public computers

What mobile access scenarios should the policy cover?

  • Working from home (billing, transcription, accounting and reporting, clinical and diagnostics)
  • Working in hotels and other public access locations.
  • Working from other home networks (family visits, business partners)

What your staff must do to be eligible for remote access

  • Training
  • Device commitments
  • Audits
  • Up to date software


Mobile access isn’t something you just do and not worry about it.  So many things are opened up by allowing mobile access that you must consider, secure, and document.

Please remember to share us our on your favorite social media site and rate us on your podcasting apps, we need your help to keep spreading the word.

To help us out even more take our listener survey.

Share This
HIPAA Boot Camp