There’s a tremendous amount of chatter online about HIPAA compliance and laptops – and understandably so – as everyone seems to be ditching the desktops in favor of laptops due largely to portability and ease-of-use. But hold on for a minute and remember the dangers associated with using laptops – particularly when it relates to any storing, processing, and transmitting of Protected Health Information – commonly known as PHI. Thus, take note of the following 11 things you need to know about HIPAA compliance and laptops, provided to you by Flat Iron Technologies, LLC, North America’s premier provider of HIPAA consulting and HIPAA policies and procedures:
1. Numbers don’t lie. It’s no secret that a large – and growing number – of healthcare data breaches relating to Protected Health Information (PHI) are a direct result of laptop security breaches. From laptops being stolen or left unattended – or even worse – laptops containing PHI with no encryption, it’s time to get serious about the safety and security of both company-issued and employee owned laptops. In today’s digital world, everyone – and we mean everyone – is using some type of portable digital device, from laptops to tablets, and more. These great and helpful tools can also be come a dangerous catalyst for hackers and other malicious individuals who are on the lookout for these devices.
2. Have a well-documented Laptop Policy. Everyone knows that the very best method for promoting awareness and accountability – regardless of the topic – is by putting in place comprehensive, well-written policies and procedures. The same holds true for your laptop policy, which should be extensively researched, include all necessary information, then published and pushed out to all applicable end-users. Knowing the usage rights and overall responsibilities for laptop security will go a long way in protecting data residing on them.
With that said, now’s a good time to remind you that HIPAA compliance is often largely driven by documentation. More specifically, policies and procedures are a big – and growing – component of regulatory compliance, often forcing healthcare providers to spend considerable sums of money on either developing the documents internally, or hiring external policy writing consultants. The easy and cost-effective method for rapid HIPAA compliance – in terms of documentation – is downloading the industry leading HIPAA Compliance Policy Packets from hipaapoliciesandprocedures.com today. Time is money, and it’s well-spent and well-saved when using our HIPAA policies and procedures.
3. When emailing, use secure encrypted email utilities. Yes folks, regular email is not secure – it can be easily intercepted – ultimately resulting in the breach of HIPAA information. There are numerous companies offering secure, encrypted email solutions. Alternatively, you can also transmit documentation to one of the many secure HTTPS portals that are now available online. Tools such as basecamp.com and other project management/data transfer sites are useful and easy-to-use, so consider those an option.
4. When connecting remotely, use secure connections. A secure connection means just that – something that is deemed safe and secure via industry standards, such as HTTPS or other protocols that ensure the confidentiality of the connection. Remember to pay careful attention to free WI-FI hot spots, as sometimes they can actually be SSID’s being broadcast by the “bad guys” just waiting to steal your information while online. Just do some quick due-diligence and make sure that SSID you’re connecting to at your local coffee shop is actually safe and secure.
5. Anti-virus is essential. Installing anti-virus and other essential anti-malware solutions onto laptops is easy-to-do, cost-effective, and creates an extra layer of added security. From a scope perspective, both employee-owned laptops – which can be more challenging to monitor for compliance – and company-owned laptops, must have anti-virus installed, configured correctly, and updated with the latest definitions and signatures. It’s also important that users not disable or modify the anti-virus settings, which is easy to do, thus a strict laptop policy and procedures document is essential.
6. Personal Firewall tools. Filtering out and blocking malicious traffic from the untrusted public Internet is also a must, and it’s why every laptop should be enabled with personal firewall solutions. Such solutions are generally embedded into the operating system itself or can be turned on via a “group policy”. Regardless of how it’s enabled, it needs to be in place and functioning.
7. Passwords are paramount. Skip the short, easy-to-remember passwords for laptop access and put in place something that uses a healthy combination of letters, capitalization, numbers, and other characters. Don’t use your dog’s name, your mother’s maiden name, your favorite football team, or anything else that can easily be thought of by a malicious individual. And DO NOT write your passwords down on Post-it notes!
8. Full laptop encryption. There are many products on the market that offer full disk encryption – and when it comes to HIPAA compliance – this is absolutely essential. Imagine losing or misplacing your laptop – which happens all the time – don’t you want the peace of mind knowing all information on it is secured and cannot be accessed? That’s one of the benefits of full laptop – disk- encryption.
9. External Hard Drives, USB’s, Memory Sticks. One of the real dangers of today’s digital society are the tools, accessories, and options available for storing data. Items such as external hard drives and USB sticks should NEVER contain PHI as these items are temporary file repositories, and also easy to lose or misplace. Sure, you can get encryption on them, but the safer bet is not to use them at all.
10. Asset Tagging. One of the oldest forms of tracing an item is to simply place an asset tag on it, something as simple as a sticker with a code or unique internal inventory assignment number. A great place to put it – and ironically, a place where thieves often don’t look – is in the compartment area that houses the actual battery. After all, if you do find the laptop or you see it and want to confirm it’s yours, chance are the asset tagging sticker is still there. And besides, when it comes to keeping track of hardware products, nothing beats an asset inventory list that accurately identifies laptops out on the field.
11. Laptop Tracing Software. Guess what, laptops do go missing, it’s a part of life. From leaving them at the local coffee house to having your laptop bag stolen while on the subway, there’s almost an unlimited number of scenarios that could happen. We’ve all “misplaced” something important – admit it – and it’s why installing laptop tracing software is critically important, and relatively cost-effective.
Flat Iron Technologies, LLC, offers the very best HIPAA policies and procedures & policy templates found anywhere on the Internet. We’ve spent years researching, authoring, and refining our HIPAA policies and procedures, and they’re now available for instant download today from the experts at Flat Iron Technologies, LLC. From laptop policies for HIPAA to the dozens of other essential documents needed for compliance with the Health Insurance Portability and Accountability Act (HIPAA), the only name to know is hipaapoliciesandprocedures.com. Call us today at 1-800-554-1829 to learn more about our products and services.