As an organization that keeps, stores, or transmits PHI (Personal Health Information), you know that your network and computers must be maintained, protected, and used in a way that complies with HIPAA technical rules for privacy and security.
But what about the security of other devices that connect to your network?
Here are some categories of devices you should pay close attention to:
- Smartphones & tablets
- Medical imaging devices
- Vaccine data loggers
- Printer/scanner/fax
- Medical treatment devices
To the extent that any of these devices connect with your network or perform a critical function, you should be as careful in managing and protecting them as you are with your computers.
Here are just a few examples of measures you might need to take for security and compliance:
- Setup a separate channel for guest wireless access.
- Delete internal memory before disposal of old device.
- Change default user names and passwords.
- Train staff on device privacy and security procedures.
- Get BAAs (Business Associate Agreements) from your installation and maintenance vendors.
Keep track of all devices, security measures, and training by documenting the details in your Compliance Plan. This should be revisited and updated every time you install a new digital device, and at other times such as when you change your procedures or add new staff positions. If you don’t have a Compliance Plan, contact a cybersecurity professional as soon as possible.