CAN CONVENIENCE BE COMPLIANT? ust about every business professional carries at least one mobile technology tool that stores or accesses important content. Because of HIPAA compliance, billing firms have more risk than a typical business. While smartphones, tablets, and portable computers provide a great convenience, what are the pitfalls and dangers of using mobile devices? Mobile devices are quickly becoming more appealing targets for those who steal. This is not only because of the worth of the physical units, but also due to the value of the information to which these devices could provide access. And, it is evident that many people do not realize that compromised mobile devices are generally a security risk. Currently, there are 47 states that have breach reporting laws that require that your customers must be informed if their personal information is compromised from a device theft, loss, or break-in on a processing system – unless the device is encrypted. The states without breach reporting laws are South Dakota, Alabama, and New Mexico. Louisiana’s rules state that breach reporting must occur even if the device is encrypted. When you consider the impact of HIPAA and these devices, we have to consider how to manage the risk better with internal control policies, encryption, and mobile device management software. I recently found myself seated next to an individual on an airplane who was both busy and significantly connected to important business resources via two different mobile devices. He completed a heated conversation, using his phone, about the need to move funds from one company bank account to another in order to cover upcoming expenditures. My seatmate then took out his tablet, brought it out of sleep mode and started working. He did not have a password or passcode on the device. He opened a browser, connected to an online banking site, and made the required fund transfer. Both the username and password for the banking utility were stored on the tablet, so he did not have to key this information in each time he accessed the site. He then placed the tablet in the seatback pocket of the plane and nodded off to sleep. This illustrates not only the need for security, but also the apathy toward the need for controls to protect devices and data. This article highlights some of the more pervasive security issues that arise when dealing with mobile technology. We will then look at a few of the many security measures that both organizations and individual users should consider to improve security. Finally, we’ll close with a short update on the dominant mobile platforms. Security Issues and Practices to Mitigate Them Users must guard against and prepare for three primary concerns: theft or loss of a mobile device; damage, destruction, or the malfunction of the physical unit; and compromised venue security when the device is in use. THEFT OR LOSS OF A DEVICE People regularly lose control of mobile technology. When someone no longer possesses a device, the list of bad things that can happen grows quickly. The value of the asset is lost, we lose J 10 HBMA BILLING • MARCH.APRIL.2015 ADVANCES By Randy Johnston
Billing_MarApr15
To see the actual publication please follow the link above