Last updated May 17, 2016
We’ve received numerous inquiries asking how SimpleMDM can aide in achieving HIPAA and HITECH compliance. There isn’t a great deal of information available on how HIPAA and HITECH relate directly to mobile device management, so we’ve addressed the question here, for you!
HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996 has two purposes. First, it protects heath insurance coverage for workers and their families in the event that they change jobs or lose their employment. Second, it requires the establishment national standards for electronic health care transactions. The latter purpose, detailed under Title II of the act, creates requirements for the privacy and security of individually identifiable health care records as well as outlining the civil and criminal penalties for violations of these standards. This latter title applies to the discussion of this article.
HITECH, which stands for Heath Information Technology for Economic and Clinical Health Act was enacted to further promote the adoption and meaningful use of health information technology. It details the requirements for notification in the event of a data breach, how electronic health records can be accessed, and what agreements need to be in place between the associates of a business.
SimpleMDM aides your effort in being HIPAA compliant. Below we’ve outlined areas of concern for HIPAA compliance and the SimpleMDM functionality we suggest using.
SimpleMDM allows you to enforce passcode requirements on all devices. Require users to create a passcode that meets the complexity requirements of your company. Automatically lock devices after a specified duration of inactivity. Automatically self-destruct on-device data if it’s detected that someone is attempting a brute-force attach to break into a device.
Track the location of a device at any time using SimpleMDM’s location tracking feature. In the event that a device is lost, enable iOS Lost Mode which locks a device and enables OS-level location tracking without requiring an Apple ID. If a device cannot be found and/or recovered, optionally wipe the device data remotely.
Both iOS and installed apps can become outdated and contain security risks. Use SimpleMDM to track software versions of both iOS and the apps installed as well as update iOS and mobile apps remotely if they become outdated.
SimpleMDM’s inventory functionality also allows administrators to verify that encryption is enabled on devices, keeping data secure in the event that a device falls into the wrong hands.
SimpleMDM allows you to configure VPN connections as well as enforce a global HTTP proxy on devices. Using these technologies allows a company to encrypt the data transmissions that are occurring between devices and web services.
Using SimpleMDM, administrators can take advantage of Open In Management, which is an iOS feature that allows one to restrict documents in managed apps from being opened elsewhere on the device. If medical records are being used in one app, this feature can make it difficult for medical records to be opened in unauthorized apps or distributed in ways that are against policy.
Alternatively, contact us if you would like to discuss your organization. We’re happy to help.