Smartphone security
From Provider Notes
Smartphone specific security considerations
- HIPAA regulations and patient related email
- Here is a link from Palm's site to their white paper on HIPAA compliance (pdf):
- Password protect your device
- Centralized management of devices (remote wipe for instance) is available in some managed environments. Details on this type of setup will be forthcoming.
University of Pennsylvania Office of Information Security
Below is the text from Josh Beeman at the Office of Information Security at Penn:
"The widely publicized theft from a VA employee’s home of computer equipment containing Social Security numbers and other personal information for more than 26 million veterans serves as a dramatic reminder of the need for extreme caution in handling sensitive data. The VA incident has created outrage among veterans groups and in Congress.
Computers with sensitive data (Social Security Numbers, credit card data, student data, patient health information, financial data etc.) pose a significant risk to Penn and our community at large. Before taking sensitive data home, keep in mind that laptop theft is on the rise as evidenced by statistics, and CD-ROMs and other portable memory storage devices are easily lost or stolen.
To limit risks, sensitive data must be protected through as many means as possible, including:
- Not allowing sensitive data on mobile devices such as laptops, PDAs, CDs, and Flash drives unless it is encrypted.
- Keeping computers up to date with the most current software, patches and security measures (anti-virus, firewalls, strong passwords, intrusion detection systems, etc.).
Any computer with sensitive data is considered a “Critical Host” and must comply with the Universities Critical Host policy *http://www.isc-net.upenn.edu/policy/approved/20000530-hostsecurity.html
Please contact security@isc.upenn.edu or privacy@pobox.upenn.edu if you have questions about protecting and securing confidential data.
Further information is available at http://www.upenn.edu/computing/security and http://www.upenn.edu/privacy.
For more on the VA incident, see http://www.va.gov or http://www.cnn.com/2006/US/05/22/vets.data/index.html."
