{"id":2724,"date":"2013-11-14T00:00:00","date_gmt":"2013-11-14T00:00:00","guid":{"rendered":"http:\/\/otava.test\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/"},"modified":"2013-11-14T00:00:00","modified_gmt":"2013-11-14T00:00:00","slug":"hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/","title":{"rendered":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices"},"content":{"rendered":"<p>The Dept. of Health &amp; Human Services has a HIPAA security guide outlining their recommendations for securing ePHI (electronic protected health information) on mobile devices, including remote access. The HHS covers ePHI in a variety of instances ranging from accessing, storing and transmitting data.<\/p>\n<p>Their format presents a potential risk, then the technical, administrative or physical security recommendation to prevent said risk. Below I\u2019ve summarized their guide to highlight some of the top pointers along with some additional technical info:<\/p>\n<p><strong>Accessing ePHI<\/strong><br \/>\n<strong>Risk<\/strong>: Password or user login info was lost or stolen, resulting in either unauthorized access or viewing\/modification of ePHI.<br \/>\n<strong>How to Mitigate:<\/strong><\/p>\n<ul>\n<li dir=\"ltr\">Implement <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/cloud-security\/\">two-factor authentication<\/a> for remote access to systems containing ePHI. Secure and encrypted remote access can be achieved with a combination of <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/cloud-security\/\">SSL certificates<\/a>, VPNs (Virtual Private Networks) and two-factor authentication that requires a secondary factor for access (i.e., push notifications and passcodes authenticated by your personal phone).<\/li>\n<li dir=\"ltr\">HHS also recommends using RADIUS (Remote Authentication Dial-In User Service) or other similar tools to support a technical process to create unique usernames and to perform authentication for remote access.<\/li>\n<\/ul>\n<p><strong>Risk<\/strong>: Systems infected by an external device with the intent to gain remote access to systems housing ePHI.<br \/>\n<strong>How to Mitigate:<\/strong><\/p>\n<ul>\n<li>Install firewalls on laptops that store, access or are connected to networks with ePHI<\/li>\n<li>Install and maintain <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/cloud-security\/\">antivirus<\/a> software\/updates on portable or remote devices that access ePHI<\/li>\n<\/ul>\n<p><strong>Storing ePHI<\/strong><br \/>\n<strong>Risk<\/strong>: Laptop or other portable device is lost or stolen, allowing unauthorized access or modification to ePHI.<br \/>\n<strong>How to Mitigate:<\/strong><\/p>\n<ul>\n<li dir=\"ltr\">Take inventory of hardware and electronic media, including hard drives, magnetic tapes or disks, digital memory cards, security equipment, etc.<\/li>\n<li dir=\"ltr\">Ensure security updates are regularly deployed to smartphones and other portable devices<\/li>\n<li dir=\"ltr\">Require that all portable or remote devices that store ePHI employ encryption with strong cryptography &#8211; another way to keep ePHI secure is to keep the data off of devices and stored in <a href=\"https:\/\/otavawebsite.wpengine.com\/operations\/locations\/michigan-cloud-and-data-centers\/\/compliance\/hipaa-compliant-data-centers\">HIPAA compliant data centers<\/a>, with strong access controls.<\/li>\n<\/ul>\n<p><strong>Risk<\/strong>: Using an external device to access corporate data, resulting in the loss of critical ePHI on the remote device.<br \/>\n<strong>How to Mitigate:<\/strong><\/p>\n<ul>\n<li>Ensure backups and archived media are encrypted with strong cryptography<\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/data-protection\/cloud-backup\/\">Offsite backup<\/a> is essential to keeping data secured in a physically and logically secure data center, and available in the event a device is lost with ePHI on it<\/li>\n<\/ul>\n<p><strong>Transmitting ePHI<\/strong><br \/>\n<strong>Risk<\/strong>: Data intercepted and stolen, or modified during transmission.<br \/>\n<strong>How to Mitigate:<\/strong><\/p>\n<ul>\n<li>Don\u2019t allow transmitting of ePHI over the Internet or other open networks<\/li>\n<li>Use more secure connections for email via SSL and the use of message-level standards such as S\/MIME, SET, PEM, PGP etc.<\/li>\n<li>Use strong encryption for transmitting ePHI. The HHS states that SSL should be a minimum requirement for all Internet-facing systems that manage ePHI.<\/li>\n<\/ul>\n<p>Related Articles:<br \/>\n<em><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/hipaa-encryption-protecting-patient-data-on-tablets-smartphones\/\">HIPAA Encryption: Protecting Patient Data on Tablets &amp; Smartphones<\/a><\/em><br \/>\nA guest blog from HITECHAnswers.net lists security tips from HHS.gov to help ensure that patient data is secure in a BYOD (Bring Your Own Device) environment that includes the use of personal devices such as iPhones and iPads in the \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/hipaa-encryption-protecting-patient-data-on-tablets-smartphones\/\">Continue reading \u2192<\/a><\/p>\n<p><em><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/overcoming-healthcare-cio-challenges-with-secure-scalable-hipaa-hosting\/\">Overcoming Healthcare CIO Challenges with Secure &amp; Scalable HIPAA Hosting<\/a><\/em><br \/>\nMcKesson\u2019s Understanding Your CIO article catalogues a list of statistics derived from surveys, polls and interviews of healthcare CIOs. It\u2019s a very informative snapshot of the position\u2019s latest responsibilities and concerns as the healthcare IT landscape rapidly evolves due to \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/overcoming-healthcare-cio-challenges-with-secure-scalable-hipaa-hosting\/\">Continue reading \u2192<\/a><\/p>\n<p><em><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/2013-mobile-security-byod-resource-roundup\/\">2013 Mobile Security: BYOD Resource Roundup<\/a><\/em><br \/>\nHere\u2019s the best of mobile security from 2013, including articles, white papers, previously recorded webinars and more that explain mobile health IT (mHealth) data security and how to prevent compromised data in your organization. Online Tech is also headed to \u2026 <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/2013-mobile-security-byod-resource-roundup\/\">Continue reading \u2192<\/a><br \/>\nReferences:<br \/>\n<a href=\"https:\/\/www.hhs.gov\/ocr\/privacy\/hipaa\/administrative\/securityrule\/remoteuse.pdf\">HIPAA Security Guide for Remote Use<\/a> (PDF)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Dept. of Health &amp; Human Services has a HIPAA security guide outlining their recommendations for securing ePHI (electronic protected health information) on mobile devices, including remote access. The HHS covers ePHI in a variety of instances ranging from accessing, storing and transmitting data. Their format presents a potential risk, then the technical, administrative or physical security recommendation to prevent said risk. Below I\u2019ve summarized their guide to highlight some of the top pointers along with some additional technical info: Accessing ePHI Risk: Password or user login info was lost or stolen, resulting in either unauthorized access or viewing\/modification of ePHI. How to Mitigate: Implement two-factor authentication for remote access to systems containing ePHI. Secure and encrypted remote access can be achieved with a combination of SSL certificates, VPNs (Virtual Private Networks) and two-factor authentication that requires a secondary factor for access (i.e., push notifications and passcodes authenticated by your personal phone). HHS also recommends using RADIUS (Remote Authentication Dial-In User Service) or other similar tools to support a technical process to create unique usernames and to perform authentication for remote access. Risk: Systems infected by an external device with the intent to gain remote access to systems housing ePHI&#8230;.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2724","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices | OTAVA<\/title>\n<meta name=\"description\" content=\"Dept. of Health &amp; Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices\" \/>\n<meta property=\"og:description\" content=\"Dept. of Health &amp; Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-14T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices\",\"datePublished\":\"2013-11-14T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\"},\"wordCount\":637,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\",\"url\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\",\"name\":\"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-11-14T00:00:00+00:00\",\"description\":\"Dept. of Health & Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices | OTAVA","description":"Dept. of Health & Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices","og_description":"Dept. of Health & Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.","og_url":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/","og_site_name":"OTAVA","article_published_time":"2013-11-14T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices","datePublished":"2013-11-14T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/"},"wordCount":637,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/","url":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/","name":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-11-14T00:00:00+00:00","description":"Dept. of Health & Human Services has a HIPAA security guide outlining their recommendations for securing ePHI on mobile devices, including remote access.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/hipaa-compliant-recommendations-to-securing-ephi-with-mobile-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"HIPAA Compliant Recommendations to Securing ePHI with Mobile Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2724"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2724\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2724"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}