The National Institute of Standards and Technology (NIST) recently issued Special Publication 800-163: Vetting the Security of Mobile Applications. The use of mobile applications (“apps”) in the work place can bring many efficiencies—and just as many security risks. Apps are software, after all, which means they can be hacked--and compliance officers need to understand if, why, and how their employees are using them.
An app for everything
Mobile apps are increasingly available in the health care arena, offering time-saving and accuracy-improving assistance such as:
- secure texting
- access to EHR
- access to lab results and mobile imaging
- practice management (to assist with coding, prescription refills, etc.)
Don't click... at least not before we vet
The NIST publication describes a mobile application vetting process to help you determine if an app is suitable for your security environment. For example, this vetting process encourages organizations to ask questions such as:
- What is the set of users that are permitted to use an app?
- Under what circumstances should an app not be used?
- What vetting has already been performed by the official app store, if known?
NIST 800-163, page. 8. If your organization encourages or requires employee use of mobile apps which involve the use of PHI, be sure to first evaluate the security risks by updating your HIPAA security risk assessment and discussing safeguards with your Security Officer.