What is HIPAA and HITECH?


The Health Insurance Portability and Accountability Act (HIPAA) of 1996, and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 define standards designed to protect individuals' electronic personal health information.


Ensemble and Protected Health Information


HIPAA/HITECH standards protect the privacy of individually identifiable health information known as protected health information (PHI). Ensemble does not store or manage any PHI.


Organizations are responsible for maintaining appropriate administrative, technical, and physical safeguards for protecting e-PHI. Mobile devices are considered to have limited-feature operating systems which limit the user's ability to control the operating system and therefore a mobile device is more resistant than a full-feature operating system to certain types of attacks. However, additional security settings are required to protect any PHY accessed by the user of the mobile device through means such as third-party applications or websites. Adding a mobile device management solution, like Ensemble, allows the organization to enforce policies that help protect patient e-PHI.


Ensemble and Healthcare


It is important that Organizations create, audit, and maintain the policies necessary for their mobile devices to stay in compliance with HIPAA/HITECH standards. Because each organization has unique requirements to be HIPAA/HITECH compliant, Ensemble cannot audit or ensure compliance for an organization. Ensemble is a tool that can be used as part of an overall compliance strategy. 


Ensemble provides policies, like those listed below, that help organizations stay in compliance with HIPAA/HITECH requirements:


  • Limit what applications staff have access to with kiosk mode and the Managed Play Store
  • Lost or stolen devices can be remotely suspended or wiped to protect PHI.
  • Enforcing a secure password encrypts the mobile device and protects PHI from unauthorized access.
  • Load approved Wi-Fi connections to ensure mobile devices cannot connect to unsecured networks.
  • Enable automatic operating systems updates to install security patches as soon as possible.


Conclusion


Protecting PHI is essential to maintaining HIPAA/HITECH compliance. An important tool used to enforce PHI protecting policies is a mobile device management application like Ensemble. Ensemble's user friendly, yet comprehensive management dashboard enables admins to configure and manage multi-device deployments over-the-air.