SALES: 978-367-3655 SUPPORT: 978-250-8355 [email protected]

Bill Ho, Biscom

As you know, HIMSS 2013 just wrapped up. Among the main security challenge with healthcare BYOD (bring your own device) security lies in the dual-use nature of mobile devices. A stolen or lost physician’s laptop will probably already have security measures built in such as whole disk encryption and authentication requirements, but smart phones and tablets, especially personal devices, often eschew these added layers of protection in favor of ease of use, simplicity and quick access.

One of the biggest dangers of BYOD is the latest crop of Dropbox-style synchronization applications. By poking a hole in an institution’s security fabric to synchronize files to mobile devices, the physician is potentially creating a new channel through which confidential patient information could leak. It is important to know that many healthcare institutions have decided to shut off access to these synchronization tools until there’s a way to manage them as hospital applications with centralized control, granular permission and integration with established authentication services.

How can you prepare your healthcare organization to handle these additional security risks? What steps should you take to extend your current network security to cover these mHealth security holes? Biscom can help keep documents secure. Contact us today to learn how.

Mobile devices are simply the latest vector to threaten hospital security, but here are remedies to these threats that will satisfy both IT groups and healthcare practitioners. The following 10-point list will help you think about the framework for a BYOD policy that can help you meet your HIPAA and protected health information (PHI) security requirements.

1. Examine and update security policies. Review your current security policies for web applications (customer relationship management {CRM}, email, portals), virtual private network (VPN) and remote access. Most will apply to mobile devices as well.

2. Determine devices you want to support. Not every device will meet the security requirements of your organization and you don’t want to have to test all possible platforms. Also, physically inspect devices to make sure they haven’t been jail-broken or rooted.

3. Set expectations clearly. Instituting proper security protocols may mean IT has to change physician mindsets. Security adds additional layers for an organization to work with, but this is a small inconvenience when compared to the potential harm caused by a security breach.

4. Write clear and concise policies. This should happen for all employees who want to use their personal devices. Everyone participating in BYOD should sign a terms of use agreement. Those who choose not to follow policy should not expect to use their device.

5. Create a Personal Identification Number (PIN). Make a PIN (or other client authentication) mandatory. This is the first line of defense against a lost device.

6. Enforce data encryption at rest. Any applications downloading and storing data on a BYOD device should protect that data. If a PIN or passcode is cracked, you want to make sure that data is still protected.

7. Decide on application availability. With many applications available, which do you permit? Are there specific applications or a class of applications you want to keep off the device? This can be difficult to achieve, but malware and rogue applications can cause serious damage without users realizing it.

8. Provide training to physicians and hospital staff. Make sure they understand how to use their applications, make the most of their mobile capabilities and watch for suspicious activity.

9. Search for applications with audit, reporting and centralized management capabilities. As mobile devices become information conduits it’s important to have these. Applications with such features are easier to trace back to any potential data breaches.

10. Consider mobile device management software (MDM). MDM software can provide secure client applications like email and web browsers, over the air device application distribution, configuration, monitoring and remote wipe capability.

No single solution will solve all your BYOD issues, but a combination of policies, education, best practices and third-party solutions can help mitigate security concerns. By defining goals and setting up guidelines and policies, you can lay the foundation and flexibility you need to meet HIPAA and PHI security requirements. (From

Biscom can help keep documents secure. Contact us to learn how.

With robust HIPAA, HITECH, and state governmental regulations, meaningful use incentives, and accelerated auditing of Protected Health Information (PHI), it’s always smart to ensure the basics are in place to protect the security of faxes containing PHI.

Biscom’s fax solutions for Healthcare provide a universal interface for the conversion and dissemination of information from all of your HIS platforms. Output from any application on any platform can be passed to Biscom’s fax technology for conversion. These documents can then automatically be emailed, faxed, printed or published to a secure web site. This end-to-end solution provides your healthcare organization the necessary tools to manage all of your information in a timely and secure manner.



Bill Ho is the president of Biscom, a software company providing solutions for secure file transfer and fax services to enterprises. In addition to architecting and developing enterprise solutions, Ho has been speaking and writing about mobile and web technologies for the last 16 years. Mr. Ho received degrees in Computer Science from Stanford University and Harvard University.