The iPhone, Android or other cell phone you depend on for everything – besides texts and calls your phone is likely keeping you busy with games; productive with email, to-do lists and calendars; in touch with Facebook, LinkedIn and Twitter; and convenienced with applications as straightforward as a simple flashlight. But how much do you really know about this rapidly growing library of applications? How well do you read the obligatory user-agreement before you install the application?
Well, of those “free applications” that most of us have installed more than a few represent some potentially serious risks, especially if you have HIPAA data on your phone. Most free applications can access your contacts, calendar and other data on your phone – and for purposes of convenience, there are perfectly legitimate reasons for this, but can you be sure the publisher will only use this data for legitimate reasons? One shocking example came from a flashlight application for Android that, once installed, had access to nearly all the data on the phone.
The potential threat from applications, malware and viruses is very complex within a BYOD environment – even the basics of keeping device system software current can be a nightmare when one is facing a multitude of different hardware and operating system platforms. Naturally, risks of this sort should be thoroughly defined in your HIPAA risk assessment that is a requirement of meaningful use. Regularly updating and refining your risk assessment alone could become overly burdensome very quickly. Accordingly, it’s worthwhile, given the complexity and ever-changing nature of technologies, to consider a very conservative approach – we recommend practices own and manage all devices accessing patient and other critical data.