Outpatient Surgical Center
Mobile Device Security Policy
1. Introduction
Mobile devices, such as smartphones and tablet computers, are important tools for the organization and their use is supported to achieve patient care and business goals.
Mobile devices are a significant risk to information and data security. If security applications and procedures are not applied, mobile devices can be a means for unauthorized access to Protected Health Information (PHI), the organization’s data, the IT infrastructure, and can subsequently lead to data breaches and system infection (viruses, malware, etc.). Furthermore, mobile devices are susceptible to loss and theft increasing risk of security breaches.
2. Scope
This policy applies to all mobile
…show more content…
Prohibit the use of cameras on mobile devices unless explicitly approved and the requirements of Outpatient Surgical Center policy on photographic and video and audio recordings are followed.
10. The Outpatient Surgical Center IT Department has configured devices with safeguards and security settings; do not interfere with, remove or disable any safeguards, or security installed.
User Requirements
1. Users must only load data essential to their role onto their mobile device(s).
2. Applications must only be installed from official platform-owner approved sources. Installation of code from un-trusted sources is forbidden. If you are unsure if an application is from an approved source contact Outpatient Surgical Center IT.
3. Users must not load pirated software or illegal content onto their devices.
4. Users must report all lost or stolen devices to Outpatient Surgical Center IT immediately.
5. If a user suspects that unauthorized access to company data has taken place via a mobile device they user must report the incident in to Outpatient Surgical Center IT
…show more content…
Wireless network connections for mobile devices are similar to other types of network connections, but have important differences that should be considered in the risk assessment:
2. Disable unneeded network services. (Bluetooth, IrDA and WLANs) Limit and/or set up firewalls for networking services that are not needed, or which should not run at default permissions. If a network service is not needed, it should be disallowed in the default configuration.
3. Use of non- Outpatient Surgical Center wireless networks (e.g., Internet cafes, hotels, airports) can compromise the device and data transmissions to/from the device. Do not use such networks for Outpatient Surgical Center business unless the device has been approved for such use and the transmissions are encrypted.
4. Transmissions containing PHI or information designated by management to be similarly protected must be encrypted
Signed Agreements for Users of Portable Devices
1. Users of portable devices should be required to sign an agreement in which they acknowledge the special risks associated with portable device use, and any special requirements for the maintenance of