6. Install and enable security software.
7. Keep security software up to date.
8. Research mobile applications (apps) before downloading.
9. Maintain physical control of your mobile device.
10. Use adequate security to send or receive health information over public Wi-Fi networks.
11. Delete all stored health information before discarding or reusing the mobile device.
OCR has been quite vocal recently about its enforcement efforts. The results of the KPMG audit program, as well as the information OCR has learned while investigating reported breaches, have educated OCR about the existing gaps in compliance at CEs and BAs. With the new requirements in the final rule, as well as the prior requirements that continue to be in place, it is important for CEs and BAs to rework compliance programs, amend breach response plans and associated documentation, revise contracts with vendors, update educational programs, and to explore insurance options to cover these risks.
Ted Kobus is national co-leader of the Privacy and Data Protection Team at Baker & Hostetler and focuses his practice in the areas of privacy, data breaches and intellectual property. Email: email@example.com