[author: Jo Ellen Whitney]
Bond . . . James Bond has always been the epitome of cool gadgets (and bikini babes) but the gizmos of Sean Connery have passed into the era of Daniel Craig. Mr. Connery's lasers, spy cameras and recorders are like dinosaurs and stone tablets. Interesting, but clunky. Many practitioners feel the same way about the desk top and "computer station". New medicine is mobile, miniature and you can play angry birds on it. But what does that mean for security and privacy?
The VA rolled out a pilot project with iPads and almost immediately picked up a complaint and an investigation regarding data security.
There were 7 key takeaways from this investigation into mobile devices:
-
Have certified encryption with strong passwords;
-
Have an accurate inventory;
-
Encrypt backup files;
-
Auto destruct for lost or missing devices;
-
Ensure consistent security configuration;
-
Minimum baseline standards for all mobile devices must be established and implemented;
-
Centrally log/manage distribution of devices.
If only the Massachusetts Eye and Ear Infirmary (MEEI) had taken the lessons of the VA to heart, they might have avoided significant costs. On September 17, the OCR announced that it had reached a 1.5 Million Dollar settlement with MEEI to settle potential HIPAA security violations. A key component of the investigation was MEEI's failure to analyze the risks, and take action in regard to portable devices.
The moral of the story is you can't be Sean Connery in a Daniel Craig world.
