QUIZ: Test Your Knowledge of HIPAA Mobile Security

Given the prevalence of portable electronic devices in today’s world, it’s no surprise that patients and providers alike are accessing health information while on the go. While this convenience is something to be appreciated, it can put valuable PHI at risk, not to mention increasing the chances of a breach of HIPAA-compliance.

Check out our quiz to see how much you truly know about keeping your mobile devices HIPAA-compliant.

medical-4072546_640

QUESTION 1: Which of the following is both the biggest benefit and drawback of bring your own device (BYOD)?

  1. Communication: Mobile devices allow physicians to communicate with each other and patients via text messages and webmail, but can also distract them with personal activities.
  2. Finance: BYOD saves money, as employees have added incentive to take care of their own devices. However, if devices are not properly encrypted, implantation can cost much more in the long run.
  3. Ease: Mobile devices allow for real-time data and sharing, but when it comes to technical and regulatory knowledge, they can cause more problems than they prevent.
  4. Portability: Mobile devices give physicians access to data from virtually anywhere with an Internet connection, but they also are easily lost or stolen, thus increasing the chance of data breaches.

QUESTION 2: Which is not a challenge healthcare providers face when trying to align HIPAA regulations with patient expectations?

  1. Confusion between personal health information (PHI) and personally identifiable information (PII).
  2. A complex patchwork of federal consumer data protections overlaid with individual state laws.
  3. User-generated content that falls outside the categories of PHI and PII.
  4. The need to constantly update data protections to facilitate trust among patients.

QUESTION 3: Which is a current trend in mobile security?

  1. Desktop as a Service (Daas): Desktop environments run virtually and access applications in their native forms.
  2. Remote wipes and auto-locks: Mobile device storage may need to be remotely wiped clean when the device is switched off, and auto-locking may be automatically implemented in the devices is misplaced or stolen.
  3. Signal range control: Enforces security and privacy by restricting where applications can be accessed from.
  4. Access control lists (ACLs): Role-based logins control which users and which mobile devices can access an application.
  5. All of the above.

RELATED: Establishing a HIPAA-Compliant Personal Device Policy for Your Practice

QUESTION 4: Which is not a continuous data protection (CDP) backup solution?

  1. Copying CDP server contents to a tape and shipping the tape off-site.
  2. Opt-out solution, wherein the care provider chooses not to adopt a backup solution.
  3. Disk-to-disk-to-cloud, where the backup server stores backups locally, but also uploads backups to the cloud for safekeeping.
  4. Disk-to-disk-to-disk, where companies create a backup of their backup server, preferably located in a data center off-site.

QUESTION 5: What are the biggest challenges hospitals, in particular, face in BYOD implementation?

  1. The diversity of mobile devices and no one-size-fits-all solution.
  2. The realization that policy alone is not enough to ensure data security and implementation of technological security measures is difficult.
  3. The steep cost of mobile devices and their applications.
  4. The realization that though they do not purchase mobile devices, CIOs and hospitals are responsible for them.
  5. All of the above.

Alright, got your answers ready? Let’s see how well you did!

QUESTION 1: Which of the following is the biggest benefit and drawback of bring your own device (BYOD)?

ANSWER: D. Portability has the distinction of being BYOD’s greatest draw, but also it’s biggest liability. According to the U.S. Department of Health and Human Services, the number one cause for data breaches is theft of devices.

QUESTION 2: Which is not a challenge healthcare providers face when trying to align HIPAA regulations with patient expectations?

ANSWER: D. Once practices set up the strong data protections patients want around their health information and associated data, trust and goodwill is easily established between provider and patient.

QUESTION 3: Which is a current trend in mobile security?

ANSWER: E. All of the above. And these are just a few of the current trends in mobile security. Other examples include: encrypted data transmission, double encryption, isolated special subnets for mobile devices, and mobile ID authentication mechanisms to enhance mobile security and privacy.

QUESTION 4: Which is not a continuous data protection (CDP) backup solution?
ANSWER:
B. Opt-out solution. While HIPAA requirements are purposefully vague to allow for diversity in organizational situations, they do require backups being created and restored.

QUESTION 5: What are the biggest challenges hospitals, in particular, face in BYOD implementation?

ANSWER: E. All of the above. These problems are just the tip of the iceberg. Data breaches are occurring more and more frequently, despite the best security practices implemented by the majority of hospitals.

We hope this quiz has been helpful in filling in any potential gaps in your knowledge of HIPAA-compliant mobile practices!

New Call-to-action