HIPAA and Personal Devices
The University of Northern Colorado (UNC) recognizes that university employees, and Graduate students, at times utilize their Personal Devices when conducting University business. In response to an increase in Personal Devices being used in the work environment and remotely, UNC has established an official Bring Your Own Device (BYOD) policy.
Any Employee or Graduate Student using personal devices are required to follow the UNC BYOD policy.
All Employees and Graduate Students should complete HIPAA training in Cornerstone and Canvas yearly. In addition, anyone using personal devices should follow guidelines from HealthIT.gov
Risks
Risks vary based on the mobile device and its use. Some risks include:
- A lost mobile device
- A stolen mobile device
- Inadvertently downloading viruses or other malware
- Unintentional disclosure to unauthorized users
- Using an unsecured Wi-Fi network
Protect and secure health information when using mobile devices:
- In a public space
- On site
- At a remote location
Regardless of whether the mobile device is:
- Personally owned, bring their own device (BYOD)
- Provided by an organization.
Install and enable encryption and install firewall
Install and enable security software and update software when recommended
Maintain control of your device
Delete stored health information before discarding device
Disable file-sharing apps
What to Avoid
- Sharing your mobile device password or user authentication
- Allowing the use of your mobile device by unauthorized users
- Storing or sending unencrypted health information with your mobile device
- Ignoring mobile device security software updates
- Downloading applications (apps) without verifying they are from a trusted source
- Leaving your mobile device unattended
- Using an unsecured Wi-Fi network
- Discarding your mobile device without first deleting all stored information
- Ignoring your organization’s mobile device policies and procedures
