Forgot password?
Login / Register
Mobile Privacy & Security Toolkit
As the healthcare community becomes more sophisticated in its adoption and use of information technology systems, organizations are increasingly making use of mobile technologies to meet the demands of their employees and increase workflow efficiencies.
Introduction to the Mobile Security Toolkit This Toolkit will help you understand the security risks and issues associated with incorporating mobile devices into your organization, and how to develop mobile security policy implementations for corporate and personally-owned devices. It contains resources with tips on securing your wireless network, smartphones and other mobile devices.
An Overview:
The Wireless Industry Facts: An Independent Review The U.S. wireless industry leads the world in overall value, innovation and investment, so it’s no wonder American consumers use their mobile products and services more than any others in the world. While CTIA regularly conducts surveys on industry statistics and consumer opinions, there is a vast amount of data provided by independent third party organizations and individuals which illustrates the unparalleled leadership of the U.S. wireless industry
The Wireless Industry Overview
mHealth:
Definitions of mHealth A collection of mHealth definitions from key healthcare organizations.
mHealth Glossary of Terms
HHS mHealth Initative
2011 mHIMSS Mobile Technology Survey This study provides information on a multitude of aspects related to mobile and wireless technology in health care organizations including general use of mobile technology, access to patient data, means for securing information, and the benefits and barriers to use.
Overview: The Wireless Industry’s mHealth Focus
Guidance and Considerations
Security of Mobile Computing Devices in the Healthcare Environment The focus and goal of this paper is to provide an information resource about mobile computing device security to healthcare information technology leaders. This is not meant to be a blueprint for how an organization should deploy mobile computing devices; instead it provides the necessary groundwork for the organization to take the steps to formally define policies, procedures and processes.
(BYOD) Bring your own Device
Considerations for Employee-Owned Mobile Computing Devices This white paper will provide recommendations to healthcare organizations that are considering the use of employee-owned mobile devices to access an organization's network resources and/or patient healthcare data. Our intent is not to deep-dive into the overall process for securing mobile devices, but only to identify what minimum steps the organization should take when considering the use of these devices on their networks.
Sample Mobile Device User Agreement The sample mobile device user agreement is an example of an agreement that is being used by a health system to manage personal mobile devices in its environment. It is only an example and is not meant to be a complete or exhaustive list of policy elements. Because organizations, along with regulatory and legal requirements, are different, each organization should develop a unique mobile device user agreement that is aligned with the needs of the organization, applicable laws, and is consistent with its policies and procedures.
Wireless, Smartphones & Applications
NIST Guidlines on Cell Phone and PDA Security This Special Publication 800-series reports on The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) research's guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
NIST Guide to Bluetooth Security (Draft) This DRAFT Special Publication (SP) 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
Regulatory & Legal Information
United States Guidance
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT of 1996 (HIPAA) An Act: To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes
Federal Information Security Management Act (FISMA) Implementation Project This website was created to promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act.
Government Information Security Reform Act (GISRA) The Government Information Security Reform Act (GISRA) requires federals agencies to implemen sound security management practices, Conduct internal as well as independent (IG) reviews of their security and Office of Management and Budget as part of the budget process (OMB will report to Congress)
Gramm-Leach-Bliley Act 15 USC, Subchapter I, Sec. 6801-6809 Disclosure of Nonpublic Personal Information
Guidance for Industry, Part 11, Electronic Records; Electronic Signatures — Scope and Application This guidance represents the Food and Drug Administration's (FDA's) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations.
American Recovery and Reinvestment Act of 2009, (ARRA) American Recovery and Reinvestment Act of 2009 (Enrolled Bill [Final as Passed Both House and Senate] - ENR)
US Consumer Best Practices The Mobile Marketing Association’s (MMA) Consumer Best Practices (CBP) Guidelines, for the United States market, provides a guide to implementing short code programs. Fundamentally, the Cross Carrier section of the guidelines document is a compilation of accepted industry practices, wireless carrier policies, and regulatory guidance that have been agreed upon by representative member companies from all parts of the off-deck ecosystem.
CTIA Privacy Policy CTIA supports policy and legislative efforts to maintain the privacy of wireless customers while balancing the need for legitimate access to a customer’s location information in emergencies and for law enforcement purposes, and to preserve the ongoing business relationship between wireless carriers and their customers.
International Law Guidance
The Personal Information Protection and Electronic Documents Act (PIPEDA) from the Office of the Privacy Commissioner of Canada
Industry Guidance
Mobile Marketing Association Global Code of Conduct The following privacy principles (this "MMA Code of Conduct", or "the Code") are intended to guide companies within the mobile ecosystem, including but not limited to: advertisers, aggregators, application providers, carriers, content providers, and publlishers, (collectively, "Mobile Marketers"), so that they can effectively, and responsibly, leverage the mobile channel for marketing purposes. The Code is designed to provide guidelines that all Mobile Marketers should consider and build their mobile programs around. Note: The Code is not intended to regulate a wireless carrier's ongoing proprietary communication with its current base of Subscribers which are already regulated by the FCC.
PERMISSION, PRIVACY, MEASUREMENT: The Way Forward By first seeking permission, protecting consumer privacy and allowing for more accurate and reliable measurement and targeting, permission marketing represents a clear direction forward for the mobile marketing industry. Working with consumers to deliver content that they desire transforms advertising material into valuable content.
