[Transcript] Episode 519: Quick Wins: Simple Settings to Secure your Smartphone and Protect Client Info

 

Evan Dumas 

You’re listening to Group Practice Tech, a podcast by Person Centered Tech, where we help mental health group practice owners ethically and effectively leverage tech to improve their practices. I’m your co-host, Evan Dumas.

 

Liath Dalton 

And I’m Liath Dalton, and we are Person Centered Tech.

 

Liath Dalton 

This episode is brought to you by Therapy Notes. Therapy Notes is a robust online practice management and electronic health record system to support you in growing your thriving practice. Therapy Notes is a complete practice management system with all the functionality you need to manage client records, meet with clients remotely, create rich documentation, schedule appointments and bill insurance all right at your fingertips. To get two free months of Therapy Notes as a new Therapy Notes user go to therapynotes.com and use promo code PCT.

 

Evan Dumas 

Hello and welcome to Episode 519: Quick Wins: Simple Settings to Secure your Smartphone and Protect Client Info.

 

Liath Dalton 

We love quick wins, or any time that we are able to take easy, practical steps that support overall compliance. Because one thing that we’ve noted in working with many practices and practitioners over more than a decade now is that one barrier to compliance can be that it feels like such a massive undertaking.

 

Liath Dalton 

Because it touches, you know, every aspect of your practice where client info lives, that it can feel like it’s too much to tackle, or too much to tackle now, and rather something to put off until you have a bigger window of time. When, in reality, taking these small steps here and there, working through it in bite size chunks, is really the key to success. Because what do we always say about compliance, Evan?

 

Evan Dumas 

It’s a process, not a product.

 

Liath Dalton 

Exactly. And you know, the the trope of Rome wasn’t built in a day. Well, a compliant practice wasn’t created in a day or a week. And once you get it, all of the compliance foundations in place, they also have to be maintained.

 

Liath Dalton 

So we’re going to be doing periodic quick win episodes on relevant topics that can do a quick task and a quick win, whether this is something that you implement as a group practice leader and task team members with being a quick, actionable task for them to follow through on as well. Or if you’re a solo practitioner, these quick win guides will also be applicable to you.

 

Liath Dalton 

So let’s go ahead and dive in. Today, we’re going to be talking about a couple settings tweaks that you can make quickly on your smartphone if they aren’t already in place. If you’ve done the full PCT device security process, you’ve already got these, but we know a lot of folks haven’t done that yet.

 

Liath Dalton 

Yeah, so specifically what we are talking about is the automatic device lock and biometric access enabling, yeah, they’re really high impact, but low effort compliance enhancements and so, you know, smartphones are one of the most frequently used tools in a practice, because they’re usually used to access a whole host of systems that contain client info.

 

Liath Dalton 

So whether it’s texts or calendar notifications, email access, EHR access, your smartphones are connected to a lot of Protected Health Information, but if they aren’t secured and get lost or stolen, or even glanced at by the wrong person, suddenly you have a security incident in HIPAA.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

So Evan, what is the guide on what the automatic lock should be set to?

 

Evan Dumas 

Yeah, the shortest available time. So if your phone lets you set it for a, like 30 seconds or five minutes, don’t pick five minutes, pick 30 seconds.

 

Liath Dalton 

Yes. And why we are saying to pair the automatic device lock being set to the minimum amount of time possible, and then pairing that with having your biometric login enabled is because, obviously, having the biometric login enabled means that it’s going to be way less of a hassle to have the automatic lock set to that minimum time period.

 

Liath Dalton 

And because it also relates to one of the other key security measures that needs to be in place for a smartphone, which is having the passcode be set to something that is complex and unique. We don’t want just a pattern pin or a four digit, I don’t even know if you can do four digits on an iPhone, anymore.

 

Evan Dumas 

Eh, you still can. It’s like,

 

Liath Dalton 

You can?

 

Evan Dumas 

It’s like four or six. I think some people still have four. Yeah.

 

Liath Dalton 

Yeah.

 

Liath Dalton 

You may possibly have four, and that is not secured, that is quickly hackable. But you don’t want to be entering that every 30 seconds, right? So having the biometrics enabled means that you can have that complex password on the device itself, and that password is what locks and unlocks the encryption.

 

Liath Dalton 

Because the great thing is that all modern smartphones now are full device encrypted by default. So these simple security measures pair really well together. Do a quick audit of your own settings for those items on your smartphone, if you are a group practice leader, send out a directive to your team to take these simple actions and make sure those measures are in place for their personal smartphones that they use for accessing any client info or systems that contain client info.

 

Liath Dalton 

Device security is really one of the, sort of, biggest surface areas of risk exposure, but also one that can be well managed. And we should also say that, for those of you wanting more detailed guidance and a how-to on what to click, or where to tap on your devices, and what the rest of the required technical security measures are to have in place for a device to have Safe Harbor under HIPAA’s Breach Notification Rule, check out the show notes, because we have links to our Practice Care Premium resources which specifically address that and have step by step, device specific tutorials.

 

Liath Dalton 

But again, it doesn’t have to be as big as taking that on right now. You can, just for now, put those measures in place, and that will greatly increase your security.

 

Evan Dumas 

Exactly.

 

Liath Dalton 

So take, take the quick win.

 

Evan Dumas 

Exactly.

 

Liath Dalton 

Thanks for joining us. We hope you found this helpful, and we’ll chat to you next week.

 

Evan Dumas 

Yeah, talk to you next week, everybody.

 

Liath Dalton 

This has been Group Practice Tech. You can find us at personcenteredtech.com. For more podcast episodes, you can go to personcenteredtech.com/podcast, or click podcast on the menu bar.