dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
999
share rss forum feed


onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1

[iPhone] iphone HIPAA compliant?

Can anyone tell me where I can find info on this? My searches seem to be coming up empty, or vague.
--
Photoshop these nuts in your mouth.



skeechan
Ai Otsukaholic
Premium
join:2012-01-26
AA169|170
kudos:2
Reviews:
·Clear Wireless
·Cox HSI
·Verizon FiOS

It isn't the phone that needs to be compliant but the hospital policy and the particular medical apps you are running on the phone. The phone itself is capable of being part of a HIPAA compliant policy with remote wipe, autolock and strong PWs. The particular hospital will okay or not okay the device for use in their practice based on their own particular HIPAA procedures. You can have one hospital say yes and another say no; it depends on their particular policy and if they insist on BB you're stuck but not because there is a "problem" with iOS...but merely because that is their particular policy.



Count Zero
Obama-Biden 2012
Premium
join:2007-01-18
Winston Salem, NC
reply to onebadmofo

Our hospital makes us password lock, encrypt and set auto-delete after 10 incorrect logins to maintain HIPAA compliance.



onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1
reply to onebadmofo

We actually already have iPhones in house here. We're an agency that deals with people who have mental health issues. Those who have iPhones are directors, sups, corporate, and us in IT. We'd like to merge the rest of the building (case managers - those who are in direct contact with their consumers) to iPhones from BB. But my IT director is a little scared of the fact if they lose their phone or if it gets stolen, then all the individuals email would be easily accessed.

Now my thought on the matter is this.

You basically have a policy written out that says when given a smart phone (or even get specific and say iPhone) you are to have a strong pwd on it. The findmyphone app. And set up to erase after 10 tries. No exceptions.

We would run no apps on the phone that would be ours, or anything else that would be needed for work except for email from our exchange server. And then even through the exchange web console the phone can be wiped.

We don't have texting as a part of our plan for mobile devices. But if they all had iPhones, they could simply imessage each other. But those messages probably wouldn't fall within compliance.
I have seen a version of the app "tiger text" which is claimed to be HIPAA compliant. And that allows you to text other tiger text users for free and it then deletes the text from both phones automatically after a certain amount of time. (minutes I think).

Now,
I was reading and I think it was either worded wrong or perhaps I understood incorrectly...that if you set up a pwd on the iPhone...that is when it then encrypted.

is this true?

Also, has anyone ever used this? And is it any good?:
»www.mobileiron.com/en/multi-os-m···overview
--
Photoshop these nuts in your mouth.



pike
Premium,MVM
join:2001-02-01
Washington, DC
kudos:3

Your IT director really needs to do his homework. You can issue your employees iPhones and enforce password policies and many other settings through freely available software from Apple.

Ars Technica did a fantastic writeup on this.

»arstechnica.com/apple/2012/10/ha···tor-1-2/

Even without Configurator, you can use Exchange Server's ActiveSync polices to enforce mandatory phone passwords and such.

Someone with the job title of IT Director really has a responsibility to stay on top of technology trends and of course be familiar with the capabilities of the enterprise software already deployed.



onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1

Dude, you don't know the half of it with this guy. He fell into this position.

Hey thanks for that link. I totally forgot about that app. I'm gonna download and play with it.
--
Photoshop these nuts in your mouth.



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Reviews:
·Verizon FiOS
reply to onebadmofo

If you force strong password, Remote Wipe, GPS, auto-wipe on herping the unlock code, and such it's approved in my hospital system. Configurator level or Exchange level.

Same with Android.

None of us sync our email to it to avoid the annoyance.
--
"If something about the human body disgusts you, complain to the manufacturer" - Lenny Bruce
What this country needs is a good five dollar plasma weapon.



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4
reply to onebadmofo

I can tell you where I work we use MobileIron. I work at a large financial services company. We also use Good to be able to use corporate email on a personally owned device.



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1

HIPAA is a different animal than financial regulations.
One screw up, enjoy your 10 years in jail.



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4

I very well understand that as I have placed consultants in both environments. Just giving you a heads up about another large company with an eye towards compliance and regulation that uses the solution you mentioned.



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1

HIPAA is binary though. It is or it isn't.

Spanish and Portuguese are similar but they're not the same.



ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
kudos:4

1 recommendation

Again, I fully understand that. I am not getting into a pissing match about regulated environments, just commenting that another large company with thousands of device with sensitive information on it uses MobileIron, that's all.
Also going t MobileIron's website has company testimonials, first page showed Kindred Healthcare where they mention it is HIPAA compliant.



Count Zero
Obama-Biden 2012
Premium
join:2007-01-18
Winston Salem, NC

1 edit
reply to onebadmofo

iMessage is end to end encrypted and should be HIPAA compliant. Unlike regular texts.



RiseAbove
Premium
join:2004-01-30
reply to onebadmofo

said by onebadmofo:

Also, has anyone ever used this? And is it any good?:
»www.mobileiron.com/en/multi-os-m···overview

I manage wireless for a large corporation using Mobileiron. it's a great product and they just keep making it better. Some of their latest builds and features are amazing considering how fast Mobile Device management has been moving lately. They are about to put out 5.5 of their appliance and it once again tacks on more features to unlock and use.

if you have any questions send me a PM and I will try to answer the best I can.


onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1

said by RiseAbove:

said by onebadmofo:

Also, has anyone ever used this? And is it any good?:
»www.mobileiron.com/en/multi-os-m···overview

I manage wireless for a large corporation using Mobileiron. it's a great product and they just keep making it better. Some of their latest builds and features are amazing considering how fast Mobile Device management has been moving lately. They are about to put out 5.5 of their appliance and it once again tacks on more features to unlock and use.

if you have any questions send me a PM and I will try to answer the best I can.

What is the pricing like for them? I've requested such from their site and never got a reply. And this was months ago as well as just a few days ago.
--
Photoshop these nuts in your mouth.


RiseAbove
Premium
join:2004-01-30

said by onebadmofo:

said by RiseAbove:

said by onebadmofo:

Also, has anyone ever used this? And is it any good?:
»www.mobileiron.com/en/multi-os-m···overview

I manage wireless for a large corporation using Mobileiron. it's a great product and they just keep making it better. Some of their latest builds and features are amazing considering how fast Mobile Device management has been moving lately. They are about to put out 5.5 of their appliance and it once again tacks on more features to unlock and use.

if you have any questions send me a PM and I will try to answer the best I can.

What is the pricing like for them? I've requested such from their site and never got a reply. And this was months ago as well as just a few days ago.

We paid $75 per user one time license fee then you get hit with a $15 yearly maintenance fee after that. Completely worth it on our end. We trashed Blackberry's back in early 2012, resold all the old phones to a resellar, which paid for the new phones and some licenses.

I would say if you want to switch to iPhones your best bet is to run the numbers. Also if you would like my contact for a resellar so you can make some money on those old handsets let me know I can PM you their name. I have shopped around resellars and they were the ones who consistently give me top dollar for my old phones which helps pay for a lot of new devices and equipment.

I would run the numbers on everything and see how it plays out. You can always get the free Blackberry Express Server if you have some die hard hold outs. Plus I believe you can route that through Mobileiron as well.
»us.blackberry.com/business/softw···esx.html

In the end though for us it was a no brainer to ditch RIM and go all Apple down the line for corporate devices.

For remote document management I would also recommend MobilEcho. it's a very robust document and sharepoint access tool which is very light weight and easy to setup.


onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1

I'm not sure how that would work on our end as far as selling to a reseller since we're a non-profit county funded organization. But I'd be willing to accept the contact info have and shoot that thought to our purchasing director to see what their thought is on it. As far as I know, the old phones simply get stored some where till they can be disposed of.

If this can be done, maybe the transition will be easier to make.
--
Photoshop these nuts in your mouth.