A log-in and password alone won't protect you from the Data Breach Rule, the entire record transaction has to be encrypted, including cache files.
Most devices can be taken apart and any data, especially browser based, is often held in browser cache files which can be accessed easily.
Most of the HIPAA violation breaches have been laptops getting stolen, and most of those laptops had username and passwords.
If you must go mobile
1) you must secure your network data entirely and professionally.
2) if your device has client data on it, and gets stolen, you are in HIPAA violation and must report the breach. Even if its password protected.
You are only safe if:
3) if your device uses a client, that accesses a server where all data is actually stored, with and NO data is cached on your device and all the data MUST be encrypted in both storage and transmission to be considered exempt.
Most cloud based devices use a common browser to access data that does not encrypt the cache files, and if that data is not encrypted on the device, and it gets stolen, you must report the breach, whether that data was actually accessed or used.
More here:
http://www.physicianspractice.com/bl...y-be-surprised
Bookmarks