Mobile devices make it easy for healthcare providers to work while away from the office. But getting online at a coffee shop or airport often means connecting to a public WiFi network, which presents a risk to protected health information (PHI). Learn how to identify an unsecured WiFi network and how you can protect PHI when using public WiFi.

Which WiFi networks are secure?

As a physician or other healthcare professional, you’ve likely discovered how a smartphone, tablet, or laptop can make it easy to stay connected to work when away from the office. You can respond to a timely work email at lunch. You can add a note to a patient chart while on your commute home. Instead of powering up a desktop computer, you can use an app on your smartphone to access the EHR and respond to that phone call from work.

But you need to be aware of the risks to PHI each time you conduct work over a public WiFi network. Public WiFi is available just about everywhere, from your local coffee shop to the hotels and airports you visit while traveling. This access makes our lives easier, but it also poses security risks to PHI on your laptop or smartphone. 

Public WiFi networks can be secured and unsecured, and neither is risk-free. You can connect to an unsecured network without any type of security feature like a password or login. Conversely, a secured network requires you to agree to legal terms, register an account, or type in a password before connecting to the network.

The concern with either type of network is that, by connecting, it becomes relatively easy for someone to view and download information stored on your device. As a healthcare provider, it’s your responsibility to keep PHI protected and secured from unauthorized use or disclosure. Basically, no public WiFi network is absolutely secure.

How to protect PHI when using public WiFi

As a healthcare provider, you are a HIPAA covered entity. This means you must take steps to secure PHI no matter what type of technology you’re using. Whenever possible, avoid connecting to public WiFi from mobile devices that you use to access PHI. Knowing this can’t always be avoided, implement the following four steps to ensure that you are protecting PHI when using public WiFi.

1. Use a VPN and secure browser connection

Google Chrome displays a ‘Not Secure’ warning on unencrypted sites.

A virtual private network (VPN) encrypts information you send or receive, no matter what WiFi network you are using. This ensures that only authorized people can access your data. Most organizations offer VPNs for employees. If you don’t already have access to a VPN, learn more about what to look for.

Whether you use Chrome, Safari, or another browser, secure connections also encrypt data sent over a network to and from your device. You’ll know if you have a secure browser connection if you see https:// in the website address.

2. Encrypt data on your mobile devices

Healthcare providers should also configure their mobile device settings to ensure data encryption. Chances are you have already done this, but make sure to check if you’re not sure. For example, your iPhone or iPad automatically encrypts data if you have a passcode set up.

3. Use strong passwords

Using passwords that are difficult to guess is another way to protect PHI on your mobile devices. Connecting to public WiFi can create an opportunity for hackers to access your device. Use complex passwords, Two-Factor Authentication, and other best practices to ensure that your passwords do their job.

4. Maintain physical control

Working in public spaces also poses physical risks to data security, including the possibility of your device being stolen. Be aware that someone could be looking over your shoulder when you’re at a coffee shop or commuting. To protect PHI, keep your screen locked when not using your device, and keep your laptop, tablet, or smartphone with you at all times.

Learn more

It’s up to healthcare providers and organizations to create a culture of security awareness that encourages proper handling of PHI in public spaces. HealthIT.gov has a Mobile Device Privacy and Security initiative with resources and tips for protecting PHI when using your mobile device. Their website is a great place to start if you have further questions or concerns.

Is your medical office Wi-Fi fast enough?