Mobile electronic devices

Information security in general practice

Download PDF

Table of contents

Last revised: 21 Apr 2023

Mobile electronic devices

Mobile electronic devices include laptops, tablets, USBs, removable hard drives, mobile phones, backup media and portable electronic clinical equipment.

Your practice should decide whether or not to use mobile devices for business and clinical purposes. Mobile devices used for business purposes may be owned by the practice, or personally owned by members of the practice team.

It is important to remember that mobile devices are at a high risk of being lost, stolen or left unsecured which increases the risk of a data breach.

Create a policy: Mobile electronic devices

Your policy should include guidance on which mobile electronic devices are authorised for use in your practice, and how these devices should be managed.

Your policy should cover:

whether or not your practice allows the use of personal/private mobile electronic devices for work-related purposes
information on using password protection on all mobile devices
the protection of health data via encryption on all mobile devices
how mobile devices are securely stored when not in use
guidance on safely installing and using wireless network access
who can have remote access to your practice systems, and how they have access
third-party providers and access to practice systems via web-based portals
processes and procedures for practice team members working from home to ensure information is protected
security on your practice team’s personal devices which are taken home and connected to your practice’s network
data encryption on mobile devices
controls for bulk downloading or transfer of information using mobile devices.

Useful RACGP resource

mHealth in general practice – A toolkit for effective and secure use of mobile technology

Advertising