Information security in general practice

Securing your network and equipment

Mobile electronic devices

        1. Mobile electronic devices

Last revised: 21 Apr 2023

Mobile electronic devices

Mobile electronic devices include laptops, tablets, USBs, removable hard drives, mobile phones, backup media and portable electronic clinical equipment.

Your practice should decide whether or not to use mobile devices for business and clinical purposes. Mobile devices used for business purposes may be owned by the practice, or personally owned by members of the practice team.

It is important to remember that mobile devices are at a high risk of being lost, stolen or left unsecured which increases the risk of a data breach.

Create a policy: Mobile electronic devices

Your policy should include guidance on which mobile electronic devices are authorised for use in your practice, and how these devices should be managed.

Your policy should cover:

  • whether or not your practice allows the use of personal/private mobile electronic devices for work-related purposes
  • information on using password protection on all mobile devices
  • the protection of health data via encryption on all mobile devices
  • how mobile devices are securely stored when not in use
  • guidance on safely installing and using wireless network access
  • who can have remote access to your practice systems, and how they have access
  • third-party providers and access to practice systems via web-based portals
  • processes and procedures for practice team members working from home to ensure information is protected
  • security on your practice team’s personal devices which are taken home and connected to your practice’s network
  • data encryption on mobile devices
  • controls for bulk downloading or transfer of information using mobile devices.