Exit this survey Hospital Mobile Security Policies Question Title * 1. What are the major components of your organization's mobile device security policy? All portable media (USBs, CDs, etc) must be protected Prohibit storage of patient data on mobile devices All staff must complete education session(s) on the policy Patient data stored or transmittedfrom all mobile devices (phones, tablets, etc) must be encrypted End-point securty controls limit use of removable media to approved devices We do not have a mobile device security polcy Other (please specify) Question Title * 2. If your organization allows employees and physicians to use personally owned mobile devices for hospital work and patient record access, does it Require encryption of the devices Require strong passwords Require use of automatic timeout function Impose a limit on unsuccessful attempts to log-in Require installation of remote wiping capability on the devices Prohibit storage of patient information on the devices Use a mandated mobile device management system to manage the devices Require users to authorize organization to get access to the device for security checks as needed Maintain an inventory of personal devices containing personal health information None of the above Other (please specify) Question Title * 3. Specify whether your hospital/health organization currently applies encryption for Information sent outside the organization across exposed external networks (Public networks, wireless or cellular networks) All mobile devices All backup tapes All mobile storage media, including USB drives Information accessible via a virtual private network or portal All servers/databases All desktop devices Other (please specify) Question Title * 4. How does your organization address security for physicians and other clinicians who have remote access to clinical systems? Provide access to clinical systems only via a virtual private network Encrypt all information accessed remotely Require use of multi-factor authentication For access via personal mobile devices, require use of specific types of devices with specific security functions We do not require physicians or other clinicians remote access to clinical systems Other (please specify) Question Title * 5. To guard against inappropriate access to electronic health records, what type of authentication does your organization require for remote users to gain while they are on the job at one of your facilities? Username and password Digital certificate One-time password with two-factor authentication (token) Device ID/risk-based authentication (authentication risk measure based on factors such as the device IP,geo-location and user behaviors) Biometrics No authentication Other (please specify) Question Title * 6. How does your healthcare organization track wo accesses protected health information and/or patient records? Use audit functions within our applications Use a separate audit tool Use data loss prevention application Other (please specify) Done