If you haven’t seen the article in USA Today, it is a good wake up call for everyone.
The short version of the story is this:
- Guy trades in old phone for new phone
- Guy didn’t remove his info from the old phone
- Store employee notices this and begin to make posts on Guy’s Facebook page.
Except for the fact that the posts made by the “imposter” were quite embarrassing to the Guy, no real harm was done.
What could have been done?
Many things could have been done. Pictures sent out. I’m sure the owner’s home address and of course all his contacts, were still in the phone. He could have had his online banking info readily available. If he was a physician, he might have had access to his EHR on the phone.
This can get real ugly real fast.
How to prevent this?
First, if you don’t password protect your phone, it is your fault. The information in your phone is too valuable to NOT password protect your phone. Typically being relieved of your phone is by your own choice, but theft of smart phones is huge right now, so you better password protect that phone.
Second, whether you are turning in your phone to a store or mailing it someone, heck even if giving it to your child, you need to accomplish a factory reset. Each phone is different, but in general, in the settings area on your phone, there will be an option to reset your phone to factory settings. This is kind of like reformatting a hard drive. All you data will be gone.
Of course, someone with the right tools still may be able to grab information from the phone, which is why the best idea is to wipe the phone of all data using an app for that.
So Doc, a quick review:
- Password protect your phone…
- Factory reset phone before turning in…
- Use a phone wiping program before turning in.
Realize this, your office should have a HIPAA policy on this exact issue. If you are using your phone for work at all, you better have a policy for what steps to take when a phone is stolen or turned in.