A trip to the doctor has become a lesson in technology for many of us. Computerized instruments are used constantly, doing everything from reading a patient’s optical prescription by measuring the eyeball to taking pulse and blood pressure at the same time in just a few seconds. It is no surprise that mobile devices like tablets and smartphones have found their way into the healthcare industry. Once considered a luxury, mobile devices are now the norm in many hospitals and practices. Physicians and staff utilize tablets and smartphones to help with diagnostics, patient education, and medical reference. Many are even able to access their EMR systems through their devices. With this new trend in technology there comes the obvious pitfall-protecting patient data. Taking steps to safeguard PHI is a vital part of any practice allowing mobile devices to be part of their patient care.
In 2007 Apple released the first iPhone, and the iPad debuted in 2010. Various statistics show that now as much as 80% of health care providers are using mobile devices at work. Recently, HealthIT.gov has provided information on using mobile devices in the medical workplace. The number one way to protect PHI? Encryption. This means that text is encoded and therefore “disguised” unless your device or computer has the code to read it. It is absolutely imperative to have encryption in place anytime a mobile device is used for PHI. Anything less is not HIPAA compliant. The best guide for encryption is the Federal Information Processing Standards Publication for Computer Security (FIPS 140-20), the Federal guide for encrypting issued by the National Institute of Standards and Technology (NIST). Though it is not specifically intended for HIPAA , it is thorough and is used by both government and private entities.
Using a password or authentication process for your mobile device is also important. Just like any password protection, it is best to use a letter-number combination and make it something easy to remember but hard to guess. Another important step is to make sure that your device locks down after a short amount of time when the device is not being used and the password must be used to reopen. While it seems obvious, one mistake that people often make is storing the password in their devices. Never keep a list of passwords on your phone or tablet and be sure to change the password every quarter.
The last thing to consider is avoiding storing any data in your device. Different practices and offices have different rules on this. Some allow a certain amount of storage before it must be backed up. Others allow for none, making sure all information is transferred before the device leaves the premises. No matter what, it is essential that any device being used with PHI should have the ability to be locked or wiped remotely. This is important in the case of theft or loss. Anytime a phone is stolen or lost it is a HIPAA issue and must be reported.
According to a report issued by KLAS, almost every major EMR vendor has physicians who access information through their mobile devices. Apps exist for everything from accessing lab tests, calculating medicines, looking up drug interactions, and anatomical diagrams. It is unrealistic to ban the use of mobile devices in the healthcare practice. Instead, it is important to ensure that they are being used responsibly. Following the basic safeguards will keep the practice HIPAA compliant and allow providers to use technology to its fullest.
Revolution Law Group is located in Greensboro, NC, and serves individuals and small businesses throughout the Triad and surrounding areas. To contact us please visit Revolution.law or call 336-333-7907.
The information included here is for informational purposes only, is not exhaustive of all considerations when creating documents, is not intended to be legal advice, and should not be relied upon for that purpose. We strongly recommend you consult with an attorney and do not attempt to create your own documents.
Jackson and Coker Research Associates. (2011) Special Report: Apps, Doctors and Digital Devices. Jackson and Cocker Industry Reports. (retrieved December 24, 2013). https://industryreport.jacksoncoker.com//physician-career-resources/newsletters/monthlymain/des/Apps.aspx
Mobile Device and Privacy and Security. (n.d.) HealthIT.gov (retrieved January 24, 2013). https://www.healthit.gov/providers-professionals/you-your-organization-and-your-mobile-device
Westerlind, Erik. (October 9, 2012). Mobile Healthcare Applications: Can Enterprise Vendors Keep Up? Klas.(retrieved January 24, 2013). https://www.klasresearch.com/Store/ReportDetail.aspx?ProductID=747