The article about Pediatric Associates in CA has a nugget with a potentially outsized impact: the implication that VFC vaccines…
Readers Write 8/21/12
Submit your article of up to 500 words in length, subject to editing for clarity and brevity (please note: I run only original articles that have not appeared on any Web site or in any publication and I can’t use anything that looks like a commercial pitch). I’ll use a phony name for you unless you tell me otherwise. Thanks for sharing!
Note: the views and opinions expressed are those of the authors personally and are not necessarily representative of their current or former employers.
Staying HIPAA Compliant in the Age of Mobile Devices
Healthcare is rapidly increasing its use of electronic devices. A recent survey found that more that 80% of physicians use mobile devices, such as laptops, smart phones (including Blackberrys, iPhones and Androids), and even iPads or tablets in conjunction with their delivery of patient care.
However, smart phones and tablets are particularly vulnerable to a breach of protected health information (PHI) as they are small and can easily be lost or stolen. Also, while laptops or desktop computers are typically property of the medical practice, physicians are more likely to use their personal smart phones or tablets when transmitting electronic PHI. HIPAA permits physicians to use these methods of communication when transmitting PHI so long as they reasonably and appropriately safeguard the information.
So what does this mean for doctors and how can they ensure they are HIPAA compliant? There are several simple ways to provide protection:
- Lock your mobile device and require password protection. Unlike most office computers, smart phones are less likely to be locked when left alone. Any mobile device being used to transmit PHI should be locked when left alone and programmed to automatically lock after timing out. Additionally, the device should only be accessible by a unique password, prohibiting unauthorized access.
- Enable encryption. Encrypting your device can prevent the loss of electronic patient PHI, along with your own personal data.
- Determine if the device can be remotely disabled. Some mobile devices have the capability to be remotely locked in the event they are lost or stolen. This can prevent PHI data breaches if the device ever ends up in the wrong hands.
- Avoid using public Wi-Fi networks and disable file sharing. Public Wi-Fi networks increase the risk of exposing PHI because anyone with the right software could gain access to your device. When using a mobile device, use a secured connection or password- protected Wi-Fi network. Additionally, disable wireless sharing to prevent inadvertently sharing PHI files with others.
This list is certainly not exhaustive, but highlights a few simple means of protecting electronic PHI stored on or transmitted by mobile devices. Implementing these safeguards can help ensure you are HIPAA compliant while still maintaining the ease and convenience of mobile devices.
Jessica Shenfeld, Esq. is the founding partner at The Law Office of Jessica Shenfeld, a boutique law firm that caters to physicians’ legal needs. She is also CEO of EHR Incentive Help, Inc., which helps physicians satisfy the Meaningful Use criteria and apply for the Medicare/Medicaid EHR Incentive benefits.
Good info Jessica. I see a lot of doctors hold meetings in coffee shops with free Wi-Fi and think nothing of using that as a place to log into their network remotely and work. We are continually reminding our clients that is a bad idea. For providers who want to be mobile and chart while their kids are practicing sports or whatever, or meet in coffee houses, we recommend they invest in a Wi-Fi hot spot or tether their data plan to their phone. And of course, never download any PHI to their phone directly, instead use the mobile App supplied by your EHR vendor or an App that lets you RDP via VPN to your network or software such as Logmein. At any rate, the computing and data should reside on the machines in your office, not the one in your palm and not on a public wireless network.