Healthcare professionals are increasingly using smart phones to communicate with each other about patient status. Nowadays, even medical schools are providing residents tablets to use as textbooks. However, these portable devices can have issues with maintaining the privacy and security of protected health information (PHI). The use of these portable devices like tablets, smartphones and laptops for communication can be complicated and demands careful consideration of the regulations, how the devices will be used and secured, and what the patient desires.
Mobile devices are one of the leading sources of breaches of PHI, and it is imperative to consider how their use affects the privacy and security of PHI because not doing so can lead to enforcement action by HHS.
Here are some tips provided by the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) on ways to safeguard PHI when using mobile devices such as laptops, tablets and smart phones:
- Always use a password or other user authentication;
- Enable or install data encryption;
- Activate remote wiping or remote disabling;
- Do not use file-shared applications;
- Install firewalls;
- Enable security software;
- Always keep your security software up to date;
- Don’t forget to research apps before downloading;
- Learn to maintain physical control;
- Using adequate controls while using Wi-Fi; and
- Delete all stored PHI before reusing a device.
If your organization hasn’t adequately considered the impact of using mobile devices on your compliance yet, don’t forget the cost of willful neglect of compliance is HIGH!
For training requirements, HIPAA compliance expert Jim Sheldon -Dean is taking an audio session on where he will review the requirements and current issues pertaining to mobile devices. Learn ways to meet patient desires and stay within the regulations.
