Without a doubt, long term/post-acute care (LT/PAC) is going mobile. Smartphones and tablets are quickly replacing clipboards, charts, and PCs as practitioners take advantage of improvements in processing power; digital connectivity; and secure, cloud-based solutions to manage electronic patient health information (ePHI).

But wait! It can’t be that easy, can it? What happens if a device gets hacked? What happens if an employee loses a device? What if a device is stolen? One might be surprised to learn that recently a single lost smartphone resulted in a $650,000 fine to Catholic Health Care Services in Philadelphia.

Catholic Health Care is not alone. While the government only reports on cases involving the loss of more than 500 records, some 507 violations with more than 10 million ePHI records have been reported since 2009, according to the Office of Civil Rights Breach Report published in 2016. The primary cause of these breaches? Device theft. Cookies, texts, photos, emails, and many other forms of unauthorized ePHI are frequently found on mobile devices, making them a serious security risk for the LT/PAC center.

So what is the answer? The Department of Health and Human Services provides many
recommendations on how to manage digital risks associated with mobile devices. Simply put, there are three layers of security that should be considered.
  • Policies and Procedures: These include a risk assessment and protocols for how and when to use the mobile devices.
  • Encryption: If a device is lost, encryption provides some level of security; however, even the most sophisticated encryption systems are being cracked.
  • Remote Lock and Wipe: This is your last line of defense, and if implemented properly, is the most reliable measure to prevent the loss of ePHI. 
The transition to smartphones and tablets is inevitable. These technologies will simplify the
management of ePHI, improve quality of care, boost staff efficiency, and reduce the overall cost of care. But mobile also introduces risks that can expose sensitive patient data and put a care center in danger of costly fines. 

Be sure to follow all government regulations regarding the use of mobile devices; consult
with a qualified consultant to implement mobile device policies; and deploy technologies for encryption, remote lock, and remote wipe for when, not if, a mobile device becomes lost or stolen.