Mobile Devices And HIPAA: Why Built-In Security Features Are Not Enough
 
William Standifird   11/3/2016
Technology
Without a doubt, long term/post-acute care (LT/PAC) is going mobile. Smartphones and tablets are quickly replacing clipboards, charts, and PCs as practitioners take advantage of improvements in processing power; digital connectivity; and secure, cloud-based solutions to manage electronic patient health information (ePHI).

But wait! It can’t be that easy, can it? What happens if a device gets hacked? What happens if an employee loses a device? What if a device is stolen? One might be surprised to learn that recently a single lost smartphone resulted in a $650,000 fine to Catholic Health Care Services in Philadelphia.

Catholic Health Care is not alone. While the government only reports on cases involving the loss of more than 500 records, some 507 violations with more than 10 million ePHI records have been reported since 2009, according to the Office of Civil Rights Breach Report published in 2016. The primary cause of these breaches? Device theft. Cookies, texts, photos, emails, and many other forms of unauthorized ePHI are frequently found on mobile devices, making them a serious security risk for the LT/PAC center.

So what is the answer? The Department of Health and Human Services provides many
recommendations on how to manage digital risks associated with mobile devices. Simply put, there are three layers of security that should be considered.
  • Policies and Procedures: These include a risk assessment and protocols for how and when to use the mobile devices.
  • Encryption: If a device is lost, encryption provides some level of security; however, even the most sophisticated encryption systems are being cracked.
  • Remote Lock and Wipe: This is your last line of defense, and if implemented properly, is the most reliable measure to prevent the loss of ePHI. 
The transition to smartphones and tablets is inevitable. These technologies will simplify the
management of ePHI, improve quality of care, boost staff efficiency, and reduce the overall cost of care. But mobile also introduces risks that can expose sensitive patient data and put a care center in danger of costly fines. 

Be sure to follow all government regulations regarding the use of mobile devices; consult
with a qualified consultant to implement mobile device policies; and deploy technologies for encryption, remote lock, and remote wipe for when, not if, a mobile device becomes lost or stolen.

Related News

Technology
Achieving Cyber-Resilience in Today's Digital World
The rapid pace of technological advancement, combined with the escalating sophistication of cyber threats, makes it imperative for providers to place a heightened emphasis on cybersecurity within their organizations.
READ MORE
Technology
Has Technology Replaced the Physician?
Today’s technology can measure and record vital signs up to the second, with guaranteed accuracy and no involvement by the staff.
READ MORE
Technology
Artificial Intelligence Helps Meet the Changing Needs of the Aging Population
​One of the most pressing issues societies worldwide must confront is adapting to the changing needs of older adults as the global population continues to age.
READ MORE
View All News

Related Articles

Technology
Personal Health Information
3/10/2024
Federal Report on Interoperability of Health IT in Long Term Care
While most skilled nursing and assisted living providers have adopted electronic health records, interoperability lags far behind.
READ MORE
Telemedicine
2/15/2023
The Future of Health Care
Telemedicine has opened the door to even newer technologies and opened the eyes of the industry to possibilities that were never contemplated just a few short years ago.
READ MORE
Technology
10/3/2022
Using Technology to Rebuild Your Frontline Workforce
Employee burnout has reached a record high, with droves of quality staff members leaving their caretaking positions.
READ MORE