A trip to
the doctor has become a lesson in technology for many of us. Computerized instruments
are used constantly, doing everything from reading a patient’s optical
prescription by measuring the eyeball to taking pulse and blood pressure at the
same time in just a few seconds. It is no surprise that mobile devices like
tablets and smart phones have found their way into the healthcare industry. Once
considered a luxury, mobile devices are now the norm in many hospitals and
practices. Physicians and staff utilize tablets and smart phones to help with
diagnostics, patient education, and medical reference. Many are even able to
access their EMR systems through their devices. With this new trend in
technology there comes the obvious pitfall—protecting patient data. Taking
steps to safeguard PHI is a vital part of any practice allowing mobile devices
to be part of their patient care.
In 2007 Apple released the first iPhone, and the iPad debuted
in 2010. Various statistics show that now as much as 80% of health care
providers are using mobile devices at work. Recently, HealthIT.gov has provided
information on using mobile devices in the medical workplace. The number one
way to protect PHI? Encryption. This means that text is encoded and therefore “disguised”
unless your device or computer has the code to read it. It is absolutely
imperative to have encryption in place anytime a mobile device is used for PHI.
Anything less is not HIPAA compliant. The best guide for encryption is the
Federal Information Processing Standards Publication for Computer Security (FIPS
140-20), the Federal guide for encrypting issued by the National Institute of
Standards and Technology (NIST). Though it is not specifically intended for
HIPAA , it is thorough and is used by both government and private entities.
Using a password or authentication process for your mobile
device is also important. Just like any password protection, it is best to use
a letter-number combination and make it something easy to remember but hard to
guess. Another important step is to make sure that your device locks down after
a short amount of time when the device is not being used and the password must
be used to reopen. While it seems obvious, one mistake that people often make
is storing the password in their device. Never keep a list of passwords in your
phone or tablet and be sure to change the password every quarter.
The last thing to consider is avoiding storing any data in
your device. Different practices and offices have different rules on this. Some
allow a certain amount of storage before it must be backed up. Others allow for
none, making sure all information is transferred before the device leaves the
premises. No matter what, it is essential that any device being used with PHI
should have the ability to be locked or wiped remotely. This is important in
the case of theft or loss. Anytime a phone is stolen or lost it is a HIPAA
issue and must be reported.
According to a report issued by KLAS, almost every major EMR
vendor has physicians that access information through their mobile device. Apps exist
for everything from accessing lab tests, calculating medicines, looking up drug
interactions and anatomical diagrams. It is unrealistic to ban the use of
mobile devices in the healthcare practice. Instead, it is important ensure that
they are being used responsibly. Following the basic safeguards will keep the
practice HIPAA compliant and allow providers to use technology to its fullest.
Sources:
Jackson and
Coker Research Associates. (2011) Special Report: Apps, Doctors and Digital
Devices. Jackson and Cocker Industry Reports. (retrieved December 24, 2013). http://industryreport.jacksoncoker.com//physician-career-resources/newsletters/monthlymain/des/Apps.aspx
Mobile Device and Privacy and Security. (n.d.) HealthIT.gov (retrieved January 24, 2013). http://www.healthit.gov/providers-professionals/you-your-organization-and-your-mobile-device
Westerlind, Erik. (October 9, 2012). Mobile Healthcare Applications: Can Enterprise Vendors Keep Up? Klas.(retrieved January 24, 2013). https://www.klasresearch.com/Store/ReportDetail.aspx?ProductID=747