Mobile electronic devices offer a lot of benefits to your practice, but the devices pose data privacy issues. Discover what you need to keep patient information protected.
Q: I recently bought an iPad for use in my practice, and several of my staff members now have smartphones. How can we be sure we’re keeping patient data private on these devices?
A: Smartphones and tablets do pose a risk to patient information privacy. The most common problems using these devices are simply misplacing them or theft. If that happens, the device owner should have a way of remotely “wiping” any critical information on the device. In addition, the device always should require a complex password so that if it is stolen accessing it will be difficult.
Any product that communicates via Wi-Fi or broadband should include encryption for communications that include protected health information. If you lose a device that contains protected health information and it cannot be wiped immediately, it most likely would be considered a data breach. In such cases, you must notify the U.S. Department of Health and Human Services and follow its breach notification protocol. Details are available at www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html.
The author is principal consultant and chief executive officer of Sorensen Informatics in Lombard, Illinois. Please send your technology-related questions to firstname.lastname@example.org. Also engage at www.twitter.com/MedEconomics and www.facebook.com/MedicalEconomics.