HIPAA and Cell Phones

HIPPA and Cell Phones

In health care, one of the most important things is HIPAA compliance by doctors and hospital staff. It’s an acronym many people have heard, but what does it mean? HIPAA stands for “Health Insurance Portability and Accountability Act of 1996”. It is a federal law which requires national standards to be created to protect patient information from being disclosed without the patient’s consent and/or knowledge. It seems relatively simple: Don’t spread information that is potentially confidential. But, with technology getting more and more advanced, things start to get a little complicated. This is where cell phones enter the picture. A lot of doctors don’t use pagers anymore, now that smartphones are available. Unfortunately, with the ease of use smartphones comes a few extra risks to patient information and the potential for a HIPAA violation.

There are quite a few risks involved, and many of them are due to a lack of security on smartphones. Even if the phones are issued to staff by the hospital, they typically don’t have the same protections on them as the rest of the hospital’s technology, such as encryption and firewalls. This causes a greater risk for the information to be stolen, especially outside of the hospital. This becomes especially apparent if the doctor or staff member is using unsecured Wi-Fi, which can happen if information needs to be shared before or after a shift is completed and the worker is outside of the building. Unsecured Wi-Fi leads to a greater risk of the information being stolen by someone else over the same Wi-Fi network. Physical loss or theft of the device can also be risky, especially if the personal device leaves the hospital building. When this happens, just about anyone can access the information on it, even if the user has it protected by a password. Many users don’t even have their phones protected by passwords, as it is much easier and more efficient to just turn on the phone and be able to access the data. If a device that is unprotected where to get stolen, patient information could inadvertently get stolen. Another issue is that there is no set rule under HIPAA regarding smartphone use. Of course, it is still recognized that the information shouldn’t get out without permission, but there aren’t any rules outlined to prevent this from happening.

How, then, can hospital staff and doctors remain HIPAA compliant while still transmitting information in an efficient and effective way? First of all, hospitals can regularly enlist auditing services to assess whether or not there are any potential risks to the security of patient information. This can include checking for confidentiality in the way that the information is collected and stored. They can also investigate how the information is transmitted to those who need it. Hospitals can also enforce the protections that hospital staff need on their personal devices. This means not only creating policies that will protect the information due to the use of the device, but also educating the staff on why these policies are in place and how they work. For example, the hospital can require password protection, use in only certain areas within the hospital so that prying eyes can’t see the information, and creating a process for staff members to follow in case the device is lost, that way the information on the phone cannot be seen by the wrong people.

Many hospitals and hospital systems now store information on particular websites or servers, which are now accessible through apps as well. These apps are very well protected and have a great deal of security measures in place. Because of this, hospital workers can input the data through secure systems that cannot easily be hacked into or viewed by others. If hospitals use these systems, it is much easier to keep the information protected at all times. Hospitals that do not have these systems should consider switching over so that their security is up to date. Along with this, staff members should be encouraged to avoid unsecured Wi-Fi networks, whether using them for work or not. The unfortunate reality is that users on unsecure networks can have their information stolen. Even if you sign onto a free network while out and about and just use it to text a friend or scroll through social media, others can still hack your other apps through the network and steal information. This includes the patient information that is stored on the device. There are solutions to this, including ensuring that staff members have secure networks to connect to when they are away from the hospital, that way they are always connected to a safe network and are less likely to get their information stolen.

All hospital workers should receive extensive training and be encouraged to engage in the policies that are in place. While getting doctors to go to training while they still have patients to tend to can be tricky, it is essential. With technology being upgraded frequently, policies should also adapt as needed and everyone should be made aware of any changes.

HIPAA compliance is serious and essential to giving patients the best care possible. It is up to hospitals to make sure that their staff handles patient information properly. There are many risks now that smartphones are more commonplace, especially if the device is stolen, lost, or used on unsecure Wi-Fi. Thankfully, there are a lot of steps hospitals and their staff can take in order to ensure that nothing is released or viewed without the patient’s explicit consent. Hospitals can and should create their own policies regarding smartphone use by their staff members. They should also enforce staff training in these policies, no matter how busy they might be. The information is important to know for everyone, even if they are not a doctor or working directly with patients. There are also secure apps available for information being viewed online, and hospitals can use them to input and view data. Despite the risks, there are many ways to keep patients and their information safe in this age of new technology.