How Cell Phones Could Put You at Risk for a HIPAA Violation
We’ve reached a point where it’s fairly unlikely to see a person without their cell phone on them. We take them to work, we take them to dinner and some even take them to the bathroom! (ew, better wash your hands…and your phone) However, when it comes working in a healthcare environment, some privacy issues can arise. So what are we to do? Well, step one is developing a mobile device policy for your facility. Don’t think you need one? According to a recent study by QuantiaMD “83% of physicians own at least one mobile device and about one in four doctors are “super mobile” users who leverage both smartphones and tablet computers in their medical practices.”
What is a Mobile Device Use Agreement?
Simply put: a mobile device agreement is a document signed by you and your employees that clearly and specifically states the rules for mobile device (smart phones, tablets, ereaders, etc.) while at the workplace. The agreement, if properly written and enforced, will significantly reduce the risk of a Health Insurance Portability and Accountability Act (HIPAA) violation.
Why Do I Need One?
Are you prepared for a HIPAA violation through mobile devices? You may be wondering how this could even happen. However, there are many possible ways. For instance, a nurse may take a photo of a mother with her newborn baby that she helped deliver. Without the required consents this photo could not be stored or shared. In addition, email sent from a smartphone may not be encrypted when transmitted. Another way a violation could occur if a physician has information about a patient in a recent text or email on their phone. Imagine this physician has a child and gives the child the phone to play with or call a friend. The child could see this information and possibly even recognize a name. These are just a few examples of the many ways a violation could potentially occur with a mobile device.
Ask Your Staff: If they are aware of the settings on their phone. Do their phones have password protection? Can they turn off text preview? Will their phones ever read messages aloud? Talk to them about the dangers of talking about a patient on a phone call in a public area where someone could overhear this information.
Ask Yourself: Is your phone password protected? When was the last time you changed your password? Is there a more secure way to get information to and from physicians without risking a privacy violation that is equally or close to as efficient as mobile phones? Finally, when there is employee turnover is there a procedure in place to assure they do not take any patient information with them?
Creating an Agreement for Your Facility
What should be included in this agreement? Well, you need to clearly outline and define the terms of your agreement. Are employees allowed to have their mobile devices on them? Will they be required to leave them in a designated area? If you’re having trouble the best thing to do is contact an expert for assistance. If there is a tech or IT person on your staff or at your facility, this could be a good place to start.
How to Get Employees On Board
When technology makes things convenient and efficient it may be hard to talk about restrictions on technology to your employees. While technology may enable physicians to be more efficient about patient care, there are always risks to be managed. While it may be more efficient for a physician to glance at a text message instead of logging into a secure system to view test results for a patient, there are also the added threat of a HIPAA violation.