How Mobile Devices May Be Violating HIPAA Compliance

Gadgets. We all love them. We all use them every day.

When cell phones integrated with smart technology, we jumped at the chance to bring the Internet with us anywhere. We bought phones and tablets at record speed, downloading apps and programs as fast as they could be created.

And while most of these apps and programs made our lives a little easier, gave us more functionality, or simply allowed us to have a little fun, they also brought risk into our lives in new ways.

Technology is almost always ahead of the law. We invent things. We push the limits. And when there are consequences, that’s when we ask the law to step in. Policies are set. Laws are made. And then it’s up to both providers and to consumers to make sure they comply.

While compliance issues may not be difficult in some industries and niches, healthcare isn’t one of them. Providers are faced with unique challenges with complying with HIPAA laws, which is exacerbated when transferring those laws for use on mobile devices. As smartphones were developed, little thought was put into HIPAA because the perception was smartphone devices were mere phones. Yet smart technology put the power of a computer into the hands of every consumer in the marketplace, and that’s where trouble began.

Because we all lead busy lives, we take our devices and our work with us everywhere. We stop for coffee in the morning. We have lunch with a friend. We take our kids to after school activities. And while we’re sitting and waiting, we do what comes naturally; we check email, connect with a client, and work on a file or two.

But unsecured mobile networks can be more than a problem. Accessing private information on an unsecured network can leave the data vulnerable. It also violates privacy. And what if you accidentally leave your phone or tablet on the table and walk away? Theft increases the problem tenfold.

People should not download an app and assume HIPAA laws are in place. Very few health related apps are. As a health care provider, it’s important to verify that an app meets all HIPAA requirements before recommending it to a patient. In general, HIPAA does not apply to apps that allow patient to track fitness goals, yet does apply to apps that deal with PHI or allow providers and/or patients to communicate with each other.

If you like an app, ask the developer if HIPAA rules are in place. You can ask them to show their credentials or certifications to make sure you are fully covered.

You should also protect yourself by keeping all mobile devices password protected and encrypted in accordance with HIPAA standards. You can also install remote wiping and disabling programs that allow a user to quickly clear and disable mobile devices when they notice they are missing.

Under HIPAA, providers can face financial penalties for breaches. If enforced, penalties range from $100 to $50,000 per violation with a cap of $1.5 million per calendar year. However, if violations occur year after year, even with the cap in place the settlement can be substantial.

It’s not only penalties that can be detrimental to a business; a provider’s reputation is also at stake. One breach can cost a business everything.

Are you fully HIPAA compliant with your mobile devices? How about the apps you recommend to your clients?