Cellphone Use and HIPAA
_{January 17, 2018}

Just last week, Sheila Harosky, former worker at a Pennsylvania hospital,  filed the lawsuit against Washington Hospital, its chief executive officer and the doctor who performed her surgery for an alleged violation of her privacy as well as malpractice, among other claims.

Harosky did not realize that a scrub nurse would share the intimate photographs with others though Washington hospital claims that the photos taken where for a practical joke which Harosky has participated in. Harosky admits to playing a joke on her doctor however she claims that she did not give permission for the photos to be taken.

As evidenced by this incident, there is such too great a potential for danger in using mobile phones in a healthcare or hospital setting though the usefulness of cellphones in medicine is simply undeniable. It requires however a complete organizational effort to implement a fully HIPAA-compliant approach with the use of mobile devices.

So how do we prevent getting into the pitfalls of violating HIPAA Privacy and Security Rules when using mobile devices?

1. Make sure SMS messages and photos taken by your mobile devices do not contain protected health information (PHI) and if they do, ensure you are sending them via secured messaging apps or software. There is a lot of available secured medical communication apps made possible by end-to-end encryption that will cover you for all HIPAA technical safeguards that you need to consider. Do always check the 18 possible identifiers and make sure you comply with the HIPAA Safe Harbor Guide.
2. Consider data encryption for all data stored on mobile devices such as in laptops, portable storage devices (USB, SD cards etc.), tablets, notes and Smartphones.
3. Get hold of software or apps that allows you to remotely deactivate or access your phone should it get lost or stolen. This will prevent unauthorized person from ever getting any data from your mobile device.
4. Be aware of the risks of accessing data remotely via public unsecured Wi-Fi. To mitigate this risk, make use of VPN to remotely access data via public networks or as aforementioned, a secure text message service to ensure that communications are not interrupted.
5. Study and research on your app usage. Make sure that before you download any apps that you have verified that the app is certified as having the required security controls and that security updates are regularly processed in your mobile device.
6. Get up-to-date anti-virus software on your mobile devices and regularly perform security scans to check for malwares.
7. Register each mobile device within the organization. Terminated or resigned employees should have their mobile phone scanned and PHI or ePHI data deleted.
8. Set a complex alphanumeric passcodes with at least 8 characters. The longer the better. Then make it even troublesome for hackers in that after 10 failed attempts, all data in the mobile device will be wiped out.
9. Frequently train the organization’s staff and members. Regular awareness, policy training and enforcement are a critical part of HIPAA mobile security compliance.

Considering the numerous ways security breaches can occur with a mobile device, it’s no wonder government entities like the US Department of Health and Human Services are wary about how PHI is handled on smartphones and wearables. Don’t waste any time, act now and make your mobile devices HIPAA Security compliant!