HIPAA Compliance

In 1996, the “Health Insurance Portability and Accountability Act” (HIPAA) was passed, which had a primarily goal of allowing individuals to retain their same health care coverage when they moved from job to job. Over the last couple of decades, telecommunications technology has advanced tremendously and now experts are wondering how medical organizations can be in HIPAA-compliance with respect to mobile communication devices; i.e HIPAA¬†compliant texting. Here are the advantages and disadvantages of using smart phones for health care messaging.

doctors

Accessing Your Personal Health Information

Modern consumers love the benefits of keeping your own health care no matter what job you have. Some individuals will naturally want to access their health records using their smart phones. It is important to remember that health care organizations must be HIPAA-compliant with respect to mobile devices: smartphones, tablets and laptop computers.

Digital transmission of medical photographs, images, charts and data must adhere to all HIPPA rules, regulations and laws. Personal Health Information (PHI) stored in health care provider computer databases must also be HIPAA compliant. HIPAA establishes the following rules:

  • “Access to equipment containing health information should be carefully controlled and monitored.”
  • “Access to hardware and software must be limited to properly authorized individuals.”
  • “Entities must protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.”

HIPAA compliance applies to hospitals, doctors, insurance companies, health care plan providers, medical organizations, government agencies, Information Technology staff and consumers. This is one of the key challenges to this medical standard: many entities are involved.

The dangers of “identity theft” are real; as major retailers, such as Target have found out the hard way. Just like credit card financial information, health care information might be very valuable to a cyber criminal. The final goal of protecting PHI is the primary challenge. The HIPAA suggests that all PHI must be encrypted and data transmissions must all be authenticated.

TH_pg38

Many Mobile Phone Texts Might Not Be HIPAA Compliant

While many individuals will naturally use a free public Wi-Fi from a coffee shop, the reality is that this connection is simply not secure. Hackers can easily steal valuable PHI at the point of the smart phone connection or the café Internet connection. Cyber criminals are very clever. They even have data scanners that can steal information from the air.

Thus, a health care organization should not allow smart phones to use public Wi-Fi for accessing HIPAA medical records. Of course, how is the health care entity to know what Internet source its customer is using? That is one of the many challenges.

Another modern technology that is not HIPAA compliant is cloud-based storage. Although this option is feature-rich, affordable and scalable, it allows unauthorized Information Technology technicians to view sensitive PHI. This could lead to identity theft.

Modern smart phone technology is certainly wonderful; but not all of the mobile device security provisions adhere to the strict HIPAA guidelines. It is important to continue to add more encryption and safer digital connections to ensure that smart phones can be used to expand HIPAA provisions.