Improve Usability but Mind HIPAA if Using Personal Mobile Devices for Work

September 28, 2015 – In The News
Medical Practice Compliance Alert

Michael Kline and Elizabeth Litten were featured in the Medical Practice Compliance Alert article “Improve Usability but Mind HIPAA if Using Personal Mobile Devices for Work.” Full text can be found in the September 28, 2015, issue, but a synopsis is below.

Practice communications are increasingly mobile, with about 83 percent of physicians using mobile technology to provide patient care and 71 percent of nurses doing the same, according to a mobile technology survey from the Healthcare Information and Management Systems Society (HIMSS).

But devices must be managed carefully to avoid creating an undue HIPAA security risk.

Among the must-dos for health care providers using mobile devices is using encryption to make mobile devices secure. Email programs should be able to assure that the message cannot be read until it has been transmitted to your device.

“A password on a phone is not encryption,” warns Michael Kline.

Providers should also get informal messages and conversations from mobile devices, such as text messages, into the patient’s medical record.

“Have you made an entry in the record? If not, the medical record is not accurate,” says Kline.

Providers should be sure to obtain patient consent to communicate by mobile device as well, says Elizabeth Litten. This is especially important if the communication is unsecured.

Avoiding the lack of discipline that mobile devices often encourage, such as non-medical shorthand is also crucial. Communications over mobile devices are more likely to contain misspellings and other errors, which can create malpractice liability and are not best practice when communicating treatment, says Kline.