Mobile Health Apps

iPod touch Mobile Health AppsDon’t Forget HIPAA

There are few health care providers and covered entities who are not aware of the stringent requirements of HIPAA concerning the protection of patient health records and private information. However, staying in compliance and avoiding reportable breaches requires constant vigilance and staying up to date with the latest issues.

Mobile Health Apps as a New Threat to Data

With the increasing use of smartphones and other mobile devices, a number of developers and vendors are providing apps that provide new functionality. However, many of these apps also provide access to information and records covered under HIPAA rules. In fact, there is a growing focus on this area by regulators and enforcement agencies.

A recent article by David Pittman, a correspondent for MedPage, points out at least five areas of risk relative to HIPAA when using mobile devices. These include:

  1. Telehealth applications
  2. Access by unauthorized third parties
  3. Possibility of security flaws
  4. Possible violation of the HITECH Act
  5. Possible conflicts with other electronic security and privacy laws

Emphasizing these risks, the former Senior Health Information Technology and Privacy Specialist at the Health and Human Services’ Office for Civil Rights noted that the use of mobile health apps can present serious concerns relative to HIPAA compliance and potential breaches.

The concerns over this issue deal with a current area of increased enforcement, that of “business associates” of the HIPAA covered entities. As the focus on access to records by others becomes a new liability, the use of mobile apps becomes a serious contingent liability

Increasing the Awareness

One of the first steps that we see as important to full HIPAA compliance is awareness of the issue at all levels and with all team members. Simply stressing the fact that smartphones and mobile health apps fall under HIPAA is one important step.

We understand HIPAA at Sergeant Shredder and can help you develop and implement the policies and procedures your operation needs. From shredding documents to destroying electronic media, we can help.

Are you transferring paper files into electronic ones? How are you shredding HIPAA-covered materials?