• E-mail
• Print
• RSS

Are PDAs a threat to HIPAA?

HIPAA Weekly Advisor, August 27, 2001

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: Increasingly our physicians are using their personal digital assistants (PDAs) to download patient records to take home or work on after hours. Should I be concerned about these practices from a HIPAA perspective?

A: As more and more healthcare providers use PDAs or handheld computers to store their appointments, patient information, and prescription data, the likelihood of security threats increases. Many providers "synch-up" their PDAs with their appointment schedule and may download information from home to a central server. PDAs are notoriously insecure as few of them have any built in security features. If you have providers using PDAs to store PHI (protected health information), you need to add password authentication at a minimum. In addition, a number of technology vendors are providing PDA add-ons which provide stronger authentication such as digital signature or fingerprint recognition. In the meantime, I recommend the following procedure for securing handhelds:

• Apply encryption to handhelds
• Use secure sockets layer (SSL) encryption for data transported over the Internet
• Require a automatic screen saver for handhelds
• Develop a policy on the use of handhelds to store patient data

Details on mobile computing and security products can be found at http://www.MOHCA.org or http://www.pdamd.com.

Editor's note: Answered by Jon Bogen, president of HealthCIO Inc. in Duxbury, MA. If you have a question for him, write to BOH, P.O. Box 1168, Marblehead, MA 01945, or send an e-mail to BOH editor Brian Driscoll at bdriscoll@hcpro.com.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive