Health Information Management

Secure mobile devices, portable media, and text messages

HIM-HIPAA Insider, July 30, 2012

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

If HIM professionals needed another reason to be ­concerned with protected health information (PHI) ­outside of paper records, a surgery center in Arizona ­provided one in April.

Phoenix Cardiac Surgery, PC, of Phoenix and Prescott, Ariz., agreed to pay HHS $100,000 in a ­settlement and take corrective action to implement ­policies and procedures to safeguard PHI because of ­privacy and security ­violations involving an Internet-based calendar.

Phoenix posted clinical and surgical ­appointments for its patients on an Internet-based calendar that was ­publicly accessible. To boot, it had few ­policies and ­procedures to comply with the HIPAA ­Privacy and ­Security Rules and had limited safeguards in place to protect ­patients' electronic PHI (ePHI).

HIM professionals must be cognizant of privacy and security threats and vulnerabilities beyond ­paper and electronic medical records with the rise of PHI on the Web and in mobile devices and portable media, ­experts say.

"If you have a mobile device and store PHI on it, you have to protect it as if it were stored on a device ­located inside your organization," said Chris Apgar, ­CISSP, president of Apgar & Associates, LLP, in Portland, Ore. "One way to think about it is another ­security environment. When you're looking at a different ­environment you need to have a policy and ­procedure to protect health information and to comply with the HIPAA Security Rule. You also need to make sure you've implemented processes and applications to protect against loss or theft of PHI stored on mobile devices."

Editor’s note: Read more in the August issue of Medical Records Briefing.

 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular