Close
  • About
  • IT Solutions
  • Industries
  • Cybersecurity
  • Resources
  • News
  • Careers
  • Refer Us
  • Payment Portal
  • Home
Get Support
Linkedin
Facebook-square
Twitter

ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
IT Compliance

Sending PHI via Mobile Devices – a Big HIPAA No-No

By Guest Post 

I rocked the boat with some of my medical friends when I emailed them my blog post, Can I Text ePHI?, which basically told them that they could NOT text or email patients without encrypting or securing the data. Don’t shoot me, I’m just the messenger. HIPAA states it is illegal to use unsecure networks and unencrypted communication methods like texting. Let’s dig further into why sending PHI via mobile devices is a HIPAA “No-No”, making it a hot button for doctors and the HHS (Health & Human Services).

First off, the penalties for non-compliance are steep and ignorance is no excuse because HHS has produced a lot of content on the subject. In fact, a single HIPAA violation due to ignorance can cost up to $50,000!

Per Health Information Technology’s Guide to Privacy and Security of Electronic Health Information,

The Security Rule requires that when you send ePHI to your patient, you send it through a secure method and that you have a reasonable belief that it will be delivered to the intended recipient.

In this environment of more online access and great demand by consumers for near real-time communications, you should be careful to use a communication mechanism that allows you to implement the appropriate Security Rule safeguards, such as an email system that encrypts messages or requires patient login, as with a patient portal.


Furthermore, if you used Meaningful Use tax credits to digitize your medical records:

You should be able to communicate online with your patients. The EHR system should have the appropriate mechanisms in place to support compliance with the Security Rule. You might want to avoid other types of online or electronic communication (e.g., texting) unless you first confirm that the communication method meets, or is exempt from, the Security Rule.

Additional education from HHS states you need to put safeguards in place to protect PHI on mobile devices from these risks:

  1. Lost mobile device
  2. Stolen mobile device
  3. Download virus or malware
  4. Shared mobile device
  5. Unsecured Wi-Fi Network

HHS even provides these methods that you can implement to better safeguard PHI from these risks:

  1. Setting strong passwords
  2. Encrypting data
  3. Using automatic logoffs
  4. Requiring a unique user ID
  5. Enabling remote wipe
  6. Locking the device
  7. Keeping the device with you
  8. Using a screen shield
  9. Refraining from sharing the mobile device
  10. Registering the mobile device
  11. Installing a firewall
  12. Using secure Wi-Fi connections
  13. Researching mobile applications

A good IT firm can help you create policies and safeguards to protect PHI when accessing, transmitting, receiving, or storing patient information on mobile devices. That firm should also follow and educate you on the guidelines provided by HHS.

Source: https://www.healthit.gov/mobiledevices/ 


Healthcare IT

Related Articles


IT Compliance
Debunking 13 HIPAA Technology Myths
IT Compliance
Are Your Business Associates HIPAA Complaint or a Risk?
IT Compliance
Can I Text ePHI?

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

7 Technology Priorities for Every Auto Dealership
Previous Article
Top 3 Auto Dealership Cybersecurity Mistakes
Next Article
  • Categories

    • Blog
    • Business & Technology
    • Cloud Technology
    • Cybersecurity
    • DR & Data Protection
    • Industry-Specific Technologies
    • IT Compliance
    • News and Events


Explore

About Us
IT Solutions
Industries
Get Help
Contact

Disclaimer

Privacy Policy
Terms of Use
Master Client Agreement

Locations

New Orleans
6620 Riverside Drive, Suite 200
Metairie, LA 70003
504-888-6948

Shreveport
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106
318-219-3427

ECS + MyIT Logo
Linkedin
Facebook-square
Twitter
© 2020 My IT. All Rights Reserved.
  • About
  • IT Solutions
    ▼
    • Outsourced IT
    • Hybrid/Co-IT
    • VOIP Phones
    • Cloud & Network Equipment
  • Industries
    ▼
    • Compliance
    • Auto Dealerships
    • Professional Services
    • Small Businesses
    • Government
    • Education
    • Construction
    • Non-Profit
  • Cybersecurity
  • Resources
  • Contact Us
  • Get Support
  • News
  • Careers
  • Payment Portal