Medical professionals should be aware of any potential hazards that mobile devices pose to patient records.

Mobile devices pose threat to new HIPAA data security rules

Stephen Perkins

Hospitals and other healthcare providers affected by updated Health Insurance Portability and Accessibility Act data management regulations may have to reign in usage of mobile devices in order to provide safe offsite backup.

The new HIPAA rules dictate that dentists, doctors, hospitals and other healthcare providers move their patient records to a remote backup provider in order to improve access to records and increase security. Those who do not comply with the revised rules or who are found to be responsible for data security breaches that expose patient records could face steep financial penalties.

The rule change comes at a time when portable devices and wireless networks are becoming more vital to healthcare professionals, who use them for such tasks as reviewing records, updating charts, administering medication dosages and schedules  and scanning specimens for laboratory work, according to Baseline. While the devices have a multitude of uses for doctors and other hospital personnel, they also carry some risks, even when records aren't stored on them and they are simply used to access records via online data storage.

"There are huge concerns over patient safety and protecting health information," John Barr, consulting technology architect at Memorial Hermann Healthcare, told the source. "Today's mobile devices—smartphones and tablets—are replaceable. We cannot afford to have protected health information floating out and winding up in the wild. We must be able to protect against human carelessness as well as external threats."

The U.S. Department of Health and Human Services recommends that healthcare professionals who use mobile devices to access patient records kept in online data backup implement strong passwords and enable encryption to render records unreadable without the proper key. Medical personnel also are encouraged to enable functions that allow them to remotely wipe the memory clean, install and update  firewalls and security programs and disable file-sharing capabilities. The department emphasizes the importance of maintaining physical control of devices and using adequate security for sending any patient records over WiFi networks.

Categories: Cloud Backup, Data Protection, Online Backup