Staying HIPAA Compliant When Using Mobile Devices and Apps

Technology has changed the face of medical practice management drastically over the last few years. Many physicians are using laptops, smartphones and tablets to better serve their patients. In fact, mHealthNews reported that nearly three-quarters of all physicians in the U.S. use their smartphones at work. While the convenience of these devices is revolutionizing health care, concerns about data security are rising. How can physicians reconcile converting to a digital office while remaining HIPAA compliant? 

Data Storage

Phones and tablets can easily get lost or stolen, putting confidential patient data at risk. HIPAA compliant mobile camera applications are a great option to overcome the financial and logistical challenges that come with capturing medical record information. These apps are able to securely capture and transmit almost any type of file, storing the data somewhere other than the device. In addition to providing security, these apps improve workflow and accessibility since the files are ready to view immediately and available 24/7. 

When Apps Must be HIPAA Compliant

There are two key questions to ask when determining if an app must be HIPAA compliant. Who will be using the app and what information will be collected? HIPAA does not apply to apps created for a patient's personal use. For example, some smartphone applications may help a patient follow his or her medication schedule. Or, patients may have a pedometer app that stores data about their activities. These apps are not subject to HIPAA. However, if the information is transmitted to the physician, the data becomes subject to HIPAA once the physician becomes the "keeper" of the data.

Another factor to keep in mind is that HIPAA does not apply to an app if medical information is not transmitted. For example, if an office uses an app to send appointment reminders, the app does not have to be HIPAA compliant as long as medical information is not included. Even though the medical information would be going to the patient's personal phone, reminders can pop up even when a phone is locked. Therefore, this is not a secure method of transmitting medical information. 

HIPAA compliancy has been a priority for physician offices since its passage in 1996. However, as technology increases, the lines of compliancy can sometimes blur. As a result, medical practice management often involves the assistance of technology partners and the advice of medical practice consultants. Expert advice can ensure a physician office keeps up with ever-changing legislation and remains compliant. 

Leave a Reply